Jump to content
TexasAggie

Need Help with Malware on Father's computer

Recommended Posts

Y'all have helped me so much I feel ashamed to ask, but my father's pc is in dire straits.

 

Here is the FRST.txt and Addition.txt.

 

Currently I cannot get online at all.  It seems that the wireless ethernet controller is not responding, yet device manager shows that it is working properly. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Boyd (administrator) on BOYD-PC on 08-01-2015 17:47:47
Running from C:\Users\Boyd\Desktop
Loaded Profile: Boyd (Available profiles: Boyd)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HP Quick Launch] => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [sSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2015-01-05] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe /startup
HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [My Driver Updater] => C:\Program Files (x86)\My Driver Updater\MDULauncher.exe [133432 2014-02-06] (Softitube Ltd)
HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\MountPoints2: G - G:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\MountPoints2: {f7b5a9cc-826f-11e1-bf4b-c80aa9d9e931} - G:\VZAccess_Manager.exe /z detect
AppInit_DLLs-x32: c:\progra~2\suppor~1\suppor~1.dll => "c:\progra~2\suppor~1\suppor~1.dll" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0C00C7CA-668A-4AE1-9D55-159E68DD3E7A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0C00C7CA-668A-4AE1-9D55-159E68DD3E7A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {A8DB711C-D5E3-4979-B363-D878ADA9FDAF} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\16\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-04]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-05]
FF HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-05]
CHR Extension: (Google Docs) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-05]
CHR Extension: (Google Drive) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-05]
CHR Extension: (YouTube) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-05]
CHR Extension: (Google Search) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-05]
CHR Extension: (Google Sheets) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-05]
CHR Extension: (Avast Online Security) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-05]
CHR Extension: (Google Wallet) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-05]
CHR Extension: (Gmail) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-05]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-05] (AVAST Software)
S4 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] () [File not signed]
S4 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
S4 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-05] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-06-03] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-06-03] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-06-03] (Novatel Wireless Inc.)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-08 17:47 - 2015-01-08 17:48 - 00017688 _____ () C:\Users\Boyd\Desktop\FRST.txt
2015-01-08 17:47 - 2015-01-08 17:47 - 00000000 ____D () C:\FRST
2015-01-08 17:26 - 2015-01-08 17:26 - 02124288 _____ (Farbar) C:\Users\Boyd\Desktop\FRST64.exe
2015-01-05 16:18 - 2015-01-05 19:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-05 16:18 - 2015-01-05 16:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-05 11:53 - 2015-01-05 11:53 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-05 11:53 - 2015-01-05 11:53 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-05 11:39 - 2015-01-05 11:39 - 00000000 ____D () C:\Users\Boyd\AppData\Roaming\AVAST Software
2015-01-05 11:31 - 2015-01-05 19:38 - 00000000 ____D () C:\Program Files\Google
2015-01-05 11:31 - 2015-01-05 11:39 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-05 11:31 - 2015-01-05 11:31 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-05 11:31 - 2015-01-05 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-05 11:30 - 2015-01-05 11:30 - 00002219 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-05 11:30 - 2015-01-05 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-05 11:27 - 2015-01-05 19:38 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-05 11:27 - 2015-01-05 19:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-05 11:27 - 2015-01-05 11:32 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 11:27 - 2015-01-05 11:31 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-05 11:27 - 2015-01-05 11:27 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-05 11:27 - 2015-01-05 11:27 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-05 11:27 - 2015-01-05 11:27 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-05 11:27 - 2015-01-05 11:27 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-05 11:27 - 2015-01-05 11:27 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-05 11:27 - 2015-01-05 11:27 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-05 11:27 - 2015-01-05 11:27 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-05 11:27 - 2015-01-05 11:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-05 11:27 - 2015-01-05 11:27 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-05 11:27 - 2015-01-05 11:27 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-05 11:27 - 2015-01-05 11:27 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-05 11:21 - 2015-01-05 11:21 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-05 11:20 - 2015-01-05 11:21 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-05 11:20 - 2015-01-05 11:20 - 05006864 _____ (AVAST Software) C:\Users\Boyd\Downloads\avast_free_antivirus_setup_online.exe
2015-01-04 22:42 - 2015-01-05 18:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-04 22:35 - 2015-01-04 22:35 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-04 22:35 - 2015-01-04 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-04 22:35 - 2015-01-04 22:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-04 22:35 - 2015-01-04 22:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-04 22:35 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-04 22:35 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-04 22:35 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-04 22:31 - 2015-01-04 22:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Boyd\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-04 18:49 - 2015-01-05 16:59 - 00001911 _____ () C:\Users\Boyd\Uninstall-VzInHomeAgentlog.log
2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\SavoELoTus
2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\NettoCouupon
2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\Fun22Save
2014-12-27 07:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\NettoCouupon
2014-12-27 04:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\Fun22Save
2014-12-27 03:23 - 2014-12-27 03:23 - 00000000 __SHD () C:\Users\Boyd\AppData\Local\EmieBrowserModeList
2014-12-27 02:25 - 2014-12-27 02:25 - 00022528 _____ () C:\Users\Boyd\AppData\Local\dsisetup791196192.exe
2014-12-27 02:25 - 2014-12-27 02:25 - 00000010 _____ () C:\Users\Boyd\AppData\Local\DSI.DAT
2014-12-26 23:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\SavoELoTus
2014-12-26 08:14 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-26 08:14 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-12-26 08:14 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-12-26 08:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-12-26 08:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-12-26 08:14 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-12-26 08:14 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-12-26 04:20 - 2014-12-26 04:20 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-26 03:09 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-26 03:09 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-26 03:09 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-26 03:09 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-26 03:09 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-26 03:09 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-26 03:09 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-26 03:09 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-26 03:09 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-26 03:09 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-25 13:08 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-25 13:08 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-25 13:08 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-25 13:08 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-25 13:08 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-25 13:08 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-25 13:08 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-25 13:08 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-25 13:08 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-25 13:08 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-25 13:08 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-25 13:08 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-25 13:08 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-25 13:08 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-25 13:08 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-25 13:08 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-25 13:08 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-25 13:08 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-25 13:08 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-25 13:08 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-25 13:08 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-25 13:08 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-25 13:08 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-25 13:08 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-25 13:08 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-25 13:08 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-25 13:08 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-25 13:08 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-25 13:08 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-25 13:08 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-25 13:08 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-25 13:08 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-25 13:08 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-25 13:08 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-25 13:08 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-25 13:08 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-25 13:08 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-25 13:08 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-25 13:08 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-25 13:08 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-25 13:08 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-25 13:08 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-25 13:08 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-25 13:08 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-25 13:08 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-25 13:08 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-25 13:08 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-25 13:08 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-25 13:08 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-25 13:08 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-25 13:08 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-25 13:08 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-25 13:08 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-25 13:08 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-25 13:08 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-25 13:08 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-25 13:08 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-25 13:08 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-25 13:08 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-25 13:08 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-25 13:08 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-25 13:08 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-25 13:08 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-25 13:08 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-12-25 13:08 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-12-25 13:08 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-25 13:08 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-12-25 13:08 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-25 13:07 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-25 13:07 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-25 13:07 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-25 13:07 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-25 13:07 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-25 13:07 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-25 13:07 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-25 13:07 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-25 13:07 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-25 13:07 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-25 13:07 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-25 13:07 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-25 13:06 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-25 13:06 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-25 13:06 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-25 13:06 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-25 13:06 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-25 13:06 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-25 13:06 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-25 13:06 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-25 13:06 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-25 13:06 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-25 13:06 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-25 13:06 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-25 13:06 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-25 13:06 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-25 13:06 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-25 13:06 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-25 13:06 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-25 13:06 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-25 13:06 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-25 13:06 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-25 13:06 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-25 13:06 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-25 13:06 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-25 13:06 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-25 13:06 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-25 13:06 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-25 13:06 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-25 13:06 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-25 13:06 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-25 13:06 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-25 13:06 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-25 13:06 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-25 13:06 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-25 13:06 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-25 13:06 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-25 13:06 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-25 13:06 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-25 13:06 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-25 13:06 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-25 13:06 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-25 13:06 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-25 13:06 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-25 13:06 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-25 13:06 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-25 13:06 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-25 13:06 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-25 13:06 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-25 13:06 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-25 13:06 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-25 13:06 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-25 13:06 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-25 13:06 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-25 13:06 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-12-25 13:06 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-25 13:06 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-25 13:06 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-12-25 13:06 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-25 13:06 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-25 13:05 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-25 13:05 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-25 13:05 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-25 13:05 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-25 13:05 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-25 13:05 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-12-25 13:05 - 2014-06-03 04:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-12-25 13:05 - 2014-06-03 04:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-12-25 13:05 - 2014-06-03 04:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-12-25 13:05 - 2014-06-03 03:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-12-25 13:05 - 2014-06-03 03:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-12-25 12:41 - 2014-08-01 05:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-12-25 12:41 - 2014-08-01 05:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-12-25 12:39 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-12-25 12:39 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-12-25 12:39 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-12-25 12:39 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-12-25 12:39 - 2014-06-15 20:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-12-25 12:38 - 2014-06-24 20:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-12-25 12:38 - 2014-06-24 19:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-12-25 12:35 - 2014-08-22 20:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-12-25 12:35 - 2014-08-22 19:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-12-25 12:35 - 2014-07-13 20:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-12-25 12:34 - 2014-07-13 19:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-12-25 12:25 - 2014-12-30 01:25 - 00000138 _____ () C:\Users\Boyd\AppData\Roaming\WB.CFG
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-08 17:40 - 2009-07-13 22:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-08 17:40 - 2009-07-13 22:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-08 17:34 - 2011-01-29 16:21 - 00000000 ____D () C:\Users\Boyd\Tracing
2015-01-08 17:33 - 2014-06-28 22:42 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-01-08 16:52 - 2010-09-01 12:03 - 01956353 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 19:38 - 2010-09-01 12:46 - 00550696 _____ () C:\Windows\PFRO.log
2015-01-05 17:19 - 2014-06-28 22:42 - 00000000 ____D () C:\Users\Boyd\AppData\Local\Google
2015-01-05 16:59 - 2012-11-04 15:04 - 00000000 ____D () C:\Program Files (x86)\Verizon
2015-01-05 16:59 - 2011-01-29 15:32 - 00000000 ____D () C:\Users\Boyd
2015-01-05 16:59 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-05 16:18 - 2012-08-18 12:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-05 16:18 - 2012-08-18 12:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-05 11:53 - 2011-02-03 11:42 - 00000000 ____D () C:\Users\Boyd\AppData\Local\Adobe
2015-01-05 11:53 - 2011-01-29 15:51 - 00000000 ____D () C:\Users\Boyd\AppData\Roaming\Adobe
2015-01-05 11:53 - 2010-03-30 20:58 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-05 08:15 - 2009-07-13 23:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-05 08:09 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 08:09 - 2009-07-13 22:51 - 00118816 _____ () C:\Windows\setupact.log
2015-01-05 08:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SchCache
2015-01-05 08:08 - 2014-06-28 22:42 - 00000000 ____D () C:\Program Files (x86)\Supporter
2015-01-05 00:01 - 2010-09-01 13:41 - 00000000 ____D () C:\ProgramData\Recovery
2015-01-04 23:48 - 2014-06-27 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
2015-01-04 23:48 - 2014-06-25 20:38 - 00000000 ____D () C:\Program Files (x86)\File Type Helper
2015-01-04 23:48 - 2011-12-25 13:21 - 00000000 ____D () C:\ProgramData\InstallShield
2015-01-04 23:48 - 2011-01-29 15:47 - 00000000 ____D () C:\Users\Boyd\AppData\Local\Hewlett-Packard
2015-01-04 23:48 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2015-01-04 23:38 - 2014-07-31 21:07 - 00000000 ____D () C:\ProgramData\Systweak
2015-01-04 23:38 - 2014-07-31 21:06 - 00000000 ____D () C:\Users\Boyd\AppData\Roaming\Systweak
2015-01-04 23:38 - 2014-07-31 20:58 - 00000000 ____D () C:\Users\Boyd\AppData\Local\com
2015-01-04 23:37 - 2014-07-08 20:00 - 00000000 ____D () C:\ProgramData\AllCheapPriceu
2015-01-04 23:37 - 2014-06-28 22:25 - 00000000 ____D () C:\Users\Boyd\AppData\Local\LPT
2015-01-04 23:37 - 2014-06-28 22:23 - 00000000 ____D () C:\Users\Boyd\AppData\Local\26379
2015-01-04 23:37 - 2013-07-25 20:08 - 00000000 ____D () C:\ProgramData\Wincert
2015-01-04 23:24 - 2011-02-07 09:46 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-04 23:22 - 2011-10-29 08:03 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-04 22:19 - 2009-07-13 23:08 - 00032544 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-04 22:13 - 2009-07-13 22:45 - 00430848 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-04 18:50 - 2014-06-25 20:38 - 00000019 _____ () C:\END
2014-12-27 07:25 - 2014-06-28 22:42 - 00000000 ____D () C:\ProgramData\c7cfa554ab0382c9
2014-12-27 03:21 - 2009-07-13 22:51 - 00118648 _____ () C:\Windows\setupact(17).log
2014-12-26 06:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-26 04:20 - 2014-06-26 04:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-26 04:20 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-26 04:20 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-26 03:50 - 2011-04-07 20:53 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-12-26 03:31 - 2014-06-26 03:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-26 03:14 - 2011-07-12 09:41 - 00779192 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-12-25 10:49 - 2014-07-31 17:01 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
 
Files to move or delete:
====================
C:\ProgramData\1315581722-bomgar-scc-installer.exe.exe
C:\ProgramData\1315582289-bomgar-scc-installer.exe.exe
C:\ProgramData\1315583468-bomgar-scc-installer.exe.exe
C:\ProgramData\1315584297-bomgar-scc-installer.exe.exe
C:\ProgramData\1315585810-bomgar-scc-installer.exe.exe
C:\ProgramData\1315586077-bomgar-scc-installer.exe.exe
C:\ProgramData\1315587940-bomgar-scc-installer.exe.exe
C:\ProgramData\1315588612-bomgar-scc-installer.exe.exe
C:\ProgramData\1315588837-bomgar-scc-installer.exe.exe
C:\ProgramData\1315591363-bomgar-scc-installer.exe.exe
C:\ProgramData\1315591471-bomgar-scc-installer.exe.exe
C:\ProgramData\1315591624-bomgar-scc-installer.exe.exe
C:\ProgramData\1315591887-bomgar-scc-installer.exe.exe
C:\ProgramData\1315592671-bomgar-scc-installer.exe.exe
C:\ProgramData\1315593755-bomgar-scc-installer.exe.exe
C:\ProgramData\1315594052-bomgar-scc-installer.exe.exe
C:\ProgramData\1315596781-bomgar-scc-installer.exe.exe
C:\ProgramData\1315597278-bomgar-scc-installer.exe.exe
C:\ProgramData\1315598164-bomgar-scc-installer.exe.exe
C:\ProgramData\1315598332-bomgar-scc-installer.exe.exe
C:\ProgramData\1315598739-bomgar-scc-installer.exe.exe
C:\ProgramData\1315600906-bomgar-scc-installer.exe.exe
C:\ProgramData\1315601035-bomgar-scc-installer.exe.exe
C:\ProgramData\1315601397-bomgar-scc-installer.exe.exe
C:\ProgramData\1315602204-bomgar-scc-installer.exe.exe
C:\ProgramData\1315603346-bomgar-scc-installer.exe.exe
C:\ProgramData\1315603365-bomgar-scc-installer.exe.exe
C:\ProgramData\1315604149-bomgar-scc-installer.exe.exe
C:\ProgramData\1315604357-bomgar-scc-installer.exe.exe
C:\ProgramData\1315605023-bomgar-scc-installer.exe.exe
C:\ProgramData\1315605283-bomgar-scc-installer.exe.exe
C:\ProgramData\1315605819-bomgar-scc-installer.exe.exe
C:\ProgramData\1315607882-bomgar-scc-installer.exe.exe
C:\ProgramData\1315608730-bomgar-scc-installer.exe.exe
C:\ProgramData\1315609233-bomgar-scc-installer.exe.exe
C:\ProgramData\1315609470-bomgar-scc-installer.exe.exe
C:\ProgramData\1315609848-bomgar-scc-installer.exe.exe
C:\ProgramData\1315609924-bomgar-scc-installer.exe.exe
C:\ProgramData\1315611082-bomgar-scc-installer.exe.exe
C:\ProgramData\1315611232-bomgar-scc-installer.exe.exe
C:\ProgramData\1315612911-bomgar-scc-installer.exe.exe
C:\ProgramData\1315616767-bomgar-scc-installer.exe.exe
C:\ProgramData\1315618505-bomgar-scc-installer.exe.exe
C:\ProgramData\1315619075-bomgar-scc-installer.exe.exe
C:\ProgramData\1315619225-bomgar-scc-installer.exe.exe
C:\ProgramData\1315619527-bomgar-scc-installer.exe.exe
C:\ProgramData\1315621657-bomgar-scc-installer.exe.exe
C:\ProgramData\1329185158-bomgar-scc-installer.exe.exe
 
 
Some content of TEMP:
====================
C:\Users\Boyd\AppData\Local\Temp\ApnStub.exe
C:\Users\Boyd\AppData\Local\Temp\eject.exe
C:\Users\Boyd\AppData\Local\Temp\exe2pin.exe
C:\Users\Boyd\AppData\Local\Temp\Extract.exe
C:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\Boyd\AppData\Local\Temp\helper.exe
C:\Users\Boyd\AppData\Local\Temp\HPQSi.exe
C:\Users\Boyd\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Boyd\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Boyd\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Boyd\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Boyd\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Boyd\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Boyd\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Boyd\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Boyd\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Boyd\AppData\Local\Temp\optprosetup.exe
C:\Users\Boyd\AppData\Local\Temp\propsys.dll
C:\Users\Boyd\AppData\Local\Temp\Resource.exe
C:\Users\Boyd\AppData\Local\Temp\setup.exe
C:\Users\Boyd\AppData\Local\Temp\SP47636.exe
C:\Users\Boyd\AppData\Local\Temp\SP49521.exe
C:\Users\Boyd\AppData\Local\Temp\SP49522.exe
C:\Users\Boyd\AppData\Local\Temp\SP49524.exe
C:\Users\Boyd\AppData\Local\Temp\SP50718.exe
C:\Users\Boyd\AppData\Local\Temp\SP50720.exe
C:\Users\Boyd\AppData\Local\Temp\SP50843.exe
C:\Users\Boyd\AppData\Local\Temp\sp50843.exe.exe
C:\Users\Boyd\AppData\Local\Temp\SP51865.exe
C:\Users\Boyd\AppData\Local\Temp\SP51976.exe
C:\Users\Boyd\AppData\Local\Temp\SP52093.exe
C:\Users\Boyd\AppData\Local\Temp\sp52110.exe.exe
C:\Users\Boyd\AppData\Local\Temp\SP52407.exe
C:\Users\Boyd\AppData\Local\Temp\sp54373.exe
C:\Users\Boyd\AppData\Local\Temp\sp54620.exe
C:\Users\Boyd\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Boyd\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Boyd\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 00:16
 
==================== End Of Log ============================

Share this post


Link to post
Share on other sites

The Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015

Ran by Boyd at 2015-01-08 17:49:10
Running from C:\Users\Boyd\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.82 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2216 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3419 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1110 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) Hidden
Dragon NaturallySpeaking 10 (HKLM-x32\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.)
Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)
HP Quick Launch (HKLM\...\{10F539B1-31AF-43BF-9F0C-0EB66E918922}) (Version: 1.0.18 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HP User Guides 0178 (HKLM-x32\...\{9A4317FB-5775-4FB3-BDC9-995595106F1F}) (Version: 1.02.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
IHA_MessageCenter (HKLM-x32\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)
iMesh (HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\iMesh) (Version: 12.0.0.133554 - iMesh Inc) <==== ATTENTION
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2215 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mobile Broadband Generic Drivers (HKLM-x32\...\Mobile Broadband Generic Drivers) (Version: 2.03.09.005.14 - Novatel Wireless)
Mobile Broadband Generic Drivers (x32 Version: 2.03.09.005.14 - Novatel Wireless) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{DE626616-D7C4-4F00-7E0B-EAF26FA65749}) (Version: 7.0.43.12698 - muvee Technologies Pte Ltd)
Muvic Smartbar (HKLM-x32\...\{1EB8010A-F431-4F8F-874A-506B2B51F3D2}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTION
Muvic Smartbar Engine (HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\{9ea891cc-fef7-48f5-a063-2dbff1e69925}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTION
My Driver Updater v3.1 (HKLM-x32\...\My Driver Updater_is1) (Version: 3.1 - Softitube Ltd)
Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82 - WildTangent) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3415 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3420 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.) Hidden
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0104 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)
TextTwist 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Verizon Wireless USB760 Firmware Updates (HKLM-x32\...\{629CCE02-041D-4577-892C-577861181771}) (Version: 1.0.0 - Smith Micro Software, Inc.)
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden
Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}) (Version: 10.00.800.228 - Nuance Communications Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.2 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
Could not list restore points.
Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0BD1443C-454B-4D75-B545-A7CCD4B8AE78} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {0F95D69B-6B65-4D10-B427-9F864487602F} - \ASP No Task File <==== ATTENTION
Task: {26F6765E-F7FC-4304-9FDA-EFA6C7C0D67C} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()
Task: {302D416F-A8AA-421E-98ED-F3A12E4D2B8B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-05] (AVAST Software)
Task: {319D46DC-C829-47E2-815E-C7AC14C6E993} - System32\Tasks\{F2B7C2F5-68CE-445C-C41D-AFBC935FA559} => C:\Users\Boyd\AppData\Roaming\ipqrpla.dll/s "C:\Users\Boyd\AppData\Roaming\ipqrpla.dll" <==== ATTENTION
Task: {483C22B9-A58A-4451-B636-76BE2D08A4AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)
Task: {55E244FC-E224-4D19-9CDF-B6210B92F6D6} - System32\Tasks\{CF10AF8B-2611-4E13-84D8-D71229268B19} => C:\Users\Boyd\Desktop\SpiderSolitaire.exe
Task: {63FB9057-1496-48ED-AAD0-B849FEF2CDFB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {67FB2EA8-84AB-4A6C-B7C8-5757584AD63D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {6AB44665-9B1E-4F38-ADCC-2EE0541CE76B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard)
Task: {796CC964-88EA-4C3F-B046-A1CEAF9C2426} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {7C8D155E-16EC-4784-B4CB-0B4F9E1859B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-05] (Adobe Systems Incorporated)
Task: {90819DBE-9F00-4C10-B651-9C1B7D5942FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)
Task: {9133F45D-2B4D-4258-9390-65D16ADA3128} - System32\Tasks\{53584188-C34C-4CC2-B608-3042639DCA21} => pcalua.exe -a G:\VZAccess_Manager.exe -d G:\ -c /z detect
Task: {AF5C8E7D-C817-4CC6-9C75-37AE1E3B3712} - System32\Tasks\{CD2B7EC7-4B6F-425E-9E6F-235DEDB32636} => pcalua.exe -a C:\ProgramData\AllCheapPriceu\2LKp.exe -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {C973FEE1-E0EF-4D67-BB3C-5C2EBE6F7FA0} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {CAB67526-F5B8-44A7-8B74-84550C48FE3B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {E20E5288-FEB3-4E19-9CCB-79D6243A1445} - System32\Tasks\{CDC13677-F32F-D2E5-BC87-D5CBC5B0EA7E} => C:\Users\Boyd\AppData\Roaming\aswcz.dll/s "C:\Users\Boyd\AppData\Roaming\aswcz.dll" <==== ATTENTION
Task: {EED2CD5E-D355-4D1A-9A79-A3C3F642F091} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2015-01-05 15:56 - 2015-01-05 15:56 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010501\algo.dll
2010-02-22 12:19 - 2010-02-22 12:19 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-02-22 12:19 - 2010-02-22 12:19 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-02-22 12:19 - 2010-02-22 12:19 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2015-01-05 11:27 - 2015-01-05 11:27 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-08 13:36 - 2014-02-10 11:04 - 00430080 _____ () C:\Windows\mod_frst.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:F35A93AD
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: AudioSrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: EapHost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 2
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: hpqcxs08 => 3
MSCONFIG\Services: hpqddsvc => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSLPSVC => 2
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: IHA_MessageCenter => 2
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: IPBusEnum => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MDM => 2
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: msiserver => 3
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: Net Driver HPZ12 => 2
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: ose => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: Pml Driver HPZ12 => 2
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: ProtectedStorage => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: RtVOsdService => 2
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: sppuinotify => 3
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TBS => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UxSms => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: WatAdminSvc => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: Wlansvc => 2
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: RtkOSD => C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: WirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2175057770-1179709591-2881846538-500 - Administrator - Disabled)
Boyd (S-1-5-21-2175057770-1179709591-2881846538-1002 - Administrator - Enabled) => C:\Users\Boyd
Guest (S-1-5-21-2175057770-1179709591-2881846538-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2175057770-1179709591-2881846538-1001 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/05/2015 10:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.8.1, time stamp: 0x546e4a58
Faulting module name: mbamservice.exe, version: 3.0.8.1, time stamp: 0x546e4a58
Exception code: 0x40000015
Fault offset: 0x0008f796
Faulting process id: 0x7c4
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
 
Error: (01/05/2015 09:04:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (01/05/2015 09:02:44 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the app_id registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the app_id registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the ext_params registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the ext_params registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the Name registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the Name registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the Version registry value, code: 1018
 
 
System errors:
=============
Error: (01/08/2015 05:33:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
%%1058
 
Error: (01/08/2015 04:48:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
aswRvrt
aswSnx
aswSP
aswVmm
discache
spldr
Wanarpv6
 
Error: (01/08/2015 04:48:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
%%1058
 
Error: (01/05/2015 07:36:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (01/05/2015 07:36:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (01/05/2015 10:47:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/04/2015 11:23:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Volume Shadow Copy service failed to start due to the following error: 
%%1053
 
Error: (01/04/2015 11:23:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
 
Error: (01/04/2015 11:23:36 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (01/04/2015 11:02:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Volume Shadow Copy service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (01/05/2015 10:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.8.1546e4a58mbamservice.exe3.0.8.1546e4a58400000150008f7967c401d028f14c047e0eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe58579dfb-94fa-11e4-b872-c80aa9d9e931
 
Error: (01/05/2015 09:04:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (01/05/2015 09:02:44 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the app_id registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the app_id registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the ext_params registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
%0

Share this post


Link to post
Share on other sites

The Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015

Ran by Boyd at 2015-01-08 17:49:10
Running from C:\Users\Boyd\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.82 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2216 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3419 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1110 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) Hidden
Dragon NaturallySpeaking 10 (HKLM-x32\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.)
Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)
HP Quick Launch (HKLM\...\{10F539B1-31AF-43BF-9F0C-0EB66E918922}) (Version: 1.0.18 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HP User Guides 0178 (HKLM-x32\...\{9A4317FB-5775-4FB3-BDC9-995595106F1F}) (Version: 1.02.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
IHA_MessageCenter (HKLM-x32\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)
iMesh (HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\iMesh) (Version: 12.0.0.133554 - iMesh Inc) <==== ATTENTION
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2215 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mobile Broadband Generic Drivers (HKLM-x32\...\Mobile Broadband Generic Drivers) (Version: 2.03.09.005.14 - Novatel Wireless)
Mobile Broadband Generic Drivers (x32 Version: 2.03.09.005.14 - Novatel Wireless) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{DE626616-D7C4-4F00-7E0B-EAF26FA65749}) (Version: 7.0.43.12698 - muvee Technologies Pte Ltd)
Muvic Smartbar (HKLM-x32\...\{1EB8010A-F431-4F8F-874A-506B2B51F3D2}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTION
Muvic Smartbar Engine (HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\{9ea891cc-fef7-48f5-a063-2dbff1e69925}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTION
My Driver Updater v3.1 (HKLM-x32\...\My Driver Updater_is1) (Version: 3.1 - Softitube Ltd)
Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82 - WildTangent) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3415 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3420 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.) Hidden
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0104 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)
TextTwist 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Verizon Wireless USB760 Firmware Updates (HKLM-x32\...\{629CCE02-041D-4577-892C-577861181771}) (Version: 1.0.0 - Smith Micro Software, Inc.)
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden
Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}) (Version: 10.00.800.228 - Nuance Communications Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.2 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
Could not list restore points.
Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0BD1443C-454B-4D75-B545-A7CCD4B8AE78} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {0F95D69B-6B65-4D10-B427-9F864487602F} - \ASP No Task File <==== ATTENTION
Task: {26F6765E-F7FC-4304-9FDA-EFA6C7C0D67C} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()
Task: {302D416F-A8AA-421E-98ED-F3A12E4D2B8B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-05] (AVAST Software)
Task: {319D46DC-C829-47E2-815E-C7AC14C6E993} - System32\Tasks\{F2B7C2F5-68CE-445C-C41D-AFBC935FA559} => C:\Users\Boyd\AppData\Roaming\ipqrpla.dll/s "C:\Users\Boyd\AppData\Roaming\ipqrpla.dll" <==== ATTENTION
Task: {483C22B9-A58A-4451-B636-76BE2D08A4AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)
Task: {55E244FC-E224-4D19-9CDF-B6210B92F6D6} - System32\Tasks\{CF10AF8B-2611-4E13-84D8-D71229268B19} => C:\Users\Boyd\Desktop\SpiderSolitaire.exe
Task: {63FB9057-1496-48ED-AAD0-B849FEF2CDFB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {67FB2EA8-84AB-4A6C-B7C8-5757584AD63D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {6AB44665-9B1E-4F38-ADCC-2EE0541CE76B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard)
Task: {796CC964-88EA-4C3F-B046-A1CEAF9C2426} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {7C8D155E-16EC-4784-B4CB-0B4F9E1859B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-05] (Adobe Systems Incorporated)
Task: {90819DBE-9F00-4C10-B651-9C1B7D5942FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)
Task: {9133F45D-2B4D-4258-9390-65D16ADA3128} - System32\Tasks\{53584188-C34C-4CC2-B608-3042639DCA21} => pcalua.exe -a G:\VZAccess_Manager.exe -d G:\ -c /z detect
Task: {AF5C8E7D-C817-4CC6-9C75-37AE1E3B3712} - System32\Tasks\{CD2B7EC7-4B6F-425E-9E6F-235DEDB32636} => pcalua.exe -a C:\ProgramData\AllCheapPriceu\2LKp.exe -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {C973FEE1-E0EF-4D67-BB3C-5C2EBE6F7FA0} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {CAB67526-F5B8-44A7-8B74-84550C48FE3B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {E20E5288-FEB3-4E19-9CCB-79D6243A1445} - System32\Tasks\{CDC13677-F32F-D2E5-BC87-D5CBC5B0EA7E} => C:\Users\Boyd\AppData\Roaming\aswcz.dll/s "C:\Users\Boyd\AppData\Roaming\aswcz.dll" <==== ATTENTION
Task: {EED2CD5E-D355-4D1A-9A79-A3C3F642F091} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2015-01-05 15:56 - 2015-01-05 15:56 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010501\algo.dll
2010-02-22 12:19 - 2010-02-22 12:19 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-02-22 12:19 - 2010-02-22 12:19 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-02-22 12:19 - 2010-02-22 12:19 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2015-01-05 11:27 - 2015-01-05 11:27 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-08 13:36 - 2014-02-10 11:04 - 00430080 _____ () C:\Windows\mod_frst.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:F35A93AD
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: AudioSrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: EapHost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 2
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: hpqcxs08 => 3
MSCONFIG\Services: hpqddsvc => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSLPSVC => 2
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: IHA_MessageCenter => 2
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: IPBusEnum => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MDM => 2
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: msiserver => 3
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: Net Driver HPZ12 => 2
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: ose => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: Pml Driver HPZ12 => 2
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: ProtectedStorage => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: RtVOsdService => 2
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: sppuinotify => 3
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TBS => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UxSms => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: WatAdminSvc => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: Wlansvc => 2
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: RtkOSD => C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: WirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2175057770-1179709591-2881846538-500 - Administrator - Disabled)
Boyd (S-1-5-21-2175057770-1179709591-2881846538-1002 - Administrator - Enabled) => C:\Users\Boyd
Guest (S-1-5-21-2175057770-1179709591-2881846538-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2175057770-1179709591-2881846538-1001 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/05/2015 10:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.8.1, time stamp: 0x546e4a58
Faulting module name: mbamservice.exe, version: 3.0.8.1, time stamp: 0x546e4a58
Exception code: 0x40000015
Fault offset: 0x0008f796
Faulting process id: 0x7c4
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
 
Error: (01/05/2015 09:04:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (01/05/2015 09:02:44 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the app_id registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the app_id registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the ext_params registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the ext_params registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the Name registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the Name registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the Version registry value, code: 1018
 
 
System errors:
=============
Error: (01/08/2015 05:33:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
%%1058
 
Error: (01/08/2015 04:48:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
aswRvrt
aswSnx
aswSP
aswVmm
discache
spldr
Wanarpv6
 
Error: (01/08/2015 04:48:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
%%1058
 
Error: (01/05/2015 07:36:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (01/05/2015 07:36:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (01/05/2015 10:47:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/04/2015 11:23:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Volume Shadow Copy service failed to start due to the following error: 
%%1053
 
Error: (01/04/2015 11:23:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
 
Error: (01/04/2015 11:23:36 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (01/04/2015 11:02:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Volume Shadow Copy service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (01/05/2015 10:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.8.1546e4a58mbamservice.exe3.0.8.1546e4a58400000150008f7967c401d028f14c047e0eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe58579dfb-94fa-11e4-b872-c80aa9d9e931
 
Error: (01/05/2015 09:04:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (01/05/2015 09:02:44 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the app_id registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the app_id registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the ext_params registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the ext_params registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the Name registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the Name registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the Version registry value, code: 1018
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 900 @ 2.20GHz
Percentage of memory in use: 39%
Total physical RAM: 1978.93 MB
Available physical RAM: 1188.52 MB
Total Pagefile: 3957.86 MB
Available Pagefile: 3124.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:218.67 GB) (Free:140.47 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.92 GB) (Free:2.29 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 505C85E0)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=218.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================

Share this post


Link to post
Share on other sites

Hi!

Welcome to Malwarebytes' Support Forums! I am Blackbird and I will help you removing any malware that might be present on your computer.

An important WARNING to all individuals reading this topic:
All advice in this topic was given specifically for this user and this computer!! Performing instructions given by me in this topic on other computers may harm your computer's infrastructure and can cause serious damage to them!!
Please don't perform the steps given by me or other Helpers in this topic when you are not the original Topic Starter, but start your own topic with a question for help. You will get help from a trained and qualified Helper to clean up your computer from any present malware when you do so.


General rules:
  • From now on, don't use this computer anymore to access your bank account or any other serious business where you have to login for, untill I've told you your computer is clean from malware.
  • Be patient waiting for my answer. I'm doing the best I can to answer to logs as soon as possible, but I'm handling multiple topics at the same time. Please feel free to remind me of your topic by sending a link to it by private message, when I didn't get back to you after 24 hours.
  • Don't change anything on your computer in the period I'm helping you, except when I tell you to do so. So don't add/remove any software (programs, drivers, etc.) and don't change any hardware. If you really need to change something that can't wait, please inform me directly, by posting it in this topic or - if private - send me a private message containing an explanation of the changes made by you. This gives me the possibility to give you good advice.


Rules about advices from me:
  • The Helpers active on this board first got a full training in removing malware and providing support to people who got infected. Also they were trained to resolve any problems caused by malware infections. Please use the programs I provide to you only when under supervision of a trained Helper. This, because using these programs without supervision can cause damage to your computer.
  • It's possible that your virus scanner, anti-spyware program or any other malware protection program or policy tries to block one or more of the programs provided by us. If that is the case, please always allow those programs to run and/or allow the provided changes to be made. If needed to run our tools properly, temporarily disable your anti-malware programs.
  • Always Save tools provided by me to your Desktop, unless I give you other instructions. Don't ever run tools directly from the internet, because this can stop them from working properly. Also never save tools to any other locations than your Desktop.
  • If you have any problems while following my instructions, stop there and tell me the exact nature of the issue.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit.



Rules about posting results:

  • Always copy/paste the logfiles in your replies completely. If a logfile doesn't fit into one post, please add the logfile as an attachment instead. If this still won't work, please inform me.
  • Never change something in the logfiles!! Include them in your posts as they were provided by the tools. This way I'll get a clear view on your system's situation. If you change the logfiles, it will take more time to clean up your computer.
  • Don't post logs using CODE, QUOTE or FONT tags. Just post them as direct text.


Things I want you to do before performing the steps below:
  • Please enable your system to show hidden files: How to see hidden files in Windows.
  • Make sure you're subscribed to this topic. Click on the Follow This Topic button at the top right of this page, make sure that the Receive Notification box is checked and that it is set to Instantly.
  • Even though we do the best we can to help you, removing malware includes risks. Therefor I advise you to back-up all of your important files to a CD/DVD, external drive or flash drive. For instructions/help, take a look here.



-------------------------------------------------------------------------------------------------------------------------------------------------------
Thanks in advance for keeping above rules in mind. :)
Maybe they look like unnecessary rules, but practice teaches us they are needed to help.

Now, let's continue with the steps you need to do:
-------------------------------------------------------------------------------------------------------------------------------------------------------

1. We need to temporarily disable any cd-emulators active on your computer, as they can impede the interpretation of logfiles provided by our tools.

  • Download Defogger and save it to your Desktop.
  • Right-click Defogger.exe and select Run as Administrator.
  • When the program has opened, click the Disable button.
  • When Defogger asks for a confirmation, click Yes.
  • Wait untill you get the "Finished" message. Click OK.
  • When Defogger asks you to restart the system, please allow the program to do so immediately.


  • When an error occured while using Defogger, look for a file called "defogger_disable.txt", which should be located at your Desktop. Post the contents of this file into your next reply.
  • You can enable the cd-emulator software again by running Defogger again and clicking the "Re-enable" button. Only do this when I told you your computer is clean again.


2. Download AdwCleaner and save it to your Desktop.
  • Close all open windows.
  • Right-click AdwCleaner.exe and select Run as Administrator.
  • Click the Scan button.
  • When the scan has finished, please click the Report button and save the logfile that opens to the Desktop.
  • Post the contents of this logfile into your next reply.



3. Download Malwarebytes' Anti-Malware and save it to your Desktop.
If you already got Malwarebytes' Anti-Malware installed on your computer, please go to step 3-A.



3-A. Start Malwarebytes' Anti-Malware.

  • On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.
  • Then click the Scan tab. Select Custom Scan and click the Start Scan button.
  • In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.
  • Follow the instructions given by Malwarebytes' Anti-Malware.
  • If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.
  • It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.
  • Save the logfile in txt-format and copy/paste it in your next reply.
  • Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).


4. Start Farbar Recovery Scan Tool
  • If asked, click Yes at the Disclaimer window.
  • Click Scan once the program has opened.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.



5. Download GMER Rootkit Scanner and save it to your Desktop.
NOTE: Windows 8 users can skip this step. GMER Rootkit Scanner isn't compatible with Windows 8. Don't run it.

  • Right-click the GMER executable file (which's name will contain 8 digits/characters) and select Run as Administrator.
  • If GMER warns you about possible rootkit activity and asks you to scan for rootkits, DON'T allow GMER to do so.
  • Under "Files", put a checkmark next to Quick Scan.
  • Remove the checkmark next to Show all.
  • Now, click the Scan button.
  • Note: This scan often provides False Positives in the scan results. Never fix anything found by Gmer, unless I instructed you to do so!
  • If the scan's finished, click Save and save the log to your Desktop.
  • Post GMER's logfile into your next reply.



6. Please provide me a detailed description of any computer problems you're facing, together with the logfiles mentioned in step 1 - 6.

Good luck! :)

Share this post


Link to post
Share on other sites

Will do.

 

Note, until I can reestablish a network connection I'll have to save the applications to a removable media and go to the other pc to install it and run it.  In the meantime can you tell me how to make sure my pc stays safe.  I run MBAM and Avast, but is that enough?

 

Thanks so much!! 

 

DISABLED CD EMULATOR FILES via Defogger

 

ADWCLEANER REPORT

 

# AdwCleaner v4.107 - Report created 09/01/2015 at 12:57:07
# Updated 07/01/2015 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Boyd - BOYD-PC
# Running from : C:\Users\Boyd\Desktop\adwcleaner_4.107.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Boyd\AppData\Local\AnyProtectScannerSetup.exe
File Found : C:\Users\Boyd\AppData\Roaming\aps.uninstall.scan.results
File Found : C:\Users\Boyd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
File Found : C:\Users\Boyd\Desktop\Continue Live Installation.lnk
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\AllCheapPricce
Folder Found : C:\Program Files (x86)\ExstrraSavings
Folder Found : C:\Program Files (x86)\File Type Helper
Folder Found : C:\Program Files (x86)\Fun22Save
Folder Found : C:\Program Files (x86)\iMesh Applications
Folder Found : C:\Program Files (x86)\NettoCouupon
Folder Found : C:\Program Files (x86)\Optimizer Pro
Folder Found : C:\Program Files (x86)\SavoELoTus
Folder Found : C:\Program Files (x86)\supporter
Folder Found : C:\ProgramData\AllCheapPricce
Folder Found : C:\ProgramData\AllCheapPriceu
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\c7cfa554ab0382c9
Folder Found : C:\ProgramData\ExstrraSavings
Folder Found : C:\ProgramData\Fun22Save
Folder Found : C:\ProgramData\NettoCouupon
Folder Found : C:\ProgramData\SavoELoTus
Folder Found : C:\ProgramData\Systweak
Folder Found : C:\ProgramData\wincert
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjof
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjof
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Boyd\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Boyd\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjof
Folder Found : C:\Users\Boyd\AppData\Local\LPT
Folder Found : C:\Users\Boyd\AppData\Local\Temp\App Bud
Folder Found : C:\Users\Boyd\AppData\Local\Temp\findopolis
Folder Found : C:\Users\Boyd\AppData\Local\torch
Folder Found : C:\Users\Boyd\AppData\LocalLow\HPAppData
Folder Found : C:\Users\Boyd\AppData\Roaming\ap_logs
Folder Found : C:\Users\Boyd\AppData\Roaming\ASP
Folder Found : C:\Users\Boyd\AppData\Roaming\iWin
Folder Found : C:\Users\Boyd\AppData\Roaming\Systweak
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjof
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjof
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjof
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjof
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch
 
***** [ Scheduled Tasks ] *****
 
Task Found : APSnotifierPP1
Task Found : APSnotifierPP2
Task Found : APSnotifierPP3
Task Found : ASP
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\suppor~1\suppor~1.dll
Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\APN DTX
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{87DDCF24-1A3C-2DE5-3BA3-B6DE490E5F9E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4843E77-A46D-07E1-F080-AD2C89108099}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87DDCF24-1A3C-2DE5-3BA3-B6DE490E5F9E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4843E77-A46D-07E1-F080-AD2C89108099}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Imesh
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\APN DTX
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\Tutorials
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\AllCheapPricE.AllCheapPricE
Key Found : HKLM\SOFTWARE\Classes\AllCheapPricE.AllCheapPricE.5.2
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{969D2C61-9B16-407C-86B7-397BF4579BE6}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\iMesh.exe
Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\Launcher.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{87DDCF24-1A3C-2DE5-3BA3-B6DE490E5F9E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4843E77-A46D-07E1-F080-AD2C89108099}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Found : HKLM\SOFTWARE\Classes\EExsttrauSavinngs.EExsttrauSavinngs
Key Found : HKLM\SOFTWARE\Classes\EExsttrauSavinngs.EExsttrauSavinngs.4.2
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Found : HKLM\SOFTWARE\Classes\iMesh.Device
Key Found : HKLM\SOFTWARE\Classes\iMesh.file
Key Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{969D2C61-9B16-407C-86B7-397BF4579BE6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMPlayCDAudioOnArrival
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMRipCDAudioOnArrival
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowCDAudioOnArrival
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowVolumeOnArrival
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87DDCF24-1A3C-2DE5-3BA3-B6DE490E5F9E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A4843E77-A46D-07E1-F080-AD2C89108099}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A1D3F9E-73B5-95EC-1233-6646E1358965}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Music Toolbar
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{2C353E32-B8AC-4B82-B988-4C2D3394388A}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{87DDCF24-1A3C-2DE5-3BA3-B6DE490E5F9E}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A4843E77-A46D-07E1-F080-AD2C89108099}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A8DB711C-D5E3-4979-B363-D878ADA9FDAF}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
-\\ Comodo Dragon v
 
 
*************************
 
AdwCleaner[R0].txt - [21688 octets] - [09/01/2015 12:57:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [21749 octets] ##########

Share this post


Link to post
Share on other sites

Hi,

 

I just wanted to tell you I've seen your post, but I'll wait untill you also post the logfiles from the remaining steps I gave you.

 

Besides I want to answer on your question, regarding a combination of Avast! and Malwarebytes' Anti-Malware: Usually the combination of a real-time anti-virus programme and another anti-malware programme (whether or not it's real-time) is good enough for the protection of a consumer PC. So, yes, this should be all good. :)

Share this post


Link to post
Share on other sites

I ran MBAM and went back to export the log, however it is contains nothing.  Well not nothing the name of the tool MBAM and the website.  This is all it had.  ???????  I know for a fact it quarantined three trojans.

 

I guess I'll go on to the next step, the FARBAR tool.

Share this post


Link to post
Share on other sites
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015

Ran by Boyd (administrator) on BOYD-PC on 09-01-2015 19:05:30

Running from C:\Users\Boyd\Desktop

Loaded Profile: Boyd (Available profiles: Boyd)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [HP Quick Launch] => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)

HKLM-x32\...\Run: [sSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2015-01-05] (AVAST Software)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe /startup

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [My Driver Updater] => C:\Program Files (x86)\My Driver Updater\MDULauncher.exe [133432 2014-02-06] (Softitube Ltd)

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\MountPoints2: G - G:\VZAccess_Manager.exe /z detect

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\MountPoints2: {f7b5a9cc-826f-11e1-bf4b-c80aa9d9e931} - G:\VZAccess_Manager.exe /z detect

AppInit_DLLs-x32: c:\progra~2\suppor~1\suppor~1.dll => "c:\progra~2\suppor~1\suppor~1.dll" File Not Found

IFEO\bitguard.exe: [Debugger] tasklist.exe

IFEO\bprotect.exe: [Debugger] tasklist.exe

IFEO\bpsvc.exe: [Debugger] tasklist.exe

IFEO\browserdefender.exe: [Debugger] tasklist.exe

IFEO\browserprotect.exe: [Debugger] tasklist.exe

IFEO\browsersafeguard.exe: [Debugger] tasklist.exe

IFEO\dprotectsvc.exe: [Debugger] tasklist.exe

IFEO\jumpflip: [Debugger] tasklist.exe

IFEO\protectedsearch.exe: [Debugger] tasklist.exe

IFEO\searchinstaller.exe: [Debugger] tasklist.exe

IFEO\searchprotection.exe: [Debugger] tasklist.exe

IFEO\searchprotector.exe: [Debugger] tasklist.exe

IFEO\searchsettings.exe: [Debugger] tasklist.exe

IFEO\searchsettings64.exe: [Debugger] tasklist.exe

IFEO\snapdo.exe: [Debugger] tasklist.exe

IFEO\stinst32.exe: [Debugger] tasklist.exe

IFEO\stinst64.exe: [Debugger] tasklist.exe

IFEO\umbrella.exe: [Debugger] tasklist.exe

IFEO\utiljumpflip.exe: [Debugger] tasklist.exe

IFEO\volaro: [Debugger] tasklist.exe

IFEO\vonteera: [Debugger] tasklist.exe

IFEO\websteroids.exe: [Debugger] tasklist.exe

IFEO\websteroidsservice.exe: [Debugger] tasklist.exe

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877

ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKLM -> DefaultScope {0C00C7CA-668A-4AE1-9D55-159E68DD3E7A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM -> {0C00C7CA-668A-4AE1-9D55-159E68DD3E7A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox



SearchScopes: HKLM -> {A8DB711C-D5E3-4979-B363-D878ADA9FDAF} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql

SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 


BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

Toolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File

Toolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\16\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-04]

FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru

FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru

FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-05]

FF HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

 

Chrome: 

=======

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-05]

CHR Extension: (Google Docs) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-05]

CHR Extension: (Google Drive) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-05]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-05]

CHR Extension: (YouTube) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-05]

CHR Extension: (Google Search) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-05]

CHR Extension: (Google Sheets) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-05]

CHR Extension: (Avast Online Security) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-05]

CHR Extension: (Google Wallet) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-05]

CHR Extension: (Gmail) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-05]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-05]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-05] (AVAST Software)

S4 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] () [File not signed]

S4 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)

S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]

S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]

S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()

S4 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-05] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-05] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-05] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-05] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-05] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-05] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-05] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-05] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-09] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-06-03] (Novatel Wireless Inc.)

S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-06-03] (Novatel Wireless Inc.)

S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-06-03] (Novatel Wireless Inc.)

S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-09 18:54 - 2015-01-09 18:54 - 00000049 _____ () C:\Users\Boyd\Desktop\MBAM Scan.txt

2015-01-09 13:14 - 2015-01-09 13:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Boyd\Desktop\mbam-setup-2.0.4.1028.exe

2015-01-09 13:09 - 2015-01-09 13:09 - 00022038 _____ () C:\Users\Boyd\Desktop\AdwCleaner[R0].txt

2015-01-09 12:57 - 2015-01-09 12:59 - 00000000 ____D () C:\AdwCleaner

2015-01-09 12:55 - 2015-01-09 12:55 - 02191360 _____ () C:\Users\Boyd\Desktop\adwcleaner_4.107.exe

2015-01-09 12:53 - 2015-01-09 12:53 - 00000470 _____ () C:\Users\Boyd\Desktop\defogger_disable.log

2015-01-09 12:53 - 2015-01-09 12:53 - 00000000 _____ () C:\Users\Boyd\defogger_reenable

2015-01-09 12:40 - 2015-01-09 12:40 - 00050477 _____ () C:\Users\Boyd\Desktop\Defogger.exe

2015-01-08 17:49 - 2015-01-08 17:49 - 00036799 _____ () C:\Users\Boyd\Desktop\Addition.txt

2015-01-08 17:47 - 2015-01-09 19:06 - 00017924 _____ () C:\Users\Boyd\Desktop\FRST.txt

2015-01-08 17:47 - 2015-01-09 19:05 - 00000000 ____D () C:\FRST

2015-01-08 17:26 - 2015-01-08 17:26 - 02124288 _____ (Farbar) C:\Users\Boyd\Desktop\FRST64.exe

2015-01-05 16:18 - 2015-01-09 18:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-05 16:18 - 2015-01-05 16:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-05 11:53 - 2015-01-05 11:53 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia

2015-01-05 11:53 - 2015-01-05 11:53 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia

2015-01-05 11:39 - 2015-01-05 11:39 - 00000000 ____D () C:\Users\Boyd\AppData\Roaming\AVAST Software

2015-01-05 11:31 - 2015-01-05 19:38 - 00000000 ____D () C:\Program Files\Google

2015-01-05 11:31 - 2015-01-05 11:39 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2015-01-05 11:31 - 2015-01-05 11:31 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2015-01-05 11:31 - 2015-01-05 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2015-01-05 11:30 - 2015-01-05 11:30 - 00002219 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-05 11:30 - 2015-01-05 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-05 11:27 - 2015-01-09 18:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-05 11:27 - 2015-01-09 18:05 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-05 11:27 - 2015-01-05 19:38 - 00000000 ____D () C:\Program Files (x86)\Google

2015-01-05 11:27 - 2015-01-05 11:31 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2015-01-05 11:27 - 2015-01-05 11:27 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2015-01-05 11:27 - 2015-01-05 11:27 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-01-05 11:27 - 2015-01-05 11:27 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-01-05 11:21 - 2015-01-05 11:21 - 00000000 ____D () C:\Program Files\AVAST Software

2015-01-05 11:20 - 2015-01-05 11:21 - 00000000 ____D () C:\ProgramData\AVAST Software

2015-01-05 11:20 - 2015-01-05 11:20 - 05006864 _____ (AVAST Software) C:\Users\Boyd\Downloads\avast_free_antivirus_setup_online.exe

2015-01-04 22:42 - 2015-01-09 18:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-04 22:35 - 2015-01-09 13:17 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-04 22:35 - 2015-01-09 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-04 22:35 - 2015-01-09 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-04 22:35 - 2015-01-04 22:35 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-04 22:35 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-04 22:35 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-04 22:35 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-04 22:31 - 2015-01-04 22:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Boyd\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-04 18:49 - 2015-01-05 16:59 - 00001911 _____ () C:\Users\Boyd\Uninstall-VzInHomeAgentlog.log

2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\SavoELoTus

2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\NettoCouupon

2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\Fun22Save

2014-12-27 07:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\NettoCouupon

2014-12-27 04:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\Fun22Save

2014-12-27 03:23 - 2014-12-27 03:23 - 00000000 __SHD () C:\Users\Boyd\AppData\Local\EmieBrowserModeList

2014-12-27 02:25 - 2014-12-27 02:25 - 00022528 _____ () C:\Users\Boyd\AppData\Local\dsisetup791196192.exe

2014-12-27 02:25 - 2014-12-27 02:25 - 00000010 _____ () C:\Users\Boyd\AppData\Local\DSI.DAT

2014-12-26 23:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\SavoELoTus

2014-12-26 08:14 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-26 08:14 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-12-26 08:14 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-12-26 08:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-12-26 08:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-12-26 08:14 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-12-26 08:14 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-12-26 04:20 - 2014-12-26 04:20 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-26 03:09 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-26 03:09 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-26 03:09 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-12-26 03:09 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-12-26 03:09 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-12-26 03:09 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-12-26 03:09 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2014-12-26 03:09 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2014-12-26 03:09 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2014-12-26 03:09 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-25 13:08 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-25 13:08 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-25 13:08 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-25 13:08 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-25 13:08 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-25 13:08 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-25 13:08 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-25 13:08 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-25 13:08 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-25 13:08 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-25 13:08 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-25 13:08 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-25 13:08 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-25 13:08 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-25 13:08 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-25 13:08 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-25 13:08 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-25 13:08 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-25 13:08 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-25 13:08 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-25 13:08 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-25 13:08 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-25 13:08 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-25 13:08 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-25 13:08 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-25 13:08 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-25 13:08 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-25 13:08 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-25 13:08 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-25 13:08 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-25 13:08 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-25 13:08 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-25 13:08 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-25 13:08 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-25 13:08 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-25 13:08 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-25 13:08 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-25 13:08 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-25 13:08 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-25 13:08 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-25 13:08 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-25 13:08 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-25 13:08 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-25 13:08 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-25 13:08 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-25 13:08 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-25 13:08 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-25 13:08 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-12-25 13:08 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2014-12-25 13:08 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2014-12-25 13:08 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2014-12-25 13:08 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2014-12-25 13:08 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-12-25 13:08 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-12-25 13:08 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-12-25 13:08 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-12-25 13:07 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-25 13:07 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-25 13:07 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-25 13:07 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-25 13:07 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-25 13:07 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-25 13:07 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-25 13:07 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-25 13:07 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-25 13:07 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-25 13:07 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-25 13:07 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-25 13:06 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-12-25 13:06 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2014-12-25 13:06 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-12-25 13:06 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

2014-12-25 13:06 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-25 13:06 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-25 13:06 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-25 13:06 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-25 13:06 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-12-25 13:06 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-12-25 13:06 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-12-25 13:06 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-12-25 13:06 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-12-25 13:06 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-25 13:06 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2014-12-25 13:06 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-25 13:06 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-25 13:06 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-25 13:06 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2014-12-25 13:06 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2014-12-25 13:06 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2014-12-25 13:06 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2014-12-25 13:06 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-25 13:06 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-25 13:06 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-25 13:06 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-25 13:06 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-25 13:06 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2014-12-25 13:06 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2014-12-25 13:06 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-25 13:06 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-12-25 13:06 - 2014-0

Share this post


Link to post
Share on other sites
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015

Ran by Boyd (administrator) on BOYD-PC on 09-01-2015 19:05:30

Running from C:\Users\Boyd\Desktop

Loaded Profile: Boyd (Available profiles: Boyd)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [HP Quick Launch] => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)

HKLM-x32\...\Run: [sSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2015-01-05] (AVAST Software)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe /startup

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [My Driver Updater] => C:\Program Files (x86)\My Driver Updater\MDULauncher.exe [133432 2014-02-06] (Softitube Ltd)

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\MountPoints2: G - G:\VZAccess_Manager.exe /z detect

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\MountPoints2: {f7b5a9cc-826f-11e1-bf4b-c80aa9d9e931} - G:\VZAccess_Manager.exe /z detect

AppInit_DLLs-x32: c:\progra~2\suppor~1\suppor~1.dll => "c:\progra~2\suppor~1\suppor~1.dll" File Not Found

IFEO\bitguard.exe: [Debugger] tasklist.exe

IFEO\bprotect.exe: [Debugger] tasklist.exe

IFEO\bpsvc.exe: [Debugger] tasklist.exe

IFEO\browserdefender.exe: [Debugger] tasklist.exe

IFEO\browserprotect.exe: [Debugger] tasklist.exe

IFEO\browsersafeguard.exe: [Debugger] tasklist.exe

IFEO\dprotectsvc.exe: [Debugger] tasklist.exe

IFEO\jumpflip: [Debugger] tasklist.exe

IFEO\protectedsearch.exe: [Debugger] tasklist.exe

IFEO\searchinstaller.exe: [Debugger] tasklist.exe

IFEO\searchprotection.exe: [Debugger] tasklist.exe

IFEO\searchprotector.exe: [Debugger] tasklist.exe

IFEO\searchsettings.exe: [Debugger] tasklist.exe

IFEO\searchsettings64.exe: [Debugger] tasklist.exe

IFEO\snapdo.exe: [Debugger] tasklist.exe

IFEO\stinst32.exe: [Debugger] tasklist.exe

IFEO\stinst64.exe: [Debugger] tasklist.exe

IFEO\umbrella.exe: [Debugger] tasklist.exe

IFEO\utiljumpflip.exe: [Debugger] tasklist.exe

IFEO\volaro: [Debugger] tasklist.exe

IFEO\vonteera: [Debugger] tasklist.exe

IFEO\websteroids.exe: [Debugger] tasklist.exe

IFEO\websteroidsservice.exe: [Debugger] tasklist.exe

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877

ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKLM -> DefaultScope {0C00C7CA-668A-4AE1-9D55-159E68DD3E7A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM -> {0C00C7CA-668A-4AE1-9D55-159E68DD3E7A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox



SearchScopes: HKLM -> {A8DB711C-D5E3-4979-B363-D878ADA9FDAF} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql

SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 


BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

Toolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File

Toolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\16\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-04]

FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru

FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru

FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-05]

FF HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

 

Chrome: 

=======

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-05]

CHR Extension: (Google Docs) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-05]

CHR Extension: (Google Drive) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-05]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-05]

CHR Extension: (YouTube) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-05]

CHR Extension: (Google Search) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-05]

CHR Extension: (Google Sheets) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-05]

CHR Extension: (Avast Online Security) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-05]

CHR Extension: (Google Wallet) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-05]

CHR Extension: (Gmail) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-05]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-05]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-05] (AVAST Software)

S4 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] () [File not signed]

S4 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)

S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]

S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]

S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()

S4 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-05] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-05] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-05] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-05] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-05] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-05] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-05] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-05] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-09] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-06-03] (Novatel Wireless Inc.)

S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-06-03] (Novatel Wireless Inc.)

S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-06-03] (Novatel Wireless Inc.)

S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-09 18:54 - 2015-01-09 18:54 - 00000049 _____ () C:\Users\Boyd\Desktop\MBAM Scan.txt

2015-01-09 13:14 - 2015-01-09 13:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Boyd\Desktop\mbam-setup-2.0.4.1028.exe

2015-01-09 13:09 - 2015-01-09 13:09 - 00022038 _____ () C:\Users\Boyd\Desktop\AdwCleaner[R0].txt

2015-01-09 12:57 - 2015-01-09 12:59 - 00000000 ____D () C:\AdwCleaner

2015-01-09 12:55 - 2015-01-09 12:55 - 02191360 _____ () C:\Users\Boyd\Desktop\adwcleaner_4.107.exe

2015-01-09 12:53 - 2015-01-09 12:53 - 00000470 _____ () C:\Users\Boyd\Desktop\defogger_disable.log

2015-01-09 12:53 - 2015-01-09 12:53 - 00000000 _____ () C:\Users\Boyd\defogger_reenable

2015-01-09 12:40 - 2015-01-09 12:40 - 00050477 _____ () C:\Users\Boyd\Desktop\Defogger.exe

2015-01-08 17:49 - 2015-01-08 17:49 - 00036799 _____ () C:\Users\Boyd\Desktop\Addition.txt

2015-01-08 17:47 - 2015-01-09 19:06 - 00017924 _____ () C:\Users\Boyd\Desktop\FRST.txt

2015-01-08 17:47 - 2015-01-09 19:05 - 00000000 ____D () C:\FRST

2015-01-08 17:26 - 2015-01-08 17:26 - 02124288 _____ (Farbar) C:\Users\Boyd\Desktop\FRST64.exe

2015-01-05 16:18 - 2015-01-09 18:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-05 16:18 - 2015-01-05 16:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-05 11:53 - 2015-01-05 11:53 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia

2015-01-05 11:53 - 2015-01-05 11:53 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia

2015-01-05 11:39 - 2015-01-05 11:39 - 00000000 ____D () C:\Users\Boyd\AppData\Roaming\AVAST Software

2015-01-05 11:31 - 2015-01-05 19:38 - 00000000 ____D () C:\Program Files\Google

2015-01-05 11:31 - 2015-01-05 11:39 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2015-01-05 11:31 - 2015-01-05 11:31 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2015-01-05 11:31 - 2015-01-05 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2015-01-05 11:30 - 2015-01-05 11:30 - 00002219 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-05 11:30 - 2015-01-05 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-05 11:27 - 2015-01-09 18:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-05 11:27 - 2015-01-09 18:05 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-05 11:27 - 2015-01-05 19:38 - 00000000 ____D () C:\Program Files (x86)\Google

2015-01-05 11:27 - 2015-01-05 11:31 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2015-01-05 11:27 - 2015-01-05 11:27 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2015-01-05 11:27 - 2015-01-05 11:27 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-01-05 11:27 - 2015-01-05 11:27 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-01-05 11:21 - 2015-01-05 11:21 - 00000000 ____D () C:\Program Files\AVAST Software

2015-01-05 11:20 - 2015-01-05 11:21 - 00000000 ____D () C:\ProgramData\AVAST Software

2015-01-05 11:20 - 2015-01-05 11:20 - 05006864 _____ (AVAST Software) C:\Users\Boyd\Downloads\avast_free_antivirus_setup_online.exe

2015-01-04 22:42 - 2015-01-09 18:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-04 22:35 - 2015-01-09 13:17 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-04 22:35 - 2015-01-09 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-04 22:35 - 2015-01-09 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-04 22:35 - 2015-01-04 22:35 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-04 22:35 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-04 22:35 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-04 22:35 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-04 22:31 - 2015-01-04 22:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Boyd\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-04 18:49 - 2015-01-05 16:59 - 00001911 _____ () C:\Users\Boyd\Uninstall-VzInHomeAgentlog.log

2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\SavoELoTus

2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\NettoCouupon

2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\Fun22Save

2014-12-27 07:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\NettoCouupon

2014-12-27 04:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\Fun22Save

2014-12-27 03:23 - 2014-12-27 03:23 - 00000000 __SHD () C:\Users\Boyd\AppData\Local\EmieBrowserModeList

2014-12-27 02:25 - 2014-12-27 02:25 - 00022528 _____ () C:\Users\Boyd\AppData\Local\dsisetup791196192.exe

2014-12-27 02:25 - 2014-12-27 02:25 - 00000010 _____ () C:\Users\Boyd\AppData\Local\DSI.DAT

2014-12-26 23:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\SavoELoTus

2014-12-26 08:14 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-26 08:14 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-12-26 08:14 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-12-26 08:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-12-26 08:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-12-26 08:14 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-12-26 08:14 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-12-26 04:20 - 2014-12-26 04:20 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-26 03:09 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-26 03:09 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-26 03:09 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-12-26 03:09 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-12-26 03:09 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-12-26 03:09 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-12-26 03:09 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2014-12-26 03:09 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2014-12-26 03:09 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2014-12-26 03:09 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-25 13:08 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-25 13:08 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-25 13:08 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-25 13:08 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-25 13:08 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-25 13:08 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-25 13:08 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-25 13:08 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-25 13:08 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-25 13:08 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-25 13:08 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-25 13:08 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-25 13:08 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-25 13:08 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-25 13:08 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-25 13:08 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-25 13:08 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-25 13:08 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-25 13:08 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-25 13:08 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-25 13:08 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-25 13:08 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-25 13:08 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-25 13:08 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-25 13:08 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-25 13:08 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-25 13:08 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-25 13:08 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-25 13:08 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-25 13:08 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-25 13:08 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-25 13:08 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-25 13:08 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-25 13:08 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-25 13:08 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-25 13:08 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-25 13:08 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-25 13:08 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-25 13:08 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-25 13:08 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-25 13:08 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-25 13:08 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-25 13:08 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-25 13:08 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-25 13:08 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-25 13:08 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-25 13:08 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-25 13:08 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-12-25 13:08 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2014-12-25 13:08 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2014-12-25 13:08 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2014-12-25 13:08 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2014-12-25 13:08 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-12-25 13:08 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-12-25 13:08 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-12-25 13:08 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-12-25 13:07 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-25 13:07 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-25 13:07 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-25 13:07 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-25 13:07 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-25 13:07 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-25 13:07 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-25 13:07 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-25 13:07 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-25 13:07 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-25 13:07 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-25 13:07 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-25 13:06 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-12-25 13:06 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2014-12-25 13:06 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-12-25 13:06 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

2014-12-25 13:06 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-25 13:06 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-25 13:06 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-25 13:06 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-25 13:06 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-12-25 13:06 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-12-25 13:06 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-12-25 13:06 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-12-25 13:06 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-12-25 13:06 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-25 13:06 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2014-12-25 13:06 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-25 13:06 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-25 13:06 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-25 13:06 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2014-12-25 13:06 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2014-12-25 13:06 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2014-12-25 13:06 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2014-12-25 13:06 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-25 13:06 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-25 13:06 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-25 13:06 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-25 13:06 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-25 13:06 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2014-12-25 13:06 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2014-12-25 13:06 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-25 13:06 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-12-25 13:06 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-12-25 13:06 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-12-25 13:06 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL

2014-12-25 13:06 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL

2014-12-25 13:06 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-12-25 13:06 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2014-12-25 13:06 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-12-25 13:06 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-12-25 13:06 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-12-25 13:06 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-12-25 13:06 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-12-25 13:06 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-12-25 13:06 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2014-12-25 13:06 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-12-25 13:06 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-12-25 13:05 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-12-25 13:05 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-12-25 13:05 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2014-12-25 13:05 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

2014-12-25 13:05 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-12-25 13:05 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-12-25 13:05 - 2014-06-03 04:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-12-25 13:05 - 2014-06-03 04:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-12-25 13:05 - 2014-06-03 04:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-12-25 13:05 - 2014-06-03 03:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-12-25 13:05 - 2014-06-03 03:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-12-25 12:41 - 2014-08-01 05:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-12-25 12:41 - 2014-08-01 05:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-12-25 12:39 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-12-25 12:39 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2014-12-25 12:39 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-12-25 12:39 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-12-25 12:39 - 2014-06-15 20:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-12-25 12:38 - 2014-06-24 20:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-12-25 12:38 - 2014-06-24 19:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-12-25 12:35 - 2014-08-22 20:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-12-25 12:35 - 2014-08-22 19:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-12-25 12:35 - 2014-07-13 20:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-12-25 12:34 - 2014-07-13 19:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-12-25 12:25 - 2014-12-30 01:25 - 00000138 _____ () C:\Users\Boyd\AppData\Roaming\WB.CFG

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-09 18:13 - 2009-07-13 22:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-09 18:13 - 2009-07-13 22:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-09 18:09 - 2011-07-02 12:08 - 00000000 ____D () C:\Users\Boyd\Desktop\AGC pics 2011 (1)

2015-01-09 18:06 - 2011-01-29 16:21 - 00000000 ____D () C:\Users\Boyd\Tracing

2015-01-09 18:05 - 2014-06-28 22:42 - 00000258 __RSH () C:\ProgramData\ntuser.pol

2015-01-09 18:05 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-09 18:04 - 2011-02-07 09:37 - 00000000 ____D () C:\Windows\Sun

2015-01-09 18:04 - 2010-09-01 12:46 - 00552244 _____ () C:\Windows\PFRO.log

2015-01-09 12:53 - 2011-01-29 15:32 - 00000000 ____D () C:\Users\Boyd

2015-01-08 16:52 - 2010-09-01 12:03 - 01956353 _____ () C:\Windows\WindowsUpdate.log

2015-01-05 17:19 - 2014-06-28 22:42 - 00000000 ____D () C:\Users\Boyd\AppData\Local\Google

2015-01-05 16:59 - 2012-11-04 15:04 - 00000000 ____D () C:\Program Files (x86)\Verizon

2015-01-05 16:59 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2015-01-05 16:18 - 2012-08-18 12:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-05 16:18 - 2012-08-18 12:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-05 11:53 - 2011-02-03 11:42 - 00000000 ____D () C:\Users\Boyd\AppData\Local\Adobe

2015-01-05 11:53 - 2011-01-29 15:51 - 00000000 ____D () C:\Users\Boyd\AppData\Roaming\Adobe

2015-01-05 11:53 - 2010-03-30 20:58 - 00000000 ____D () C:\Program Files (x86)\Adobe

2015-01-05 08:15 - 2009-07-13 23:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-05 08:09 - 2009-07-13 22:51 - 00118816 _____ () C:\Windows\setupact.log

2015-01-05 08:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SchCache

2015-01-05 08:08 - 2014-06-28 22:42 - 00000000 ____D () C:\Program Files (x86)\Supporter

2015-01-05 00:01 - 2010-09-01 13:41 - 00000000 ____D () C:\ProgramData\Recovery

2015-01-04 23:48 - 2014-06-27 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon

2015-01-04 23:48 - 2014-06-25 20:38 - 00000000 ____D () C:\Program Files (x86)\File Type Helper

2015-01-04 23:48 - 2011-12-25 13:21 - 00000000 ____D () C:\ProgramData\InstallShield

2015-01-04 23:48 - 2011-01-29 15:47 - 00000000 ____D () C:\Users\Boyd\AppData\Local\Hewlett-Packard

2015-01-04 23:48 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration

2015-01-04 23:38 - 2014-07-31 21:07 - 00000000 ____D () C:\ProgramData\Systweak

2015-01-04 23:38 - 2014-07-31 21:06 - 00000000 ____D () C:\Users\Boyd\AppData\Roaming\Systweak

2015-01-04 23:38 - 2014-07-31 20:58 - 00000000 ____D () C:\Users\Boyd\AppData\Local\com

2015-01-04 23:37 - 2014-07-08 20:00 - 00000000 ____D () C:\ProgramData\AllCheapPriceu

2015-01-04 23:37 - 2014-06-28 22:25 - 00000000 ____D () C:\Users\Boyd\AppData\Local\LPT

2015-01-04 23:37 - 2014-06-28 22:23 - 00000000 ____D () C:\Users\Boyd\AppData\Local\26379

2015-01-04 23:37 - 2013-07-25 20:08 - 00000000 ____D () C:\ProgramData\Wincert

2015-01-04 23:24 - 2011-02-07 09:46 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2015-01-04 23:22 - 2011-10-29 08:03 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2015-01-04 22:19 - 2009-07-13 23:08 - 00032544 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-01-04 22:13 - 2009-07-13 22:45 - 00430848 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-01-04 18:50 - 2014-06-25 20:38 - 00000019 _____ () C:\END

2014-12-27 07:25 - 2014-06-28 22:42 - 00000000 ____D () C:\ProgramData\c7cfa554ab0382c9

2014-12-27 03:21 - 2009-07-13 22:51 - 00118648 _____ () C:\Windows\setupact(17).log

2014-12-26 06:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache

2014-12-26 04:20 - 2014-06-26 04:10 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-26 04:20 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-26 04:20 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-26 03:50 - 2011-04-07 20:53 - 00000000 ____D () C:\Windows\System32\Tasks\Games

2014-12-26 03:31 - 2014-06-26 03:31 - 00000000 ____D () C:\Windows\system32\MRT

2014-12-26 03:14 - 2011-07-12 09:41 - 00779192 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-12-25 10:49 - 2014-07-31 17:01 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro

 

Files to move or delete:

====================

C:\ProgramData\1315581722-bomgar-scc-installer.exe.exe

C:\ProgramData\1315582289-bomgar-scc-installer.exe.exe

C:\ProgramData\1315583468-bomgar-scc-installer.exe.exe

C:\ProgramData\1315584297-bomgar-scc-installer.exe.exe

C:\ProgramData\1315585810-bomgar-scc-installer.exe.exe

C:\ProgramData\1315586077-bomgar-scc-installer.exe.exe

C:\ProgramData\1315587940-bomgar-scc-installer.exe.exe

C:\ProgramData\1315588612-bomgar-scc-installer.exe.exe

C:\ProgramData\1315588837-bomgar-scc-installer.exe.exe

C:\ProgramData\1315591363-bomgar-scc-installer.exe.exe

C:\ProgramData\1315591471-bomgar-scc-installer.exe.exe

C:\ProgramData\1315591624-bomgar-scc-installer.exe.exe

C:\ProgramData\1315591887-bomgar-scc-installer.exe.exe

C:\ProgramData\1315592671-bomgar-scc-installer.exe.exe

C:\ProgramData\1315593755-bomgar-scc-installer.exe.exe

C:\ProgramData\1315594052-bomgar-scc-installer.exe.exe

C:\ProgramData\1315596781-bomgar-scc-installer.exe.exe

C:\ProgramData\1315597278-bomgar-scc-installer.exe.exe

C:\ProgramData\1315598164-bomgar-scc-installer.exe.exe

C:\ProgramData\1315598332-bomgar-scc-installer.exe.exe

C:\ProgramData\1315598739-bomgar-scc-installer.exe.exe

C:\ProgramData\1315600906-bomgar-scc-installer.exe.exe

C:\ProgramData\1315601035-bomgar-scc-installer.exe.exe

C:\ProgramData\1315601397-bomgar-scc-installer.exe.exe

C:\ProgramData\1315602204-bomgar-scc-installer.exe.exe

C:\ProgramData\1315603346-bomgar-scc-installer.exe.exe

C:\ProgramData\1315603365-bomgar-scc-installer.exe.exe

C:\ProgramData\1315604149-bomgar-scc-installer.exe.exe

C:\ProgramData\1315604357-bomgar-scc-installer.exe.exe

C:\ProgramData\1315605023-bomgar-scc-installer.exe.exe

C:\ProgramData\1315605283-bomgar-scc-installer.exe.exe

C:\ProgramData\1315605819-bomgar-scc-installer.exe.exe

C:\ProgramData\1315607882-bomgar-scc-installer.exe.exe

C:\ProgramData\1315608730-bomgar-scc-installer.exe.exe

C:\ProgramData\1315609233-bomgar-scc-installer.exe.exe

C:\ProgramData\1315609470-bomgar-scc-installer.exe.exe

C:\ProgramData\1315609848-bomgar-scc-installer.exe.exe

C:\ProgramData\1315609924-bomgar-scc-installer.exe.exe

C:\ProgramData\1315611082-bomgar-scc-installer.exe.exe

C:\ProgramData\1315611232-bomgar-scc-installer.exe.exe

C:\ProgramData\1315612911-bomgar-scc-installer.exe.exe

C:\ProgramData\1315616767-bomgar-scc-installer.exe.exe

C:\ProgramData\1315618505-bomgar-scc-installer.exe.exe

C:\ProgramData\1315619075-bomgar-scc-installer.exe.exe

C:\ProgramData\1315619225-bomgar-scc-installer.exe.exe

C:\ProgramData\1315619527-bomgar-scc-installer.exe.exe

C:\ProgramData\1315621657-bomgar-scc-installer.exe.exe

C:\ProgramData\1329185158-bomgar-scc-installer.exe.exe

 

 

Some content of TEMP:

====================

C:\Users\Boyd\AppData\Local\Temp\ApnStub.exe

C:\Users\Boyd\AppData\Local\Temp\eject.exe

C:\Users\Boyd\AppData\Local\Temp\exe2pin.exe

C:\Users\Boyd\AppData\Local\Temp\Extract.exe

C:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate.exe

C:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate01.exe

C:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate02.exe

C:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate03.exe

C:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate04.exe

C:\Users\Boyd\AppData\Local\Temp\helper.exe

C:\Users\Boyd\AppData\Local\Temp\HPQSi.exe

C:\Users\Boyd\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe

C:\Users\Boyd\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe

C:\Users\Boyd\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe

C:\Users\Boyd\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe

C:\Users\Boyd\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe

C:\Users\Boyd\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe

C:\Users\Boyd\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe

C:\Users\Boyd\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe

C:\Users\Boyd\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe

C:\Users\Boyd\AppData\Local\Temp\optprosetup.exe

C:\Users\Boyd\AppData\Local\Temp\propsys.dll

C:\Users\Boyd\AppData\Local\Temp\Quarantine.exe

C:\Users\Boyd\AppData\Local\Temp\Resource.exe

C:\Users\Boyd\AppData\Local\Temp\setup.exe

C:\Users\Boyd\AppData\Local\Temp\SP47636.exe

C:\Users\Boyd\AppData\Local\Temp\SP49521.exe

C:\Users\Boyd\AppData\Local\Temp\SP49522.exe

C:\Users\Boyd\AppData\Local\Temp\SP49524.exe

C:\Users\Boyd\AppData\Local\Temp\SP50718.exe

C:\Users\Boyd\AppData\Local\Temp\SP50720.exe

C:\Users\Boyd\AppData\Local\Temp\SP50843.exe

C:\Users\Boyd\AppData\Local\Temp\sp50843.exe.exe

C:\Users\Boyd\AppData\Local\Temp\SP51865.exe

C:\Users\Boyd\AppData\Local\Temp\SP51976.exe

C:\Users\Boyd\AppData\Local\Temp\SP52093.exe

C:\Users\Boyd\AppData\Local\Temp\sp52110.exe.exe

C:\Users\Boyd\AppData\Local\Temp\SP52407.exe

C:\Users\Boyd\AppData\Local\Temp\sp54373.exe

C:\Users\Boyd\AppData\Local\Temp\sp54620.exe

C:\Users\Boyd\AppData\Local\Temp\sqlite3.dll

C:\Users\Boyd\AppData\Local\Temp\UninstallHPSA.exe

C:\Users\Boyd\AppData\Local\Temp\UninstallHPTCA.exe

C:\Users\Boyd\AppData\Local\Temp\vcredist_x64.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-04 00:16

 

==================== End Of Log ============================

Share this post


Link to post
Share on other sites
I apologize, I accidentally posted the FRST file twice....I'm sorry......

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015

Ran by Boyd at 2015-01-09 19:06:57

Running from C:\Users\Boyd\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden

6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

6500_E709n (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)

Adobe Reader 9.5.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)

Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden

bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden

BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden

BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Cake Mania (x32 Version: 2.2.0.82 - WildTangent) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2216 - CyberLink Corp.)

CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3419 - CyberLink Corp.)

CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1110 - CyberLink Corp.)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.)

Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden

DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden

DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden

Dora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) Hidden

Dragon NaturallySpeaking 10 (HKLM-x32\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.)

Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden

ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)

Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden

FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden

Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden

GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)

HP Quick Launch (HKLM\...\{10F539B1-31AF-43BF-9F0C-0EB66E918922}) (Version: 1.0.18 - Hewlett-Packard)

HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)

HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)

HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)

HP User Guides 0178 (HKLM-x32\...\{9A4317FB-5775-4FB3-BDC9-995595106F1F}) (Version: 1.02.0000 - Hewlett-Packard)

HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)

HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

IHA_MessageCenter (HKLM-x32\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)

Java 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)

Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Jewel Quest Solitaire 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2215 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.) Hidden

LightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)

Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

Mobile Broadband Generic Drivers (HKLM-x32\...\Mobile Broadband Generic Drivers) (Version: 2.03.09.005.14 - Novatel Wireless)

Mobile Broadband Generic Drivers (x32 Version: 2.03.09.005.14 - Novatel Wireless) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

muvee Reveal (HKLM-x32\...\{DE626616-D7C4-4F00-7E0B-EAF26FA65749}) (Version: 7.0.43.12698 - muvee Technologies Pte Ltd)

Muvic Smartbar (HKLM-x32\...\{1EB8010A-F431-4F8F-874A-506B2B51F3D2}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTION

Muvic Smartbar Engine (HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\{9ea891cc-fef7-48f5-a063-2dbff1e69925}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTION

My Driver Updater v3.1 (HKLM-x32\...\My Driver Updater_is1) (Version: 3.1 - Softitube Ltd)

Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82 - WildTangent) Hidden

Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden

OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)

Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden

Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden

Poker Superstars III (x32 Version: 2.2.0.82 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3415 - CyberLink Corp.)

Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.) Hidden

PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3420 - CyberLink Corp.)

PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.) Hidden

ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden

Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)

REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0104 - REALTEK Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden

RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)

Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)

SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden

Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)

TextTwist 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden

TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Verizon Wireless USB760 Firmware Updates (HKLM-x32\...\{629CCE02-041D-4577-892C-577861181771}) (Version: 1.0.0 - Smith Micro Software, Inc.)

Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden

Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden

Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}) (Version: 10.00.800.228 - Nuance Communications Inc.)

Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden

Wheel of Fortune 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.2 - WildTangent)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

Could not list restore points.

Check "winmgmt" service or repair WMI.

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0BD1443C-454B-4D75-B545-A7CCD4B8AE78} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {0F95D69B-6B65-4D10-B427-9F864487602F} - \ASP No Task File <==== ATTENTION

Task: {26F6765E-F7FC-4304-9FDA-EFA6C7C0D67C} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()

Task: {302D416F-A8AA-421E-98ED-F3A12E4D2B8B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-05] (AVAST Software)

Task: {319D46DC-C829-47E2-815E-C7AC14C6E993} - System32\Tasks\{F2B7C2F5-68CE-445C-C41D-AFBC935FA559} => C:\Users\Boyd\AppData\Roaming\ipqrpla.dll/s "C:\Users\Boyd\AppData\Roaming\ipqrpla.dll" <==== ATTENTION

Task: {483C22B9-A58A-4451-B636-76BE2D08A4AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)

Task: {55E244FC-E224-4D19-9CDF-B6210B92F6D6} - System32\Tasks\{CF10AF8B-2611-4E13-84D8-D71229268B19} => C:\Users\Boyd\Desktop\SpiderSolitaire.exe

Task: {63FB9057-1496-48ED-AAD0-B849FEF2CDFB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)

Task: {67FB2EA8-84AB-4A6C-B7C8-5757584AD63D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)

Task: {6AB44665-9B1E-4F38-ADCC-2EE0541CE76B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard)

Task: {796CC964-88EA-4C3F-B046-A1CEAF9C2426} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)

Task: {7C8D155E-16EC-4784-B4CB-0B4F9E1859B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-05] (Adobe Systems Incorporated)

Task: {90819DBE-9F00-4C10-B651-9C1B7D5942FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)

Task: {9133F45D-2B4D-4258-9390-65D16ADA3128} - System32\Tasks\{53584188-C34C-4CC2-B608-3042639DCA21} => pcalua.exe -a G:\VZAccess_Manager.exe -d G:\ -c /z detect

Task: {AF5C8E7D-C817-4CC6-9C75-37AE1E3B3712} - System32\Tasks\{CD2B7EC7-4B6F-425E-9E6F-235DEDB32636} => pcalua.exe -a C:\ProgramData\AllCheapPriceu\2LKp.exe -c /s /n /i:"ExecuteCommands;UninstallCommands" ""

Task: {C973FEE1-E0EF-4D67-BB3C-5C2EBE6F7FA0} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {CAB67526-F5B8-44A7-8B74-84550C48FE3B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)

Task: {E20E5288-FEB3-4E19-9CCB-79D6243A1445} - System32\Tasks\{CDC13677-F32F-D2E5-BC87-D5CBC5B0EA7E} => C:\Users\Boyd\AppData\Roaming\aswcz.dll/s "C:\Users\Boyd\AppData\Roaming\aswcz.dll" <==== ATTENTION

Task: {EED2CD5E-D355-4D1A-9A79-A3C3F642F091} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2015-01-05 15:56 - 2015-01-05 15:56 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010501\algo.dll

2010-02-22 12:19 - 2010-02-22 12:19 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

2010-02-22 12:19 - 2010-02-22 12:19 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

2010-02-22 12:19 - 2010-02-22 12:19 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

2015-01-05 11:27 - 2015-01-05 11:27 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-12-08 13:36 - 2014-02-10 11:04 - 00430080 _____ () C:\Windows\mod_frst.exe

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\Temp:F35A93AD

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: AeLookupSvc => 3

MSCONFIG\Services: ALG => 3

MSCONFIG\Services: AppIDSvc => 3

MSCONFIG\Services: AudioEndpointBuilder => 2

MSCONFIG\Services: AudioSrv => 2

MSCONFIG\Services: AxInstSV => 3

MSCONFIG\Services: BDESVC => 3

MSCONFIG\Services: BITS => 2

MSCONFIG\Services: Browser => 3

MSCONFIG\Services: CertPropSvc => 3

MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2

MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2

MSCONFIG\Services: COMSysApp => 3

MSCONFIG\Services: CryptSvc => 2

MSCONFIG\Services: defragsvc => 3

MSCONFIG\Services: Dhcp => 2

MSCONFIG\Services: Dnscache => 2

MSCONFIG\Services: dot3svc => 3

MSCONFIG\Services: DPS => 2

MSCONFIG\Services: EapHost => 3

MSCONFIG\Services: EFS => 3

MSCONFIG\Services: ehRecvr => 3

MSCONFIG\Services: ehSched => 3

MSCONFIG\Services: eventlog => 2

MSCONFIG\Services: EventSystem => 2

MSCONFIG\Services: Fax => 3

MSCONFIG\Services: fdPHost => 3

MSCONFIG\Services: FDResPub => 2

MSCONFIG\Services: FontCache => 2

MSCONFIG\Services: FontCache3.0.0.0 => 3

MSCONFIG\Services: GamesAppService => 3

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: hidserv => 3

MSCONFIG\Services: hkmsvc => 3

MSCONFIG\Services: HomeGroupListener => 3

MSCONFIG\Services: HomeGroupProvider => 3

MSCONFIG\Services: HP Support Assistant Service => 2

MSCONFIG\Services: HPDrvMntSvc.exe => 2

MSCONFIG\Services: hpqcxs08 => 3

MSCONFIG\Services: hpqddsvc => 2

MSCONFIG\Services: hpqwmiex => 3

MSCONFIG\Services: HPSLPSVC => 2

MSCONFIG\Services: HPWMISVC => 2

MSCONFIG\Services: idsvc => 3

MSCONFIG\Services: IEEtwCollectorService => 3

MSCONFIG\Services: IHA_MessageCenter => 2

MSCONFIG\Services: IKEEXT => 2

MSCONFIG\Services: IPBusEnum => 3

MSCONFIG\Services: iphlpsvc => 2

MSCONFIG\Services: KeyIso => 3

MSCONFIG\Services: KtmRm => 3

MSCONFIG\Services: LanmanServer => 2

MSCONFIG\Services: LanmanWorkstation => 2

MSCONFIG\Services: LightScribeService => 2

MSCONFIG\Services: lltdsvc => 3

MSCONFIG\Services: lmhosts => 2

MSCONFIG\Services: MBAMScheduler => 2

MSCONFIG\Services: MBAMService => 2

MSCONFIG\Services: MDM => 2

MSCONFIG\Services: MMCSS => 2

MSCONFIG\Services: MpsSvc => 2

MSCONFIG\Services: MSDTC => 3

MSCONFIG\Services: MSiSCSI => 3

MSCONFIG\Services: msiserver => 3

MSCONFIG\Services: napagent => 3

MSCONFIG\Services: Net Driver HPZ12 => 2

MSCONFIG\Services: Netlogon => 3

MSCONFIG\Services: Netman => 3

MSCONFIG\Services: netprofm => 3

MSCONFIG\Services: NlaSvc => 2

MSCONFIG\Services: nsi => 2

MSCONFIG\Services: ose => 3

MSCONFIG\Services: p2pimsvc => 3

MSCONFIG\Services: p2psvc => 3

MSCONFIG\Services: PcaSvc => 2

MSCONFIG\Services: PerfHost => 3

MSCONFIG\Services: pla => 3

MSCONFIG\Services: Pml Driver HPZ12 => 2

MSCONFIG\Services: PNRPAutoReg => 3

MSCONFIG\Services: PNRPsvc => 3

MSCONFIG\Services: PolicyAgent => 3

MSCONFIG\Services: Power => 2

MSCONFIG\Services: ProtectedStorage => 3

MSCONFIG\Services: QWAVE => 3

MSCONFIG\Services: RasAuto => 3

MSCONFIG\Services: RasMan => 3

MSCONFIG\Services: RemoteRegistry => 3

MSCONFIG\Services: RichVideo => 2

MSCONFIG\Services: RpcLocator => 3

MSCONFIG\Services: RtVOsdService => 2

MSCONFIG\Services: SamSs => 2

MSCONFIG\Services: SCardSvr => 3

MSCONFIG\Services: SCPolicySvc => 3

MSCONFIG\Services: SDRSVC => 3

MSCONFIG\Services: seclogon => 3

MSCONFIG\Services: SENS => 2

MSCONFIG\Services: SensrSvc => 3

MSCONFIG\Services: SessionEnv => 3

MSCONFIG\Services: SharedAccess => 3

MSCONFIG\Services: ShellHWDetection => 2

MSCONFIG\Services: SNMPTRAP => 3

MSCONFIG\Services: Spooler => 2

MSCONFIG\Services: sppuinotify => 3

MSCONFIG\Services: SSDPSRV => 3

MSCONFIG\Services: SstpSvc => 3

MSCONFIG\Services: stisvc => 2

MSCONFIG\Services: swprv => 3

MSCONFIG\Services: SysMain => 2

MSCONFIG\Services: TabletInputService => 3

MSCONFIG\Services: TapiSrv => 3

MSCONFIG\Services: TBS => 3

MSCONFIG\Services: TermService => 3

MSCONFIG\Services: Themes => 2

MSCONFIG\Services: THREADORDER => 3

MSCONFIG\Services: TrkWks => 2

MSCONFIG\Services: TrustedInstaller => 3

MSCONFIG\Services: UI0Detect => 3

MSCONFIG\Services: upnphost => 3

MSCONFIG\Services: UxSms => 2

MSCONFIG\Services: VaultSvc => 3

MSCONFIG\Services: vds => 3

MSCONFIG\Services: VSS => 3

MSCONFIG\Services: W32Time => 3

MSCONFIG\Services: WatAdminSvc => 3

MSCONFIG\Services: wbengine => 3

MSCONFIG\Services: WbioSrvc => 3

MSCONFIG\Services: wcncsvc => 3

MSCONFIG\Services: WcsPlugInService => 3

MSCONFIG\Services: WdiServiceHost => 3

MSCONFIG\Services: WdiSystemHost => 3

MSCONFIG\Services: WebClient => 3

MSCONFIG\Services: Wecsvc => 3

MSCONFIG\Services: wercplsupport => 3

MSCONFIG\Services: WerSvc => 3

MSCONFIG\Services: WinDefend => 2

MSCONFIG\Services: WinHttpAutoProxySvc => 3

MSCONFIG\Services: Winmgmt => 2

MSCONFIG\Services: WinRM => 3

MSCONFIG\Services: Wlansvc => 2

MSCONFIG\Services: wmiApSrv => 3

MSCONFIG\Services: WMPNetworkSvc => 2

MSCONFIG\Services: WPCSvc => 3

MSCONFIG\Services: WPDBusEnum => 3

MSCONFIG\Services: wscsvc => 2

MSCONFIG\Services: WSearch => 2

MSCONFIG\Services: wuauserv => 2

MSCONFIG\Services: wudfsvc => 3

MSCONFIG\Services: WwanSvc => 3

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe

MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe

MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe

MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

MSCONFIG\startupreg: RtkOSD => C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe

MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

MSCONFIG\startupreg: WirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-2175057770-1179709591-2881846538-500 - Administrator - Disabled)

Boyd (S-1-5-21-2175057770-1179709591-2881846538-1002 - Administrator - Enabled) => C:\Users\Boyd

Guest (S-1-5-21-2175057770-1179709591-2881846538-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2175057770-1179709591-2881846538-1001 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

Could not list Devices. Check "winmgmt" service or repair WMI.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/05/2015 10:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbamservice.exe, version: 3.0.8.1, time stamp: 0x546e4a58

Faulting module name: mbamservice.exe, version: 3.0.8.1, time stamp: 0x546e4a58

Exception code: 0x40000015

Fault offset: 0x0008f796

Faulting process id: 0x7c4

Faulting application start time: 0xmbamservice.exe0

Faulting application path: mbamservice.exe1

Faulting module path: mbamservice.exe2

Report Id: mbamservice.exe3

 

Error: (01/05/2015 09:04:24 AM) (Source: SideBySide) (EventID: 63) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

 

Error: (01/05/2015 09:02:44 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a value of the app_id registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a buffer size for the app_id registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a value of the ext_params registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a buffer size for the ext_params registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a value of the Name registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a buffer size for the Name registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a value of the Version registry value, code: 1018

 

 

System errors:

=============

Error: (01/08/2015 05:33:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 

%%1058

 

Error: (01/08/2015 04:48:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

aswRvrt

aswSnx

aswSP

aswVmm

discache

spldr

Wanarpv6

 

Error: (01/08/2015 04:48:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 

%%1058

 

Error: (01/05/2015 07:36:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error: 

%%5

 

Error: (01/05/2015 07:36:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error: 

%%5

 

Error: (01/05/2015 10:47:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (01/04/2015 11:23:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Volume Shadow Copy service failed to start due to the following error: 

%%1053

 

Error: (01/04/2015 11:23:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.

 

Error: (01/04/2015 11:23:36 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

 

Error: (01/04/2015 11:02:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Volume Shadow Copy service failed to start due to the following error: 

%%1053

 

 

Microsoft Office Sessions:

=========================

Error: (01/05/2015 10:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbamservice.exe3.0.8.1546e4a58mbamservice.exe3.0.8.1546e4a58400000150008f7967c401d028f14c047e0eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe58579dfb-94fa-11e4-b872-c80aa9d9e931

 

Error: (01/05/2015 09:04:24 AM) (Source: SideBySide) (EventID: 63) (User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

 

Error: (01/05/2015 09:02:44 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a value of the app_id registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a buffer size for the app_id registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a value of the ext_params registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a buffer size for the ext_params registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a value of the Name registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a buffer size for the Name registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a value of the Version registry value, code: 1018

 

 

==================== Memory info =========================== 

 

Processor: Intel® Celeron® CPU 900 @ 2.20GHz

Percentage of memory in use: 54%

Total physical RAM: 1978.93 MB

Available physical RAM: 900.13 MB

Total Pagefile: 3957.86 MB

Available Pagefile: 2723.77 MB

Total Virtual: 8192 MB

Available Virtual: 8191.86 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:218.67 GB) (Free:140.43 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:13.92 GB) (Free:2.29 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: 505C85E0)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=218.7 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=13.9 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

 

==================== End Of Log ============================

Share this post


Link to post
Share on other sites

Hi,

 

I apologize, I accidentally posted the FRST file twice....I'm sorry......

 

No problem! :) I'll wait for your Gmer-logfile.

Share this post


Link to post
Share on other sites
POST IS TOO LONG SO HERE IS PART 1:

 

GMER 2.1.19357 - http://www.gmer.net

Rootkit scan 2015-01-09 21:57:59

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 232.89GB

Running: jtcpmdrv.exe; Driver: C:\Users\Boyd\AppData\Local\Temp\kxldqpob.sys

 

 

---- User code sections - GMER 2.1 ----

 

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                            0000000077a51360 5 bytes JMP 000000014a480460

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                     0000000077a513b0 5 bytes JMP 000000014a480450

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                     0000000077a51510 5 bytes JMP 000000014a480370

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                          0000000077a51560 5 bytes JMP 000000014a480470

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                0000000077a51570 5 bytes JMP 000000014a4803e0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                     0000000077a51620 5 bytes JMP 000000014a480320

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                              0000000077a51650 5 bytes JMP 000000014a4803b0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                 0000000077a51670 5 bytes JMP 000000014a480390

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                       0000000077a516b0 5 bytes JMP 000000014a4802e0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                     0000000077a51730 5 bytes JMP 000000014a4802d0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                   0000000077a51750 5 bytes JMP 000000014a480310

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                    0000000077a51790 5 bytes JMP 000000014a4803c0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                 0000000077a517e0 5 bytes JMP 000000014a4803f0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                    0000000077a51940 5 bytes JMP 000000014a480230

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                         0000000077a51b00 5 bytes JMP 000000014a480480

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                        0000000077a51b30 5 bytes JMP 000000014a4803a0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                 0000000077a51c10 5 bytes JMP 000000014a4802f0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                              0000000077a51c20 5 bytes JMP 000000014a480350

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                    0000000077a51c80 5 bytes JMP 000000014a480290

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                 0000000077a51d10 5 bytes JMP 000000014a4802b0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                  0000000077a51d30 5 bytes JMP 000000014a4803d0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                     0000000077a51d40 5 bytes JMP 000000014a480330

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                              0000000077a51db0 5 bytes JMP 000000014a480410

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                 0000000077a51de0 5 bytes JMP 000000014a480240

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                      0000000077a520a0 5 bytes JMP 000000014a4801e0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                 0000000077a52160 5 bytes JMP 000000014a480250

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                 0000000077a52190 5 bytes JMP 000000014a480490

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                        0000000077a521a0 5 bytes JMP 000000014a4804a0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                   0000000077a521d0 5 bytes JMP 000000014a480300

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                0000000077a521e0 5 bytes JMP 000000014a480360

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                      0000000077a52240 5 bytes JMP 000000014a4802a0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                   0000000077a52290 5 bytes JMP 000000014a4802c0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                      0000000077a522c0 5 bytes JMP 000000014a480380

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                       0000000077a522d0 5 bytes JMP 000000014a480340

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                0000000077a525c0 5 bytes JMP 000000014a480440

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                               0000000077a527c0 5 bytes JMP 000000014a480260

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                  0000000077a527d0 5 bytes JMP 000000014a480270

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                0000000077a527e0 5 bytes JMP 000000014a480400

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                            0000000077a529a0 5 bytes JMP 000000014a4801f0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                             0000000077a529b0 5 bytes JMP 000000014a480210

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                  0000000077a52a20 5 bytes JMP 000000014a480200

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                  0000000077a52a80 5 bytes JMP 000000014a480420

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                   0000000077a52a90 5 bytes JMP 000000014a480430

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                              0000000077a52aa0 5 bytes JMP 000000014a480220

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                      0000000077a52b80 5 bytes JMP 000000014a480280

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                          0000000077a51360 5 bytes JMP 0000000077bb0460

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                   0000000077a513b0 5 bytes JMP 0000000077bb0450

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                   0000000077a51510 5 bytes JMP 0000000077bb0370

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                        0000000077a51560 5 bytes JMP 0000000077bb0470

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                              0000000077a51570 5 bytes JMP 0000000077bb03e0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                   0000000077a51620 5 bytes JMP 0000000077bb0320

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                            0000000077a51650 5 bytes JMP 0000000077bb03b0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                               0000000077a51670 5 bytes JMP 0000000077bb0390

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                     0000000077a516b0 5 bytes JMP 0000000077bb02e0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                   0000000077a51730 5 bytes JMP 0000000077bb02d0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                 0000000077a51750 5 bytes JMP 0000000077bb0310

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                  0000000077a51790 5 bytes JMP 0000000077bb03c0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                               0000000077a517e0 5 bytes JMP 0000000077bb03f0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                  0000000077a51940 5 bytes JMP 0000000077bb0230

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                       0000000077a51b00 5 bytes JMP 0000000077bb0480

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                      0000000077a51b30 5 bytes JMP 0000000077bb03a0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                               0000000077a51c10 5 bytes JMP 0000000077bb02f0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                            0000000077a51c20 5 bytes JMP 0000000077bb0350

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                  0000000077a51c80 5 bytes JMP 0000000077bb0290

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                               0000000077a51d10 5 bytes JMP 0000000077bb02b0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                0000000077a51d30 5 bytes JMP 0000000077bb03d0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                   0000000077a51d40 5 bytes JMP 0000000077bb0330

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                            0000000077a51db0 5 bytes JMP 0000000077bb0410

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                               0000000077a51de0 5 bytes JMP 0000000077bb0240

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                    0000000077a520a0 5 bytes JMP 0000000077bb01e0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                               0000000077a52160 5 bytes JMP 0000000077bb0250

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                               0000000077a52190 5 bytes JMP 0000000077bb0490

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                      0000000077a521a0 5 bytes JMP 0000000077bb04a0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                 0000000077a521d0 5 bytes JMP 0000000077bb0300

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                              0000000077a521e0 5 bytes JMP 0000000077bb0360

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                    0000000077a52240 5 bytes JMP 0000000077bb02a0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                 0000000077a52290 5 bytes JMP 0000000077bb02c0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                    0000000077a522c0 5 bytes JMP 0000000077bb0380

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                     0000000077a522d0 5 bytes JMP 0000000077bb0340

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                              0000000077a525c0 5 bytes JMP 0000000077bb0440

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                             0000000077a527c0 5 bytes JMP 0000000077bb0260

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                0000000077a527d0 5 bytes JMP 0000000077bb0270

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                              0000000077a527e0 5 bytes JMP 0000000077bb0400

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                          0000000077a529a0 5 bytes JMP 0000000077bb01f0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                           0000000077a529b0 5 bytes JMP 0000000077bb0210

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                0000000077a52a20 5 bytes JMP 0000000077bb0200

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                0000000077a52a80 5 bytes JMP 0000000077bb0420

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                 0000000077a52a90 5 bytes JMP 0000000077bb0430

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                            0000000077a52aa0 5 bytes JMP 0000000077bb0220

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                    0000000077a52b80 5 bytes JMP 0000000077bb0280

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                            0000000077a51360 5 bytes JMP 000000014a480460

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                     0000000077a513b0 5 bytes JMP 000000014a480450

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                     0000000077a51510 5 bytes JMP 000000014a480370

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                          0000000077a51560 5 bytes JMP 000000014a480470

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                0000000077a51570 5 bytes JMP 000000014a4803e0

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                     0000000077a51620 5 bytes JMP 000000014a480320

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                              0000000077a51650 5 bytes JMP 000000014a4803b0

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                 0000000077a51670 5 bytes JMP 000000014a480390

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                       0000000077a516b0 5 bytes JMP 000000014a4802e0

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                     0000000077a51730 5 bytes JMP 000000014a4802d0

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                   0000000077a51750 5 bytes JMP 000000014a480310

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                    0000000077a51790 5 bytes JMP 000000014a4803c0

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                 0000000077a517e0 5 bytes JMP 000000014a4803f0

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                    0000000077a51940 5 bytes JMP 000000014a480230

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                         0000000077a51b00 5 bytes JMP 000000014a480480

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                        0000000077a51b30 5 bytes JMP 000000014a4803a0

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                 0000000077a51c10 5 bytes JMP 000000014a4802f0

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                              0000000077a51c20 5 bytes JMP 000000014a480350

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                    0000000077a51c80 5 bytes JMP 000000014a480290

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                 0000000077a51d10 5 bytes JMP 000000014a4802b0

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                  0000000077a51d30 5 bytes JMP 000000014a4803d0

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                     0000000077a51d40 5 bytes JMP 000000014a480330

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                              0000000077a51db0 5 bytes JMP 000000014a480410

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                 0000000077a51de0 5 bytes JMP 000000014a480240

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                  

Share this post


Link to post
Share on other sites
PART 2

 

 

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                          0000000077a521a0 5 bytes JMP 00000001000704a0

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                     0000000077a521d0 5 bytes JMP 0000000100070300

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                  0000000077a521e0 5 bytes JMP 0000000100070360

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                        0000000077a52240 5 bytes JMP 00000001000702a0

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                     0000000077a52290 5 bytes JMP 00000001000702c0

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                        0000000077a522c0 5 bytes JMP 0000000100070380

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                         0000000077a522d0 5 bytes JMP 0000000100070340

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                  0000000077a525c0 5 bytes JMP 0000000100070440

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                 0000000077a527c0 5 bytes JMP 0000000100070260

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                    0000000077a527d0 5 bytes JMP 0000000100070270

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                  0000000077a527e0 5 bytes JMP 0000000100070400

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                              0000000077a529a0 5 bytes JMP 00000001000701f0

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                               0000000077a529b0 5 bytes JMP 0000000100070210

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                    0000000077a52a20 5 bytes JMP 0000000100070200

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                    0000000077a52a80 5 bytes JMP 0000000100070420

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                     0000000077a52a90 5 bytes JMP 0000000100070430

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                0000000077a52aa0 5 bytes JMP 0000000100070220

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                        0000000077a52b80 5 bytes JMP 0000000100070280

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                          0000000077a51360 5 bytes JMP 0000000100070460

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                   0000000077a513b0 5 bytes JMP 0000000100070450

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                   0000000077a51510 5 bytes JMP 0000000100070370

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                        0000000077a51560 5 bytes JMP 0000000100070470

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                              0000000077a51570 5 bytes JMP 00000001000703e0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                   0000000077a51620 5 bytes JMP 0000000100070320

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                            0000000077a51650 5 bytes JMP 00000001000703b0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                               0000000077a51670 5 bytes JMP 0000000100070390

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                     0000000077a516b0 5 bytes JMP 00000001000702e0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                   0000000077a51730 5 bytes JMP 00000001000702d0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                 0000000077a51750 5 bytes JMP 0000000100070310

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                  0000000077a51790 5 bytes JMP 00000001000703c0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                               0000000077a517e0 5 bytes JMP 00000001000703f0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                  0000000077a51940 5 bytes JMP 0000000100070230

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                       0000000077a51b00 5 bytes JMP 0000000100070480

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                      0000000077a51b30 5 bytes JMP 00000001000703a0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                               0000000077a51c10 5 bytes JMP 00000001000702f0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                            0000000077a51c20 5 bytes JMP 0000000100070350

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                  0000000077a51c80 5 bytes JMP 0000000100070290

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                               0000000077a51d10 5 bytes JMP 00000001000702b0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                0000000077a51d30 5 bytes JMP 00000001000703d0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                   0000000077a51d40 5 bytes JMP 0000000100070330

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                            0000000077a51db0 5 bytes JMP 0000000100070410

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                               0000000077a51de0 5 bytes JMP 0000000100070240

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                    0000000077a520a0 5 bytes JMP 00000001000701e0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                               0000000077a52160 5 bytes JMP 0000000100070250

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                               0000000077a52190 5 bytes JMP 0000000100070490

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                      0000000077a521a0 5 bytes JMP 00000001000704a0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                 0000000077a521d0 5 bytes JMP 0000000100070300

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                              0000000077a521e0 5 bytes JMP 0000000100070360

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                    0000000077a52240 5 bytes JMP 00000001000702a0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                 0000000077a52290 5 bytes JMP 00000001000702c0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                    0000000077a522c0 5 bytes JMP 0000000100070380

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                     0000000077a522d0 5 bytes JMP 0000000100070340

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                              0000000077a525c0 5 bytes JMP 0000000100070440

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                             0000000077a527c0 5 bytes JMP 0000000100070260

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                0000000077a527d0 5 bytes JMP 0000000100070270

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                              0000000077a527e0 5 bytes JMP 0000000100070400

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                          0000000077a529a0 5 bytes JMP 00000001000701f0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                           0000000077a529b0 5 bytes JMP 0000000100070210

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                0000000077a52a20 5 bytes JMP 0000000100070200

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                0000000077a52a80 5 bytes JMP 0000000100070420

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                 0000000077a52a90 5 bytes JMP 0000000100070430

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                            0000000077a52aa0 5 bytes JMP 0000000100070220

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                    0000000077a52b80 5 bytes JMP 0000000100070280

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                          0000000077a51360 5 bytes JMP 0000000077bb0460

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                   0000000077a513b0 5 bytes JMP 0000000077bb0450

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                   0000000077a51510 5 bytes JMP 0000000077bb0370

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                        0000000077a51560 5 bytes JMP 0000000077bb0470

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                              0000000077a51570 5 bytes JMP 0000000077bb03e0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                   0000000077a51620 5 bytes JMP 0000000077bb0320

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                            0000000077a51650 5 bytes JMP 0000000077bb03b0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                               0000000077a51670 5 bytes JMP 0000000077bb0390

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                     0000000077a516b0 5 bytes JMP 0000000077bb02e0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                   0000000077a51730 5 bytes JMP 0000000077bb02d0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                 0000000077a51750 5 bytes JMP 0000000077bb0310

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                  0000000077a51790 5 bytes JMP 0000000077bb03c0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                               0000000077a517e0 5 bytes JMP 0000000077bb03f0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                  0000000077a51940 5 bytes JMP 0000000077bb0230

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                       0000000077a51b00 5 bytes JMP 0000000077bb0480

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                      0000000077a51b30 5 bytes JMP 0000000077bb03a0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                               0000000077a51c10 5 bytes JMP 0000000077bb02f0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                            0000000077a51c20 5 bytes JMP 0000000077bb0350

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                  0000000077a51c80 5 bytes JMP 0000000077bb0290

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                               0000000077a51d10 5 bytes JMP 0000000077bb02b0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                0000000077a51d30 5 bytes JMP 0000000077bb03d0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                   0000000077a51d40 5 bytes JMP 0000000077bb0330

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                            0000000077a51db0 5 bytes JMP 0000000077bb0410

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                               0000000077a51de0 5 bytes JMP 0000000077bb0240

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                    0000000077a520a0 5 bytes JMP 0000000077bb01e0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                               0000000077a52160 5 bytes JMP 0000000077bb0250

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                               0000000077a52190 5 bytes JMP 0000000077bb0490

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                      0000000077a521a0 5 bytes JMP 0000000077bb04a0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                 0000000077a521d0 5 bytes JMP 0000000077bb0300

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                              0000000077a521e0 5 bytes JMP 0000000077bb0360

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                    0000000077a52240 5 bytes JMP 0000000077bb02a0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                 0000000077a52290 5 bytes JMP 0000000077bb02c0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                    0000000077a522c0 5 bytes JMP 0000000077bb0380

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                     0000000077a522d0 5 bytes JMP 0000000077bb0340

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                              0000000077a525c0 5 bytes JMP 0000000077bb0440

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                             0000000077a527c0 5 bytes JMP 0000000077bb0260

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                0000000077a527d0 5 bytes JMP 0000000077bb0270

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                              0000000077a527e0 5 bytes JMP 0000000077bb0400

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                          0000000077a529a0 5 bytes JMP 0000000077bb01f0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                           0000000077a529b0 5 bytes JMP 0000000077bb0210

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                0000000077a52a20 5 bytes JMP 0000000077bb0200

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                0000000077a52a80 5 bytes JMP 0000000077bb0420

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                 0000000077a52a90 5 bytes JMP 0000000077bb0430

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                            0000000077a52aa0 5 bytes JMP 0000000077bb0220

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                    0000000077a52b80 5 bytes JMP 0000000077bb0280

.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                          0000000077a51360 5 bytes JMP 0000000077bb0460

.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                   0000000077a513b0 5 bytes JMP 0000000077bb0450

.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                   0000000077a51510 5 bytes JMP 0000000077bb0370

.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                        0000000077a51560 5 bytes JMP 0000000077bb0470

.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                              0000000077a51570 5 bytes JMP 0000000077bb03e0

.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                   0000000077a51620 5 bytes JMP 0000000077bb0320

.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                            0000000077a51650 5 bytes JMP 0000000077bb03b0

.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                               0000000077a51670 5 bytes JMP 0000000077bb0390

.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent               &nbs

Share this post


Link to post
Share on other sites

PART 3

 

.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                   0000000077a51730 5 bytes JMP 0000000077bb02d0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                 0000000077a51750 5 bytes JMP 0000000077bb0310
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                  0000000077a51790 5 bytes JMP 0000000077bb03c0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                               0000000077a517e0 5 bytes JMP 0000000077bb03f0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                  0000000077a51940 5 bytes JMP 0000000077bb0230
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                       0000000077a51b00 5 bytes JMP 0000000077bb0480
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                      0000000077a51b30 5 bytes JMP 0000000077bb03a0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                               0000000077a51c10 5 bytes JMP 0000000077bb02f0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                            0000000077a51c20 5 bytes JMP 0000000077bb0350
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                  0000000077a51c80 5 bytes JMP 0000000077bb0290
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                               0000000077a51d10 5 bytes JMP 0000000077bb02b0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                0000000077a51d30 5 bytes JMP 0000000077bb03d0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                   0000000077a51d40 5 bytes JMP 0000000077bb0330
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                            0000000077a51db0 5 bytes JMP 0000000077bb0410
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                               0000000077a51de0 5 bytes JMP 0000000077bb0240
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                    0000000077a520a0 5 bytes JMP 0000000077bb01e0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                               0000000077a52160 5 bytes JMP 0000000077bb0250
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                               0000000077a52190 5 bytes JMP 0000000077bb0490
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                      0000000077a521a0 5 bytes JMP 0000000077bb04a0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                 0000000077a521d0 5 bytes JMP 0000000077bb0300
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                              0000000077a521e0 5 bytes JMP 0000000077bb0360
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                    0000000077a52240 5 bytes JMP 0000000077bb02a0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                 0000000077a52290 5 bytes JMP 0000000077bb02c0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                    0000000077a522c0 5 bytes JMP 0000000077bb0380
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                     0000000077a522d0 5 bytes JMP 0000000077bb0340
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                              0000000077a525c0 5 bytes JMP 0000000077bb0440
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                             0000000077a527c0 5 bytes JMP 0000000077bb0260
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                0000000077a527d0 5 bytes JMP 0000000077bb0270
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                              0000000077a527e0 5 bytes JMP 0000000077bb0400
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                          0000000077a529a0 5 bytes JMP 0000000077bb01f0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                           0000000077a529b0 5 bytes JMP 0000000077bb0210
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                0000000077a52a20 5 bytes JMP 0000000077bb0200
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                0000000077a52a80 5 bytes JMP 0000000077bb0420
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                 0000000077a52a90 5 bytes JMP 0000000077bb0430
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                            0000000077a52aa0 5 bytes JMP 0000000077bb0220
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                    0000000077a52b80 5 bytes JMP 0000000077bb0280
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                          0000000077a51360 5 bytes JMP 0000000077bb0460
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                   0000000077a513b0 5 bytes JMP 0000000077bb0450
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                   0000000077a51510 5 bytes JMP 0000000077bb0370
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                        0000000077a51560 5 bytes JMP 0000000077bb0470
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                              0000000077a51570 5 bytes JMP 0000000077bb03e0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                   0000000077a51620 5 bytes JMP 0000000077bb0320
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                            0000000077a51650 5 bytes JMP 0000000077bb03b0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                               0000000077a51670 5 bytes JMP 0000000077bb0390
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                     0000000077a516b0 5 bytes JMP 0000000077bb02e0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                   0000000077a51730 5 bytes JMP 0000000077bb02d0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                 0000000077a51750 5 bytes JMP 0000000077bb0310
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                  0000000077a51790 5 bytes JMP 0000000077bb03c0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                               0000000077a517e0 5 bytes JMP 0000000077bb03f0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                  0000000077a51940 5 bytes JMP 0000000077bb0230
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                       0000000077a51b00 5 bytes JMP 0000000077bb0480
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                      0000000077a51b30 5 bytes JMP 0000000077bb03a0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                               0000000077a51c10 5 bytes JMP 0000000077bb02f0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                            0000000077a51c20 5 bytes JMP 0000000077bb0350
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                  0000000077a51c80 5 bytes JMP 0000000077bb0290
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                               0000000077a51d10 5 bytes JMP 0000000077bb02b0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                0000000077a51d30 5 bytes JMP 0000000077bb03d0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                   0000000077a51d40 5 bytes JMP 0000000077bb0330
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                            0000000077a51db0 5 bytes JMP 0000000077bb0410
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                               0000000077a51de0 5 bytes JMP 0000000077bb0240
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                    0000000077a520a0 5 bytes JMP 0000000077bb01e0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                               0000000077a52160 5 bytes JMP 0000000077bb0250
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                               0000000077a52190 5 bytes JMP 0000000077bb0490
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                      0000000077a521a0 5 bytes JMP 0000000077bb04a0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                 0000000077a521d0 5 bytes JMP 0000000077bb0300
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                              0000000077a521e0 5 bytes JMP 0000000077bb0360
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                    0000000077a52240 5 bytes JMP 0000000077bb02a0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                 0000000077a52290 5 bytes JMP 0000000077bb02c0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                    0000000077a522c0 5 bytes JMP 0000000077bb0380
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                     0000000077a522d0 5 bytes JMP 0000000077bb0340
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                              0000000077a525c0 5 bytes JMP 0000000077bb0440
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                             0000000077a527c0 5 bytes JMP 0000000077bb0260
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                0000000077a527d0 5 bytes JMP 0000000077bb0270
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                              0000000077a527e0 5 bytes JMP 0000000077bb0400
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                          0000000077a529a0 5 bytes JMP 0000000077bb01f0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                           0000000077a529b0 5 bytes JMP 0000000077bb0210
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                0000000077a52a20 5 bytes JMP 0000000077bb0200
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                0000000077a52a80 5 bytes JMP 0000000077bb0420
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                 0000000077a52a90 5 bytes JMP 0000000077bb0430
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                            0000000077a52aa0 5 bytes JMP 0000000077bb0220
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                    0000000077a52b80 5 bytes JMP 0000000077bb0280
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                  0000000077a51360 5 bytes JMP 0000000077bb0460
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                           0000000077a513b0 5 bytes JMP 0000000077bb0450
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                           0000000077a51510 5 bytes JMP 0000000077bb0370
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                0000000077a51560 5 bytes JMP 0000000077bb0470
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                      0000000077a51570 5 bytes JMP 0000000077bb03e0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                           0000000077a51620 5 bytes JMP 0000000077bb0320
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    0000000077a51650 5 bytes JMP 0000000077bb03b0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                       0000000077a51670 5 bytes JMP 0000000077bb0390
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                             0000000077a516b0 5 bytes JMP 0000000077bb02e0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                           0000000077a51730 5 bytes JMP 0000000077bb02d0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                         0000000077a51750 5 bytes JMP 0000000077bb0310
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                          0000000077a51790 5 bytes JMP 0000000077bb03c0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                       0000000077a517e0 5 bytes JMP 0000000077bb03f0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                          0000000077a51940 5 bytes JMP 0000000077bb0230
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                               0000000077a51b00 5 bytes JMP 0000000077bb0480
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                              0000000077a51b30 5 bytes JMP 0000000077bb03a0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                       0000000077a51c10 5 bytes JMP 0000000077bb02f0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                    0000000077a51c20 5 bytes JMP 0000000077bb0350
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                          0000000077a51c80 5 bytes JMP 0000000077bb0290
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                       0000000077a51d10 5 bytes JMP 0000000077bb02b0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        0000000077a51d30 5 bytes JMP 0000000077bb03d0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                           0000000077a51d40 5 bytes JMP 0000000077bb0330
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                    0000000077a51db0 5 bytes JMP 0000000077bb0410
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                       0000000077a51de0 5 bytes JMP 0000000077bb0240
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                            0000000077a520a0 5 bytes JMP 0000000077bb01e0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                       0000000077a52160 5 bytes JMP 0000000077bb0250
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                       0000000077a52190 5 bytes JMP 0000000077bb0490
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                              0000000077a521a0 5 bytes JMP 0000000077bb04a0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                         0000000077a521d0 5 bytes JMP 0000000077bb0300
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                      0000000077a521e0 5 bytes JMP 0000000077bb0360
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                            0000000077a52240 5 bytes JMP 0000000077bb02a0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                         0000000077a52290 5 bytes JMP 0000000077bb02c0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                            0000000077a522c0 5 bytes JMP 0000000077bb0380
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer       &

Share this post


Link to post
Share on other sites

PART 4 I hope this is all and that I haven't repeated anything.

 

 

.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                      0000000077a525c0 5 bytes JMP 0000000077bb0440
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                     0000000077a527c0 5 bytes JMP 0000000077bb0260
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                        0000000077a527d0 5 bytes JMP 0000000077bb0270
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      0000000077a527e0 5 bytes JMP 0000000077bb0400
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                  0000000077a529a0 5 bytes JMP 0000000077bb01f0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                   0000000077a529b0 5 bytes JMP 0000000077bb0210
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                        0000000077a52a20 5 bytes JMP 0000000077bb0200
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                        0000000077a52a80 5 bytes JMP 0000000077bb0420
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                         0000000077a52a90 5 bytes JMP 0000000077bb0430
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                    0000000077a52aa0 5 bytes JMP 0000000077bb0220
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                            0000000077a52b80 5 bytes JMP 0000000077bb0280
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                        0000000077a51360 5 bytes JMP 0000000077bb0460
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                 0000000077a513b0 5 bytes JMP 0000000077bb0450
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                 0000000077a51510 5 bytes JMP 0000000077bb0370
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                      0000000077a51560 5 bytes JMP 0000000077bb0470
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                            0000000077a51570 5 bytes JMP 0000000077bb03e0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                 0000000077a51620 5 bytes JMP 0000000077bb0320
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                          0000000077a51650 5 bytes JMP 0000000077bb03b0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                             0000000077a51670 5 bytes JMP 0000000077bb0390
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                   0000000077a516b0 5 bytes JMP 0000000077bb02e0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                 0000000077a51730 5 bytes JMP 0000000077bb02d0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                               0000000077a51750 5 bytes JMP 0000000077bb0310
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                0000000077a51790 5 bytes JMP 0000000077bb03c0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                             0000000077a517e0 5 bytes JMP 0000000077bb03f0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                0000000077a51940 5 bytes JMP 0000000077bb0230
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                     0000000077a51b00 5 bytes JMP 0000000077bb0480
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                    0000000077a51b30 5 bytes JMP 0000000077bb03a0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                             0000000077a51c10 5 bytes JMP 0000000077bb02f0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                          0000000077a51c20 5 bytes JMP 0000000077bb0350
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                0000000077a51c80 5 bytes JMP 0000000077bb0290
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                             0000000077a51d10 5 bytes JMP 0000000077bb02b0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                              0000000077a51d30 5 bytes JMP 0000000077bb03d0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                 0000000077a51d40 5 bytes JMP 0000000077bb0330
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                          0000000077a51db0 5 bytes JMP 0000000077bb0410
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                             0000000077a51de0 5 bytes JMP 0000000077bb0240
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                  0000000077a520a0 5 bytes JMP 0000000077bb01e0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                             0000000077a52160 5 bytes JMP 0000000077bb0250
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                             0000000077a52190 5 bytes JMP 0000000077bb0490
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                    0000000077a521a0 5 bytes JMP 0000000077bb04a0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                               0000000077a521d0 5 bytes JMP 0000000077bb0300
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                            0000000077a521e0 5 bytes JMP 0000000077bb0360
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                  0000000077a52240 5 bytes JMP 0000000077bb02a0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                               0000000077a52290 5 bytes JMP 0000000077bb02c0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                  0000000077a522c0 5 bytes JMP 0000000077bb0380
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                   0000000077a522d0 5 bytes JMP 0000000077bb0340
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                            0000000077a525c0 5 bytes JMP 0000000077bb0440
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                           0000000077a527c0 5 bytes JMP 0000000077bb0260
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                              0000000077a527d0 5 bytes JMP 0000000077bb0270
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                            0000000077a527e0 5 bytes JMP 0000000077bb0400
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                        0000000077a529a0 5 bytes JMP 0000000077bb01f0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                         0000000077a529b0 5 bytes JMP 0000000077bb0210
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                              0000000077a52a20 5 bytes JMP 0000000077bb0200
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                              0000000077a52a80 5 bytes JMP 0000000077bb0420
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                               0000000077a52a90 5 bytes JMP 0000000077bb0430
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                          0000000077a52aa0 5 bytes JMP 0000000077bb0220
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                  0000000077a52b80 5 bytes JMP 0000000077bb0280
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                         0000000077a51360 5 bytes JMP 0000000077bb0460
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                  0000000077a513b0 5 bytes JMP 0000000077bb0450
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                  0000000077a51510 5 bytes JMP 0000000077bb0370
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                       0000000077a51560 5 bytes JMP 0000000077bb0470
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                             0000000077a51570 5 bytes JMP 0000000077bb03e0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                  0000000077a51620 5 bytes JMP 0000000077bb0320
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                           0000000077a51650 5 bytes JMP 0000000077bb03b0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                              0000000077a51670 5 bytes JMP 0000000077bb0390
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                    0000000077a516b0 5 bytes JMP 0000000077bb02e0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                  0000000077a51730 5 bytes JMP 0000000077bb02d0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                0000000077a51750 5 bytes JMP 0000000077bb0310
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                 0000000077a51790 5 bytes JMP 0000000077bb03c0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                              0000000077a517e0 5 bytes JMP 0000000077bb03f0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                 0000000077a51940 5 bytes JMP 0000000077bb0230
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                      0000000077a51b00 5 bytes JMP 0000000077bb0480
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                     0000000077a51b30 5 bytes JMP 0000000077bb03a0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                              0000000077a51c10 5 bytes JMP 0000000077bb02f0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                           0000000077a51c20 5 bytes JMP 0000000077bb0350
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                 0000000077a51c80 5 bytes JMP 0000000077bb0290
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                              0000000077a51d10 5 bytes JMP 0000000077bb02b0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                               0000000077a51d30 5 bytes JMP 0000000077bb03d0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                  0000000077a51d40 5 bytes JMP 0000000077bb0330
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                           0000000077a51db0 5 bytes JMP 0000000077bb0410
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                              0000000077a51de0 5 bytes JMP 0000000077bb0240
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                   0000000077a520a0 5 bytes JMP 0000000077bb01e0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                              0000000077a52160 5 bytes JMP 0000000077bb0250
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                              0000000077a52190 5 bytes JMP 0000000077bb0490
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                     0000000077a521a0 5 bytes JMP 0000000077bb04a0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                0000000077a521d0 5 bytes JMP 0000000077bb0300
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                             0000000077a521e0 5 bytes JMP 0000000077bb0360
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                   0000000077a52240 5 bytes JMP 0000000077bb02a0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                0000000077a52290 5 bytes JMP 0000000077bb02c0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                   0000000077a522c0 5 bytes JMP 0000000077bb0380
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                    0000000077a522d0 5 bytes JMP 0000000077bb0340
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                             0000000077a525c0 5 bytes JMP 0000000077bb0440
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                            0000000077a527c0 5 bytes JMP 0000000077bb0260
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                               0000000077a527d0 5 bytes JMP 0000000077bb0270
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                             0000000077a527e0 5 bytes JMP 0000000077bb0400
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                         0000000077a529a0 5 bytes JMP 0000000077bb01f0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                          0000000077a529b0 5 bytes JMP 0000000077bb0210
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                               0000000077a52a20 5 bytes JMP 0000000077bb0200
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                               0000000077a52a80 5 bytes JMP 0000000077bb0420
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                0000000077a52a90 5 bytes JMP 0000000077bb0430
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                           0000000077a52aa0 5 bytes JMP 0000000077bb0220
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                   0000000077a52b80 5 bytes JMP 0000000077bb0280
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000771f1465 2 bytes [1F, 77]
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000771f14bb 2 bytes [1F, 77]
.text  ...                                                                                                                                * 2
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                         0000000077a51360 5 bytes JMP 0000000077bb0460
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                  0000000077a513b0 5 bytes JMP 0000000077bb0450
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                  0000000077a51510 5 bytes JMP 0000000077bb0370
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                       0000000077a51560 5 bytes JMP 0000000077bb0470
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                             0000000077a51570 5 bytes JMP 0000000077bb03e0
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                  0000000077a51620 5 bytes JMP 0000000077bb0320
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                           0000000077a51650 5 bytes JMP 0000000077bb03b0
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                              0000000077a51670 5 bytes JMP 0000000077bb0390
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                    0000000077a516b0 5 bytes JMP 0000000077bb02e0
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                  0000000077a51730 5 bytes JMP 0000000077bb02d0
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                0000000077a51750 5 bytes JMP 0000000077bb0310
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                 0000000077a51790 5 bytes JMP 0000000077bb03c0
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                              0000000077a517e0 5 bytes JMP 0000000077bb03f0
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                 0000000077a51940 5 bytes JMP 0000000077bb0230
.text  %

Share this post


Link to post
Share on other sites
PART 5  This is the final post, I promise!!

 

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                      0000000077a51b00 5 bytes JMP 0000000077bb0480

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                     0000000077a51b30 5 bytes JMP 0000000077bb03a0

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                              0000000077a51c10 5 bytes JMP 0000000077bb02f0

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                           0000000077a51c20 5 bytes JMP 0000000077bb0350

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                 0000000077a51c80 5 bytes JMP 0000000077bb0290

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                              0000000077a51d10 5 bytes JMP 0000000077bb02b0

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                               0000000077a51d30 5 bytes JMP 0000000077bb03d0

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                  0000000077a51d40 5 bytes JMP 0000000077bb0330

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                           0000000077a51db0 5 bytes JMP 0000000077bb0410

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                              0000000077a51de0 5 bytes JMP 0000000077bb0240

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                   0000000077a520a0 5 bytes JMP 0000000077bb01e0

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                              0000000077a52160 5 bytes JMP 0000000077bb0250

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                              0000000077a52190 5 bytes JMP 0000000077bb0490

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                     0000000077a521a0 5 bytes JMP 0000000077bb04a0

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                0000000077a521d0 5 bytes JMP 0000000077bb0300

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                             0000000077a521e0 5 bytes JMP 0000000077bb0360

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                   0000000077a52240 5 bytes JMP 0000000077bb02a0

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                0000000077a52290 5 bytes JMP 0000000077bb02c0

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                   0000000077a522c0 5 bytes JMP 0000000077bb0380

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                    0000000077a522d0 5 bytes JMP 0000000077bb0340

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                             0000000077a525c0 5 bytes JMP 0000000077bb0440

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                            0000000077a527c0 5 bytes JMP 0000000077bb0260

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                               0000000077a527d0 5 bytes JMP 0000000077bb0270

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                             0000000077a527e0 5 bytes JMP 0000000077bb0400

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                         0000000077a529a0 5 bytes JMP 0000000077bb01f0

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                          0000000077a529b0 5 bytes JMP 0000000077bb0210

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                               0000000077a52a20 5 bytes JMP 0000000077bb0200

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                               0000000077a52a80 5 bytes JMP 0000000077bb0420

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                0000000077a52a90 5 bytes JMP 0000000077bb0430

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                           0000000077a52aa0 5 bytes JMP 0000000077bb0220

.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                   0000000077a52b80 5 bytes JMP 0000000077bb0280

.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69            00000000771f1465 2 bytes [1F, 77]

.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155           00000000771f14bb 2 bytes [1F, 77]

.text  ...                                                                                                                                * 2

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort           0000000077a51360 5 bytes JMP 0000000077bb0460

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                    0000000077a513b0 5 bytes JMP 0000000077bb0450

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                    0000000077a51510 5 bytes JMP 0000000077bb0370

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx         0000000077a51560 5 bytes JMP 0000000077bb0470

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess               0000000077a51570 5 bytes JMP 0000000077bb03e0

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                    0000000077a51620 5 bytes JMP 0000000077bb0320

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory             0000000077a51650 5 bytes JMP 0000000077bb03b0

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                0000000077a51670 5 bytes JMP 0000000077bb0390

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                      0000000077a516b0 5 bytes JMP 0000000077bb02e0

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                    0000000077a51730 5 bytes JMP 0000000077bb02d0

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                  0000000077a51750 5 bytes JMP 0000000077bb0310

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                   0000000077a51790 5 bytes JMP 0000000077bb03c0

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                0000000077a517e0 5 bytes JMP 0000000077bb03f0

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                   0000000077a51940 5 bytes JMP 0000000077bb0230

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort        0000000077a51b00 5 bytes JMP 0000000077bb0480

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject       0000000077a51b30 5 bytes JMP 0000000077bb03a0

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                0000000077a51c10 5 bytes JMP 0000000077bb02f0

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion             0000000077a51c20 5 bytes JMP 0000000077bb0350

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                   0000000077a51c80 5 bytes JMP 0000000077bb0290

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                0000000077a51d10 5 bytes JMP 0000000077bb02b0

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                 0000000077a51d30 5 bytes JMP 0000000077bb03d0

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                    0000000077a51d40 5 bytes JMP 0000000077bb0330

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess             0000000077a51db0 5 bytes JMP 0000000077bb0410

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                0000000077a51de0 5 bytes JMP 0000000077bb0240

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                     0000000077a520a0 5 bytes JMP 0000000077bb01e0

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                0000000077a52160 5 bytes JMP 0000000077bb0250

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                0000000077a52190 5 bytes JMP 0000000077bb0490

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys       0000000077a521a0 5 bytes JMP 0000000077bb04a0

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                  0000000077a521d0 5 bytes JMP 0000000077bb0300

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion               0000000077a521e0 5 bytes JMP 0000000077bb0360

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                     0000000077a52240 5 bytes JMP 0000000077bb02a0

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                  0000000077a52290 5 bytes JMP 0000000077bb02c0

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                     0000000077a522c0 5 bytes JMP 0000000077bb0380

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                      0000000077a522d0 5 bytes JMP 0000000077bb0340

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx               0000000077a525c0 5 bytes JMP 0000000077bb0440

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder              0000000077a527c0 5 bytes JMP 0000000077bb0260

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                 0000000077a527d0 5 bytes JMP 0000000077bb0270

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread               0000000077a527e0 5 bytes JMP 0000000077bb0400

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation           0000000077a529a0 5 bytes JMP 0000000077bb01f0

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState            0000000077a529b0 5 bytes JMP 0000000077bb0210

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                 0000000077a52a20 5 bytes JMP 0000000077bb0200

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                 0000000077a52a80 5 bytes JMP 0000000077bb0420

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                  0000000077a52a90 5 bytes JMP 0000000077bb0430

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl             0000000077a52aa0 5 bytes JMP 0000000077bb0220

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                     0000000077a52b80 5 bytes JMP 0000000077bb0280

.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[1900] C:\Windows\syswow64\MSCTF.dll!DllGetClassObject + 739              0000000075818298 4 bytes [41, A8, 91, 74]

.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[1900] C:\Windows\syswow64\MSCTF.dll!DllGetClassObject + 747              00000000758182a0 8 bytes [5C, A7, 91, 74, E4, A8, 91, ...]

.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69            00000000771f1465 2 bytes [1F, 77]

.text  C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155           00000000771f14bb 2 bytes [1F, 77]

.text  ...                                                                                                                                * 2

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                            0000000077a51360 5 bytes JMP 0000000077bb0460

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                     0000000077a513b0 5 bytes JMP 0000000077bb0450

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                     0000000077a51510 5 bytes JMP 0000000077bb0370

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                          0000000077a51560 5 bytes JMP 0000000077bb0470

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                0000000077a51570 5 bytes JMP 0000000077bb03e0

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                     0000000077a51620 5 bytes JMP 0000000077bb0320

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                              0000000077a51650 5 bytes JMP 0000000077bb03b0

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                 0000000077a51670 5 bytes JMP 0000000077bb0390

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                       0000000077a516b0 5 bytes JMP 0000000077bb02e0

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                     0000000077a51730 5 bytes JMP 0000000077bb02d0

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                   0000000077a51750 5 bytes JMP 0000000077bb0310

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                    0000000077a51790 5 bytes JMP 0000000077bb03c0

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                 0000000077a517e0 5 bytes JMP 0000000077bb03f0

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                    0000000077a51940 5 bytes JMP 0000000077bb0230

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                         0000000077a51b00 5 bytes JMP 0000000077bb0480

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                        0000000077a51b30 5 bytes JMP 0000000077bb03a0

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                 0000000077a51c10 5 bytes JMP 0000000077bb02f0

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                              0000000077a51c20 5 bytes JMP 0000000077bb0350

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                    0000000077a51c80 5 bytes JMP 0000000077bb0290

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                 0000000077a51d10 5 bytes JMP 0000000077bb02b0

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                  0000000077a51d30 5 bytes JMP 0000000077bb03d0

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                     0000000077a51d40 5 bytes JMP 0000000077bb0330

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                              0000000077a51db0 5 bytes JMP 0000000077bb0410

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                 0000000077a51de0 5 bytes JMP 0000000077bb0240

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                      0000000077a520a0 5 bytes JMP 0000000077bb01e0

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                 0000000077a52160 5 bytes JMP 0000000077bb0250

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                 0000000077a52190 5 bytes JMP 0000000077bb0490

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                        0000000077a521a0 5 bytes JMP 0000000077bb04a0

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                   0000000077a521d0 5 bytes JMP 0000000077bb0300

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                0000000077a521e0 5 bytes JMP 0000000077bb0360

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                      0000000077a52240 5 bytes JMP 0000000077bb02a0

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                   0000000077a52290 5 bytes JMP 0000000077bb02c0

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                      0000000077a522c0 5 bytes JMP 0000000077bb0380

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                       0000000077a522d0 5 bytes JMP 0000000077bb0340

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                0000000077a525c0 5 bytes JMP 0000000077bb0440

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                               0000000077a527c0 5 bytes JMP 0000000077bb0260

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                  0000000077a527d0 5 bytes JMP 0000000077bb0270

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                0000000077a527e0 5 bytes JMP 0000000077bb0400

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                            0000000077a529a0 5 bytes JMP 0000000077bb01f0

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                             0000000077a529b0 5 bytes JMP 0000000077bb0210

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                  0000000077a52a20 5 bytes JMP 0000000077bb0200

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                  0000000077a52a80 5 bytes JMP 0000000077bb0420

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                   0000000077a52a90 5 bytes JMP 0000000077bb0430

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                              0000000077a52aa0 5 bytes JMP 0000000077bb0220

.text  C:\Program Files\Windows Sidebar\sidebar.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                      0000000077a52b80 5 bytes JMP 0000000077bb0280

 

---- Disk sectors - GMER 2.1 ----

 

Disk   \Device\Harddisk0\DR0                                                                                                              unknown MBR code

 

---- EOF - GMER 2.1 ----

Share this post


Link to post
Share on other sites

Hi,

This is the final post, I promise!!

Don't worry, you won't get locked up or something like that for posting logfiles. Haha!

There's a lot of malware present on this computer. Let's start cleaning it! :)

1. Go to Start > Control Panel.
  • Click Uninstall a program.
  • Please remove the following programs from your system, as they are malware related:
    • Muvic Smartbar
    • Muvic Smartbar Engine

    [*]Also, please remove the following program as it is very outdated and unsafe to keep:

    • Java™ 6 Update 37
  • Please report back in your next post if you succeeded in removing those programs.
  • Close Control Panel.



2. Download RKill and save it to your Desktop.

  • Right-click RKill.exe and select Run as Administrator....
  • If a Windows Security prompt shows up, please allow the program to start.
  • The program will start immediately with it's tasks. When the program has finished, a logfile will appear.
    Please copy the contents of this logfile in your next reply.



3. Start AdwCleaner by right-clicking it and selecting Run as Administrator

  • When the program has started, click the Scan button and wait untill the scan has finished.
  • Make sure everything (on all tabs) is selected, and click the Delete button.
  • It's possible that AdwCleaner asks you to restart the system. It's important that you agree with this.
  • After restart a logfile will appear. Please post the contents of that logfile in your next reply.


4. Please download fixlist.txt to your Desktop.
  • Please make sure to put fixlist.txt in the same location as where FRST.exe/FRST64.exe is located!



5. Start Farbar Recovery Scan Tool by right-clicking it and selecting Run as Administrator.

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called fixlog.txt. Please include this logfile in your next reply.


6. Please remove fixlist.txt from your computer. (Important!!)

7. Reboot your PC. (Important!!)

8. As you probably can't connect to the internet, we have to update Malwarebytes' Anti-Malware to the latest version otherwise.
  • Please download mbam-rules.exe and save it to your Desktop.
  • Right-click mbam-rules.exe and click Run as Administrator.
  • Please follow the directions given by the setup that will start and complete the installation process.
  • Malwarebytes' Anti-Malware is now updated to the latest version.



9. Start Malwarebytes' Anti-Malware.

  • On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.
  • Then click the Scan tab. Select Custom Scan and click the Start Scan button.
  • In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.
  • Follow the instructions given by Malwarebytes' Anti-Malware.
  • If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.
  • It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.
  • Save the logfile in txt-format and copy/paste it in your next reply.
  • Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).


10. We need to fix a Windows service
  • Open the Start Menu.
  • Type this into the search box: cmd
  • An application called "cmd.exe" will appear. Right-click on it and select Run as Administrator.
  • A command line application will open now.
  • Please type in the following commands in the exact same order!! If any command fails, please report back to me immediately! Don't proceed with the next command then! Always wait for a command to 'finish'. It's finished when a new line appears in which you can type a new command again.
    • winmgmt /clearadap << include the space that was used here and also the 'slash' ( / ). This also counts for the commands below.
    • winmgmt /kill
    • winmgmt /unregserver
    • winmgmt /regserver
    • winmgmt /resyncperf

    [*]When done, please report back in your next reply if you succeeded running each command.



11. Start Farbar Recovery Scan Tool

  • If asked, click Yes at the Disclaimer window.
  • Click Scan once the program has opened.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.


12. Please give me an update on your PC problems, tell me if you were able to delete the programs mentioned in step 1 and run the fix in step 10, and also please post the logfiles from:
  • RKill
  • AdwCleaner
  • Farbar Recovery Scan Tool - using fixlist.txt
  • Malwarebytes' Anti-Malware
  • Farbar Recovery Scan Tool - regular scan



Good luck! :)

Share this post


Link to post
Share on other sites

Funny you say that, I've been trying to get JAVA off of here for a while now and it gives me a windows installer error.  

 

As for the Muvic, It does nothing when I choose uninstall.  

 

In the meantime, I'm going to go on to the next steps.  

 

Ha!  So I was right, this computer IS "messed" up?  LOL

 

Reminder, I'm still not able to get online, so all of the correspondence I do is on my pc and I'm using a thumb drive to transfer applications and logs.  So, let me know at any point if my computer might be at risk.

 

Once again, THANK YOU!!!!!!!!!!!!!!!!!!

Share this post


Link to post
Share on other sites

Hi,

 

Just don't run any exe's once you put the Flash drive into your own PC. Just open the TXT-files (logfiles) and keep it that way.

Yes, you are right, there is a lot of malware active on your computer. :)

 

We will deal with those programs later. Just continue with the other steps!

 

Good luck, haha. And you are most welcome. :)

Share this post


Link to post
Share on other sites
ROGUE KILL

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)


Copyright 2008-2015 BleepingComputer.com

More Information about Rkill can be found at this link:


 

Program started at: 01/10/2015 12:42:08 PM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

 

Checking for Windows services to stop:

 

 * No malware services found to stop.

 

Checking for processes to terminate:

 

 * No malware processes found to kill.

 

Checking Registry for malware related settings:

 

 * No issues found in the Registry.

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

 * No issues found.

 

Checking Windows Service Integrity: 

 

 * DHCP Client (Dhcp) is not Running.

   Startup Type set to: Disabled

 

 * DNS Client (Dnscache) is not Running.

   Startup Type set to: Disabled

 

 * COM+ Event System (EventSystem) is not Running.

   Startup Type set to: Disabled

 

 * Windows Firewall (MpsSvc) is not Running.

   Startup Type set to: Disabled

 

 * Network Connections (Netman) is not Running.

   Startup Type set to: Disabled

 

 * Network Store Interface Service (nsi) is not Running.

   Startup Type set to: Disabled

 

 * Windows Defender (WinDefend) is not Running.

   Startup Type set to: Disabled

 

 * Windows Management Instrumentation (Winmgmt) is not Running.

   Startup Type set to: Disabled

 

 * Security Center (wscsvc) is not Running.

   Startup Type set to: Disabled

 

 * Windows Update (wuauserv) is not Running.

   Startup Type set to: Disabled

 

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.

   Startup Type set to: Manual

 

Searching for Missing Digital Signatures: 

 

 * No issues found.

 

Checking HOSTS File: 

 

 * No issues found.

 

Program finished at: 01/10/2015 12:45:25 PM

Execution time: 0 hours(s), 3 minute(s), and 17 seconds(s)

Share this post


Link to post
Share on other sites
# AdwCleaner v4.107 - Report created 10/01/2015 at 12:58:45

# Updated 07/01/2015 by Xplode

# Database : 2014-12-21.4 [Local]

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Boyd - BOYD-PC

# Running from : C:\Users\Boyd\Desktop\adwcleaner_4.107.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\apn

Folder Deleted : C:\ProgramData\Ask

[#] Folder Deleted : C:\ProgramData\Browser Manager

Folder Deleted : C:\ProgramData\Systweak

Folder Deleted : C:\ProgramData\wincert

Folder Deleted : C:\ProgramData\AllCheapPricce

Folder Deleted : C:\ProgramData\AllCheapPriceu

Folder Deleted : C:\ProgramData\ExstrraSavings

Folder Deleted : C:\ProgramData\Fun22Save

Folder Deleted : C:\ProgramData\NettoCouupon

Folder Deleted : C:\ProgramData\SavoELoTus

Folder Deleted : C:\ProgramData\c7cfa554ab0382c9

Folder Deleted : C:\Program Files (x86)\File Type Helper

Folder Deleted : C:\Program Files (x86)\iMesh Applications

Folder Deleted : C:\Program Files (x86)\Optimizer Pro

Folder Deleted : C:\Program Files (x86)\supporter

Folder Deleted : C:\Program Files (x86)\AllCheapPricce

Folder Deleted : C:\Program Files (x86)\ExstrraSavings

Folder Deleted : C:\Program Files (x86)\Fun22Save

Folder Deleted : C:\Program Files (x86)\NettoCouupon

Folder Deleted : C:\Program Files (x86)\SavoELoTus

Folder Deleted : C:\Users\Boyd\AppData\Local\Temp\App Bud

Folder Deleted : C:\Users\Boyd\AppData\Local\Temp\findopolis

Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser

Folder Deleted : C:\Users\Administrator\AppData\Local\torch

Folder Deleted : C:\Users\Boyd\AppData\Local\Chromatic Browser

Folder Deleted : C:\Users\Boyd\AppData\Local\LPT

Folder Deleted : C:\Users\Boyd\AppData\Local\torch

Folder Deleted : C:\Users\Boyd\AppData\LocalLow\HPAppData

Folder Deleted : C:\Users\Boyd\AppData\Roaming\ap_logs

Folder Deleted : C:\Users\Boyd\AppData\Roaming\ASP

Folder Deleted : C:\Users\Boyd\AppData\Roaming\iWin

Folder Deleted : C:\Users\Boyd\AppData\Roaming\Systweak

Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser

Folder Deleted : C:\Users\Guest\AppData\Local\torch

Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser

Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch

Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjof

Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjof

Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjof

Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjof

Folder Deleted : C:\Users\Boyd\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjof

Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjof

Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjof

File Deleted : C:\END

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Deleted : C:\Windows\System32\roboot64.exe

File Deleted : C:\Users\Boyd\AppData\Local\AnyProtectScannerSetup.exe

File Deleted : C:\Users\Boyd\AppData\Roaming\aps.uninstall.scan.results

File Deleted : C:\Users\Boyd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk

File Deleted : C:\Users\Boyd\Desktop\Continue Live Installation.lnk

 

***** [ Scheduled Tasks ] *****

 

Task Deleted : APSnotifierPP1

Task Deleted : APSnotifierPP2

Task Deleted : APSnotifierPP3

Task Deleted : ASP

 

***** [ Shortcuts ] *****

 

Shortcut Disinfected : C:\Users\Boyd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\iMesh.exe

Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Launcher.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL

Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery

Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform

Key Deleted : HKLM\SOFTWARE\Classes\iMesh.Device

Key Deleted : HKLM\SOFTWARE\Classes\iMesh.file

Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMPlayCDAudioOnArrival

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMRipCDAudioOnArrival

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowCDAudioOnArrival

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowVolumeOnArrival

Key Deleted : HKLM\SOFTWARE\Classes\EExsttrauSavinngs.EExsttrauSavinngs

Key Deleted : HKLM\SOFTWARE\Classes\EExsttrauSavinngs.EExsttrauSavinngs.4.2

Key Deleted : HKLM\SOFTWARE\Classes\AllCheapPricE.AllCheapPricE

Key Deleted : HKLM\SOFTWARE\Classes\AllCheapPricE.AllCheapPricE.5.2

Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{969D2C61-9B16-407C-86B7-397BF4579BE6}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87DDCF24-1A3C-2DE5-3BA3-B6DE490E5F9E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4843E77-A46D-07E1-F080-AD2C89108099}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{969D2C61-9B16-407C-86B7-397BF4579BE6}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87DDCF24-1A3C-2DE5-3BA3-B6DE490E5F9E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4843E77-A46D-07E1-F080-AD2C89108099}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{87DDCF24-1A3C-2DE5-3BA3-B6DE490E5F9E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4843E77-A46D-07E1-F080-AD2C89108099}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87DDCF24-1A3C-2DE5-3BA3-B6DE490E5F9E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A4843E77-A46D-07E1-F080-AD2C89108099}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2C353E32-B8AC-4B82-B988-4C2D3394388A}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{87DDCF24-1A3C-2DE5-3BA3-B6DE490E5F9E}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A4843E77-A46D-07E1-F080-AD2C89108099}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A8DB711C-D5E3-4979-B363-D878ADA9FDAF}

Key Deleted : HKCU\Software\AnyProtect

Key Deleted : HKCU\Software\APN DTX

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\systweak

Key Deleted : HKCU\Software\Tutorials

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

Key Deleted : HKLM\SOFTWARE\systweak

Key Deleted : HKLM\SOFTWARE\Tutorials

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Music Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A1D3F9E-73B5-95EC-1233-6646E1358965}

Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\suppor~1\suppor~1.dll

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17496

 

 

-\\ Google Chrome v39.0.2171.95

 

[C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

 

-\\ Comodo Dragon v

 

[C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [22038 octets] - [09/01/2015 12:57:07]

AdwCleaner[R1].txt - [21092 octets] - [10/01/2015 12:51:39]

AdwCleaner[s0].txt - [20586 octets] - [10/01/2015 12:58:45]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [20647 octets] ##########

Share this post


Link to post
Share on other sites
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015

Ran by Boyd at 2015-01-10 13:10:13 Run:1

Running from C:\Users\Boyd\Desktop

Loaded Profile: Boyd (Available profiles: Boyd)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\MountPoints2: G - G:\VZAccess_Manager.exe /z detect

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\MountPoints2: {f7b5a9cc-826f-11e1-bf4b-c80aa9d9e931} - G:\VZAccess_Manager.exe /z detect

AppInit_DLLs-x32: c:\progra~2\suppor~1\suppor~1.dll => "c:\progra~2\suppor~1\suppor~1.dll" File Not Found

IFEO\bitguard.exe: [Debugger] tasklist.exe

IFEO\bprotect.exe: [Debugger] tasklist.exe

IFEO\bpsvc.exe: [Debugger] tasklist.exe

IFEO\browserdefender.exe: [Debugger] tasklist.exe

IFEO\browserprotect.exe: [Debugger] tasklist.exe

IFEO\browsersafeguard.exe: [Debugger] tasklist.exe

IFEO\dprotectsvc.exe: [Debugger] tasklist.exe

IFEO\jumpflip: [Debugger] tasklist.exe

IFEO\protectedsearch.exe: [Debugger] tasklist.exe

IFEO\searchinstaller.exe: [Debugger] tasklist.exe

IFEO\searchprotection.exe: [Debugger] tasklist.exe

IFEO\searchprotector.exe: [Debugger] tasklist.exe

IFEO\searchsettings.exe: [Debugger] tasklist.exe

IFEO\searchsettings64.exe: [Debugger] tasklist.exe

IFEO\snapdo.exe: [Debugger] tasklist.exe

IFEO\stinst32.exe: [Debugger] tasklist.exe

IFEO\stinst64.exe: [Debugger] tasklist.exe

IFEO\umbrella.exe: [Debugger] tasklist.exe

IFEO\utiljumpflip.exe: [Debugger] tasklist.exe

IFEO\volaro: [Debugger] tasklist.exe

IFEO\vonteera: [Debugger] tasklist.exe

IFEO\websteroids.exe: [Debugger] tasklist.exe

IFEO\websteroidsservice.exe: [Debugger] tasklist.exe

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.co...r=155364682&ir=

SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.as...q={searchTerms}

SearchScopes: HKLM -> {A8DB711C-D5E3-4979-B363-D878ADA9FDAF} URL = http://www.ask.com/w...}&l=dis&o=uscql

SearchScopes: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.co...r=155364682&ir=

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File

Toolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File

Toolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Task: {0BD1443C-454B-4D75-B545-A7CCD4B8AE78} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {0F95D69B-6B65-4D10-B427-9F864487602F} - \ASP No Task File <==== ATTENTION

Task: {319D46DC-C829-47E2-815E-C7AC14C6E993} - System32\Tasks\{F2B7C2F5-68CE-445C-C41D-AFBC935FA559} => C:\Users\Boyd\AppData\Roaming\ipqrpla.dll/s "C:\Users\Boyd\AppData\Roaming\ipqrpla.dll" <==== ATTENTION

Task: {9133F45D-2B4D-4258-9390-65D16ADA3128} - System32\Tasks\{53584188-C34C-4CC2-B608-3042639DCA21} => pcalua.exe -a G:\VZAccess_Manager.exe -d G:\ -c /z detect

Task: {AF5C8E7D-C817-4CC6-9C75-37AE1E3B3712} - System32\Tasks\{CD2B7EC7-4B6F-425E-9E6F-235DEDB32636} => pcalua.exe -a C:\ProgramData\AllCheapPriceu\2LKp.exe -c /s /n /i:"ExecuteCommands;UninstallCommands" ""

Task: {C973FEE1-E0EF-4D67-BB3C-5C2EBE6F7FA0} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {E20E5288-FEB3-4E19-9CCB-79D6243A1445} - System32\Tasks\{CDC13677-F32F-D2E5-BC87-D5CBC5B0EA7E} => C:\Users\Boyd\AppData\Roaming\aswcz.dll/s "C:\Users\Boyd\AppData\Roaming\aswcz.dll" <==== ATTENTION

Task: {EED2CD5E-D355-4D1A-9A79-A3C3F642F091} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

AlternateDataStreams: C:\ProgramData\Temp:F35A93AD

C:\Program Files (x86)\SavoELoTus

C:\Program Files (x86)\NettoCouupon

C:\Program Files (x86)\Fun22Save

C:\ProgramData\NettoCouupon

C:\ProgramData\Fun22Save

C:\Users\Boyd\AppData\Local\EmieBrowserModeList

C:\Users\Boyd\AppData\Local\dsisetup791196192.exe

C:\Users\Boyd\AppData\Local\DSI.DAT

C:\ProgramData\SavoELoTus

C:\Users\Boyd\AppData\Roaming\WB.CFG

C:\END

C:\Program Files (x86)\Optimizer Pro

C:\ProgramData\1315581722-bomgar-scc-installer.exe.exe

C:\ProgramData\1315582289-bomgar-scc-installer.exe.exe

C:\ProgramData\1315583468-bomgar-scc-installer.exe.exe

C:\ProgramData\1315584297-bomgar-scc-installer.exe.exe

C:\ProgramData\1315585810-bomgar-scc-installer.exe.exe

C:\ProgramData\1315586077-bomgar-scc-installer.exe.exe

C:\ProgramData\1315587940-bomgar-scc-installer.exe.exe

C:\ProgramData\1315588612-bomgar-scc-installer.exe.exe

C:\ProgramData\1315588837-bomgar-scc-installer.exe.exe

C:\ProgramData\1315591363-bomgar-scc-installer.exe.exe

C:\ProgramData\1315591471-bomgar-scc-installer.exe.exe

C:\ProgramData\1315591624-bomgar-scc-installer.exe.exe

C:\ProgramData\1315591887-bomgar-scc-installer.exe.exe

C:\ProgramData\1315592671-bomgar-scc-installer.exe.exe

C:\ProgramData\1315593755-bomgar-scc-installer.exe.exe

C:\ProgramData\1315594052-bomgar-scc-installer.exe.exe

C:\ProgramData\1315596781-bomgar-scc-installer.exe.exe

C:\ProgramData\1315597278-bomgar-scc-installer.exe.exe

C:\ProgramData\1315598164-bomgar-scc-installer.exe.exe

C:\ProgramData\1315598332-bomgar-scc-installer.exe.exe

C:\ProgramData\1315598739-bomgar-scc-installer.exe.exe

C:\ProgramData\1315600906-bomgar-scc-installer.exe.exe

C:\ProgramData\1315601035-bomgar-scc-installer.exe.exe

C:\ProgramData\1315601397-bomgar-scc-installer.exe.exe

C:\ProgramData\1315602204-bomgar-scc-installer.exe.exe

C:\ProgramData\1315603346-bomgar-scc-installer.exe.exe

C:\ProgramData\1315603365-bomgar-scc-installer.exe.exe

C:\ProgramData\1315604149-bomgar-scc-installer.exe.exe

C:\ProgramData\1315604357-bomgar-scc-installer.exe.exe

C:\ProgramData\1315605023-bomgar-scc-installer.exe.exe

C:\ProgramData\1315605283-bomgar-scc-installer.exe.exe

C:\ProgramData\1315605819-bomgar-scc-installer.exe.exe

C:\ProgramData\1315607882-bomgar-scc-installer.exe.exe

C:\ProgramData\1315608730-bomgar-scc-installer.exe.exe

C:\ProgramData\1315609233-bomgar-scc-installer.exe.exe

C:\ProgramData\1315609470-bomgar-scc-installer.exe.exe

C:\ProgramData\1315609848-bomgar-scc-installer.exe.exe

C:\ProgramData\1315609924-bomgar-scc-installer.exe.exe

C:\ProgramData\1315611082-bomgar-scc-installer.exe.exe

C:\ProgramData\1315611232-bomgar-scc-installer.exe.exe

C:\ProgramData\1315612911-bomgar-scc-installer.exe.exe

C:\ProgramData\1315616767-bomgar-scc-installer.exe.exe

C:\ProgramData\1315618505-bomgar-scc-installer.exe.exe

C:\ProgramData\1315619075-bomgar-scc-installer.exe.exe

C:\ProgramData\1315619225-bomgar-scc-installer.exe.exe

C:\ProgramData\1315619527-bomgar-scc-installer.exe.exe

C:\ProgramData\1315621657-bomgar-scc-installer.exe.exe

C:\ProgramData\1329185158-bomgar-scc-installer.exe.exe

C:\Users\Boyd\AppData\Local\Temp\ApnStub.exe

C:\Users\Boyd\AppData\Local\Temp\eject.exe

C:\Users\Boyd\AppData\Local\Temp\exe2pin.exe

C:\Users\Boyd\AppData\Local\Temp\Extract.exe

C:\Users\Boyd\AppData\Local\Temp\helper.exe

C:\Users\Boyd\AppData\Local\Temp\optprosetup.exe

C:\Users\Boyd\AppData\Local\Temp\propsys.dll

C:\Users\Boyd\AppData\Local\Temp\Quarantine.exe

C:\Users\Boyd\AppData\Local\Temp\Resource.exe

C:\Users\Boyd\AppData\Local\Temp\setup.exe

C:\Users\Boyd\AppData\Local\Temp\SP47636.exe

C:\Users\Boyd\AppData\Local\Temp\SP49521.exe

C:\Users\Boyd\AppData\Local\Temp\SP49522.exe

C:\Users\Boyd\AppData\Local\Temp\SP49524.exe

C:\Users\Boyd\AppData\Local\Temp\SP50718.exe

C:\Users\Boyd\AppData\Local\Temp\SP50720.exe

C:\Users\Boyd\AppData\Local\Temp\SP50843.exe

C:\Users\Boyd\AppData\Local\Temp\sp50843.exe.exe

C:\Users\Boyd\AppData\Local\Temp\SP51865.exe

C:\Users\Boyd\AppData\Local\Temp\SP51976.exe

C:\Users\Boyd\AppData\Local\Temp\SP52093.exe

C:\Users\Boyd\AppData\Local\Temp\sp52110.exe.exe

C:\Users\Boyd\AppData\Local\Temp\SP52407.exe

C:\Users\Boyd\AppData\Local\Temp\sp54373.exe

C:\Users\Boyd\AppData\Local\Temp\sp54620.exe

C:\Users\Boyd\AppData\Local\Temp\vcredist_x64.exe

C:\Windows\System32\Tasks\APSnotifierPP1

C:\Windows\System32\Tasks\APSnotifierPP2

C:\Windows\System32\Tasks\APSnotifierPP3

C:\Windows\System32\Tasks\{F2B7C2F5-68CE-445C-C41D-AFBC935FA559}

C:\Windows\System32\Tasks\{53584188-C34C-4CC2-B608-3042639DCA21}

C:\Windows\System32\Tasks\{CD2B7EC7-4B6F-425E-9E6F-235DEDB32636}

C:\Windows\System32\Tasks\{CDC13677-F32F-D2E5-BC87-D5CBC5B0EA7E}

C:\Users\Boyd\AppData\Roaming\ipqrpla.dll

G:\VZAccess_Manager.exe

C:\ProgramData\AllCheapPriceu\2LKp.exe

C:\Program Files (x86)\AnyProtectEx

C:\Users\Boyd\AppData\Roaming\aswcz.dll

*****************

 

"HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => Key deleted successfully.

"HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7b5a9cc-826f-11e1-bf4b-c80aa9d9e931}" => Key deleted successfully.

HKCR\CLSID\{f7b5a9cc-826f-11e1-bf4b-c80aa9d9e931} => Key not found. 

"c:\progra~2\suppor~1\suppor~1.dll" => Value Data not found.

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe => Key not found. 

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe => Key not found. 

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.

C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => Key not found. 

HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => Key not found. 

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} => Key not found. 

HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} => Key not found. 

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A8DB711C-D5E3-4979-B363-D878ADA9FDAF} => Key not found. 

HKCR\CLSID\{A8DB711C-D5E3-4979-B363-D878ADA9FDAF} => Key not found. 

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => Key not found. 

HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => Key not found. 

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found. 

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.

HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found. 

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.

HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BD1443C-454B-4D75-B545-A7CCD4B8AE78} => Key not found. 

C:\Windows\System32\Tasks\APSnotifierPP1 not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F95D69B-6B65-4D10-B427-9F864487602F} => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASP => Key not found. 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{319D46DC-C829-47E2-815E-C7AC14C6E993}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{319D46DC-C829-47E2-815E-C7AC14C6E993}" => Key deleted successfully.

C:\Windows\System32\Tasks\{F2B7C2F5-68CE-445C-C41D-AFBC935FA559} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F2B7C2F5-68CE-445C-C41D-AFBC935FA559}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9133F45D-2B4D-4258-9390-65D16ADA3128}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9133F45D-2B4D-4258-9390-65D16ADA3128}" => Key deleted successfully.

C:\Windows\System32\Tasks\{53584188-C34C-4CC2-B608-3042639DCA21} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{53584188-C34C-4CC2-B608-3042639DCA21}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF5C8E7D-C817-4CC6-9C75-37AE1E3B3712}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF5C8E7D-C817-4CC6-9C75-37AE1E3B3712}" => Key deleted successfully.

C:\Windows\System32\Tasks\{CD2B7EC7-4B6F-425E-9E6F-235DEDB32636} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CD2B7EC7-4B6F-425E-9E6F-235DEDB32636}" => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C973FEE1-E0EF-4D67-BB3C-5C2EBE6F7FA0} => Key not found. 

C:\Windows\System32\Tasks\APSnotifierPP3 not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => Key not found. 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E20E5288-FEB3-4E19-9CCB-79D6243A1445}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E20E5288-FEB3-4E19-9CCB-79D6243A1445}" => Key deleted successfully.

C:\Windows\System32\Tasks\{CDC13677-F32F-D2E5-BC87-D5CBC5B0EA7E} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CDC13677-F32F-D2E5-BC87-D5CBC5B0EA7E}" => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EED2CD5E-D355-4D1A-9A79-A3C3F642F091} => Key not found. 

C:\Windows\System32\Tasks\APSnotifierPP2 not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => Key not found. 

C:\Windows\Tasks\APSnotifierPP1.job not found.

C:\Windows\Tasks\APSnotifierPP2.job not found.

C:\Windows\Tasks\APSnotifierPP3.job not found.

C:\ProgramData\Temp => ":F35A93AD" ADS removed successfully.

"C:\Program Files (x86)\SavoELoTus" => File/Directory not found.

"C:\Program Files (x86)\NettoCouupon" => File/Directory not found.

"C:\Program Files (x86)\Fun22Save" => File/Directory not found.

"C:\ProgramData\NettoCouupon" => File/Directory not found.

"C:\ProgramData\Fun22Save" => File/Directory not found.

C:\Users\Boyd\AppData\Local\EmieBrowserModeList => Moved successfully.

C:\Users\Boyd\AppData\Local\dsisetup791196192.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\DSI.DAT => Moved successfully.

"C:\ProgramData\SavoELoTus" => File/Directory not found.

C:\Users\Boyd\AppData\Roaming\WB.CFG => Moved successfully.

"C:\END" => File/Directory not found.

"C:\Program Files (x86)\Optimizer Pro" => File/Directory not found.

C:\ProgramData\1315581722-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315582289-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315583468-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315584297-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315585810-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315586077-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315587940-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315588612-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315588837-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315591363-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315591471-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315591624-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315591887-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315592671-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315593755-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315594052-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315596781-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315597278-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315598164-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315598332-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315598739-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315600906-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315601035-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315601397-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315602204-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315603346-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315603365-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315604149-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315604357-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315605023-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315605283-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315605819-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315607882-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315608730-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315609233-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315609470-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315609848-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315609924-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315611082-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315611232-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315612911-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315616767-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315618505-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315619075-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315619225-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315619527-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1315621657-bomgar-scc-installer.exe.exe => Moved successfully.

C:\ProgramData\1329185158-bomgar-scc-installer.exe.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\ApnStub.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\eject.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\exe2pin.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\Extract.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\helper.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\optprosetup.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\propsys.dll => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\Quarantine.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\Resource.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\setup.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\SP47636.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\SP49521.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\SP49522.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\SP49524.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\SP50718.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\SP50720.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\SP50843.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\sp50843.exe.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\SP51865.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\SP51976.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\SP52093.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\sp52110.exe.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\SP52407.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\sp54373.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\sp54620.exe => Moved successfully.

C:\Users\Boyd\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.

"C:\Windows\System32\Tasks\APSnotifierPP1" => File/Directory not found.

"C:\Windows\System32\Tasks\APSnotifierPP2" => File/Directory not found.

"C:\Windows\System32\Tasks\APSnotifierPP3" => File/Directory not found.

"C:\Windows\System32\Tasks\{F2B7C2F5-68CE-445C-C41D-AFBC935FA559}" => File/Directory not found.

"C:\Windows\System32\Tasks\{53584188-C34C-4CC2-B608-3042639DCA21}" => File/Directory not found.

"C:\Windows\System32\Tasks\{CD2B7EC7-4B6F-425E-9E6F-235DEDB32636}" => File/Directory not found.

"C:\Windows\System32\Tasks\{CDC13677-F32F-D2E5-BC87-D5CBC5B0EA7E}" => File/Directory not found.

"C:\Users\Boyd\AppData\Roaming\ipqrpla.dll" => File/Directory not found.

"G:\VZAccess_Manager.exe" => File/Directory not found.

"C:\ProgramData\AllCheapPriceu\2LKp.exe" => File/Directory not found.

"C:\Program Files (x86)\AnyProtectEx" => File/Directory not found.

"C:\Users\Boyd\AppData\Roaming\aswcz.dll" => File/Directory not found.

 

 

The system needed a reboot. 

 

==== End of Fixlog 13:10:21 ====

Share this post


Link to post
Share on other sites

Hi,

 

Just wanted to let you know I've looked at your logfiles as far as you've posted them now. I will wait untill you've done the other steps as well.

 

Good luck! :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.