TexasAggie Posted January 9, 2015 ID:927731 Share Posted January 9, 2015 Y'all have helped me so much I feel ashamed to ask, but my father's pc is in dire straits. Here is the FRST.txt and Addition.txt. Currently I cannot get online at all. It seems that the wireless ethernet controller is not responding, yet device manager shows that it is working properly. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015Ran by Boyd (administrator) on BOYD-PC on 08-01-2015 17:47:47Running from C:\Users\Boyd\DesktopLoaded Profile: Boyd (Available profiles: Boyd)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HP Quick Launch] => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)HKLM-x32\...\Run: [sSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2015-01-05] (AVAST Software)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe /startupHKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [My Driver Updater] => C:\Program Files (x86)\My Driver Updater\MDULauncher.exe [133432 2014-02-06] (Softitube Ltd)HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\MountPoints2: G - G:\VZAccess_Manager.exe /z detectHKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\MountPoints2: {f7b5a9cc-826f-11e1-bf4b-c80aa9d9e931} - G:\VZAccess_Manager.exe /z detectAppInit_DLLs-x32: c:\progra~2\suppor~1\suppor~1.dll => "c:\progra~2\suppor~1\suppor~1.dll" File Not FoundIFEO\bitguard.exe: [Debugger] tasklist.exeIFEO\bprotect.exe: [Debugger] tasklist.exeIFEO\bpsvc.exe: [Debugger] tasklist.exeIFEO\browserdefender.exe: [Debugger] tasklist.exeIFEO\browserprotect.exe: [Debugger] tasklist.exeIFEO\browsersafeguard.exe: [Debugger] tasklist.exeIFEO\dprotectsvc.exe: [Debugger] tasklist.exeIFEO\jumpflip: [Debugger] tasklist.exeIFEO\protectedsearch.exe: [Debugger] tasklist.exeIFEO\searchinstaller.exe: [Debugger] tasklist.exeIFEO\searchprotection.exe: [Debugger] tasklist.exeIFEO\searchprotector.exe: [Debugger] tasklist.exeIFEO\searchsettings.exe: [Debugger] tasklist.exeIFEO\searchsettings64.exe: [Debugger] tasklist.exeIFEO\snapdo.exe: [Debugger] tasklist.exeIFEO\stinst32.exe: [Debugger] tasklist.exeIFEO\stinst64.exe: [Debugger] tasklist.exeIFEO\umbrella.exe: [Debugger] tasklist.exeIFEO\utiljumpflip.exe: [Debugger] tasklist.exeIFEO\volaro: [Debugger] tasklist.exeIFEO\vonteera: [Debugger] tasklist.exeIFEO\websteroids.exe: [Debugger] tasklist.exeIFEO\websteroidsservice.exe: [Debugger] tasklist.exeShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.comStartMenuInternet: IEXPLORE.EXE - iexplore.exeSearchScopes: HKLM -> DefaultScope {0C00C7CA-668A-4AE1-9D55-159E68DD3E7A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBoxSearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0C00C7CA-668A-4AE1-9D55-159E68DD3E7A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBoxSearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_cmi_14_50_ie&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0Dzy0EzytAtCtBzzzytBtN0D0Tzu0SzyyDtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDzytAyD0DtAzz0BtG0DyBtDtCtGyBtAtC0FtGtBtAzytBtGyB0D0CyDyCyDtCzyyC0Bzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyyEtCyC0CtByBtGtA0Ezy0FtGyDyEzytDtGyCzyyByDtGyC0F0BtD0AtAtB0D0AtDtCyD2Q&cr=155364682&ir=SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=1&v=a12720-55&apn_uid=2369281325254520&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}SearchScopes: HKLM -> {A8DB711C-D5E3-4979-B363-D878ADA9FDAF} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqlSearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_cmi_14_50_ie&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0Dzy0EzytAtCtBzzzytBtN0D0Tzu0SzyyDtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDzytAyD0DtAzz0BtG0DyBtDtCtGyBtAtC0FtGtBtAzytBtGyB0D0CyDyCyDtCzyyC0Bzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyyEtCyC0CtByBtGtA0Ezy0FtGyDyEzytDtGyCzyyByDtGyC0F0BtD0AtAtB0D0AtDtCyD2Q&cr=155364682&ir=BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No FileBHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No FileBHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)Toolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileToolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileToolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileHandler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\16\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-04]FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ruFF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ruFF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ruFF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-05]FF HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: =======CHR StartupUrls: Default -> "hxxp://www.google.com/"CHR Profile: C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-05]CHR Extension: (Google Docs) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-05]CHR Extension: (Google Drive) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-05]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-05]CHR Extension: (YouTube) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-05]CHR Extension: (Google Search) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-05]CHR Extension: (Google Sheets) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-05]CHR Extension: (Avast Online Security) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-05]CHR Extension: (Google Wallet) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-05]CHR Extension: (Gmail) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-05]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-05] (AVAST Software)S4 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] () [File not signed]S4 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()S4 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-05] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-05] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-05] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-05] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-05] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-05] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-05] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-05] ()S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-05] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-06-03] (Novatel Wireless Inc.)S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-06-03] (Novatel Wireless Inc.)S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-06-03] (Novatel Wireless Inc.)S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-08 17:47 - 2015-01-08 17:48 - 00017688 _____ () C:\Users\Boyd\Desktop\FRST.txt2015-01-08 17:47 - 2015-01-08 17:47 - 00000000 ____D () C:\FRST2015-01-08 17:26 - 2015-01-08 17:26 - 02124288 _____ (Farbar) C:\Users\Boyd\Desktop\FRST64.exe2015-01-05 16:18 - 2015-01-05 19:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-01-05 16:18 - 2015-01-05 16:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-01-05 11:53 - 2015-01-05 11:53 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia2015-01-05 11:53 - 2015-01-05 11:53 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia2015-01-05 11:39 - 2015-01-05 11:39 - 00000000 ____D () C:\Users\Boyd\AppData\Roaming\AVAST Software2015-01-05 11:31 - 2015-01-05 19:38 - 00000000 ____D () C:\Program Files\Google2015-01-05 11:31 - 2015-01-05 11:39 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2015-01-05 11:31 - 2015-01-05 11:31 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk2015-01-05 11:31 - 2015-01-05 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software2015-01-05 11:30 - 2015-01-05 11:30 - 00002219 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-01-05 11:30 - 2015-01-05 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-01-05 11:27 - 2015-01-05 19:38 - 00000000 ____D () C:\Program Files (x86)\Google2015-01-05 11:27 - 2015-01-05 19:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-01-05 11:27 - 2015-01-05 11:32 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-01-05 11:27 - 2015-01-05 11:31 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2015-01-05 11:27 - 2015-01-05 11:27 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2015-01-05 11:27 - 2015-01-05 11:27 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-01-05 11:27 - 2015-01-05 11:27 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-01-05 11:21 - 2015-01-05 11:21 - 00000000 ____D () C:\Program Files\AVAST Software2015-01-05 11:20 - 2015-01-05 11:21 - 00000000 ____D () C:\ProgramData\AVAST Software2015-01-05 11:20 - 2015-01-05 11:20 - 05006864 _____ (AVAST Software) C:\Users\Boyd\Downloads\avast_free_antivirus_setup_online.exe2015-01-04 22:42 - 2015-01-05 18:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-01-04 22:35 - 2015-01-04 22:35 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-01-04 22:35 - 2015-01-04 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-01-04 22:35 - 2015-01-04 22:35 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-01-04 22:35 - 2015-01-04 22:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-01-04 22:35 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-01-04 22:35 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-01-04 22:35 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-01-04 22:31 - 2015-01-04 22:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Boyd\Downloads\mbam-setup-2.0.4.1028.exe2015-01-04 18:49 - 2015-01-05 16:59 - 00001911 _____ () C:\Users\Boyd\Uninstall-VzInHomeAgentlog.log2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\SavoELoTus2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\NettoCouupon2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\Fun22Save2014-12-27 07:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\NettoCouupon2014-12-27 04:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\Fun22Save2014-12-27 03:23 - 2014-12-27 03:23 - 00000000 __SHD () C:\Users\Boyd\AppData\Local\EmieBrowserModeList2014-12-27 02:25 - 2014-12-27 02:25 - 00022528 _____ () C:\Users\Boyd\AppData\Local\dsisetup791196192.exe2014-12-27 02:25 - 2014-12-27 02:25 - 00000010 _____ () C:\Users\Boyd\AppData\Local\DSI.DAT2014-12-26 23:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\SavoELoTus2014-12-26 08:14 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-12-26 08:14 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL2014-12-26 08:14 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL2014-12-26 08:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL2014-12-26 08:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL2014-12-26 08:14 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls2014-12-26 08:14 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls2014-12-26 04:20 - 2014-12-26 04:20 - 00000000 ____D () C:\Windows\system32\appraiser2014-12-26 03:09 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll2014-12-26 03:09 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll2014-12-26 03:09 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll2014-12-26 03:09 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe2014-12-26 03:09 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe2014-12-26 03:09 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll2014-12-26 03:09 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll2014-12-26 03:09 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe2014-12-26 03:09 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe2014-12-26 03:09 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll2014-12-25 13:08 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2014-12-25 13:08 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2014-12-25 13:08 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-12-25 13:08 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2014-12-25 13:08 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-12-25 13:08 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2014-12-25 13:08 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-12-25 13:08 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe2014-12-25 13:08 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-12-25 13:08 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-12-25 13:08 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-12-25 13:08 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-12-25 13:08 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-12-25 13:08 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-12-25 13:08 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-12-25 13:08 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-12-25 13:08 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-12-25 13:08 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-12-25 13:08 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-12-25 13:08 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-12-25 13:08 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-12-25 13:08 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-12-25 13:08 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-12-25 13:08 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-12-25 13:08 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-12-25 13:08 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-12-25 13:08 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-12-25 13:08 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-12-25 13:08 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-12-25 13:08 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-12-25 13:08 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-12-25 13:08 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-12-25 13:08 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-12-25 13:08 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-12-25 13:08 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-12-25 13:08 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-12-25 13:08 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-12-25 13:08 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-12-25 13:08 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-12-25 13:08 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-12-25 13:08 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-12-25 13:08 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-12-25 13:08 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-12-25 13:08 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-12-25 13:08 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-12-25 13:08 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-12-25 13:08 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-12-25 13:08 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-12-25 13:08 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-12-25 13:08 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-12-25 13:08 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2014-12-25 13:08 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2014-12-25 13:08 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys2014-12-25 13:08 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-12-25 13:08 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2014-12-25 13:08 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2014-12-25 13:08 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2014-12-25 13:08 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2014-12-25 13:08 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-12-25 13:08 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll2014-12-25 13:08 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-12-25 13:08 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2014-12-25 13:08 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-12-25 13:08 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2014-12-25 13:08 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2014-12-25 13:08 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-12-25 13:08 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2014-12-25 13:08 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-12-25 13:07 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-12-25 13:07 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-12-25 13:07 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-12-25 13:07 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-12-25 13:07 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-12-25 13:07 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-12-25 13:07 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-12-25 13:07 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-12-25 13:07 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-12-25 13:07 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-12-25 13:07 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-12-25 13:07 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-12-25 13:06 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-12-25 13:06 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll2014-12-25 13:06 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-12-25 13:06 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll2014-12-25 13:06 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-12-25 13:06 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2014-12-25 13:06 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe2014-12-25 13:06 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe2014-12-25 13:06 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2014-12-25 13:06 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-12-25 13:06 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-12-25 13:06 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-12-25 13:06 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-12-25 13:06 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll2014-12-25 13:06 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll2014-12-25 13:06 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll2014-12-25 13:06 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll2014-12-25 13:06 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll2014-12-25 13:06 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2014-12-25 13:06 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll2014-12-25 13:06 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll2014-12-25 13:06 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll2014-12-25 13:06 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe2014-12-25 13:06 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll2014-12-25 13:06 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll2014-12-25 13:06 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll2014-12-25 13:06 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll2014-12-25 13:06 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll2014-12-25 13:06 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll2014-12-25 13:06 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe2014-12-25 13:06 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll2014-12-25 13:06 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-12-25 13:06 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-12-25 13:06 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2014-12-25 13:06 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-12-25 13:06 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-12-25 13:06 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-12-25 13:06 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-12-25 13:06 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-12-25 13:06 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2014-12-25 13:06 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-12-25 13:06 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-12-25 13:06 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-12-25 13:06 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-12-25 13:06 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll2014-12-25 13:06 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL2014-12-25 13:06 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL2014-12-25 13:06 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-12-25 13:06 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2014-12-25 13:06 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-12-25 13:06 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-12-25 13:06 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-12-25 13:06 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll2014-12-25 13:06 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-12-25 13:06 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2014-12-25 13:06 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll2014-12-25 13:06 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-12-25 13:06 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2014-12-25 13:05 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-12-25 13:05 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-12-25 13:05 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2014-12-25 13:05 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll2014-12-25 13:05 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-12-25 13:05 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-12-25 13:05 - 2014-06-03 04:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2014-12-25 13:05 - 2014-06-03 04:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll2014-12-25 13:05 - 2014-06-03 04:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe2014-12-25 13:05 - 2014-06-03 03:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2014-12-25 13:05 - 2014-06-03 03:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll2014-12-25 12:41 - 2014-08-01 05:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll2014-12-25 12:41 - 2014-08-01 05:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll2014-12-25 12:39 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2014-12-25 12:39 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2014-12-25 12:39 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2014-12-25 12:39 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2014-12-25 12:39 - 2014-06-15 20:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys2014-12-25 12:38 - 2014-06-24 20:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-12-25 12:38 - 2014-06-24 19:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-12-25 12:35 - 2014-08-22 20:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2014-12-25 12:35 - 2014-08-22 19:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2014-12-25 12:35 - 2014-07-13 20:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2014-12-25 12:34 - 2014-07-13 19:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2014-12-25 12:25 - 2014-12-30 01:25 - 00000138 _____ () C:\Users\Boyd\AppData\Roaming\WB.CFG ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-08 17:40 - 2009-07-13 22:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-01-08 17:40 - 2009-07-13 22:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-01-08 17:34 - 2011-01-29 16:21 - 00000000 ____D () C:\Users\Boyd\Tracing2015-01-08 17:33 - 2014-06-28 22:42 - 00000258 __RSH () C:\ProgramData\ntuser.pol2015-01-08 16:52 - 2010-09-01 12:03 - 01956353 _____ () C:\Windows\WindowsUpdate.log2015-01-05 19:38 - 2010-09-01 12:46 - 00550696 _____ () C:\Windows\PFRO.log2015-01-05 17:19 - 2014-06-28 22:42 - 00000000 ____D () C:\Users\Boyd\AppData\Local\Google2015-01-05 16:59 - 2012-11-04 15:04 - 00000000 ____D () C:\Program Files (x86)\Verizon2015-01-05 16:59 - 2011-01-29 15:32 - 00000000 ____D () C:\Users\Boyd2015-01-05 16:59 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2015-01-05 16:18 - 2012-08-18 12:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-01-05 16:18 - 2012-08-18 12:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-01-05 11:53 - 2011-02-03 11:42 - 00000000 ____D () C:\Users\Boyd\AppData\Local\Adobe2015-01-05 11:53 - 2011-01-29 15:51 - 00000000 ____D () C:\Users\Boyd\AppData\Roaming\Adobe2015-01-05 11:53 - 2010-03-30 20:58 - 00000000 ____D () C:\Program Files (x86)\Adobe2015-01-05 08:15 - 2009-07-13 23:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI2015-01-05 08:09 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-01-05 08:09 - 2009-07-13 22:51 - 00118816 _____ () C:\Windows\setupact.log2015-01-05 08:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SchCache2015-01-05 08:08 - 2014-06-28 22:42 - 00000000 ____D () C:\Program Files (x86)\Supporter2015-01-05 00:01 - 2010-09-01 13:41 - 00000000 ____D () C:\ProgramData\Recovery2015-01-04 23:48 - 2014-06-27 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon2015-01-04 23:48 - 2014-06-25 20:38 - 00000000 ____D () C:\Program Files (x86)\File Type Helper2015-01-04 23:48 - 2011-12-25 13:21 - 00000000 ____D () C:\ProgramData\InstallShield2015-01-04 23:48 - 2011-01-29 15:47 - 00000000 ____D () C:\Users\Boyd\AppData\Local\Hewlett-Packard2015-01-04 23:48 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration2015-01-04 23:38 - 2014-07-31 21:07 - 00000000 ____D () C:\ProgramData\Systweak2015-01-04 23:38 - 2014-07-31 21:06 - 00000000 ____D () C:\Users\Boyd\AppData\Roaming\Systweak2015-01-04 23:38 - 2014-07-31 20:58 - 00000000 ____D () C:\Users\Boyd\AppData\Local\com2015-01-04 23:37 - 2014-07-08 20:00 - 00000000 ____D () C:\ProgramData\AllCheapPriceu2015-01-04 23:37 - 2014-06-28 22:25 - 00000000 ____D () C:\Users\Boyd\AppData\Local\LPT2015-01-04 23:37 - 2014-06-28 22:23 - 00000000 ____D () C:\Users\Boyd\AppData\Local\263792015-01-04 23:37 - 2013-07-25 20:08 - 00000000 ____D () C:\ProgramData\Wincert2015-01-04 23:24 - 2011-02-07 09:46 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2015-01-04 23:22 - 2011-10-29 08:03 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2015-01-04 22:19 - 2009-07-13 23:08 - 00032544 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2015-01-04 22:13 - 2009-07-13 22:45 - 00430848 _____ () C:\Windows\system32\FNTCACHE.DAT2015-01-04 18:50 - 2014-06-25 20:38 - 00000019 _____ () C:\END2014-12-27 07:25 - 2014-06-28 22:42 - 00000000 ____D () C:\ProgramData\c7cfa554ab0382c92014-12-27 03:21 - 2009-07-13 22:51 - 00118648 _____ () C:\Windows\setupact(17).log2014-12-26 06:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache2014-12-26 04:20 - 2014-06-26 04:10 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-12-26 04:20 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-12-26 04:20 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat2014-12-26 03:50 - 2011-04-07 20:53 - 00000000 ____D () C:\Windows\System32\Tasks\Games2014-12-26 03:31 - 2014-06-26 03:31 - 00000000 ____D () C:\Windows\system32\MRT2014-12-26 03:14 - 2011-07-12 09:41 - 00779192 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2014-12-25 10:49 - 2014-07-31 17:01 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro Files to move or delete:====================C:\ProgramData\1315581722-bomgar-scc-installer.exe.exeC:\ProgramData\1315582289-bomgar-scc-installer.exe.exeC:\ProgramData\1315583468-bomgar-scc-installer.exe.exeC:\ProgramData\1315584297-bomgar-scc-installer.exe.exeC:\ProgramData\1315585810-bomgar-scc-installer.exe.exeC:\ProgramData\1315586077-bomgar-scc-installer.exe.exeC:\ProgramData\1315587940-bomgar-scc-installer.exe.exeC:\ProgramData\1315588612-bomgar-scc-installer.exe.exeC:\ProgramData\1315588837-bomgar-scc-installer.exe.exeC:\ProgramData\1315591363-bomgar-scc-installer.exe.exeC:\ProgramData\1315591471-bomgar-scc-installer.exe.exeC:\ProgramData\1315591624-bomgar-scc-installer.exe.exeC:\ProgramData\1315591887-bomgar-scc-installer.exe.exeC:\ProgramData\1315592671-bomgar-scc-installer.exe.exeC:\ProgramData\1315593755-bomgar-scc-installer.exe.exeC:\ProgramData\1315594052-bomgar-scc-installer.exe.exeC:\ProgramData\1315596781-bomgar-scc-installer.exe.exeC:\ProgramData\1315597278-bomgar-scc-installer.exe.exeC:\ProgramData\1315598164-bomgar-scc-installer.exe.exeC:\ProgramData\1315598332-bomgar-scc-installer.exe.exeC:\ProgramData\1315598739-bomgar-scc-installer.exe.exeC:\ProgramData\1315600906-bomgar-scc-installer.exe.exeC:\ProgramData\1315601035-bomgar-scc-installer.exe.exeC:\ProgramData\1315601397-bomgar-scc-installer.exe.exeC:\ProgramData\1315602204-bomgar-scc-installer.exe.exeC:\ProgramData\1315603346-bomgar-scc-installer.exe.exeC:\ProgramData\1315603365-bomgar-scc-installer.exe.exeC:\ProgramData\1315604149-bomgar-scc-installer.exe.exeC:\ProgramData\1315604357-bomgar-scc-installer.exe.exeC:\ProgramData\1315605023-bomgar-scc-installer.exe.exeC:\ProgramData\1315605283-bomgar-scc-installer.exe.exeC:\ProgramData\1315605819-bomgar-scc-installer.exe.exeC:\ProgramData\1315607882-bomgar-scc-installer.exe.exeC:\ProgramData\1315608730-bomgar-scc-installer.exe.exeC:\ProgramData\1315609233-bomgar-scc-installer.exe.exeC:\ProgramData\1315609470-bomgar-scc-installer.exe.exeC:\ProgramData\1315609848-bomgar-scc-installer.exe.exeC:\ProgramData\1315609924-bomgar-scc-installer.exe.exeC:\ProgramData\1315611082-bomgar-scc-installer.exe.exeC:\ProgramData\1315611232-bomgar-scc-installer.exe.exeC:\ProgramData\1315612911-bomgar-scc-installer.exe.exeC:\ProgramData\1315616767-bomgar-scc-installer.exe.exeC:\ProgramData\1315618505-bomgar-scc-installer.exe.exeC:\ProgramData\1315619075-bomgar-scc-installer.exe.exeC:\ProgramData\1315619225-bomgar-scc-installer.exe.exeC:\ProgramData\1315619527-bomgar-scc-installer.exe.exeC:\ProgramData\1315621657-bomgar-scc-installer.exe.exeC:\ProgramData\1329185158-bomgar-scc-installer.exe.exe Some content of TEMP:====================C:\Users\Boyd\AppData\Local\Temp\ApnStub.exeC:\Users\Boyd\AppData\Local\Temp\eject.exeC:\Users\Boyd\AppData\Local\Temp\exe2pin.exeC:\Users\Boyd\AppData\Local\Temp\Extract.exeC:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate.exeC:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate01.exeC:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate02.exeC:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate03.exeC:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate04.exeC:\Users\Boyd\AppData\Local\Temp\helper.exeC:\Users\Boyd\AppData\Local\Temp\HPQSi.exeC:\Users\Boyd\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exeC:\Users\Boyd\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exeC:\Users\Boyd\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exeC:\Users\Boyd\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exeC:\Users\Boyd\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exeC:\Users\Boyd\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exeC:\Users\Boyd\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exeC:\Users\Boyd\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exeC:\Users\Boyd\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exeC:\Users\Boyd\AppData\Local\Temp\optprosetup.exeC:\Users\Boyd\AppData\Local\Temp\propsys.dllC:\Users\Boyd\AppData\Local\Temp\Resource.exeC:\Users\Boyd\AppData\Local\Temp\setup.exeC:\Users\Boyd\AppData\Local\Temp\SP47636.exeC:\Users\Boyd\AppData\Local\Temp\SP49521.exeC:\Users\Boyd\AppData\Local\Temp\SP49522.exeC:\Users\Boyd\AppData\Local\Temp\SP49524.exeC:\Users\Boyd\AppData\Local\Temp\SP50718.exeC:\Users\Boyd\AppData\Local\Temp\SP50720.exeC:\Users\Boyd\AppData\Local\Temp\SP50843.exeC:\Users\Boyd\AppData\Local\Temp\sp50843.exe.exeC:\Users\Boyd\AppData\Local\Temp\SP51865.exeC:\Users\Boyd\AppData\Local\Temp\SP51976.exeC:\Users\Boyd\AppData\Local\Temp\SP52093.exeC:\Users\Boyd\AppData\Local\Temp\sp52110.exe.exeC:\Users\Boyd\AppData\Local\Temp\SP52407.exeC:\Users\Boyd\AppData\Local\Temp\sp54373.exeC:\Users\Boyd\AppData\Local\Temp\sp54620.exeC:\Users\Boyd\AppData\Local\Temp\UninstallHPSA.exeC:\Users\Boyd\AppData\Local\Temp\UninstallHPTCA.exeC:\Users\Boyd\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-04 00:16 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
TexasAggie Posted January 9, 2015 Author ID:927732 Share Posted January 9, 2015 The Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015Ran by Boyd at 2015-01-08 17:49:10Running from C:\Users\Boyd\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden6500_E709n (x32 Version: 140.0.000.000 - Hewlett-Packard) HiddenAcrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)Adobe Reader 9.5.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) HiddenBlackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenBlasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hiddenbpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) HiddenBPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) HiddenBPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) HiddenBufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenBuild-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenCake Mania (x32 Version: 2.2.0.82 - WildTangent) HiddenChuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) HiddenCisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2216 - CyberLink Corp.)CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3419 - CyberLink Corp.)CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1110 - CyberLink Corp.)CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.)Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) HiddenDeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenDiner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) HiddenDocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) HiddenDocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) HiddenDora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) HiddenDragon NaturallySpeaking 10 (HKLM-x32\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.)Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) HiddenESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) HiddenFATE (x32 Version: 2.2.0.82 - WildTangent) HiddenFax (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) HiddenGPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenHewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) HiddenHP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)HP Quick Launch (HKLM\...\{10F539B1-31AF-43BF-9F0C-0EB66E918922}) (Version: 1.0.18 - Hewlett-Packard)HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)HP User Guides 0178 (HKLM-x32\...\{9A4317FB-5775-4FB3-BDC9-995595106F1F}) (Version: 1.02.0000 - Hewlett-Packard)HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenHPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenIHA_MessageCenter (HKLM-x32\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)iMesh (HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\iMesh) (Version: 12.0.0.133554 - iMesh Inc) <==== ATTENTIONIntel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)Java 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) HiddenJewel Quest Solitaire 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenJunk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) HiddenLabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2215 - CyberLink Corp.)LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.) HiddenLightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)Mobile Broadband Generic Drivers (HKLM-x32\...\Mobile Broadband Generic Drivers) (Version: 2.03.09.005.14 - Novatel Wireless)Mobile Broadband Generic Drivers (x32 Version: 2.03.09.005.14 - Novatel Wireless) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)muvee Reveal (HKLM-x32\...\{DE626616-D7C4-4F00-7E0B-EAF26FA65749}) (Version: 7.0.43.12698 - muvee Technologies Pte Ltd)Muvic Smartbar (HKLM-x32\...\{1EB8010A-F431-4F8F-874A-506B2B51F3D2}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTIONMuvic Smartbar Engine (HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\{9ea891cc-fef7-48f5-a063-2dbff1e69925}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTIONMy Driver Updater v3.1 (HKLM-x32\...\My Driver Updater_is1) (Version: 3.1 - Softitube Ltd)Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82 - WildTangent) HiddenNetwork64 (Version: 140.0.215.000 - Hewlett-Packard) HiddenOCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)Penguins! (x32 Version: 2.2.0.82 - WildTangent) HiddenPlants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) HiddenPoker Superstars III (x32 Version: 2.2.0.82 - WildTangent) HiddenPolar Bowler (x32 Version: 2.2.0.82 - WildTangent) HiddenPolar Golfer (x32 Version: 2.2.0.82 - WildTangent) HiddenPower2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3415 - CyberLink Corp.)Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.) HiddenPowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3420 - CyberLink Corp.)PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.) HiddenProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) HiddenRealtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0104 - REALTEK Semiconductor Corp.)Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) HiddenRtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) HiddenShop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenSolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) HiddenStatus (x32 Version: 140.0.256.000 - Hewlett-Packard) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)TextTwist 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenToolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) HiddenTrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenUpdate Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenVerizon Wireless USB760 Firmware Updates (HKLM-x32\...\{629CCE02-041D-4577-892C-577861181771}) (Version: 1.0.0 - Smith Micro Software, Inc.)Virtual Families (x32 Version: 2.2.0.82 - WildTangent) HiddenVirtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) HiddenVisual C++ Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}) (Version: 10.00.800.228 - Nuance Communications Inc.)Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) HiddenWheel of Fortune 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenWildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.2 - WildTangent)Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= Could not list restore points.Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0BD1443C-454B-4D75-B545-A7CCD4B8AE78} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: {0F95D69B-6B65-4D10-B427-9F864487602F} - \ASP No Task File <==== ATTENTIONTask: {26F6765E-F7FC-4304-9FDA-EFA6C7C0D67C} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()Task: {302D416F-A8AA-421E-98ED-F3A12E4D2B8B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-05] (AVAST Software)Task: {319D46DC-C829-47E2-815E-C7AC14C6E993} - System32\Tasks\{F2B7C2F5-68CE-445C-C41D-AFBC935FA559} => C:\Users\Boyd\AppData\Roaming\ipqrpla.dll/s "C:\Users\Boyd\AppData\Roaming\ipqrpla.dll" <==== ATTENTIONTask: {483C22B9-A58A-4451-B636-76BE2D08A4AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)Task: {55E244FC-E224-4D19-9CDF-B6210B92F6D6} - System32\Tasks\{CF10AF8B-2611-4E13-84D8-D71229268B19} => C:\Users\Boyd\Desktop\SpiderSolitaire.exeTask: {63FB9057-1496-48ED-AAD0-B849FEF2CDFB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)Task: {67FB2EA8-84AB-4A6C-B7C8-5757584AD63D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)Task: {6AB44665-9B1E-4F38-ADCC-2EE0541CE76B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard)Task: {796CC964-88EA-4C3F-B046-A1CEAF9C2426} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)Task: {7C8D155E-16EC-4784-B4CB-0B4F9E1859B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-05] (Adobe Systems Incorporated)Task: {90819DBE-9F00-4C10-B651-9C1B7D5942FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)Task: {9133F45D-2B4D-4258-9390-65D16ADA3128} - System32\Tasks\{53584188-C34C-4CC2-B608-3042639DCA21} => pcalua.exe -a G:\VZAccess_Manager.exe -d G:\ -c /z detectTask: {AF5C8E7D-C817-4CC6-9C75-37AE1E3B3712} - System32\Tasks\{CD2B7EC7-4B6F-425E-9E6F-235DEDB32636} => pcalua.exe -a C:\ProgramData\AllCheapPriceu\2LKp.exe -c /s /n /i:"ExecuteCommands;UninstallCommands" ""Task: {C973FEE1-E0EF-4D67-BB3C-5C2EBE6F7FA0} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: {CAB67526-F5B8-44A7-8B74-84550C48FE3B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)Task: {E20E5288-FEB3-4E19-9CCB-79D6243A1445} - System32\Tasks\{CDC13677-F32F-D2E5-BC87-D5CBC5B0EA7E} => C:\Users\Boyd\AppData\Roaming\aswcz.dll/s "C:\Users\Boyd\AppData\Roaming\aswcz.dll" <==== ATTENTIONTask: {EED2CD5E-D355-4D1A-9A79-A3C3F642F091} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2015-01-05 15:56 - 2015-01-05 15:56 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010501\algo.dll2010-02-22 12:19 - 2010-02-22 12:19 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll2010-02-22 12:19 - 2010-02-22 12:19 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll2010-02-22 12:19 - 2010-02-22 12:19 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll2015-01-05 11:27 - 2015-01-05 11:27 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-12-08 13:36 - 2014-02-10 11:04 - 00430080 _____ () C:\Windows\mod_frst.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:F35A93AD ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3MSCONFIG\Services: AeLookupSvc => 3MSCONFIG\Services: ALG => 3MSCONFIG\Services: AppIDSvc => 3MSCONFIG\Services: AudioEndpointBuilder => 2MSCONFIG\Services: AudioSrv => 2MSCONFIG\Services: AxInstSV => 3MSCONFIG\Services: BDESVC => 3MSCONFIG\Services: BITS => 2MSCONFIG\Services: Browser => 3MSCONFIG\Services: CertPropSvc => 3MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2MSCONFIG\Services: COMSysApp => 3MSCONFIG\Services: CryptSvc => 2MSCONFIG\Services: defragsvc => 3MSCONFIG\Services: Dhcp => 2MSCONFIG\Services: Dnscache => 2MSCONFIG\Services: dot3svc => 3MSCONFIG\Services: DPS => 2MSCONFIG\Services: EapHost => 3MSCONFIG\Services: EFS => 3MSCONFIG\Services: ehRecvr => 3MSCONFIG\Services: ehSched => 3MSCONFIG\Services: eventlog => 2MSCONFIG\Services: EventSystem => 2MSCONFIG\Services: Fax => 3MSCONFIG\Services: fdPHost => 3MSCONFIG\Services: FDResPub => 2MSCONFIG\Services: FontCache => 2MSCONFIG\Services: FontCache3.0.0.0 => 3MSCONFIG\Services: GamesAppService => 3MSCONFIG\Services: gupdate => 2MSCONFIG\Services: gupdatem => 3MSCONFIG\Services: hidserv => 3MSCONFIG\Services: hkmsvc => 3MSCONFIG\Services: HomeGroupListener => 3MSCONFIG\Services: HomeGroupProvider => 3MSCONFIG\Services: HP Support Assistant Service => 2MSCONFIG\Services: HPDrvMntSvc.exe => 2MSCONFIG\Services: hpqcxs08 => 3MSCONFIG\Services: hpqddsvc => 2MSCONFIG\Services: hpqwmiex => 3MSCONFIG\Services: HPSLPSVC => 2MSCONFIG\Services: HPWMISVC => 2MSCONFIG\Services: idsvc => 3MSCONFIG\Services: IEEtwCollectorService => 3MSCONFIG\Services: IHA_MessageCenter => 2MSCONFIG\Services: IKEEXT => 2MSCONFIG\Services: IPBusEnum => 3MSCONFIG\Services: iphlpsvc => 2MSCONFIG\Services: KeyIso => 3MSCONFIG\Services: KtmRm => 3MSCONFIG\Services: LanmanServer => 2MSCONFIG\Services: LanmanWorkstation => 2MSCONFIG\Services: LightScribeService => 2MSCONFIG\Services: lltdsvc => 3MSCONFIG\Services: lmhosts => 2MSCONFIG\Services: MBAMScheduler => 2MSCONFIG\Services: MBAMService => 2MSCONFIG\Services: MDM => 2MSCONFIG\Services: MMCSS => 2MSCONFIG\Services: MpsSvc => 2MSCONFIG\Services: MSDTC => 3MSCONFIG\Services: MSiSCSI => 3MSCONFIG\Services: msiserver => 3MSCONFIG\Services: napagent => 3MSCONFIG\Services: Net Driver HPZ12 => 2MSCONFIG\Services: Netlogon => 3MSCONFIG\Services: Netman => 3MSCONFIG\Services: netprofm => 3MSCONFIG\Services: NlaSvc => 2MSCONFIG\Services: nsi => 2MSCONFIG\Services: ose => 3MSCONFIG\Services: p2pimsvc => 3MSCONFIG\Services: p2psvc => 3MSCONFIG\Services: PcaSvc => 2MSCONFIG\Services: PerfHost => 3MSCONFIG\Services: pla => 3MSCONFIG\Services: Pml Driver HPZ12 => 2MSCONFIG\Services: PNRPAutoReg => 3MSCONFIG\Services: PNRPsvc => 3MSCONFIG\Services: PolicyAgent => 3MSCONFIG\Services: Power => 2MSCONFIG\Services: ProtectedStorage => 3MSCONFIG\Services: QWAVE => 3MSCONFIG\Services: RasAuto => 3MSCONFIG\Services: RasMan => 3MSCONFIG\Services: RemoteRegistry => 3MSCONFIG\Services: RichVideo => 2MSCONFIG\Services: RpcLocator => 3MSCONFIG\Services: RtVOsdService => 2MSCONFIG\Services: SamSs => 2MSCONFIG\Services: SCardSvr => 3MSCONFIG\Services: SCPolicySvc => 3MSCONFIG\Services: SDRSVC => 3MSCONFIG\Services: seclogon => 3MSCONFIG\Services: SENS => 2MSCONFIG\Services: SensrSvc => 3MSCONFIG\Services: SessionEnv => 3MSCONFIG\Services: SharedAccess => 3MSCONFIG\Services: ShellHWDetection => 2MSCONFIG\Services: SNMPTRAP => 3MSCONFIG\Services: Spooler => 2MSCONFIG\Services: sppuinotify => 3MSCONFIG\Services: SSDPSRV => 3MSCONFIG\Services: SstpSvc => 3MSCONFIG\Services: stisvc => 2MSCONFIG\Services: swprv => 3MSCONFIG\Services: SysMain => 2MSCONFIG\Services: TabletInputService => 3MSCONFIG\Services: TapiSrv => 3MSCONFIG\Services: TBS => 3MSCONFIG\Services: TermService => 3MSCONFIG\Services: Themes => 2MSCONFIG\Services: THREADORDER => 3MSCONFIG\Services: TrkWks => 2MSCONFIG\Services: TrustedInstaller => 3MSCONFIG\Services: UI0Detect => 3MSCONFIG\Services: upnphost => 3MSCONFIG\Services: UxSms => 2MSCONFIG\Services: VaultSvc => 3MSCONFIG\Services: vds => 3MSCONFIG\Services: VSS => 3MSCONFIG\Services: W32Time => 3MSCONFIG\Services: WatAdminSvc => 3MSCONFIG\Services: wbengine => 3MSCONFIG\Services: WbioSrvc => 3MSCONFIG\Services: wcncsvc => 3MSCONFIG\Services: WcsPlugInService => 3MSCONFIG\Services: WdiServiceHost => 3MSCONFIG\Services: WdiSystemHost => 3MSCONFIG\Services: WebClient => 3MSCONFIG\Services: Wecsvc => 3MSCONFIG\Services: wercplsupport => 3MSCONFIG\Services: WerSvc => 3MSCONFIG\Services: WinDefend => 2MSCONFIG\Services: WinHttpAutoProxySvc => 3MSCONFIG\Services: Winmgmt => 2MSCONFIG\Services: WinRM => 3MSCONFIG\Services: Wlansvc => 2MSCONFIG\Services: wmiApSrv => 3MSCONFIG\Services: WMPNetworkSvc => 2MSCONFIG\Services: WPCSvc => 3MSCONFIG\Services: WPDBusEnum => 3MSCONFIG\Services: wscsvc => 2MSCONFIG\Services: WSearch => 2MSCONFIG\Services: wuauserv => 2MSCONFIG\Services: wudfsvc => 3MSCONFIG\Services: WwanSvc => 3MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exeMSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exeMSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exeMSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupMSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -startMSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exeMSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -sMSCONFIG\startupreg: RtkOSD => C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exeMSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exeMSCONFIG\startupreg: WirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe ========================= Accounts: ========================== Administrator (S-1-5-21-2175057770-1179709591-2881846538-500 - Administrator - Disabled)Boyd (S-1-5-21-2175057770-1179709591-2881846538-1002 - Administrator - Enabled) => C:\Users\BoydGuest (S-1-5-21-2175057770-1179709591-2881846538-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-2175057770-1179709591-2881846538-1001 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Could not list Devices. Check "winmgmt" service or repair WMI. ==================== Event log errors: ========================= Application errors:==================Error: (01/05/2015 10:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbamservice.exe, version: 3.0.8.1, time stamp: 0x546e4a58Faulting module name: mbamservice.exe, version: 3.0.8.1, time stamp: 0x546e4a58Exception code: 0x40000015Fault offset: 0x0008f796Faulting process id: 0x7c4Faulting application start time: 0xmbamservice.exe0Faulting application path: mbamservice.exe1Faulting module path: mbamservice.exe2Report Id: mbamservice.exe3 Error: (01/05/2015 09:04:24 AM) (Source: SideBySide) (EventID: 63) (User: )Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (01/05/2015 09:02:44 AM) (Source: SideBySide) (EventID: 35) (User: )Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.Component identity found in manifest does not match the identity of the component requested.Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".Please use sxstrace.exe for detailed diagnosis. Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the app_id registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a buffer size for the app_id registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the ext_params registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a buffer size for the ext_params registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the Name registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a buffer size for the Name registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the Version registry value, code: 1018 System errors:=============Error: (01/08/2015 05:33:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: %%1058 Error: (01/08/2015 04:48:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: aswRvrtaswSnxaswSPaswVmmdiscachespldrWanarpv6 Error: (01/08/2015 04:48:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: %%1058 Error: (01/05/2015 07:36:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: The ScRegSetValueExW call failed for Start with the following error: %%5 Error: (01/05/2015 07:36:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: The ScRegSetValueExW call failed for Start with the following error: %%5 Error: (01/05/2015 10:47:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (01/04/2015 11:23:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Volume Shadow Copy service failed to start due to the following error: %%1053 Error: (01/04/2015 11:23:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect. Error: (01/04/2015 11:23:36 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623} Error: (01/04/2015 11:02:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Volume Shadow Copy service failed to start due to the following error: %%1053 Microsoft Office Sessions:=========================Error: (01/05/2015 10:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbamservice.exe3.0.8.1546e4a58mbamservice.exe3.0.8.1546e4a58400000150008f7967c401d028f14c047e0eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe58579dfb-94fa-11e4-b872-c80aa9d9e931 Error: (01/05/2015 09:04:24 AM) (Source: SideBySide) (EventID: 63) (User: )Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (01/05/2015 09:02:44 AM) (Source: SideBySide) (EventID: 35) (User: )Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the app_id registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a buffer size for the app_id registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the ext_params registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )%0 Link to post Share on other sites More sharing options...
TexasAggie Posted January 9, 2015 Author ID:927735 Share Posted January 9, 2015 The Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015Ran by Boyd at 2015-01-08 17:49:10Running from C:\Users\Boyd\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden6500_E709n (x32 Version: 140.0.000.000 - Hewlett-Packard) HiddenAcrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)Adobe Reader 9.5.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) HiddenBlackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenBlasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hiddenbpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) HiddenBPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) HiddenBPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) HiddenBufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenBuild-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenCake Mania (x32 Version: 2.2.0.82 - WildTangent) HiddenChuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) HiddenCisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2216 - CyberLink Corp.)CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3419 - CyberLink Corp.)CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1110 - CyberLink Corp.)CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.)Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) HiddenDeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenDiner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) HiddenDocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) HiddenDocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) HiddenDora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) HiddenDragon NaturallySpeaking 10 (HKLM-x32\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.)Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) HiddenESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) HiddenFATE (x32 Version: 2.2.0.82 - WildTangent) HiddenFax (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) HiddenGPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenHewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) HiddenHP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)HP Quick Launch (HKLM\...\{10F539B1-31AF-43BF-9F0C-0EB66E918922}) (Version: 1.0.18 - Hewlett-Packard)HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)HP User Guides 0178 (HKLM-x32\...\{9A4317FB-5775-4FB3-BDC9-995595106F1F}) (Version: 1.02.0000 - Hewlett-Packard)HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenHPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenIHA_MessageCenter (HKLM-x32\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)iMesh (HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\iMesh) (Version: 12.0.0.133554 - iMesh Inc) <==== ATTENTIONIntel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)Java 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) HiddenJewel Quest Solitaire 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenJunk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) HiddenLabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2215 - CyberLink Corp.)LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.) HiddenLightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)Mobile Broadband Generic Drivers (HKLM-x32\...\Mobile Broadband Generic Drivers) (Version: 2.03.09.005.14 - Novatel Wireless)Mobile Broadband Generic Drivers (x32 Version: 2.03.09.005.14 - Novatel Wireless) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)muvee Reveal (HKLM-x32\...\{DE626616-D7C4-4F00-7E0B-EAF26FA65749}) (Version: 7.0.43.12698 - muvee Technologies Pte Ltd)Muvic Smartbar (HKLM-x32\...\{1EB8010A-F431-4F8F-874A-506B2B51F3D2}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTIONMuvic Smartbar Engine (HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\{9ea891cc-fef7-48f5-a063-2dbff1e69925}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTIONMy Driver Updater v3.1 (HKLM-x32\...\My Driver Updater_is1) (Version: 3.1 - Softitube Ltd)Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82 - WildTangent) HiddenNetwork64 (Version: 140.0.215.000 - Hewlett-Packard) HiddenOCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)Penguins! (x32 Version: 2.2.0.82 - WildTangent) HiddenPlants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) HiddenPoker Superstars III (x32 Version: 2.2.0.82 - WildTangent) HiddenPolar Bowler (x32 Version: 2.2.0.82 - WildTangent) HiddenPolar Golfer (x32 Version: 2.2.0.82 - WildTangent) HiddenPower2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3415 - CyberLink Corp.)Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.) HiddenPowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3420 - CyberLink Corp.)PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.) HiddenProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) HiddenRealtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0104 - REALTEK Semiconductor Corp.)Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) HiddenRtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) HiddenShop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenSolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) HiddenStatus (x32 Version: 140.0.256.000 - Hewlett-Packard) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)TextTwist 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenToolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) HiddenTrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenUpdate Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenVerizon Wireless USB760 Firmware Updates (HKLM-x32\...\{629CCE02-041D-4577-892C-577861181771}) (Version: 1.0.0 - Smith Micro Software, Inc.)Virtual Families (x32 Version: 2.2.0.82 - WildTangent) HiddenVirtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) HiddenVisual C++ Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}) (Version: 10.00.800.228 - Nuance Communications Inc.)Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) HiddenWheel of Fortune 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenWildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.2 - WildTangent)Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= Could not list restore points.Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0BD1443C-454B-4D75-B545-A7CCD4B8AE78} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: {0F95D69B-6B65-4D10-B427-9F864487602F} - \ASP No Task File <==== ATTENTIONTask: {26F6765E-F7FC-4304-9FDA-EFA6C7C0D67C} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()Task: {302D416F-A8AA-421E-98ED-F3A12E4D2B8B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-05] (AVAST Software)Task: {319D46DC-C829-47E2-815E-C7AC14C6E993} - System32\Tasks\{F2B7C2F5-68CE-445C-C41D-AFBC935FA559} => C:\Users\Boyd\AppData\Roaming\ipqrpla.dll/s "C:\Users\Boyd\AppData\Roaming\ipqrpla.dll" <==== ATTENTIONTask: {483C22B9-A58A-4451-B636-76BE2D08A4AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)Task: {55E244FC-E224-4D19-9CDF-B6210B92F6D6} - System32\Tasks\{CF10AF8B-2611-4E13-84D8-D71229268B19} => C:\Users\Boyd\Desktop\SpiderSolitaire.exeTask: {63FB9057-1496-48ED-AAD0-B849FEF2CDFB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)Task: {67FB2EA8-84AB-4A6C-B7C8-5757584AD63D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)Task: {6AB44665-9B1E-4F38-ADCC-2EE0541CE76B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard)Task: {796CC964-88EA-4C3F-B046-A1CEAF9C2426} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)Task: {7C8D155E-16EC-4784-B4CB-0B4F9E1859B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-05] (Adobe Systems Incorporated)Task: {90819DBE-9F00-4C10-B651-9C1B7D5942FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)Task: {9133F45D-2B4D-4258-9390-65D16ADA3128} - System32\Tasks\{53584188-C34C-4CC2-B608-3042639DCA21} => pcalua.exe -a G:\VZAccess_Manager.exe -d G:\ -c /z detectTask: {AF5C8E7D-C817-4CC6-9C75-37AE1E3B3712} - System32\Tasks\{CD2B7EC7-4B6F-425E-9E6F-235DEDB32636} => pcalua.exe -a C:\ProgramData\AllCheapPriceu\2LKp.exe -c /s /n /i:"ExecuteCommands;UninstallCommands" ""Task: {C973FEE1-E0EF-4D67-BB3C-5C2EBE6F7FA0} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: {CAB67526-F5B8-44A7-8B74-84550C48FE3B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)Task: {E20E5288-FEB3-4E19-9CCB-79D6243A1445} - System32\Tasks\{CDC13677-F32F-D2E5-BC87-D5CBC5B0EA7E} => C:\Users\Boyd\AppData\Roaming\aswcz.dll/s "C:\Users\Boyd\AppData\Roaming\aswcz.dll" <==== ATTENTIONTask: {EED2CD5E-D355-4D1A-9A79-A3C3F642F091} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2015-01-05 15:56 - 2015-01-05 15:56 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010501\algo.dll2010-02-22 12:19 - 2010-02-22 12:19 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll2010-02-22 12:19 - 2010-02-22 12:19 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll2010-02-22 12:19 - 2010-02-22 12:19 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll2015-01-05 11:27 - 2015-01-05 11:27 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-12-08 13:36 - 2014-02-10 11:04 - 00430080 _____ () C:\Windows\mod_frst.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:F35A93AD ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3MSCONFIG\Services: AeLookupSvc => 3MSCONFIG\Services: ALG => 3MSCONFIG\Services: AppIDSvc => 3MSCONFIG\Services: AudioEndpointBuilder => 2MSCONFIG\Services: AudioSrv => 2MSCONFIG\Services: AxInstSV => 3MSCONFIG\Services: BDESVC => 3MSCONFIG\Services: BITS => 2MSCONFIG\Services: Browser => 3MSCONFIG\Services: CertPropSvc => 3MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2MSCONFIG\Services: COMSysApp => 3MSCONFIG\Services: CryptSvc => 2MSCONFIG\Services: defragsvc => 3MSCONFIG\Services: Dhcp => 2MSCONFIG\Services: Dnscache => 2MSCONFIG\Services: dot3svc => 3MSCONFIG\Services: DPS => 2MSCONFIG\Services: EapHost => 3MSCONFIG\Services: EFS => 3MSCONFIG\Services: ehRecvr => 3MSCONFIG\Services: ehSched => 3MSCONFIG\Services: eventlog => 2MSCONFIG\Services: EventSystem => 2MSCONFIG\Services: Fax => 3MSCONFIG\Services: fdPHost => 3MSCONFIG\Services: FDResPub => 2MSCONFIG\Services: FontCache => 2MSCONFIG\Services: FontCache3.0.0.0 => 3MSCONFIG\Services: GamesAppService => 3MSCONFIG\Services: gupdate => 2MSCONFIG\Services: gupdatem => 3MSCONFIG\Services: hidserv => 3MSCONFIG\Services: hkmsvc => 3MSCONFIG\Services: HomeGroupListener => 3MSCONFIG\Services: HomeGroupProvider => 3MSCONFIG\Services: HP Support Assistant Service => 2MSCONFIG\Services: HPDrvMntSvc.exe => 2MSCONFIG\Services: hpqcxs08 => 3MSCONFIG\Services: hpqddsvc => 2MSCONFIG\Services: hpqwmiex => 3MSCONFIG\Services: HPSLPSVC => 2MSCONFIG\Services: HPWMISVC => 2MSCONFIG\Services: idsvc => 3MSCONFIG\Services: IEEtwCollectorService => 3MSCONFIG\Services: IHA_MessageCenter => 2MSCONFIG\Services: IKEEXT => 2MSCONFIG\Services: IPBusEnum => 3MSCONFIG\Services: iphlpsvc => 2MSCONFIG\Services: KeyIso => 3MSCONFIG\Services: KtmRm => 3MSCONFIG\Services: LanmanServer => 2MSCONFIG\Services: LanmanWorkstation => 2MSCONFIG\Services: LightScribeService => 2MSCONFIG\Services: lltdsvc => 3MSCONFIG\Services: lmhosts => 2MSCONFIG\Services: MBAMScheduler => 2MSCONFIG\Services: MBAMService => 2MSCONFIG\Services: MDM => 2MSCONFIG\Services: MMCSS => 2MSCONFIG\Services: MpsSvc => 2MSCONFIG\Services: MSDTC => 3MSCONFIG\Services: MSiSCSI => 3MSCONFIG\Services: msiserver => 3MSCONFIG\Services: napagent => 3MSCONFIG\Services: Net Driver HPZ12 => 2MSCONFIG\Services: Netlogon => 3MSCONFIG\Services: Netman => 3MSCONFIG\Services: netprofm => 3MSCONFIG\Services: NlaSvc => 2MSCONFIG\Services: nsi => 2MSCONFIG\Services: ose => 3MSCONFIG\Services: p2pimsvc => 3MSCONFIG\Services: p2psvc => 3MSCONFIG\Services: PcaSvc => 2MSCONFIG\Services: PerfHost => 3MSCONFIG\Services: pla => 3MSCONFIG\Services: Pml Driver HPZ12 => 2MSCONFIG\Services: PNRPAutoReg => 3MSCONFIG\Services: PNRPsvc => 3MSCONFIG\Services: PolicyAgent => 3MSCONFIG\Services: Power => 2MSCONFIG\Services: ProtectedStorage => 3MSCONFIG\Services: QWAVE => 3MSCONFIG\Services: RasAuto => 3MSCONFIG\Services: RasMan => 3MSCONFIG\Services: RemoteRegistry => 3MSCONFIG\Services: RichVideo => 2MSCONFIG\Services: RpcLocator => 3MSCONFIG\Services: RtVOsdService => 2MSCONFIG\Services: SamSs => 2MSCONFIG\Services: SCardSvr => 3MSCONFIG\Services: SCPolicySvc => 3MSCONFIG\Services: SDRSVC => 3MSCONFIG\Services: seclogon => 3MSCONFIG\Services: SENS => 2MSCONFIG\Services: SensrSvc => 3MSCONFIG\Services: SessionEnv => 3MSCONFIG\Services: SharedAccess => 3MSCONFIG\Services: ShellHWDetection => 2MSCONFIG\Services: SNMPTRAP => 3MSCONFIG\Services: Spooler => 2MSCONFIG\Services: sppuinotify => 3MSCONFIG\Services: SSDPSRV => 3MSCONFIG\Services: SstpSvc => 3MSCONFIG\Services: stisvc => 2MSCONFIG\Services: swprv => 3MSCONFIG\Services: SysMain => 2MSCONFIG\Services: TabletInputService => 3MSCONFIG\Services: TapiSrv => 3MSCONFIG\Services: TBS => 3MSCONFIG\Services: TermService => 3MSCONFIG\Services: Themes => 2MSCONFIG\Services: THREADORDER => 3MSCONFIG\Services: TrkWks => 2MSCONFIG\Services: TrustedInstaller => 3MSCONFIG\Services: UI0Detect => 3MSCONFIG\Services: upnphost => 3MSCONFIG\Services: UxSms => 2MSCONFIG\Services: VaultSvc => 3MSCONFIG\Services: vds => 3MSCONFIG\Services: VSS => 3MSCONFIG\Services: W32Time => 3MSCONFIG\Services: WatAdminSvc => 3MSCONFIG\Services: wbengine => 3MSCONFIG\Services: WbioSrvc => 3MSCONFIG\Services: wcncsvc => 3MSCONFIG\Services: WcsPlugInService => 3MSCONFIG\Services: WdiServiceHost => 3MSCONFIG\Services: WdiSystemHost => 3MSCONFIG\Services: WebClient => 3MSCONFIG\Services: Wecsvc => 3MSCONFIG\Services: wercplsupport => 3MSCONFIG\Services: WerSvc => 3MSCONFIG\Services: WinDefend => 2MSCONFIG\Services: WinHttpAutoProxySvc => 3MSCONFIG\Services: Winmgmt => 2MSCONFIG\Services: WinRM => 3MSCONFIG\Services: Wlansvc => 2MSCONFIG\Services: wmiApSrv => 3MSCONFIG\Services: WMPNetworkSvc => 2MSCONFIG\Services: WPCSvc => 3MSCONFIG\Services: WPDBusEnum => 3MSCONFIG\Services: wscsvc => 2MSCONFIG\Services: WSearch => 2MSCONFIG\Services: wuauserv => 2MSCONFIG\Services: wudfsvc => 3MSCONFIG\Services: WwanSvc => 3MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exeMSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exeMSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exeMSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupMSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -startMSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exeMSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -sMSCONFIG\startupreg: RtkOSD => C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exeMSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exeMSCONFIG\startupreg: WirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe ========================= Accounts: ========================== Administrator (S-1-5-21-2175057770-1179709591-2881846538-500 - Administrator - Disabled)Boyd (S-1-5-21-2175057770-1179709591-2881846538-1002 - Administrator - Enabled) => C:\Users\BoydGuest (S-1-5-21-2175057770-1179709591-2881846538-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-2175057770-1179709591-2881846538-1001 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Could not list Devices. Check "winmgmt" service or repair WMI. ==================== Event log errors: ========================= Application errors:==================Error: (01/05/2015 10:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbamservice.exe, version: 3.0.8.1, time stamp: 0x546e4a58Faulting module name: mbamservice.exe, version: 3.0.8.1, time stamp: 0x546e4a58Exception code: 0x40000015Fault offset: 0x0008f796Faulting process id: 0x7c4Faulting application start time: 0xmbamservice.exe0Faulting application path: mbamservice.exe1Faulting module path: mbamservice.exe2Report Id: mbamservice.exe3 Error: (01/05/2015 09:04:24 AM) (Source: SideBySide) (EventID: 63) (User: )Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (01/05/2015 09:02:44 AM) (Source: SideBySide) (EventID: 35) (User: )Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.Component identity found in manifest does not match the identity of the component requested.Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".Please use sxstrace.exe for detailed diagnosis. Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the app_id registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a buffer size for the app_id registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the ext_params registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a buffer size for the ext_params registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the Name registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a buffer size for the Name registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the Version registry value, code: 1018 System errors:=============Error: (01/08/2015 05:33:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: %%1058 Error: (01/08/2015 04:48:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: aswRvrtaswSnxaswSPaswVmmdiscachespldrWanarpv6 Error: (01/08/2015 04:48:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: %%1058 Error: (01/05/2015 07:36:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: The ScRegSetValueExW call failed for Start with the following error: %%5 Error: (01/05/2015 07:36:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: The ScRegSetValueExW call failed for Start with the following error: %%5 Error: (01/05/2015 10:47:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (01/04/2015 11:23:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Volume Shadow Copy service failed to start due to the following error: %%1053 Error: (01/04/2015 11:23:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect. Error: (01/04/2015 11:23:36 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623} Error: (01/04/2015 11:02:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Volume Shadow Copy service failed to start due to the following error: %%1053 Microsoft Office Sessions:=========================Error: (01/05/2015 10:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbamservice.exe3.0.8.1546e4a58mbamservice.exe3.0.8.1546e4a58400000150008f7967c401d028f14c047e0eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe58579dfb-94fa-11e4-b872-c80aa9d9e931 Error: (01/05/2015 09:04:24 AM) (Source: SideBySide) (EventID: 63) (User: )Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (01/05/2015 09:02:44 AM) (Source: SideBySide) (EventID: 35) (User: )Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the app_id registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a buffer size for the app_id registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the ext_params registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a buffer size for the ext_params registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the Name registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a buffer size for the Name registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the Version registry value, code: 1018 ==================== Memory info =========================== Processor: Intel® Celeron® CPU 900 @ 2.20GHzPercentage of memory in use: 39%Total physical RAM: 1978.93 MBAvailable physical RAM: 1188.52 MBTotal Pagefile: 3957.86 MBAvailable Pagefile: 3124.06 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:218.67 GB) (Free:140.47 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (RECOVERY) (Fixed) (Total:13.92 GB) (Free:2.29 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 232.9 GB) (Disk ID: 505C85E0)Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=218.7 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=13.9 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Blackbird Posted January 9, 2015 ID:927882 Share Posted January 9, 2015 Hi!Welcome to Malwarebytes' Support Forums! I am Blackbird and I will help you removing any malware that might be present on your computer.An important WARNING to all individuals reading this topic:All advice in this topic was given specifically for this user and this computer!! Performing instructions given by me in this topic on other computers may harm your computer's infrastructure and can cause serious damage to them!!Please don't perform the steps given by me or other Helpers in this topic when you are not the original Topic Starter, but start your own topic with a question for help. You will get help from a trained and qualified Helper to clean up your computer from any present malware when you do so.General rules:From now on, don't use this computer anymore to access your bank account or any other serious business where you have to login for, untill I've told you your computer is clean from malware. Be patient waiting for my answer. I'm doing the best I can to answer to logs as soon as possible, but I'm handling multiple topics at the same time. Please feel free to remind me of your topic by sending a link to it by private message, when I didn't get back to you after 24 hours. Don't change anything on your computer in the period I'm helping you, except when I tell you to do so. So don't add/remove any software (programs, drivers, etc.) and don't change any hardware. If you really need to change something that can't wait, please inform me directly, by posting it in this topic or - if private - send me a private message containing an explanation of the changes made by you. This gives me the possibility to give you good advice.Rules about advices from me:The Helpers active on this board first got a full training in removing malware and providing support to people who got infected. Also they were trained to resolve any problems caused by malware infections. Please use the programs I provide to you only when under supervision of a trained Helper. This, because using these programs without supervision can cause damage to your computer. It's possible that your virus scanner, anti-spyware program or any other malware protection program or policy tries to block one or more of the programs provided by us. If that is the case, please always allow those programs to run and/or allow the provided changes to be made. If needed to run our tools properly, temporarily disable your anti-malware programs. Always Save tools provided by me to your Desktop, unless I give you other instructions. Don't ever run tools directly from the internet, because this can stop them from working properly. Also never save tools to any other locations than your Desktop. If you have any problems while following my instructions, stop there and tell me the exact nature of the issue. Perform everything in the correct order. Sometimes one step requires the previous one. You can check here if you're not sure if your computer is 32-bit or 64-bit.Rules about posting results:Always copy/paste the logfiles in your replies completely. If a logfile doesn't fit into one post, please add the logfile as an attachment instead. If this still won't work, please inform me. Never change something in the logfiles!! Include them in your posts as they were provided by the tools. This way I'll get a clear view on your system's situation. If you change the logfiles, it will take more time to clean up your computer. Don't post logs using CODE, QUOTE or FONT tags. Just post them as direct text.Things I want you to do before performing the steps below:Please enable your system to show hidden files: How to see hidden files in Windows. Make sure you're subscribed to this topic. Click on the Follow This Topic button at the top right of this page, make sure that the Receive Notification box is checked and that it is set to Instantly. Even though we do the best we can to help you, removing malware includes risks. Therefor I advise you to back-up all of your important files to a CD/DVD, external drive or flash drive. For instructions/help, take a look here.-------------------------------------------------------------------------------------------------------------------------------------------------------Thanks in advance for keeping above rules in mind. Maybe they look like unnecessary rules, but practice teaches us they are needed to help.Now, let's continue with the steps you need to do:-------------------------------------------------------------------------------------------------------------------------------------------------------1. We need to temporarily disable any cd-emulators active on your computer, as they can impede the interpretation of logfiles provided by our tools.Download Defogger and save it to your Desktop. Right-click Defogger.exe and select Run as Administrator. When the program has opened, click the Disable button. When Defogger asks for a confirmation, click Yes. Wait untill you get the "Finished" message. Click OK. When Defogger asks you to restart the system, please allow the program to do so immediately.When an error occured while using Defogger, look for a file called "defogger_disable.txt", which should be located at your Desktop. Post the contents of this file into your next reply. You can enable the cd-emulator software again by running Defogger again and clicking the "Re-enable" button. Only do this when I told you your computer is clean again.2. Download AdwCleaner and save it to your Desktop.Close all open windows. Right-click AdwCleaner.exe and select Run as Administrator. Click the Scan button. When the scan has finished, please click the Report button and save the logfile that opens to the Desktop. Post the contents of this logfile into your next reply.3. Download Malwarebytes' Anti-Malware and save it to your Desktop.If you already got Malwarebytes' Anti-Malware installed on your computer, please go to step 3-A.Install the program, eventually using these instructions.3-A. Start Malwarebytes' Anti-Malware.On the Dashboard tab, click the Update Now button, to update the definitions to the latest version. Then click the Scan tab. Select Custom Scan and click the Start Scan button. In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan. Follow the instructions given by Malwarebytes' Anti-Malware. If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items. It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately. Save the logfile in txt-format and copy/paste it in your next reply. Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).4. Start Farbar Recovery Scan ToolIf asked, click Yes at the Disclaimer window. Click Scan once the program has opened. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.5. Download GMER Rootkit Scanner and save it to your Desktop.NOTE: Windows 8 users can skip this step. GMER Rootkit Scanner isn't compatible with Windows 8. Don't run it.Right-click the GMER executable file (which's name will contain 8 digits/characters) and select Run as Administrator. If GMER warns you about possible rootkit activity and asks you to scan for rootkits, DON'T allow GMER to do so. Under "Files", put a checkmark next to Quick Scan. Remove the checkmark next to Show all. Now, click the Scan button. Note: This scan often provides False Positives in the scan results. Never fix anything found by Gmer, unless I instructed you to do so! If the scan's finished, click Save and save the log to your Desktop. Post GMER's logfile into your next reply.6. Please provide me a detailed description of any computer problems you're facing, together with the logfiles mentioned in step 1 - 6.Good luck! Link to post Share on other sites More sharing options...
TexasAggie Posted January 9, 2015 Author ID:927976 Share Posted January 9, 2015 Will do. Note, until I can reestablish a network connection I'll have to save the applications to a removable media and go to the other pc to install it and run it. In the meantime can you tell me how to make sure my pc stays safe. I run MBAM and Avast, but is that enough? Thanks so much!! DISABLED CD EMULATOR FILES via Defogger ADWCLEANER REPORT # AdwCleaner v4.107 - Report created 09/01/2015 at 12:57:07# Updated 07/01/2015 by Xplode# Database : 2014-12-21.4 [Local]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Boyd - BOYD-PC# Running from : C:\Users\Boyd\Desktop\adwcleaner_4.107.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\ENDFile Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnkFile Found : C:\Users\Boyd\AppData\Local\AnyProtectScannerSetup.exeFile Found : C:\Users\Boyd\AppData\Roaming\aps.uninstall.scan.resultsFile Found : C:\Users\Boyd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnkFile Found : C:\Users\Boyd\Desktop\Continue Live Installation.lnkFile Found : C:\Windows\System32\roboot64.exeFolder Found : C:\Program Files (x86)\AllCheapPricceFolder Found : C:\Program Files (x86)\ExstrraSavingsFolder Found : C:\Program Files (x86)\File Type HelperFolder Found : C:\Program Files (x86)\Fun22SaveFolder Found : C:\Program Files (x86)\iMesh ApplicationsFolder Found : C:\Program Files (x86)\NettoCouuponFolder Found : C:\Program Files (x86)\Optimizer ProFolder Found : C:\Program Files (x86)\SavoELoTusFolder Found : C:\Program Files (x86)\supporterFolder Found : C:\ProgramData\AllCheapPricceFolder Found : C:\ProgramData\AllCheapPriceuFolder Found : C:\ProgramData\apnFolder Found : C:\ProgramData\AskFolder Found : C:\ProgramData\Browser ManagerFolder Found : C:\ProgramData\c7cfa554ab0382c9Folder Found : C:\ProgramData\ExstrraSavingsFolder Found : C:\ProgramData\Fun22SaveFolder Found : C:\ProgramData\NettoCouuponFolder Found : C:\ProgramData\SavoELoTusFolder Found : C:\ProgramData\SystweakFolder Found : C:\ProgramData\wincertFolder Found : C:\Users\Administrator\AppData\Local\Chromatic BrowserFolder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjofFolder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjofFolder Found : C:\Users\Administrator\AppData\Local\torchFolder Found : C:\Users\Boyd\AppData\Local\Chromatic BrowserFolder Found : C:\Users\Boyd\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjofFolder Found : C:\Users\Boyd\AppData\Local\LPTFolder Found : C:\Users\Boyd\AppData\Local\Temp\App BudFolder Found : C:\Users\Boyd\AppData\Local\Temp\findopolisFolder Found : C:\Users\Boyd\AppData\Local\torchFolder Found : C:\Users\Boyd\AppData\LocalLow\HPAppDataFolder Found : C:\Users\Boyd\AppData\Roaming\ap_logsFolder Found : C:\Users\Boyd\AppData\Roaming\ASPFolder Found : C:\Users\Boyd\AppData\Roaming\iWinFolder Found : C:\Users\Boyd\AppData\Roaming\SystweakFolder Found : C:\Users\Guest\AppData\Local\Chromatic BrowserFolder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjofFolder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjofFolder Found : C:\Users\Guest\AppData\Local\torchFolder Found : C:\Users\HomeGroupUser$\AppData\Local\Chromatic BrowserFolder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjofFolder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjofFolder Found : C:\Users\HomeGroupUser$\AppData\Local\torch ***** [ Scheduled Tasks ] ***** Task Found : APSnotifierPP1Task Found : APSnotifierPP2Task Found : APSnotifierPP3Task Found : ASP ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\suppor~1\suppor~1.dllKey Found : HKCU\Software\AnyProtectKey Found : HKCU\Software\APN DTXKey Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{87DDCF24-1A3C-2DE5-3BA3-B6DE490E5F9E}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4843E77-A46D-07E1-F080-AD2C89108099}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87DDCF24-1A3C-2DE5-3BA3-B6DE490E5F9E}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4843E77-A46D-07E1-F080-AD2C89108099}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ImeshKey Found : HKCU\Software\Optimizer ProKey Found : HKCU\Software\systweakKey Found : HKCU\Software\TutorialsKey Found : HKCU\Software\YahooPartnerToolbarKey Found : [x64] HKCU\Software\AnyProtectKey Found : [x64] HKCU\Software\APN DTXKey Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}Key Found : [x64] HKCU\Software\Optimizer ProKey Found : [x64] HKCU\Software\systweakKey Found : [x64] HKCU\Software\TutorialsKey Found : [x64] HKCU\Software\YahooPartnerToolbarKey Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}Key Found : HKLM\SOFTWARE\Classes\AllCheapPricE.AllCheapPricEKey Found : HKLM\SOFTWARE\Classes\AllCheapPricE.AllCheapPricE.5.2Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}Key Found : HKLM\SOFTWARE\Classes\AppID\{969D2C61-9B16-407C-86B7-397BF4579BE6}Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\iMesh.exeKey Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\Launcher.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLLKey Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}Key Found : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}Key Found : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}Key Found : HKLM\SOFTWARE\Classes\CLSID\{87DDCF24-1A3C-2DE5-3BA3-B6DE490E5F9E}Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4843E77-A46D-07E1-F080-AD2C89108099}Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Found : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}Key Found : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}Key Found : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6DiscoveryKey Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1Key Found : HKLM\SOFTWARE\Classes\EExsttrauSavinngs.EExsttrauSavinngsKey Found : HKLM\SOFTWARE\Classes\EExsttrauSavinngs.EExsttrauSavinngs.4.2Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWndKey Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattributeKey Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanelKey Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarKey Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobjectKey Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystateKey Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuformKey Found : HKLM\SOFTWARE\Classes\iMesh.DeviceKey Found : HKLM\SOFTWARE\Classes\iMesh.fileKey Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrolKey Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}Key Found : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}Key Found : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}Key Found : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{969D2C61-9B16-407C-86B7-397BF4579BE6}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflipKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaroKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteeraKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMPlayCDAudioOnArrivalKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMRipCDAudioOnArrivalKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowCDAudioOnArrivalKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowVolumeOnArrivalKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87DDCF24-1A3C-2DE5-3BA3-B6DE490E5F9E}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A4843E77-A46D-07E1-F080-AD2C89108099}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A1D3F9E-73B5-95EC-1233-6646E1358965}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Music ToolbarKey Found : HKLM\SOFTWARE\systweakKey Found : HKLM\SOFTWARE\TutorialsKey Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{2C353E32-B8AC-4B82-B988-4C2D3394388A}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{87DDCF24-1A3C-2DE5-3BA3-B6DE490E5F9E}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A4843E77-A46D-07E1-F080-AD2C89108099}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A8DB711C-D5E3-4979-B363-D878ADA9FDAF}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82EKey Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FAKey Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CCKey Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EAKey Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0EKey Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDFKey Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65EKey Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEFValue Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17496 -\\ Google Chrome v39.0.2171.95 [C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}[C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms} -\\ Comodo Dragon v ************************* AdwCleaner[R0].txt - [21688 octets] - [09/01/2015 12:57:07] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [21749 octets] ########## Link to post Share on other sites More sharing options...
Blackbird Posted January 9, 2015 ID:927992 Share Posted January 9, 2015 Hi, I just wanted to tell you I've seen your post, but I'll wait untill you also post the logfiles from the remaining steps I gave you. Besides I want to answer on your question, regarding a combination of Avast! and Malwarebytes' Anti-Malware: Usually the combination of a real-time anti-virus programme and another anti-malware programme (whether or not it's real-time) is good enough for the protection of a consumer PC. So, yes, this should be all good. Link to post Share on other sites More sharing options...
TexasAggie Posted January 10, 2015 Author ID:928078 Share Posted January 10, 2015 I ran MBAM and went back to export the log, however it is contains nothing. Well not nothing the name of the tool MBAM and the website. This is all it had. ??????? I know for a fact it quarantined three trojans. I guess I'll go on to the next step, the FARBAR tool. Link to post Share on other sites More sharing options...
Blackbird Posted January 10, 2015 ID:928079 Share Posted January 10, 2015 Hi, Yes, please proceed with the next steps please. Link to post Share on other sites More sharing options...
TexasAggie Posted January 10, 2015 Author ID:928083 Share Posted January 10, 2015 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015Ran by Boyd (administrator) on BOYD-PC on 09-01-2015 19:05:30Running from C:\Users\Boyd\DesktopLoaded Profile: Boyd (Available profiles: Boyd)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HP Quick Launch] => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)HKLM-x32\...\Run: [sSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2015-01-05] (AVAST Software)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe /startupHKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [My Driver Updater] => C:\Program Files (x86)\My Driver Updater\MDULauncher.exe [133432 2014-02-06] (Softitube Ltd)HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\MountPoints2: G - G:\VZAccess_Manager.exe /z detectHKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\MountPoints2: {f7b5a9cc-826f-11e1-bf4b-c80aa9d9e931} - G:\VZAccess_Manager.exe /z detectAppInit_DLLs-x32: c:\progra~2\suppor~1\suppor~1.dll => "c:\progra~2\suppor~1\suppor~1.dll" File Not FoundIFEO\bitguard.exe: [Debugger] tasklist.exeIFEO\bprotect.exe: [Debugger] tasklist.exeIFEO\bpsvc.exe: [Debugger] tasklist.exeIFEO\browserdefender.exe: [Debugger] tasklist.exeIFEO\browserprotect.exe: [Debugger] tasklist.exeIFEO\browsersafeguard.exe: [Debugger] tasklist.exeIFEO\dprotectsvc.exe: [Debugger] tasklist.exeIFEO\jumpflip: [Debugger] tasklist.exeIFEO\protectedsearch.exe: [Debugger] tasklist.exeIFEO\searchinstaller.exe: [Debugger] tasklist.exeIFEO\searchprotection.exe: [Debugger] tasklist.exeIFEO\searchprotector.exe: [Debugger] tasklist.exeIFEO\searchsettings.exe: [Debugger] tasklist.exeIFEO\searchsettings64.exe: [Debugger] tasklist.exeIFEO\snapdo.exe: [Debugger] tasklist.exeIFEO\stinst32.exe: [Debugger] tasklist.exeIFEO\stinst64.exe: [Debugger] tasklist.exeIFEO\umbrella.exe: [Debugger] tasklist.exeIFEO\utiljumpflip.exe: [Debugger] tasklist.exeIFEO\volaro: [Debugger] tasklist.exeIFEO\vonteera: [Debugger] tasklist.exeIFEO\websteroids.exe: [Debugger] tasklist.exeIFEO\websteroidsservice.exe: [Debugger] tasklist.exeShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.comStartMenuInternet: IEXPLORE.EXE - iexplore.exeSearchScopes: HKLM -> DefaultScope {0C00C7CA-668A-4AE1-9D55-159E68DD3E7A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBoxSearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0C00C7CA-668A-4AE1-9D55-159E68DD3E7A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBoxSearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_cmi_14_50_ie&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0Dzy0EzytAtCtBzzzytBtN0D0Tzu0SzyyDtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDzytAyD0DtAzz0BtG0DyBtDtCtGyBtAtC0FtGtBtAzytBtGyB0D0CyDyCyDtCzyyC0Bzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyyEtCyC0CtByBtGtA0Ezy0FtGyDyEzytDtGyCzyyByDtGyC0F0BtD0AtAtB0D0AtDtCyD2Q&cr=155364682&ir=SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=1&v=a12720-55&apn_uid=2369281325254520&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}SearchScopes: HKLM -> {A8DB711C-D5E3-4979-B363-D878ADA9FDAF} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqlSearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_cmi_14_50_ie&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0Dzy0EzytAtCtBzzzytBtN0D0Tzu0SzyyDtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDzytAyD0DtAzz0BtG0DyBtDtCtGyBtAtC0FtGtBtAzytBtGyB0D0CyDyCyDtCzyyC0Bzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyyEtCyC0CtByBtGtA0Ezy0FtGyDyEzytDtGyCzyyByDtGyC0F0BtD0AtAtB0D0AtDtCyD2Q&cr=155364682&ir=BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No FileBHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No FileBHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)Toolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileToolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileHandler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\16\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-04]FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ruFF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ruFF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ruFF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-05]FF HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: =======CHR StartupUrls: Default -> "hxxp://www.google.com/"CHR Profile: C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-05]CHR Extension: (Google Docs) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-05]CHR Extension: (Google Drive) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-05]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-05]CHR Extension: (YouTube) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-05]CHR Extension: (Google Search) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-05]CHR Extension: (Google Sheets) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-05]CHR Extension: (Avast Online Security) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-05]CHR Extension: (Google Wallet) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-05]CHR Extension: (Gmail) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-05]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-05] (AVAST Software)S4 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] () [File not signed]S4 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()S4 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-05] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-05] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-05] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-05] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-05] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-05] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-05] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-05] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-09] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-06-03] (Novatel Wireless Inc.)S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-06-03] (Novatel Wireless Inc.)S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-06-03] (Novatel Wireless Inc.)S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-09 18:54 - 2015-01-09 18:54 - 00000049 _____ () C:\Users\Boyd\Desktop\MBAM Scan.txt2015-01-09 13:14 - 2015-01-09 13:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Boyd\Desktop\mbam-setup-2.0.4.1028.exe2015-01-09 13:09 - 2015-01-09 13:09 - 00022038 _____ () C:\Users\Boyd\Desktop\AdwCleaner[R0].txt2015-01-09 12:57 - 2015-01-09 12:59 - 00000000 ____D () C:\AdwCleaner2015-01-09 12:55 - 2015-01-09 12:55 - 02191360 _____ () C:\Users\Boyd\Desktop\adwcleaner_4.107.exe2015-01-09 12:53 - 2015-01-09 12:53 - 00000470 _____ () C:\Users\Boyd\Desktop\defogger_disable.log2015-01-09 12:53 - 2015-01-09 12:53 - 00000000 _____ () C:\Users\Boyd\defogger_reenable2015-01-09 12:40 - 2015-01-09 12:40 - 00050477 _____ () C:\Users\Boyd\Desktop\Defogger.exe2015-01-08 17:49 - 2015-01-08 17:49 - 00036799 _____ () C:\Users\Boyd\Desktop\Addition.txt2015-01-08 17:47 - 2015-01-09 19:06 - 00017924 _____ () C:\Users\Boyd\Desktop\FRST.txt2015-01-08 17:47 - 2015-01-09 19:05 - 00000000 ____D () C:\FRST2015-01-08 17:26 - 2015-01-08 17:26 - 02124288 _____ (Farbar) C:\Users\Boyd\Desktop\FRST64.exe2015-01-05 16:18 - 2015-01-09 18:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-01-05 16:18 - 2015-01-05 16:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-01-05 11:53 - 2015-01-05 11:53 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia2015-01-05 11:53 - 2015-01-05 11:53 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia2015-01-05 11:39 - 2015-01-05 11:39 - 00000000 ____D () C:\Users\Boyd\AppData\Roaming\AVAST Software2015-01-05 11:31 - 2015-01-05 19:38 - 00000000 ____D () C:\Program Files\Google2015-01-05 11:31 - 2015-01-05 11:39 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2015-01-05 11:31 - 2015-01-05 11:31 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk2015-01-05 11:31 - 2015-01-05 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software2015-01-05 11:30 - 2015-01-05 11:30 - 00002219 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-01-05 11:30 - 2015-01-05 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-01-05 11:27 - 2015-01-09 18:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-01-05 11:27 - 2015-01-09 18:05 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-01-05 11:27 - 2015-01-05 19:38 - 00000000 ____D () C:\Program Files (x86)\Google2015-01-05 11:27 - 2015-01-05 11:31 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2015-01-05 11:27 - 2015-01-05 11:27 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2015-01-05 11:27 - 2015-01-05 11:27 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-01-05 11:27 - 2015-01-05 11:27 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-01-05 11:21 - 2015-01-05 11:21 - 00000000 ____D () C:\Program Files\AVAST Software2015-01-05 11:20 - 2015-01-05 11:21 - 00000000 ____D () C:\ProgramData\AVAST Software2015-01-05 11:20 - 2015-01-05 11:20 - 05006864 _____ (AVAST Software) C:\Users\Boyd\Downloads\avast_free_antivirus_setup_online.exe2015-01-04 22:42 - 2015-01-09 18:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-01-04 22:35 - 2015-01-09 13:17 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-01-04 22:35 - 2015-01-09 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-01-04 22:35 - 2015-01-09 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-01-04 22:35 - 2015-01-04 22:35 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-01-04 22:35 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-01-04 22:35 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-01-04 22:35 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-01-04 22:31 - 2015-01-04 22:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Boyd\Downloads\mbam-setup-2.0.4.1028.exe2015-01-04 18:49 - 2015-01-05 16:59 - 00001911 _____ () C:\Users\Boyd\Uninstall-VzInHomeAgentlog.log2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\SavoELoTus2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\NettoCouupon2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\Fun22Save2014-12-27 07:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\NettoCouupon2014-12-27 04:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\Fun22Save2014-12-27 03:23 - 2014-12-27 03:23 - 00000000 __SHD () C:\Users\Boyd\AppData\Local\EmieBrowserModeList2014-12-27 02:25 - 2014-12-27 02:25 - 00022528 _____ () C:\Users\Boyd\AppData\Local\dsisetup791196192.exe2014-12-27 02:25 - 2014-12-27 02:25 - 00000010 _____ () C:\Users\Boyd\AppData\Local\DSI.DAT2014-12-26 23:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\SavoELoTus2014-12-26 08:14 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-12-26 08:14 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL2014-12-26 08:14 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL2014-12-26 08:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL2014-12-26 08:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL2014-12-26 08:14 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls2014-12-26 08:14 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls2014-12-26 04:20 - 2014-12-26 04:20 - 00000000 ____D () C:\Windows\system32\appraiser2014-12-26 03:09 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll2014-12-26 03:09 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll2014-12-26 03:09 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll2014-12-26 03:09 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe2014-12-26 03:09 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe2014-12-26 03:09 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll2014-12-26 03:09 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll2014-12-26 03:09 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe2014-12-26 03:09 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe2014-12-26 03:09 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll2014-12-25 13:08 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2014-12-25 13:08 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2014-12-25 13:08 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-12-25 13:08 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2014-12-25 13:08 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-12-25 13:08 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2014-12-25 13:08 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-12-25 13:08 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe2014-12-25 13:08 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-12-25 13:08 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-12-25 13:08 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-12-25 13:08 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-12-25 13:08 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-12-25 13:08 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-12-25 13:08 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-12-25 13:08 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-12-25 13:08 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-12-25 13:08 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-12-25 13:08 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-12-25 13:08 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-12-25 13:08 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-12-25 13:08 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-12-25 13:08 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-12-25 13:08 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-12-25 13:08 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-12-25 13:08 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-12-25 13:08 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-12-25 13:08 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-12-25 13:08 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-12-25 13:08 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-12-25 13:08 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-12-25 13:08 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-12-25 13:08 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-12-25 13:08 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-12-25 13:08 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-12-25 13:08 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-12-25 13:08 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-12-25 13:08 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-12-25 13:08 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-12-25 13:08 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-12-25 13:08 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-12-25 13:08 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-12-25 13:08 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-12-25 13:08 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-12-25 13:08 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-12-25 13:08 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-12-25 13:08 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-12-25 13:08 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-12-25 13:08 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-12-25 13:08 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-12-25 13:08 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2014-12-25 13:08 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2014-12-25 13:08 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys2014-12-25 13:08 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-12-25 13:08 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2014-12-25 13:08 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2014-12-25 13:08 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2014-12-25 13:08 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2014-12-25 13:08 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-12-25 13:08 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll2014-12-25 13:08 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-12-25 13:08 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2014-12-25 13:08 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-12-25 13:08 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2014-12-25 13:08 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2014-12-25 13:08 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-12-25 13:08 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2014-12-25 13:08 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-12-25 13:07 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-12-25 13:07 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-12-25 13:07 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-12-25 13:07 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-12-25 13:07 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-12-25 13:07 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-12-25 13:07 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-12-25 13:07 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-12-25 13:07 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-12-25 13:07 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-12-25 13:07 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-12-25 13:07 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-12-25 13:06 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-12-25 13:06 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll2014-12-25 13:06 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-12-25 13:06 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll2014-12-25 13:06 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-12-25 13:06 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2014-12-25 13:06 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe2014-12-25 13:06 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe2014-12-25 13:06 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2014-12-25 13:06 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-12-25 13:06 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-12-25 13:06 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-12-25 13:06 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-12-25 13:06 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll2014-12-25 13:06 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll2014-12-25 13:06 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll2014-12-25 13:06 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll2014-12-25 13:06 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll2014-12-25 13:06 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2014-12-25 13:06 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll2014-12-25 13:06 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll2014-12-25 13:06 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll2014-12-25 13:06 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe2014-12-25 13:06 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll2014-12-25 13:06 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll2014-12-25 13:06 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll2014-12-25 13:06 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll2014-12-25 13:06 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll2014-12-25 13:06 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll2014-12-25 13:06 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe2014-12-25 13:06 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll2014-12-25 13:06 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-12-25 13:06 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-12-25 13:06 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2014-12-25 13:06 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-12-25 13:06 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-12-25 13:06 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-12-25 13:06 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-12-25 13:06 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-12-25 13:06 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2014-12-25 13:06 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-12-25 13:06 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-12-25 13:06 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-12-25 13:06 - 2014-0 Link to post Share on other sites More sharing options...
TexasAggie Posted January 10, 2015 Author ID:928084 Share Posted January 10, 2015 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015Ran by Boyd (administrator) on BOYD-PC on 09-01-2015 19:05:30Running from C:\Users\Boyd\DesktopLoaded Profile: Boyd (Available profiles: Boyd)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HP Quick Launch] => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)HKLM-x32\...\Run: [sSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2015-01-05] (AVAST Software)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe /startupHKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [My Driver Updater] => C:\Program Files (x86)\My Driver Updater\MDULauncher.exe [133432 2014-02-06] (Softitube Ltd)HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\MountPoints2: G - G:\VZAccess_Manager.exe /z detectHKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\MountPoints2: {f7b5a9cc-826f-11e1-bf4b-c80aa9d9e931} - G:\VZAccess_Manager.exe /z detectAppInit_DLLs-x32: c:\progra~2\suppor~1\suppor~1.dll => "c:\progra~2\suppor~1\suppor~1.dll" File Not FoundIFEO\bitguard.exe: [Debugger] tasklist.exeIFEO\bprotect.exe: [Debugger] tasklist.exeIFEO\bpsvc.exe: [Debugger] tasklist.exeIFEO\browserdefender.exe: [Debugger] tasklist.exeIFEO\browserprotect.exe: [Debugger] tasklist.exeIFEO\browsersafeguard.exe: [Debugger] tasklist.exeIFEO\dprotectsvc.exe: [Debugger] tasklist.exeIFEO\jumpflip: [Debugger] tasklist.exeIFEO\protectedsearch.exe: [Debugger] tasklist.exeIFEO\searchinstaller.exe: [Debugger] tasklist.exeIFEO\searchprotection.exe: [Debugger] tasklist.exeIFEO\searchprotector.exe: [Debugger] tasklist.exeIFEO\searchsettings.exe: [Debugger] tasklist.exeIFEO\searchsettings64.exe: [Debugger] tasklist.exeIFEO\snapdo.exe: [Debugger] tasklist.exeIFEO\stinst32.exe: [Debugger] tasklist.exeIFEO\stinst64.exe: [Debugger] tasklist.exeIFEO\umbrella.exe: [Debugger] tasklist.exeIFEO\utiljumpflip.exe: [Debugger] tasklist.exeIFEO\volaro: [Debugger] tasklist.exeIFEO\vonteera: [Debugger] tasklist.exeIFEO\websteroids.exe: [Debugger] tasklist.exeIFEO\websteroidsservice.exe: [Debugger] tasklist.exeShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.comStartMenuInternet: IEXPLORE.EXE - iexplore.exeSearchScopes: HKLM -> DefaultScope {0C00C7CA-668A-4AE1-9D55-159E68DD3E7A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBoxSearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0C00C7CA-668A-4AE1-9D55-159E68DD3E7A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBoxSearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_cmi_14_50_ie&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0Dzy0EzytAtCtBzzzytBtN0D0Tzu0SzyyDtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDzytAyD0DtAzz0BtG0DyBtDtCtGyBtAtC0FtGtBtAzytBtGyB0D0CyDyCyDtCzyyC0Bzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyyEtCyC0CtByBtGtA0Ezy0FtGyDyEzytDtGyCzyyByDtGyC0F0BtD0AtAtB0D0AtDtCyD2Q&cr=155364682&ir=SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=1&v=a12720-55&apn_uid=2369281325254520&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}SearchScopes: HKLM -> {A8DB711C-D5E3-4979-B363-D878ADA9FDAF} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqlSearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_cmi_14_50_ie&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0Dzy0EzytAtCtBzzzytBtN0D0Tzu0SzyyDtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDzytAyD0DtAzz0BtG0DyBtDtCtGyBtAtC0FtGtBtAzytBtGyB0D0CyDyCyDtCzyyC0Bzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyyEtCyC0CtByBtGtA0Ezy0FtGyDyEzytDtGyCzyyByDtGyC0F0BtD0AtAtB0D0AtDtCyD2Q&cr=155364682&ir=BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No FileBHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No FileBHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)Toolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileToolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileHandler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\16\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-04]FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ruFF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ruFF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ruFF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-05]FF HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: =======CHR StartupUrls: Default -> "hxxp://www.google.com/"CHR Profile: C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-05]CHR Extension: (Google Docs) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-05]CHR Extension: (Google Drive) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-05]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-05]CHR Extension: (YouTube) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-05]CHR Extension: (Google Search) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-05]CHR Extension: (Google Sheets) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-05]CHR Extension: (Avast Online Security) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-05]CHR Extension: (Google Wallet) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-05]CHR Extension: (Gmail) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-05]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-05] (AVAST Software)S4 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] () [File not signed]S4 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()S4 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-05] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-05] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-05] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-05] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-05] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-05] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-05] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-05] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-09] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-06-03] (Novatel Wireless Inc.)S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-06-03] (Novatel Wireless Inc.)S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-06-03] (Novatel Wireless Inc.)S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-09 18:54 - 2015-01-09 18:54 - 00000049 _____ () C:\Users\Boyd\Desktop\MBAM Scan.txt2015-01-09 13:14 - 2015-01-09 13:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Boyd\Desktop\mbam-setup-2.0.4.1028.exe2015-01-09 13:09 - 2015-01-09 13:09 - 00022038 _____ () C:\Users\Boyd\Desktop\AdwCleaner[R0].txt2015-01-09 12:57 - 2015-01-09 12:59 - 00000000 ____D () C:\AdwCleaner2015-01-09 12:55 - 2015-01-09 12:55 - 02191360 _____ () C:\Users\Boyd\Desktop\adwcleaner_4.107.exe2015-01-09 12:53 - 2015-01-09 12:53 - 00000470 _____ () C:\Users\Boyd\Desktop\defogger_disable.log2015-01-09 12:53 - 2015-01-09 12:53 - 00000000 _____ () C:\Users\Boyd\defogger_reenable2015-01-09 12:40 - 2015-01-09 12:40 - 00050477 _____ () C:\Users\Boyd\Desktop\Defogger.exe2015-01-08 17:49 - 2015-01-08 17:49 - 00036799 _____ () C:\Users\Boyd\Desktop\Addition.txt2015-01-08 17:47 - 2015-01-09 19:06 - 00017924 _____ () C:\Users\Boyd\Desktop\FRST.txt2015-01-08 17:47 - 2015-01-09 19:05 - 00000000 ____D () C:\FRST2015-01-08 17:26 - 2015-01-08 17:26 - 02124288 _____ (Farbar) C:\Users\Boyd\Desktop\FRST64.exe2015-01-05 16:18 - 2015-01-09 18:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-01-05 16:18 - 2015-01-05 16:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-01-05 11:53 - 2015-01-05 11:53 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia2015-01-05 11:53 - 2015-01-05 11:53 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia2015-01-05 11:39 - 2015-01-05 11:39 - 00000000 ____D () C:\Users\Boyd\AppData\Roaming\AVAST Software2015-01-05 11:31 - 2015-01-05 19:38 - 00000000 ____D () C:\Program Files\Google2015-01-05 11:31 - 2015-01-05 11:39 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2015-01-05 11:31 - 2015-01-05 11:31 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk2015-01-05 11:31 - 2015-01-05 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software2015-01-05 11:30 - 2015-01-05 11:30 - 00002219 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-01-05 11:30 - 2015-01-05 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-01-05 11:27 - 2015-01-09 18:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-01-05 11:27 - 2015-01-09 18:05 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-01-05 11:27 - 2015-01-05 19:38 - 00000000 ____D () C:\Program Files (x86)\Google2015-01-05 11:27 - 2015-01-05 11:31 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2015-01-05 11:27 - 2015-01-05 11:27 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2015-01-05 11:27 - 2015-01-05 11:27 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys2015-01-05 11:27 - 2015-01-05 11:27 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-01-05 11:27 - 2015-01-05 11:27 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-01-05 11:21 - 2015-01-05 11:21 - 00000000 ____D () C:\Program Files\AVAST Software2015-01-05 11:20 - 2015-01-05 11:21 - 00000000 ____D () C:\ProgramData\AVAST Software2015-01-05 11:20 - 2015-01-05 11:20 - 05006864 _____ (AVAST Software) C:\Users\Boyd\Downloads\avast_free_antivirus_setup_online.exe2015-01-04 22:42 - 2015-01-09 18:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-01-04 22:35 - 2015-01-09 13:17 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-01-04 22:35 - 2015-01-09 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-01-04 22:35 - 2015-01-09 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-01-04 22:35 - 2015-01-04 22:35 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-01-04 22:35 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-01-04 22:35 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-01-04 22:35 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-01-04 22:31 - 2015-01-04 22:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Boyd\Downloads\mbam-setup-2.0.4.1028.exe2015-01-04 18:49 - 2015-01-05 16:59 - 00001911 _____ () C:\Users\Boyd\Uninstall-VzInHomeAgentlog.log2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\SavoELoTus2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\NettoCouupon2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\Fun22Save2014-12-27 07:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\NettoCouupon2014-12-27 04:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\Fun22Save2014-12-27 03:23 - 2014-12-27 03:23 - 00000000 __SHD () C:\Users\Boyd\AppData\Local\EmieBrowserModeList2014-12-27 02:25 - 2014-12-27 02:25 - 00022528 _____ () C:\Users\Boyd\AppData\Local\dsisetup791196192.exe2014-12-27 02:25 - 2014-12-27 02:25 - 00000010 _____ () C:\Users\Boyd\AppData\Local\DSI.DAT2014-12-26 23:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\SavoELoTus2014-12-26 08:14 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-12-26 08:14 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL2014-12-26 08:14 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL2014-12-26 08:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL2014-12-26 08:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL2014-12-26 08:14 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls2014-12-26 08:14 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls2014-12-26 04:20 - 2014-12-26 04:20 - 00000000 ____D () C:\Windows\system32\appraiser2014-12-26 03:09 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll2014-12-26 03:09 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll2014-12-26 03:09 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll2014-12-26 03:09 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe2014-12-26 03:09 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe2014-12-26 03:09 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll2014-12-26 03:09 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll2014-12-26 03:09 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe2014-12-26 03:09 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe2014-12-26 03:09 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll2014-12-25 13:08 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2014-12-25 13:08 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2014-12-25 13:08 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-12-25 13:08 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2014-12-25 13:08 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-12-25 13:08 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2014-12-25 13:08 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-12-25 13:08 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe2014-12-25 13:08 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-12-25 13:08 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-12-25 13:08 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-12-25 13:08 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-12-25 13:08 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-12-25 13:08 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-12-25 13:08 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-12-25 13:08 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-12-25 13:08 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-12-25 13:08 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-12-25 13:08 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-12-25 13:08 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-12-25 13:08 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-12-25 13:08 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-12-25 13:08 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-12-25 13:08 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-12-25 13:08 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-12-25 13:08 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-12-25 13:08 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-12-25 13:08 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-12-25 13:08 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-12-25 13:08 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-12-25 13:08 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-12-25 13:08 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-12-25 13:08 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-12-25 13:08 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-12-25 13:08 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-12-25 13:08 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-12-25 13:08 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-12-25 13:08 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-12-25 13:08 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-12-25 13:08 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-12-25 13:08 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-12-25 13:08 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-12-25 13:08 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-12-25 13:08 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-12-25 13:08 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-12-25 13:08 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-12-25 13:08 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-12-25 13:08 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-12-25 13:08 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-12-25 13:08 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-12-25 13:08 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2014-12-25 13:08 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2014-12-25 13:08 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys2014-12-25 13:08 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-12-25 13:08 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2014-12-25 13:08 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2014-12-25 13:08 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2014-12-25 13:08 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2014-12-25 13:08 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-12-25 13:08 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll2014-12-25 13:08 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-12-25 13:08 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2014-12-25 13:08 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-12-25 13:08 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2014-12-25 13:08 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2014-12-25 13:08 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-12-25 13:08 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2014-12-25 13:08 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-12-25 13:07 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-12-25 13:07 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-12-25 13:07 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-12-25 13:07 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-12-25 13:07 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-12-25 13:07 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-12-25 13:07 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-12-25 13:07 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-12-25 13:07 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-12-25 13:07 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-12-25 13:07 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-12-25 13:07 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-12-25 13:06 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-12-25 13:06 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll2014-12-25 13:06 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-12-25 13:06 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll2014-12-25 13:06 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-12-25 13:06 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2014-12-25 13:06 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe2014-12-25 13:06 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe2014-12-25 13:06 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2014-12-25 13:06 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-12-25 13:06 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-12-25 13:06 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-12-25 13:06 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-12-25 13:06 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll2014-12-25 13:06 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll2014-12-25 13:06 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll2014-12-25 13:06 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll2014-12-25 13:06 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll2014-12-25 13:06 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2014-12-25 13:06 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll2014-12-25 13:06 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll2014-12-25 13:06 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll2014-12-25 13:06 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe2014-12-25 13:06 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll2014-12-25 13:06 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll2014-12-25 13:06 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll2014-12-25 13:06 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll2014-12-25 13:06 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll2014-12-25 13:06 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll2014-12-25 13:06 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe2014-12-25 13:06 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll2014-12-25 13:06 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-12-25 13:06 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-12-25 13:06 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2014-12-25 13:06 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-12-25 13:06 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-12-25 13:06 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-12-25 13:06 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-12-25 13:06 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-12-25 13:06 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2014-12-25 13:06 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-12-25 13:06 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-12-25 13:06 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-12-25 13:06 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-12-25 13:06 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll2014-12-25 13:06 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL2014-12-25 13:06 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL2014-12-25 13:06 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-12-25 13:06 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2014-12-25 13:06 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-12-25 13:06 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-12-25 13:06 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-12-25 13:06 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll2014-12-25 13:06 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-12-25 13:06 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2014-12-25 13:06 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll2014-12-25 13:06 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-12-25 13:06 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2014-12-25 13:05 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-12-25 13:05 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-12-25 13:05 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2014-12-25 13:05 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll2014-12-25 13:05 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-12-25 13:05 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-12-25 13:05 - 2014-06-03 04:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2014-12-25 13:05 - 2014-06-03 04:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll2014-12-25 13:05 - 2014-06-03 04:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe2014-12-25 13:05 - 2014-06-03 03:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2014-12-25 13:05 - 2014-06-03 03:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll2014-12-25 12:41 - 2014-08-01 05:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll2014-12-25 12:41 - 2014-08-01 05:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll2014-12-25 12:39 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2014-12-25 12:39 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2014-12-25 12:39 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2014-12-25 12:39 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2014-12-25 12:39 - 2014-06-15 20:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys2014-12-25 12:38 - 2014-06-24 20:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-12-25 12:38 - 2014-06-24 19:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-12-25 12:35 - 2014-08-22 20:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2014-12-25 12:35 - 2014-08-22 19:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2014-12-25 12:35 - 2014-07-13 20:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2014-12-25 12:34 - 2014-07-13 19:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2014-12-25 12:25 - 2014-12-30 01:25 - 00000138 _____ () C:\Users\Boyd\AppData\Roaming\WB.CFG ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-09 18:13 - 2009-07-13 22:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-01-09 18:13 - 2009-07-13 22:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-01-09 18:09 - 2011-07-02 12:08 - 00000000 ____D () C:\Users\Boyd\Desktop\AGC pics 2011 (1)2015-01-09 18:06 - 2011-01-29 16:21 - 00000000 ____D () C:\Users\Boyd\Tracing2015-01-09 18:05 - 2014-06-28 22:42 - 00000258 __RSH () C:\ProgramData\ntuser.pol2015-01-09 18:05 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-01-09 18:04 - 2011-02-07 09:37 - 00000000 ____D () C:\Windows\Sun2015-01-09 18:04 - 2010-09-01 12:46 - 00552244 _____ () C:\Windows\PFRO.log2015-01-09 12:53 - 2011-01-29 15:32 - 00000000 ____D () C:\Users\Boyd2015-01-08 16:52 - 2010-09-01 12:03 - 01956353 _____ () C:\Windows\WindowsUpdate.log2015-01-05 17:19 - 2014-06-28 22:42 - 00000000 ____D () C:\Users\Boyd\AppData\Local\Google2015-01-05 16:59 - 2012-11-04 15:04 - 00000000 ____D () C:\Program Files (x86)\Verizon2015-01-05 16:59 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2015-01-05 16:18 - 2012-08-18 12:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-01-05 16:18 - 2012-08-18 12:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-01-05 11:53 - 2011-02-03 11:42 - 00000000 ____D () C:\Users\Boyd\AppData\Local\Adobe2015-01-05 11:53 - 2011-01-29 15:51 - 00000000 ____D () C:\Users\Boyd\AppData\Roaming\Adobe2015-01-05 11:53 - 2010-03-30 20:58 - 00000000 ____D () C:\Program Files (x86)\Adobe2015-01-05 08:15 - 2009-07-13 23:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI2015-01-05 08:09 - 2009-07-13 22:51 - 00118816 _____ () C:\Windows\setupact.log2015-01-05 08:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SchCache2015-01-05 08:08 - 2014-06-28 22:42 - 00000000 ____D () C:\Program Files (x86)\Supporter2015-01-05 00:01 - 2010-09-01 13:41 - 00000000 ____D () C:\ProgramData\Recovery2015-01-04 23:48 - 2014-06-27 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon2015-01-04 23:48 - 2014-06-25 20:38 - 00000000 ____D () C:\Program Files (x86)\File Type Helper2015-01-04 23:48 - 2011-12-25 13:21 - 00000000 ____D () C:\ProgramData\InstallShield2015-01-04 23:48 - 2011-01-29 15:47 - 00000000 ____D () C:\Users\Boyd\AppData\Local\Hewlett-Packard2015-01-04 23:48 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration2015-01-04 23:38 - 2014-07-31 21:07 - 00000000 ____D () C:\ProgramData\Systweak2015-01-04 23:38 - 2014-07-31 21:06 - 00000000 ____D () C:\Users\Boyd\AppData\Roaming\Systweak2015-01-04 23:38 - 2014-07-31 20:58 - 00000000 ____D () C:\Users\Boyd\AppData\Local\com2015-01-04 23:37 - 2014-07-08 20:00 - 00000000 ____D () C:\ProgramData\AllCheapPriceu2015-01-04 23:37 - 2014-06-28 22:25 - 00000000 ____D () C:\Users\Boyd\AppData\Local\LPT2015-01-04 23:37 - 2014-06-28 22:23 - 00000000 ____D () C:\Users\Boyd\AppData\Local\263792015-01-04 23:37 - 2013-07-25 20:08 - 00000000 ____D () C:\ProgramData\Wincert2015-01-04 23:24 - 2011-02-07 09:46 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2015-01-04 23:22 - 2011-10-29 08:03 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2015-01-04 22:19 - 2009-07-13 23:08 - 00032544 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2015-01-04 22:13 - 2009-07-13 22:45 - 00430848 _____ () C:\Windows\system32\FNTCACHE.DAT2015-01-04 18:50 - 2014-06-25 20:38 - 00000019 _____ () C:\END2014-12-27 07:25 - 2014-06-28 22:42 - 00000000 ____D () C:\ProgramData\c7cfa554ab0382c92014-12-27 03:21 - 2009-07-13 22:51 - 00118648 _____ () C:\Windows\setupact(17).log2014-12-26 06:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache2014-12-26 04:20 - 2014-06-26 04:10 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-12-26 04:20 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-12-26 04:20 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat2014-12-26 03:50 - 2011-04-07 20:53 - 00000000 ____D () C:\Windows\System32\Tasks\Games2014-12-26 03:31 - 2014-06-26 03:31 - 00000000 ____D () C:\Windows\system32\MRT2014-12-26 03:14 - 2011-07-12 09:41 - 00779192 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2014-12-25 10:49 - 2014-07-31 17:01 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro Files to move or delete:====================C:\ProgramData\1315581722-bomgar-scc-installer.exe.exeC:\ProgramData\1315582289-bomgar-scc-installer.exe.exeC:\ProgramData\1315583468-bomgar-scc-installer.exe.exeC:\ProgramData\1315584297-bomgar-scc-installer.exe.exeC:\ProgramData\1315585810-bomgar-scc-installer.exe.exeC:\ProgramData\1315586077-bomgar-scc-installer.exe.exeC:\ProgramData\1315587940-bomgar-scc-installer.exe.exeC:\ProgramData\1315588612-bomgar-scc-installer.exe.exeC:\ProgramData\1315588837-bomgar-scc-installer.exe.exeC:\ProgramData\1315591363-bomgar-scc-installer.exe.exeC:\ProgramData\1315591471-bomgar-scc-installer.exe.exeC:\ProgramData\1315591624-bomgar-scc-installer.exe.exeC:\ProgramData\1315591887-bomgar-scc-installer.exe.exeC:\ProgramData\1315592671-bomgar-scc-installer.exe.exeC:\ProgramData\1315593755-bomgar-scc-installer.exe.exeC:\ProgramData\1315594052-bomgar-scc-installer.exe.exeC:\ProgramData\1315596781-bomgar-scc-installer.exe.exeC:\ProgramData\1315597278-bomgar-scc-installer.exe.exeC:\ProgramData\1315598164-bomgar-scc-installer.exe.exeC:\ProgramData\1315598332-bomgar-scc-installer.exe.exeC:\ProgramData\1315598739-bomgar-scc-installer.exe.exeC:\ProgramData\1315600906-bomgar-scc-installer.exe.exeC:\ProgramData\1315601035-bomgar-scc-installer.exe.exeC:\ProgramData\1315601397-bomgar-scc-installer.exe.exeC:\ProgramData\1315602204-bomgar-scc-installer.exe.exeC:\ProgramData\1315603346-bomgar-scc-installer.exe.exeC:\ProgramData\1315603365-bomgar-scc-installer.exe.exeC:\ProgramData\1315604149-bomgar-scc-installer.exe.exeC:\ProgramData\1315604357-bomgar-scc-installer.exe.exeC:\ProgramData\1315605023-bomgar-scc-installer.exe.exeC:\ProgramData\1315605283-bomgar-scc-installer.exe.exeC:\ProgramData\1315605819-bomgar-scc-installer.exe.exeC:\ProgramData\1315607882-bomgar-scc-installer.exe.exeC:\ProgramData\1315608730-bomgar-scc-installer.exe.exeC:\ProgramData\1315609233-bomgar-scc-installer.exe.exeC:\ProgramData\1315609470-bomgar-scc-installer.exe.exeC:\ProgramData\1315609848-bomgar-scc-installer.exe.exeC:\ProgramData\1315609924-bomgar-scc-installer.exe.exeC:\ProgramData\1315611082-bomgar-scc-installer.exe.exeC:\ProgramData\1315611232-bomgar-scc-installer.exe.exeC:\ProgramData\1315612911-bomgar-scc-installer.exe.exeC:\ProgramData\1315616767-bomgar-scc-installer.exe.exeC:\ProgramData\1315618505-bomgar-scc-installer.exe.exeC:\ProgramData\1315619075-bomgar-scc-installer.exe.exeC:\ProgramData\1315619225-bomgar-scc-installer.exe.exeC:\ProgramData\1315619527-bomgar-scc-installer.exe.exeC:\ProgramData\1315621657-bomgar-scc-installer.exe.exeC:\ProgramData\1329185158-bomgar-scc-installer.exe.exe Some content of TEMP:====================C:\Users\Boyd\AppData\Local\Temp\ApnStub.exeC:\Users\Boyd\AppData\Local\Temp\eject.exeC:\Users\Boyd\AppData\Local\Temp\exe2pin.exeC:\Users\Boyd\AppData\Local\Temp\Extract.exeC:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate.exeC:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate01.exeC:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate02.exeC:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate03.exeC:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate04.exeC:\Users\Boyd\AppData\Local\Temp\helper.exeC:\Users\Boyd\AppData\Local\Temp\HPQSi.exeC:\Users\Boyd\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exeC:\Users\Boyd\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exeC:\Users\Boyd\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exeC:\Users\Boyd\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exeC:\Users\Boyd\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exeC:\Users\Boyd\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exeC:\Users\Boyd\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exeC:\Users\Boyd\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exeC:\Users\Boyd\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exeC:\Users\Boyd\AppData\Local\Temp\optprosetup.exeC:\Users\Boyd\AppData\Local\Temp\propsys.dllC:\Users\Boyd\AppData\Local\Temp\Quarantine.exeC:\Users\Boyd\AppData\Local\Temp\Resource.exeC:\Users\Boyd\AppData\Local\Temp\setup.exeC:\Users\Boyd\AppData\Local\Temp\SP47636.exeC:\Users\Boyd\AppData\Local\Temp\SP49521.exeC:\Users\Boyd\AppData\Local\Temp\SP49522.exeC:\Users\Boyd\AppData\Local\Temp\SP49524.exeC:\Users\Boyd\AppData\Local\Temp\SP50718.exeC:\Users\Boyd\AppData\Local\Temp\SP50720.exeC:\Users\Boyd\AppData\Local\Temp\SP50843.exeC:\Users\Boyd\AppData\Local\Temp\sp50843.exe.exeC:\Users\Boyd\AppData\Local\Temp\SP51865.exeC:\Users\Boyd\AppData\Local\Temp\SP51976.exeC:\Users\Boyd\AppData\Local\Temp\SP52093.exeC:\Users\Boyd\AppData\Local\Temp\sp52110.exe.exeC:\Users\Boyd\AppData\Local\Temp\SP52407.exeC:\Users\Boyd\AppData\Local\Temp\sp54373.exeC:\Users\Boyd\AppData\Local\Temp\sp54620.exeC:\Users\Boyd\AppData\Local\Temp\sqlite3.dllC:\Users\Boyd\AppData\Local\Temp\UninstallHPSA.exeC:\Users\Boyd\AppData\Local\Temp\UninstallHPTCA.exeC:\Users\Boyd\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-04 00:16 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
TexasAggie Posted January 10, 2015 Author ID:928085 Share Posted January 10, 2015 I apologize, I accidentally posted the FRST file twice....I'm sorry...... Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015Ran by Boyd at 2015-01-09 19:06:57Running from C:\Users\Boyd\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden6500_E709n (x32 Version: 140.0.000.000 - Hewlett-Packard) HiddenAcrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)Adobe Reader 9.5.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) HiddenBlackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenBlasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hiddenbpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) HiddenBPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) HiddenBPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) HiddenBufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenBuild-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenCake Mania (x32 Version: 2.2.0.82 - WildTangent) HiddenChuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) HiddenCisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2216 - CyberLink Corp.)CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3419 - CyberLink Corp.)CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1110 - CyberLink Corp.)CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.)Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) HiddenDeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenDiner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) HiddenDocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) HiddenDocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) HiddenDora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) HiddenDragon NaturallySpeaking 10 (HKLM-x32\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.)Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) HiddenESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) HiddenFATE (x32 Version: 2.2.0.82 - WildTangent) HiddenFax (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) HiddenGPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenHewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) HiddenHP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)HP Quick Launch (HKLM\...\{10F539B1-31AF-43BF-9F0C-0EB66E918922}) (Version: 1.0.18 - Hewlett-Packard)HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)HP User Guides 0178 (HKLM-x32\...\{9A4317FB-5775-4FB3-BDC9-995595106F1F}) (Version: 1.02.0000 - Hewlett-Packard)HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenHPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenIHA_MessageCenter (HKLM-x32\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)Java 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) HiddenJewel Quest Solitaire 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenJunk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) HiddenLabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2215 - CyberLink Corp.)LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.) HiddenLightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)Mobile Broadband Generic Drivers (HKLM-x32\...\Mobile Broadband Generic Drivers) (Version: 2.03.09.005.14 - Novatel Wireless)Mobile Broadband Generic Drivers (x32 Version: 2.03.09.005.14 - Novatel Wireless) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)muvee Reveal (HKLM-x32\...\{DE626616-D7C4-4F00-7E0B-EAF26FA65749}) (Version: 7.0.43.12698 - muvee Technologies Pte Ltd)Muvic Smartbar (HKLM-x32\...\{1EB8010A-F431-4F8F-874A-506B2B51F3D2}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTIONMuvic Smartbar Engine (HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\{9ea891cc-fef7-48f5-a063-2dbff1e69925}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTIONMy Driver Updater v3.1 (HKLM-x32\...\My Driver Updater_is1) (Version: 3.1 - Softitube Ltd)Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82 - WildTangent) HiddenNetwork64 (Version: 140.0.215.000 - Hewlett-Packard) HiddenOCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)Penguins! (x32 Version: 2.2.0.82 - WildTangent) HiddenPlants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) HiddenPoker Superstars III (x32 Version: 2.2.0.82 - WildTangent) HiddenPolar Bowler (x32 Version: 2.2.0.82 - WildTangent) HiddenPolar Golfer (x32 Version: 2.2.0.82 - WildTangent) HiddenPower2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3415 - CyberLink Corp.)Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.) HiddenPowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3420 - CyberLink Corp.)PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.) HiddenProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) HiddenRealtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0104 - REALTEK Semiconductor Corp.)Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) HiddenRtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) HiddenShop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenSolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) HiddenStatus (x32 Version: 140.0.256.000 - Hewlett-Packard) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)TextTwist 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenToolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) HiddenTrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenUpdate Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenVerizon Wireless USB760 Firmware Updates (HKLM-x32\...\{629CCE02-041D-4577-892C-577861181771}) (Version: 1.0.0 - Smith Micro Software, Inc.)Virtual Families (x32 Version: 2.2.0.82 - WildTangent) HiddenVirtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) HiddenVisual C++ Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}) (Version: 10.00.800.228 - Nuance Communications Inc.)Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) HiddenWheel of Fortune 2 (x32 Version: 2.2.0.82 - WildTangent) HiddenWildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.2 - WildTangent)Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= Could not list restore points.Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0BD1443C-454B-4D75-B545-A7CCD4B8AE78} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: {0F95D69B-6B65-4D10-B427-9F864487602F} - \ASP No Task File <==== ATTENTIONTask: {26F6765E-F7FC-4304-9FDA-EFA6C7C0D67C} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()Task: {302D416F-A8AA-421E-98ED-F3A12E4D2B8B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-05] (AVAST Software)Task: {319D46DC-C829-47E2-815E-C7AC14C6E993} - System32\Tasks\{F2B7C2F5-68CE-445C-C41D-AFBC935FA559} => C:\Users\Boyd\AppData\Roaming\ipqrpla.dll/s "C:\Users\Boyd\AppData\Roaming\ipqrpla.dll" <==== ATTENTIONTask: {483C22B9-A58A-4451-B636-76BE2D08A4AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)Task: {55E244FC-E224-4D19-9CDF-B6210B92F6D6} - System32\Tasks\{CF10AF8B-2611-4E13-84D8-D71229268B19} => C:\Users\Boyd\Desktop\SpiderSolitaire.exeTask: {63FB9057-1496-48ED-AAD0-B849FEF2CDFB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)Task: {67FB2EA8-84AB-4A6C-B7C8-5757584AD63D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)Task: {6AB44665-9B1E-4F38-ADCC-2EE0541CE76B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard)Task: {796CC964-88EA-4C3F-B046-A1CEAF9C2426} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)Task: {7C8D155E-16EC-4784-B4CB-0B4F9E1859B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-05] (Adobe Systems Incorporated)Task: {90819DBE-9F00-4C10-B651-9C1B7D5942FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)Task: {9133F45D-2B4D-4258-9390-65D16ADA3128} - System32\Tasks\{53584188-C34C-4CC2-B608-3042639DCA21} => pcalua.exe -a G:\VZAccess_Manager.exe -d G:\ -c /z detectTask: {AF5C8E7D-C817-4CC6-9C75-37AE1E3B3712} - System32\Tasks\{CD2B7EC7-4B6F-425E-9E6F-235DEDB32636} => pcalua.exe -a C:\ProgramData\AllCheapPriceu\2LKp.exe -c /s /n /i:"ExecuteCommands;UninstallCommands" ""Task: {C973FEE1-E0EF-4D67-BB3C-5C2EBE6F7FA0} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: {CAB67526-F5B8-44A7-8B74-84550C48FE3B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)Task: {E20E5288-FEB3-4E19-9CCB-79D6243A1445} - System32\Tasks\{CDC13677-F32F-D2E5-BC87-D5CBC5B0EA7E} => C:\Users\Boyd\AppData\Roaming\aswcz.dll/s "C:\Users\Boyd\AppData\Roaming\aswcz.dll" <==== ATTENTIONTask: {EED2CD5E-D355-4D1A-9A79-A3C3F642F091} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2015-01-05 15:56 - 2015-01-05 15:56 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010501\algo.dll2010-02-22 12:19 - 2010-02-22 12:19 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll2010-02-22 12:19 - 2010-02-22 12:19 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll2010-02-22 12:19 - 2010-02-22 12:19 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll2009-09-29 16:25 - 2009-09-29 16:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll2015-01-05 11:27 - 2015-01-05 11:27 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-12-08 13:36 - 2014-02-10 11:04 - 00430080 _____ () C:\Windows\mod_frst.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:F35A93AD ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3MSCONFIG\Services: AeLookupSvc => 3MSCONFIG\Services: ALG => 3MSCONFIG\Services: AppIDSvc => 3MSCONFIG\Services: AudioEndpointBuilder => 2MSCONFIG\Services: AudioSrv => 2MSCONFIG\Services: AxInstSV => 3MSCONFIG\Services: BDESVC => 3MSCONFIG\Services: BITS => 2MSCONFIG\Services: Browser => 3MSCONFIG\Services: CertPropSvc => 3MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2MSCONFIG\Services: COMSysApp => 3MSCONFIG\Services: CryptSvc => 2MSCONFIG\Services: defragsvc => 3MSCONFIG\Services: Dhcp => 2MSCONFIG\Services: Dnscache => 2MSCONFIG\Services: dot3svc => 3MSCONFIG\Services: DPS => 2MSCONFIG\Services: EapHost => 3MSCONFIG\Services: EFS => 3MSCONFIG\Services: ehRecvr => 3MSCONFIG\Services: ehSched => 3MSCONFIG\Services: eventlog => 2MSCONFIG\Services: EventSystem => 2MSCONFIG\Services: Fax => 3MSCONFIG\Services: fdPHost => 3MSCONFIG\Services: FDResPub => 2MSCONFIG\Services: FontCache => 2MSCONFIG\Services: FontCache3.0.0.0 => 3MSCONFIG\Services: GamesAppService => 3MSCONFIG\Services: gupdate => 2MSCONFIG\Services: gupdatem => 3MSCONFIG\Services: hidserv => 3MSCONFIG\Services: hkmsvc => 3MSCONFIG\Services: HomeGroupListener => 3MSCONFIG\Services: HomeGroupProvider => 3MSCONFIG\Services: HP Support Assistant Service => 2MSCONFIG\Services: HPDrvMntSvc.exe => 2MSCONFIG\Services: hpqcxs08 => 3MSCONFIG\Services: hpqddsvc => 2MSCONFIG\Services: hpqwmiex => 3MSCONFIG\Services: HPSLPSVC => 2MSCONFIG\Services: HPWMISVC => 2MSCONFIG\Services: idsvc => 3MSCONFIG\Services: IEEtwCollectorService => 3MSCONFIG\Services: IHA_MessageCenter => 2MSCONFIG\Services: IKEEXT => 2MSCONFIG\Services: IPBusEnum => 3MSCONFIG\Services: iphlpsvc => 2MSCONFIG\Services: KeyIso => 3MSCONFIG\Services: KtmRm => 3MSCONFIG\Services: LanmanServer => 2MSCONFIG\Services: LanmanWorkstation => 2MSCONFIG\Services: LightScribeService => 2MSCONFIG\Services: lltdsvc => 3MSCONFIG\Services: lmhosts => 2MSCONFIG\Services: MBAMScheduler => 2MSCONFIG\Services: MBAMService => 2MSCONFIG\Services: MDM => 2MSCONFIG\Services: MMCSS => 2MSCONFIG\Services: MpsSvc => 2MSCONFIG\Services: MSDTC => 3MSCONFIG\Services: MSiSCSI => 3MSCONFIG\Services: msiserver => 3MSCONFIG\Services: napagent => 3MSCONFIG\Services: Net Driver HPZ12 => 2MSCONFIG\Services: Netlogon => 3MSCONFIG\Services: Netman => 3MSCONFIG\Services: netprofm => 3MSCONFIG\Services: NlaSvc => 2MSCONFIG\Services: nsi => 2MSCONFIG\Services: ose => 3MSCONFIG\Services: p2pimsvc => 3MSCONFIG\Services: p2psvc => 3MSCONFIG\Services: PcaSvc => 2MSCONFIG\Services: PerfHost => 3MSCONFIG\Services: pla => 3MSCONFIG\Services: Pml Driver HPZ12 => 2MSCONFIG\Services: PNRPAutoReg => 3MSCONFIG\Services: PNRPsvc => 3MSCONFIG\Services: PolicyAgent => 3MSCONFIG\Services: Power => 2MSCONFIG\Services: ProtectedStorage => 3MSCONFIG\Services: QWAVE => 3MSCONFIG\Services: RasAuto => 3MSCONFIG\Services: RasMan => 3MSCONFIG\Services: RemoteRegistry => 3MSCONFIG\Services: RichVideo => 2MSCONFIG\Services: RpcLocator => 3MSCONFIG\Services: RtVOsdService => 2MSCONFIG\Services: SamSs => 2MSCONFIG\Services: SCardSvr => 3MSCONFIG\Services: SCPolicySvc => 3MSCONFIG\Services: SDRSVC => 3MSCONFIG\Services: seclogon => 3MSCONFIG\Services: SENS => 2MSCONFIG\Services: SensrSvc => 3MSCONFIG\Services: SessionEnv => 3MSCONFIG\Services: SharedAccess => 3MSCONFIG\Services: ShellHWDetection => 2MSCONFIG\Services: SNMPTRAP => 3MSCONFIG\Services: Spooler => 2MSCONFIG\Services: sppuinotify => 3MSCONFIG\Services: SSDPSRV => 3MSCONFIG\Services: SstpSvc => 3MSCONFIG\Services: stisvc => 2MSCONFIG\Services: swprv => 3MSCONFIG\Services: SysMain => 2MSCONFIG\Services: TabletInputService => 3MSCONFIG\Services: TapiSrv => 3MSCONFIG\Services: TBS => 3MSCONFIG\Services: TermService => 3MSCONFIG\Services: Themes => 2MSCONFIG\Services: THREADORDER => 3MSCONFIG\Services: TrkWks => 2MSCONFIG\Services: TrustedInstaller => 3MSCONFIG\Services: UI0Detect => 3MSCONFIG\Services: upnphost => 3MSCONFIG\Services: UxSms => 2MSCONFIG\Services: VaultSvc => 3MSCONFIG\Services: vds => 3MSCONFIG\Services: VSS => 3MSCONFIG\Services: W32Time => 3MSCONFIG\Services: WatAdminSvc => 3MSCONFIG\Services: wbengine => 3MSCONFIG\Services: WbioSrvc => 3MSCONFIG\Services: wcncsvc => 3MSCONFIG\Services: WcsPlugInService => 3MSCONFIG\Services: WdiServiceHost => 3MSCONFIG\Services: WdiSystemHost => 3MSCONFIG\Services: WebClient => 3MSCONFIG\Services: Wecsvc => 3MSCONFIG\Services: wercplsupport => 3MSCONFIG\Services: WerSvc => 3MSCONFIG\Services: WinDefend => 2MSCONFIG\Services: WinHttpAutoProxySvc => 3MSCONFIG\Services: Winmgmt => 2MSCONFIG\Services: WinRM => 3MSCONFIG\Services: Wlansvc => 2MSCONFIG\Services: wmiApSrv => 3MSCONFIG\Services: WMPNetworkSvc => 2MSCONFIG\Services: WPCSvc => 3MSCONFIG\Services: WPDBusEnum => 3MSCONFIG\Services: wscsvc => 2MSCONFIG\Services: WSearch => 2MSCONFIG\Services: wuauserv => 2MSCONFIG\Services: wudfsvc => 3MSCONFIG\Services: WwanSvc => 3MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exeMSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exeMSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exeMSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupMSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -startMSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exeMSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -sMSCONFIG\startupreg: RtkOSD => C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exeMSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exeMSCONFIG\startupreg: WirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe ========================= Accounts: ========================== Administrator (S-1-5-21-2175057770-1179709591-2881846538-500 - Administrator - Disabled)Boyd (S-1-5-21-2175057770-1179709591-2881846538-1002 - Administrator - Enabled) => C:\Users\BoydGuest (S-1-5-21-2175057770-1179709591-2881846538-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-2175057770-1179709591-2881846538-1001 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Could not list Devices. Check "winmgmt" service or repair WMI. ==================== Event log errors: ========================= Application errors:==================Error: (01/05/2015 10:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbamservice.exe, version: 3.0.8.1, time stamp: 0x546e4a58Faulting module name: mbamservice.exe, version: 3.0.8.1, time stamp: 0x546e4a58Exception code: 0x40000015Fault offset: 0x0008f796Faulting process id: 0x7c4Faulting application start time: 0xmbamservice.exe0Faulting application path: mbamservice.exe1Faulting module path: mbamservice.exe2Report Id: mbamservice.exe3 Error: (01/05/2015 09:04:24 AM) (Source: SideBySide) (EventID: 63) (User: )Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (01/05/2015 09:02:44 AM) (Source: SideBySide) (EventID: 35) (User: )Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.Component identity found in manifest does not match the identity of the component requested.Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".Please use sxstrace.exe for detailed diagnosis. Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the app_id registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a buffer size for the app_id registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the ext_params registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a buffer size for the ext_params registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the Name registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a buffer size for the Name registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the Version registry value, code: 1018 System errors:=============Error: (01/08/2015 05:33:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: %%1058 Error: (01/08/2015 04:48:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: aswRvrtaswSnxaswSPaswVmmdiscachespldrWanarpv6 Error: (01/08/2015 04:48:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: %%1058 Error: (01/05/2015 07:36:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: The ScRegSetValueExW call failed for Start with the following error: %%5 Error: (01/05/2015 07:36:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: The ScRegSetValueExW call failed for Start with the following error: %%5 Error: (01/05/2015 10:47:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (01/04/2015 11:23:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Volume Shadow Copy service failed to start due to the following error: %%1053 Error: (01/04/2015 11:23:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect. Error: (01/04/2015 11:23:36 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623} Error: (01/04/2015 11:02:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Volume Shadow Copy service failed to start due to the following error: %%1053 Microsoft Office Sessions:=========================Error: (01/05/2015 10:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbamservice.exe3.0.8.1546e4a58mbamservice.exe3.0.8.1546e4a58400000150008f7967c401d028f14c047e0eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe58579dfb-94fa-11e4-b872-c80aa9d9e931 Error: (01/05/2015 09:04:24 AM) (Source: SideBySide) (EventID: 63) (User: )Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (01/05/2015 09:02:44 AM) (Source: SideBySide) (EventID: 35) (User: )Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the app_id registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a buffer size for the app_id registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the ext_params registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a buffer size for the ext_params registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the Name registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a buffer size for the Name registry value, code: 1018 Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the Version registry value, code: 1018 ==================== Memory info =========================== Processor: Intel® Celeron® CPU 900 @ 2.20GHzPercentage of memory in use: 54%Total physical RAM: 1978.93 MBAvailable physical RAM: 900.13 MBTotal Pagefile: 3957.86 MBAvailable Pagefile: 2723.77 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:218.67 GB) (Free:140.43 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (RECOVERY) (Fixed) (Total:13.92 GB) (Free:2.29 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 232.9 GB) (Disk ID: 505C85E0)Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=218.7 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=13.9 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Blackbird Posted January 10, 2015 ID:928090 Share Posted January 10, 2015 Hi, I apologize, I accidentally posted the FRST file twice....I'm sorry...... No problem! I'll wait for your Gmer-logfile. Link to post Share on other sites More sharing options...
TexasAggie Posted January 10, 2015 Author ID:928099 Share Posted January 10, 2015 POST IS TOO LONG SO HERE IS PART 1: GMER 2.1.19357 - http://www.gmer.netRootkit scan 2015-01-09 21:57:59Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 232.89GBRunning: jtcpmdrv.exe; Driver: C:\Users\Boyd\AppData\Local\Temp\kxldqpob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a51360 5 bytes JMP 000000014a480460.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a513b0 5 bytes JMP 000000014a480450.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a51510 5 bytes JMP 000000014a480370.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a51560 5 bytes JMP 000000014a480470.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 000000014a4803e0.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a51620 5 bytes JMP 000000014a480320.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a51650 5 bytes JMP 000000014a4803b0.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a51670 5 bytes JMP 000000014a480390.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a516b0 5 bytes JMP 000000014a4802e0.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a51730 5 bytes JMP 000000014a4802d0.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a51750 5 bytes JMP 000000014a480310.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a51790 5 bytes JMP 000000014a4803c0.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a517e0 5 bytes JMP 000000014a4803f0.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a51940 5 bytes JMP 000000014a480230.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a51b00 5 bytes JMP 000000014a480480.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a51b30 5 bytes JMP 000000014a4803a0.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a51c10 5 bytes JMP 000000014a4802f0.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a51c20 5 bytes JMP 000000014a480350.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a51c80 5 bytes JMP 000000014a480290.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a51d10 5 bytes JMP 000000014a4802b0.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a51d30 5 bytes JMP 000000014a4803d0.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a51d40 5 bytes JMP 000000014a480330.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a51db0 5 bytes JMP 000000014a480410.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a51de0 5 bytes JMP 000000014a480240.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a520a0 5 bytes JMP 000000014a4801e0.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a52160 5 bytes JMP 000000014a480250.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a52190 5 bytes JMP 000000014a480490.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a521a0 5 bytes JMP 000000014a4804a0.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a521d0 5 bytes JMP 000000014a480300.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a521e0 5 bytes JMP 000000014a480360.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a52240 5 bytes JMP 000000014a4802a0.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a52290 5 bytes JMP 000000014a4802c0.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a522c0 5 bytes JMP 000000014a480380.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a522d0 5 bytes JMP 000000014a480340.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a525c0 5 bytes JMP 000000014a480440.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a527c0 5 bytes JMP 000000014a480260.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a527d0 5 bytes JMP 000000014a480270.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 000000014a480400.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a529a0 5 bytes JMP 000000014a4801f0.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a529b0 5 bytes JMP 000000014a480210.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a52a20 5 bytes JMP 000000014a480200.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a52a80 5 bytes JMP 000000014a480420.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a52a90 5 bytes JMP 000000014a480430.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a52aa0 5 bytes JMP 000000014a480220.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a52b80 5 bytes JMP 000000014a480280.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a51360 5 bytes JMP 0000000077bb0460.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a513b0 5 bytes JMP 0000000077bb0450.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a51510 5 bytes JMP 0000000077bb0370.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a51560 5 bytes JMP 0000000077bb0470.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 0000000077bb03e0.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a51620 5 bytes JMP 0000000077bb0320.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a51650 5 bytes JMP 0000000077bb03b0.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a51670 5 bytes JMP 0000000077bb0390.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a516b0 5 bytes JMP 0000000077bb02e0.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a51730 5 bytes JMP 0000000077bb02d0.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a51750 5 bytes JMP 0000000077bb0310.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a51790 5 bytes JMP 0000000077bb03c0.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a517e0 5 bytes JMP 0000000077bb03f0.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a51940 5 bytes JMP 0000000077bb0230.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a51b00 5 bytes JMP 0000000077bb0480.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a51b30 5 bytes JMP 0000000077bb03a0.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a51c10 5 bytes JMP 0000000077bb02f0.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a51c20 5 bytes JMP 0000000077bb0350.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a51c80 5 bytes JMP 0000000077bb0290.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a51d10 5 bytes JMP 0000000077bb02b0.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a51d30 5 bytes JMP 0000000077bb03d0.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a51d40 5 bytes JMP 0000000077bb0330.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a51db0 5 bytes JMP 0000000077bb0410.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a51de0 5 bytes JMP 0000000077bb0240.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a520a0 5 bytes JMP 0000000077bb01e0.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a52160 5 bytes JMP 0000000077bb0250.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a52190 5 bytes JMP 0000000077bb0490.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a521a0 5 bytes JMP 0000000077bb04a0.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a521d0 5 bytes JMP 0000000077bb0300.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a521e0 5 bytes JMP 0000000077bb0360.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a52240 5 bytes JMP 0000000077bb02a0.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a52290 5 bytes JMP 0000000077bb02c0.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a522c0 5 bytes JMP 0000000077bb0380.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a522d0 5 bytes JMP 0000000077bb0340.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a525c0 5 bytes JMP 0000000077bb0440.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a527c0 5 bytes JMP 0000000077bb0260.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a527d0 5 bytes JMP 0000000077bb0270.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 0000000077bb0400.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a529a0 5 bytes JMP 0000000077bb01f0.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a529b0 5 bytes JMP 0000000077bb0210.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a52a20 5 bytes JMP 0000000077bb0200.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a52a80 5 bytes JMP 0000000077bb0420.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a52a90 5 bytes JMP 0000000077bb0430.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a52aa0 5 bytes JMP 0000000077bb0220.text C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a52b80 5 bytes JMP 0000000077bb0280.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a51360 5 bytes JMP 000000014a480460.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a513b0 5 bytes JMP 000000014a480450.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a51510 5 bytes JMP 000000014a480370.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a51560 5 bytes JMP 000000014a480470.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 000000014a4803e0.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a51620 5 bytes JMP 000000014a480320.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a51650 5 bytes JMP 000000014a4803b0.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a51670 5 bytes JMP 000000014a480390.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a516b0 5 bytes JMP 000000014a4802e0.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a51730 5 bytes JMP 000000014a4802d0.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a51750 5 bytes JMP 000000014a480310.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a51790 5 bytes JMP 000000014a4803c0.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a517e0 5 bytes JMP 000000014a4803f0.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a51940 5 bytes JMP 000000014a480230.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a51b00 5 bytes JMP 000000014a480480.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a51b30 5 bytes JMP 000000014a4803a0.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a51c10 5 bytes JMP 000000014a4802f0.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a51c20 5 bytes JMP 000000014a480350.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a51c80 5 bytes JMP 000000014a480290.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a51d10 5 bytes JMP 000000014a4802b0.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a51d30 5 bytes JMP 000000014a4803d0.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a51d40 5 bytes JMP 000000014a480330.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a51db0 5 bytes JMP 000000014a480410.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a51de0 5 bytes JMP 000000014a480240.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver Link to post Share on other sites More sharing options...
TexasAggie Posted January 10, 2015 Author ID:928100 Share Posted January 10, 2015 PART 2 .text C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a521a0 5 bytes JMP 00000001000704a0.text C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a521d0 5 bytes JMP 0000000100070300.text C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a521e0 5 bytes JMP 0000000100070360.text C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a52240 5 bytes JMP 00000001000702a0.text C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a52290 5 bytes JMP 00000001000702c0.text C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a522c0 5 bytes JMP 0000000100070380.text C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a522d0 5 bytes JMP 0000000100070340.text C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a525c0 5 bytes JMP 0000000100070440.text C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a527c0 5 bytes JMP 0000000100070260.text C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a527d0 5 bytes JMP 0000000100070270.text C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 0000000100070400.text C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a529a0 5 bytes JMP 00000001000701f0.text C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a529b0 5 bytes JMP 0000000100070210.text C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a52a20 5 bytes JMP 0000000100070200.text C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a52a80 5 bytes JMP 0000000100070420.text C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a52a90 5 bytes JMP 0000000100070430.text C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a52aa0 5 bytes JMP 0000000100070220.text C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a52b80 5 bytes JMP 0000000100070280.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a51360 5 bytes JMP 0000000100070460.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a513b0 5 bytes JMP 0000000100070450.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a51510 5 bytes JMP 0000000100070370.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a51560 5 bytes JMP 0000000100070470.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 00000001000703e0.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a51620 5 bytes JMP 0000000100070320.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a51650 5 bytes JMP 00000001000703b0.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a51670 5 bytes JMP 0000000100070390.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a516b0 5 bytes JMP 00000001000702e0.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a51730 5 bytes JMP 00000001000702d0.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a51750 5 bytes JMP 0000000100070310.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a51790 5 bytes JMP 00000001000703c0.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a517e0 5 bytes JMP 00000001000703f0.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a51940 5 bytes JMP 0000000100070230.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a51b00 5 bytes JMP 0000000100070480.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a51b30 5 bytes JMP 00000001000703a0.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a51c10 5 bytes JMP 00000001000702f0.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a51c20 5 bytes JMP 0000000100070350.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a51c80 5 bytes JMP 0000000100070290.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a51d10 5 bytes JMP 00000001000702b0.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a51d30 5 bytes JMP 00000001000703d0.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a51d40 5 bytes JMP 0000000100070330.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a51db0 5 bytes JMP 0000000100070410.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a51de0 5 bytes JMP 0000000100070240.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a520a0 5 bytes JMP 00000001000701e0.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a52160 5 bytes JMP 0000000100070250.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a52190 5 bytes JMP 0000000100070490.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a521a0 5 bytes JMP 00000001000704a0.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a521d0 5 bytes JMP 0000000100070300.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a521e0 5 bytes JMP 0000000100070360.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a52240 5 bytes JMP 00000001000702a0.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a52290 5 bytes JMP 00000001000702c0.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a522c0 5 bytes JMP 0000000100070380.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a522d0 5 bytes JMP 0000000100070340.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a525c0 5 bytes JMP 0000000100070440.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a527c0 5 bytes JMP 0000000100070260.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a527d0 5 bytes JMP 0000000100070270.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 0000000100070400.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a529a0 5 bytes JMP 00000001000701f0.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a529b0 5 bytes JMP 0000000100070210.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a52a20 5 bytes JMP 0000000100070200.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a52a80 5 bytes JMP 0000000100070420.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a52a90 5 bytes JMP 0000000100070430.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a52aa0 5 bytes JMP 0000000100070220.text C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a52b80 5 bytes JMP 0000000100070280.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a51360 5 bytes JMP 0000000077bb0460.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a513b0 5 bytes JMP 0000000077bb0450.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a51510 5 bytes JMP 0000000077bb0370.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a51560 5 bytes JMP 0000000077bb0470.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 0000000077bb03e0.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a51620 5 bytes JMP 0000000077bb0320.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a51650 5 bytes JMP 0000000077bb03b0.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a51670 5 bytes JMP 0000000077bb0390.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a516b0 5 bytes JMP 0000000077bb02e0.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a51730 5 bytes JMP 0000000077bb02d0.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a51750 5 bytes JMP 0000000077bb0310.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a51790 5 bytes JMP 0000000077bb03c0.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a517e0 5 bytes JMP 0000000077bb03f0.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a51940 5 bytes JMP 0000000077bb0230.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a51b00 5 bytes JMP 0000000077bb0480.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a51b30 5 bytes JMP 0000000077bb03a0.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a51c10 5 bytes JMP 0000000077bb02f0.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a51c20 5 bytes JMP 0000000077bb0350.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a51c80 5 bytes JMP 0000000077bb0290.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a51d10 5 bytes JMP 0000000077bb02b0.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a51d30 5 bytes JMP 0000000077bb03d0.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a51d40 5 bytes JMP 0000000077bb0330.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a51db0 5 bytes JMP 0000000077bb0410.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a51de0 5 bytes JMP 0000000077bb0240.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a520a0 5 bytes JMP 0000000077bb01e0.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a52160 5 bytes JMP 0000000077bb0250.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a52190 5 bytes JMP 0000000077bb0490.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a521a0 5 bytes JMP 0000000077bb04a0.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a521d0 5 bytes JMP 0000000077bb0300.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a521e0 5 bytes JMP 0000000077bb0360.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a52240 5 bytes JMP 0000000077bb02a0.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a52290 5 bytes JMP 0000000077bb02c0.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a522c0 5 bytes JMP 0000000077bb0380.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a522d0 5 bytes JMP 0000000077bb0340.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a525c0 5 bytes JMP 0000000077bb0440.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a527c0 5 bytes JMP 0000000077bb0260.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a527d0 5 bytes JMP 0000000077bb0270.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 0000000077bb0400.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a529a0 5 bytes JMP 0000000077bb01f0.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a529b0 5 bytes JMP 0000000077bb0210.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a52a20 5 bytes JMP 0000000077bb0200.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a52a80 5 bytes JMP 0000000077bb0420.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a52a90 5 bytes JMP 0000000077bb0430.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a52aa0 5 bytes JMP 0000000077bb0220.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a52b80 5 bytes JMP 0000000077bb0280.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a51360 5 bytes JMP 0000000077bb0460.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a513b0 5 bytes JMP 0000000077bb0450.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a51510 5 bytes JMP 0000000077bb0370.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a51560 5 bytes JMP 0000000077bb0470.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 0000000077bb03e0.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a51620 5 bytes JMP 0000000077bb0320.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a51650 5 bytes JMP 0000000077bb03b0.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a51670 5 bytes JMP 0000000077bb0390.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent &nbs Link to post Share on other sites More sharing options...
TexasAggie Posted January 10, 2015 Author ID:928104 Share Posted January 10, 2015 PART 3 .text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a51730 5 bytes JMP 0000000077bb02d0.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a51750 5 bytes JMP 0000000077bb0310.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a51790 5 bytes JMP 0000000077bb03c0.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a517e0 5 bytes JMP 0000000077bb03f0.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a51940 5 bytes JMP 0000000077bb0230.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a51b00 5 bytes JMP 0000000077bb0480.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a51b30 5 bytes JMP 0000000077bb03a0.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a51c10 5 bytes JMP 0000000077bb02f0.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a51c20 5 bytes JMP 0000000077bb0350.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a51c80 5 bytes JMP 0000000077bb0290.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a51d10 5 bytes JMP 0000000077bb02b0.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a51d30 5 bytes JMP 0000000077bb03d0.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a51d40 5 bytes JMP 0000000077bb0330.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a51db0 5 bytes JMP 0000000077bb0410.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a51de0 5 bytes JMP 0000000077bb0240.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a520a0 5 bytes JMP 0000000077bb01e0.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a52160 5 bytes JMP 0000000077bb0250.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a52190 5 bytes JMP 0000000077bb0490.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a521a0 5 bytes JMP 0000000077bb04a0.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a521d0 5 bytes JMP 0000000077bb0300.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a521e0 5 bytes JMP 0000000077bb0360.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a52240 5 bytes JMP 0000000077bb02a0.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a52290 5 bytes JMP 0000000077bb02c0.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a522c0 5 bytes JMP 0000000077bb0380.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a522d0 5 bytes JMP 0000000077bb0340.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a525c0 5 bytes JMP 0000000077bb0440.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a527c0 5 bytes JMP 0000000077bb0260.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a527d0 5 bytes JMP 0000000077bb0270.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 0000000077bb0400.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a529a0 5 bytes JMP 0000000077bb01f0.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a529b0 5 bytes JMP 0000000077bb0210.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a52a20 5 bytes JMP 0000000077bb0200.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a52a80 5 bytes JMP 0000000077bb0420.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a52a90 5 bytes JMP 0000000077bb0430.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a52aa0 5 bytes JMP 0000000077bb0220.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a52b80 5 bytes JMP 0000000077bb0280.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a51360 5 bytes JMP 0000000077bb0460.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a513b0 5 bytes JMP 0000000077bb0450.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a51510 5 bytes JMP 0000000077bb0370.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a51560 5 bytes JMP 0000000077bb0470.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 0000000077bb03e0.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a51620 5 bytes JMP 0000000077bb0320.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a51650 5 bytes JMP 0000000077bb03b0.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a51670 5 bytes JMP 0000000077bb0390.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a516b0 5 bytes JMP 0000000077bb02e0.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a51730 5 bytes JMP 0000000077bb02d0.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a51750 5 bytes JMP 0000000077bb0310.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a51790 5 bytes JMP 0000000077bb03c0.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a517e0 5 bytes JMP 0000000077bb03f0.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a51940 5 bytes JMP 0000000077bb0230.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a51b00 5 bytes JMP 0000000077bb0480.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a51b30 5 bytes JMP 0000000077bb03a0.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a51c10 5 bytes JMP 0000000077bb02f0.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a51c20 5 bytes JMP 0000000077bb0350.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a51c80 5 bytes JMP 0000000077bb0290.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a51d10 5 bytes JMP 0000000077bb02b0.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a51d30 5 bytes JMP 0000000077bb03d0.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a51d40 5 bytes JMP 0000000077bb0330.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a51db0 5 bytes JMP 0000000077bb0410.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a51de0 5 bytes JMP 0000000077bb0240.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a520a0 5 bytes JMP 0000000077bb01e0.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a52160 5 bytes JMP 0000000077bb0250.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a52190 5 bytes JMP 0000000077bb0490.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a521a0 5 bytes JMP 0000000077bb04a0.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a521d0 5 bytes JMP 0000000077bb0300.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a521e0 5 bytes JMP 0000000077bb0360.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a52240 5 bytes JMP 0000000077bb02a0.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a52290 5 bytes JMP 0000000077bb02c0.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a522c0 5 bytes JMP 0000000077bb0380.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a522d0 5 bytes JMP 0000000077bb0340.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a525c0 5 bytes JMP 0000000077bb0440.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a527c0 5 bytes JMP 0000000077bb0260.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a527d0 5 bytes JMP 0000000077bb0270.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 0000000077bb0400.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a529a0 5 bytes JMP 0000000077bb01f0.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a529b0 5 bytes JMP 0000000077bb0210.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a52a20 5 bytes JMP 0000000077bb0200.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a52a80 5 bytes JMP 0000000077bb0420.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a52a90 5 bytes JMP 0000000077bb0430.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a52aa0 5 bytes JMP 0000000077bb0220.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a52b80 5 bytes JMP 0000000077bb0280.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a51360 5 bytes JMP 0000000077bb0460.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a513b0 5 bytes JMP 0000000077bb0450.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a51510 5 bytes JMP 0000000077bb0370.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a51560 5 bytes JMP 0000000077bb0470.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 0000000077bb03e0.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a51620 5 bytes JMP 0000000077bb0320.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a51650 5 bytes JMP 0000000077bb03b0.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a51670 5 bytes JMP 0000000077bb0390.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a516b0 5 bytes JMP 0000000077bb02e0.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a51730 5 bytes JMP 0000000077bb02d0.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a51750 5 bytes JMP 0000000077bb0310.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a51790 5 bytes JMP 0000000077bb03c0.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a517e0 5 bytes JMP 0000000077bb03f0.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a51940 5 bytes JMP 0000000077bb0230.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a51b00 5 bytes JMP 0000000077bb0480.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a51b30 5 bytes JMP 0000000077bb03a0.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a51c10 5 bytes JMP 0000000077bb02f0.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a51c20 5 bytes JMP 0000000077bb0350.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a51c80 5 bytes JMP 0000000077bb0290.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a51d10 5 bytes JMP 0000000077bb02b0.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a51d30 5 bytes JMP 0000000077bb03d0.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a51d40 5 bytes JMP 0000000077bb0330.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a51db0 5 bytes JMP 0000000077bb0410.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a51de0 5 bytes JMP 0000000077bb0240.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a520a0 5 bytes JMP 0000000077bb01e0.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a52160 5 bytes JMP 0000000077bb0250.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a52190 5 bytes JMP 0000000077bb0490.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a521a0 5 bytes JMP 0000000077bb04a0.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a521d0 5 bytes JMP 0000000077bb0300.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a521e0 5 bytes JMP 0000000077bb0360.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a52240 5 bytes JMP 0000000077bb02a0.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a52290 5 bytes JMP 0000000077bb02c0.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a522c0 5 bytes JMP 0000000077bb0380.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer & Link to post Share on other sites More sharing options...
TexasAggie Posted January 10, 2015 Author ID:928105 Share Posted January 10, 2015 PART 4 I hope this is all and that I haven't repeated anything. .text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a525c0 5 bytes JMP 0000000077bb0440.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a527c0 5 bytes JMP 0000000077bb0260.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a527d0 5 bytes JMP 0000000077bb0270.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 0000000077bb0400.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a529a0 5 bytes JMP 0000000077bb01f0.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a529b0 5 bytes JMP 0000000077bb0210.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a52a20 5 bytes JMP 0000000077bb0200.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a52a80 5 bytes JMP 0000000077bb0420.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a52a90 5 bytes JMP 0000000077bb0430.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a52aa0 5 bytes JMP 0000000077bb0220.text C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a52b80 5 bytes JMP 0000000077bb0280.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a51360 5 bytes JMP 0000000077bb0460.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a513b0 5 bytes JMP 0000000077bb0450.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a51510 5 bytes JMP 0000000077bb0370.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a51560 5 bytes JMP 0000000077bb0470.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 0000000077bb03e0.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a51620 5 bytes JMP 0000000077bb0320.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a51650 5 bytes JMP 0000000077bb03b0.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a51670 5 bytes JMP 0000000077bb0390.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a516b0 5 bytes JMP 0000000077bb02e0.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a51730 5 bytes JMP 0000000077bb02d0.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a51750 5 bytes JMP 0000000077bb0310.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a51790 5 bytes JMP 0000000077bb03c0.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a517e0 5 bytes JMP 0000000077bb03f0.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a51940 5 bytes JMP 0000000077bb0230.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a51b00 5 bytes JMP 0000000077bb0480.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a51b30 5 bytes JMP 0000000077bb03a0.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a51c10 5 bytes JMP 0000000077bb02f0.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a51c20 5 bytes JMP 0000000077bb0350.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a51c80 5 bytes JMP 0000000077bb0290.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a51d10 5 bytes JMP 0000000077bb02b0.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a51d30 5 bytes JMP 0000000077bb03d0.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a51d40 5 bytes JMP 0000000077bb0330.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a51db0 5 bytes JMP 0000000077bb0410.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a51de0 5 bytes JMP 0000000077bb0240.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a520a0 5 bytes JMP 0000000077bb01e0.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a52160 5 bytes JMP 0000000077bb0250.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a52190 5 bytes JMP 0000000077bb0490.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a521a0 5 bytes JMP 0000000077bb04a0.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a521d0 5 bytes JMP 0000000077bb0300.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a521e0 5 bytes JMP 0000000077bb0360.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a52240 5 bytes JMP 0000000077bb02a0.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a52290 5 bytes JMP 0000000077bb02c0.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a522c0 5 bytes JMP 0000000077bb0380.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a522d0 5 bytes JMP 0000000077bb0340.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a525c0 5 bytes JMP 0000000077bb0440.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a527c0 5 bytes JMP 0000000077bb0260.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a527d0 5 bytes JMP 0000000077bb0270.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 0000000077bb0400.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a529a0 5 bytes JMP 0000000077bb01f0.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a529b0 5 bytes JMP 0000000077bb0210.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a52a20 5 bytes JMP 0000000077bb0200.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a52a80 5 bytes JMP 0000000077bb0420.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a52a90 5 bytes JMP 0000000077bb0430.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a52aa0 5 bytes JMP 0000000077bb0220.text C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a52b80 5 bytes JMP 0000000077bb0280.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a51360 5 bytes JMP 0000000077bb0460.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a513b0 5 bytes JMP 0000000077bb0450.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a51510 5 bytes JMP 0000000077bb0370.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a51560 5 bytes JMP 0000000077bb0470.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 0000000077bb03e0.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a51620 5 bytes JMP 0000000077bb0320.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a51650 5 bytes JMP 0000000077bb03b0.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a51670 5 bytes JMP 0000000077bb0390.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a516b0 5 bytes JMP 0000000077bb02e0.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a51730 5 bytes JMP 0000000077bb02d0.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a51750 5 bytes JMP 0000000077bb0310.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a51790 5 bytes JMP 0000000077bb03c0.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a517e0 5 bytes JMP 0000000077bb03f0.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a51940 5 bytes JMP 0000000077bb0230.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a51b00 5 bytes JMP 0000000077bb0480.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a51b30 5 bytes JMP 0000000077bb03a0.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a51c10 5 bytes JMP 0000000077bb02f0.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a51c20 5 bytes JMP 0000000077bb0350.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a51c80 5 bytes JMP 0000000077bb0290.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a51d10 5 bytes JMP 0000000077bb02b0.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a51d30 5 bytes JMP 0000000077bb03d0.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a51d40 5 bytes JMP 0000000077bb0330.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a51db0 5 bytes JMP 0000000077bb0410.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a51de0 5 bytes JMP 0000000077bb0240.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a520a0 5 bytes JMP 0000000077bb01e0.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a52160 5 bytes JMP 0000000077bb0250.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a52190 5 bytes JMP 0000000077bb0490.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a521a0 5 bytes JMP 0000000077bb04a0.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a521d0 5 bytes JMP 0000000077bb0300.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a521e0 5 bytes JMP 0000000077bb0360.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a52240 5 bytes JMP 0000000077bb02a0.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a52290 5 bytes JMP 0000000077bb02c0.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a522c0 5 bytes JMP 0000000077bb0380.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a522d0 5 bytes JMP 0000000077bb0340.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a525c0 5 bytes JMP 0000000077bb0440.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a527c0 5 bytes JMP 0000000077bb0260.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a527d0 5 bytes JMP 0000000077bb0270.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 0000000077bb0400.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a529a0 5 bytes JMP 0000000077bb01f0.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a529b0 5 bytes JMP 0000000077bb0210.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a52a20 5 bytes JMP 0000000077bb0200.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a52a80 5 bytes JMP 0000000077bb0420.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a52a90 5 bytes JMP 0000000077bb0430.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a52aa0 5 bytes JMP 0000000077bb0220.text C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a52b80 5 bytes JMP 0000000077bb0280.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771f1465 2 bytes [1F, 77].text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771f14bb 2 bytes [1F, 77].text ... * 2.text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a51360 5 bytes JMP 0000000077bb0460.text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a513b0 5 bytes JMP 0000000077bb0450.text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a51510 5 bytes JMP 0000000077bb0370.text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a51560 5 bytes JMP 0000000077bb0470.text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 0000000077bb03e0.text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a51620 5 bytes JMP 0000000077bb0320.text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a51650 5 bytes JMP 0000000077bb03b0.text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a51670 5 bytes JMP 0000000077bb0390.text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a516b0 5 bytes JMP 0000000077bb02e0.text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a51730 5 bytes JMP 0000000077bb02d0.text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a51750 5 bytes JMP 0000000077bb0310.text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a51790 5 bytes JMP 0000000077bb03c0.text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a517e0 5 bytes JMP 0000000077bb03f0.text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a51940 5 bytes JMP 0000000077bb0230.text % Link to post Share on other sites
Recommended Posts