Jump to content

Recommended Posts

Hello all! I am in some desperate need of help! My partners computer seems to be full of viruses. I have tried endlessly to remove SafeHomepage (default homepage and search bar) from Firefox but it shows back up every time the browser is restarted. I noticed when the browser is loading up, the address at the left bottom screen keeps saying "istart123". And a Yahoo! Toolbar with a bunch of icons keeps showing up even though I removed it. I uninstalled many virus like programs through the control panel, and 5 minutes later the same programs or new ones will be installed all over again. ALOT. Looking for the solution to this, I'd be greatful for any help. Thank you.

 

Here are the results from the FarBar Recovery Scan Tool.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Alysha (administrator) on ALYSHA-PC on 26-01-2015 06:57:35
Running from C:\Users\Alysha\Downloads
Loaded Profiles: Alysha (Available profiles: Alysha)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2013-08-30] (Synaptics Incorporated)
HKLM\...\Run: [installerLauncher] => C:\Program Files\Bitdefender\Antivirus Free Edition\Install\Installer.exe [567888 2013-09-04] (Bitdefender)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [fst_ca_136] => [X]
HKLM-x32\...\Run: [fst_ca_152] => [X]
HKLM-x32\...\Run: [fst_ca_170] => [X]
HKLM-x32\...\Run: [fst_ca_251] => [X]
HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\...\Run: [PriceMeterW] => "C:\Users\Alysha\AppData\Local\PriceMeter\pricemeterw.exe"
HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\...\RunOnce: [FlashPlayerUpdate] => C:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54073;https=127.0.0.1:54073
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123.com/?type=hp&ts=1408165399&from=tt4u&uid=TOSHIBAXMK5065GSXN_814FC5ISTXX814FC5IST
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1408165399&from=tt4u&uid=TOSHIBAXMK5065GSXN_814FC5ISTXX814FC5IST&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1408165399&from=tt4u&uid=TOSHIBAXMK5065GSXN_814FC5ISTXX814FC5IST
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1408165399&from=tt4u&uid=TOSHIBAXMK5065GSXN_814FC5ISTXX814FC5IST&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1408165399&from=tt4u&uid=TOSHIBAXMK5065GSXN_814FC5ISTXX814FC5IST&q={searchTerms}
URLSearchHook: HKLM-x32 - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKLM-x32 - SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files (x86)\SimilarSites\similarsites.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1408165399&from=tt4u&uid=TOSHIBAXMK5065GSXN_814FC5ISTXX814FC5IST&q={searchTerms}
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_21_ch&cd=2XzuyEtN2Y1L1QzuyByE0D0EtB0ByC0DzyyDtBtDtBtBtC0BtN0D0Tzu0SzzyBtCtN1L2XzutBtFtBtDtFtCtAtFzztN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyE0D0A0AtD0EtBtG0B0Czy0BtG0CtA0B0AtGyByB0CyEtGyDyEyE0ByB0DyEyBzztD0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtBtD0AyEtAyDyCtGyByByDtDtGyDtBtC0FtGtC0DtBtBtGtByCtD0BtB0C0E0D0Azyzy0C2Q&cr=1120806935&ir=
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1408165399&from=tt4u&uid=TOSHIBAXMK5065GSXN_814FC5ISTXX814FC5IST&q={searchTerms}
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E74yobryu1,d474e45c-9faa-4867-acf4-d05688b34927,&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=157&itype=n&ver=12349&tm=345&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Torntv V9.0 -> {11111111-1111-1111-1111-110511131190} -> C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho64.dll No File
BHO: video MediaPlayer -> {11111111-1111-1111-1111-110511951199} -> C:\Program Files (x86)\video MediaPlayer\video MediaPlayer-bho64.dll ()
BHO: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: No Name -> {336D0C35-8A85-403a-B9D2-65C292C39087} ->  No File
BHO: No Name -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} ->  No File
BHO: Boost -> {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} -> C:\Program Files (x86)\Boost\64Boost.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll No File
BHO-x32: Boost -> {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} -> C:\Program Files (x86)\Boost\Boost.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files (x86)\SimilarSites\similarsites.dll No File
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1580903306-1420406646-1734795358-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1580903306-1420406646-1734795358-1000 -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Toolbar: HKU\S-1-5-21-1580903306-1420406646-1734795358-1000 -> No Name - {F92A9FE4-2850-4198-B9D5-279880E49B16} -  No File
Toolbar: HKU\S-1-5-21-1580903306-1420406646-1734795358-1000 -> No Name - {B81767E1-672D-4DA1-B5CC-D277185815A6} -  No File
Toolbar: HKU\S-1-5-21-1580903306-1420406646-1734795358-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{FBBEAC93-8E3C-4DD8-9233-68E2B41BD304}: [NameServer] 208.69.150.250,208.69.150.252

FireFox:
========
FF ProfilePath: C:\Users\Alysha\AppData\Roaming\Mozilla\Firefox\Profiles\snkgi2ip.default-1422257803235
FF DefaultSearchEngine: Google
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Yahoo! Toolbar - C:\Users\Alysha\AppData\Roaming\Mozilla\Firefox\Profiles\snkgi2ip.default-1422257803235\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-01-26]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox [2012-05-21]
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Web Assistant\Firefox

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-26]
CHR Extension: (Google Drive) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-26]
CHR Extension: (No Name) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj [2014-08-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-26]
CHR Extension: (Fraven 1.1) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cghglbggfogikpminlhbocmmbkppikhf [2014-07-05]
CHR Extension: (Google Search) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-26]
CHR Extension: (Bcool) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfjjfdocehnaoldljofpjigbchchimcg [2014-08-17]
CHR Extension: (video MediaPlayer) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\jflocljnfndnnnlmfaamgbkbibnfmlkf [2014-07-06]
CHR Extension: (Google Wallet) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (Gmail) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-26]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - No Path
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-05-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 RTZnjsXcl; C:\ProgramData\XXmhBb\RTZnjsXcl.exe [2316152 2014-07-07] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 1ca156e3; "C:\windows\system32\rundll32.exe" "c:\Program Files (x86)\LibraryInstance\LibraryInstance.dll",serv
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
S2 Wajam Internet Enhancer Service; C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [X] <==== ATTENTION

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-05-21] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R4 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-01-26] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-05-21] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RTL8192Ce; system32\DRIVERS\rtl8192Ce.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 06:57 - 2015-01-26 06:58 - 00019199 _____ () C:\Users\Alysha\Downloads\FRST.txt
2015-01-26 06:57 - 2015-01-26 06:57 - 00000000 ____D () C:\FRST
2015-01-26 06:55 - 2015-01-26 06:55 - 02129920 _____ (Farbar) C:\Users\Alysha\Downloads\FRST64.exe
2015-01-26 06:42 - 2015-01-26 06:42 - 00000000 ____D () C:\Users\Alysha\AppData\Local\Macromedia
2015-01-26 06:19 - 2015-01-26 06:19 - 00020339 _____ () C:\Users\Alysha\Desktop\JRT.txt
2015-01-26 05:48 - 2015-01-26 05:48 - 00003464 _____ () C:\windows\System32\Tasks\ProPCCleaner_Popup
2015-01-26 05:48 - 2015-01-26 05:48 - 00003200 _____ () C:\windows\System32\Tasks\ProPCCleaner_Start
2015-01-26 05:47 - 2015-01-26 05:47 - 00000000 ____D () C:\windows\ERUNT
2015-01-26 05:47 - 2015-01-26 05:47 - 00000000 ____D () C:\Users\Alysha\AppData\Roaming\Rainmaker Software Group LLC.​
2015-01-26 05:47 - 2015-01-26 05:47 - 00000000 ____D () C:\Users\Alysha\AppData\Local\Rainmaker_Software_Group_
2015-01-26 05:46 - 2015-01-26 05:46 - 01707939 _____ (Thisisu) C:\Users\Alysha\Downloads\JRT(1).exe
2015-01-26 05:44 - 2015-01-26 05:45 - 00236392 _____ () C:\Users\Alysha\Downloads\JRT.exe
2015-01-26 05:44 - 2015-01-26 05:44 - 00058633 _____ () C:\ProgramData\1422268984.bdinstall.bin
2015-01-26 05:43 - 2015-01-26 05:43 - 00037839 _____ () C:\ProgramData\1422268980.bdinstall.bin
2015-01-26 05:39 - 2015-01-26 05:39 - 00175507 _____ () C:\ProgramData\1422268733.bdinstall.bin
2015-01-26 05:39 - 2015-01-26 05:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2015-01-26 05:39 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\windows\system32\Drivers\gzflt.sys
2015-01-26 05:39 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\windows\system32\Drivers\avc3.sys
2015-01-26 05:38 - 2015-01-26 05:38 - 00037823 _____ () C:\ProgramData\1422268728.bdinstall.bin
2015-01-26 05:32 - 2015-01-26 05:39 - 00000000 _____ () C:\windows\system32\Drivers\avchv.sys
2015-01-26 05:24 - 2015-01-26 05:31 - 00002842 _____ () C:\windows\system32\lic2.xml24801
2015-01-26 05:23 - 2015-01-26 05:23 - 00186815 _____ () C:\ProgramData\1422267727.bdinstall.bin
2015-01-26 05:23 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\windows\system32\Drivers\SETCFEB.tmp
2015-01-26 05:22 - 2015-01-26 05:23 - 00000000 ____D () C:\Program Files\Bitdefender
2015-01-26 05:22 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys
2015-01-26 05:22 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\windows\system32\Drivers\avckf.sys
2015-01-26 05:16 - 2015-01-26 05:16 - 00041760 _____ () C:\ProgramData\1422267390.3196.bin
2015-01-26 05:16 - 2015-01-26 05:16 - 00002055 _____ () C:\ProgramData\1422267390.4124.bin
2015-01-26 05:13 - 2015-01-26 05:13 - 00000000 ____D () C:\windows\SysWOW64\Drivers\AVG
2015-01-26 05:11 - 2015-01-26 05:11 - 00045448 _____ () C:\ProgramData\1422267081.bdinstall.bin
2015-01-26 05:11 - 2015-01-26 05:11 - 00000000 ____D () C:\Users\Alysha\AppData\Roaming\QuickScan
2015-01-26 04:53 - 2015-01-26 04:53 - 00043664 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2015-01-26 04:49 - 2015-01-26 04:49 - 00006616 _____ () C:\windows\system32\.crusader
2015-01-26 04:20 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-01-26 04:20 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-01-26 04:20 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-01-26 04:20 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-01-26 04:20 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-01-26 04:20 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-01-26 04:20 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-01-26 04:20 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-01-26 04:20 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-01-26 04:20 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-01-26 04:20 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-01-26 04:20 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-01-26 04:20 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-01-26 04:20 - 2014-11-21 21:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-01-26 04:20 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-01-26 04:20 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-01-26 04:20 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-01-26 04:20 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-01-26 04:20 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-01-26 04:20 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-01-26 04:20 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-01-26 04:20 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-01-26 04:20 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-01-26 04:20 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-01-26 04:20 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-01-26 04:20 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-01-26 04:20 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-01-26 04:20 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-01-26 04:20 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-01-26 04:20 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-01-26 04:20 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-01-26 04:20 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-01-26 04:20 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-01-26 04:20 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-01-26 04:20 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-01-26 04:20 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-01-26 04:20 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-01-26 04:20 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-01-26 04:20 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-01-26 04:20 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-01-26 04:20 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-01-26 04:20 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-01-26 04:20 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-01-26 04:20 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-01-26 04:20 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-01-26 04:20 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-01-26 04:20 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-01-26 04:20 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-01-26 04:20 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-01-26 04:20 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-01-26 04:20 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-01-26 04:20 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-01-26 04:20 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-01-26 04:20 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-01-26 04:20 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-01-26 04:20 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-01-26 04:03 - 2015-01-26 04:51 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-26 04:03 - 2015-01-26 04:03 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-26 04:01 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-01-26 04:01 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-01-26 03:21 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-01-26 03:21 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-01-26 03:21 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-01-26 03:21 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-01-26 03:21 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-01-26 03:21 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-01-26 03:21 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-01-26 03:21 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-01-26 03:21 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-01-26 03:21 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-01-26 02:05 - 2015-01-26 02:05 - 00003108 _____ () C:\windows\System32\Tasks\{0292252A-A284-4587-B3D6-522A7A44213A}
2015-01-26 02:04 - 2015-01-26 02:04 - 00003152 _____ () C:\windows\System32\Tasks\{7AD44212-DF08-4CB7-95B6-C3C4D8F0717C}
2015-01-26 01:20 - 2015-01-26 01:20 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-25 22:33 - 2015-01-25 22:33 - 00000000 ____D () C:\Program Files (x86)\dOwanLoaAdittkeep
2015-01-25 22:32 - 2015-01-26 04:49 - 00000000 ____D () C:\Program Files (x86)\SmairtCCoMMpoare
2015-01-25 22:32 - 2015-01-25 22:32 - 00000000 ____D () C:\Program Files (x86)\Film Stack
2015-01-25 22:32 - 2015-01-25 22:32 - 00000000 ____D () C:\Program Files (x86)\deealster
2015-01-25 22:32 - 2015-01-25 22:32 - 00000000 ____D () C:\Program Files (x86)\ddeaal4reaL
2015-01-25 22:31 - 2015-01-26 04:49 - 00000000 ____D () C:\Program Files (x86)\tperfectcouupon
2015-01-25 22:31 - 2015-01-25 22:33 - 00000000 ____D () C:\ProgramData\1250025538242071055
2015-01-25 21:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2015-01-25 21:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2015-01-25 21:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2015-01-25 21:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2015-01-25 21:55 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2015-01-25 21:55 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2015-01-25 21:55 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2015-01-25 21:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2015-01-25 21:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2015-01-25 21:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2015-01-25 21:55 - 2014-07-08 17:38 - 00419992 _____ () C:\windows\system32\locale.nls
2015-01-25 21:55 - 2014-07-08 17:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2015-01-25 21:46 - 2015-01-25 21:46 - 00000000 ____D () C:\Users\Default\AppData\Roaming\AVG2012
2015-01-25 21:46 - 2015-01-25 21:46 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\AVG2012
2015-01-25 21:46 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-01-25 21:46 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-01-25 21:45 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-25 21:45 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-01-25 21:45 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-01-25 21:45 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-01-25 21:45 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-01-25 21:45 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2015-01-25 21:45 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2015-01-25 21:45 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2015-01-25 21:45 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2015-01-25 21:45 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2015-01-25 21:45 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2015-01-25 21:40 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-25 21:40 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-25 21:40 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-25 21:40 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2015-01-25 21:40 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-01-25 21:40 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-01-25 21:40 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-01-25 21:40 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-01-25 21:39 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-25 21:39 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-01-25 21:39 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-01-25 21:39 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-01-25 21:39 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-01-25 21:39 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-01-25 21:39 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-01-25 21:35 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-01-25 21:33 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-25 21:33 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2015-01-25 21:33 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2015-01-25 21:29 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-01-25 21:29 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2015-01-25 21:29 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-01-25 21:29 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2015-01-25 21:29 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-01-25 21:29 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-01-25 21:29 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-01-25 21:29 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-01-25 21:28 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-01-25 21:28 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-25 21:28 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-01-25 21:28 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-01-25 21:28 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-25 21:28 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-01-25 21:28 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-01-25 21:28 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-01-25 21:28 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-01-25 21:27 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2015-01-25 21:27 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2015-01-25 21:27 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2015-01-25 21:27 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2015-01-25 21:27 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2015-01-25 21:27 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2015-01-25 21:27 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2015-01-25 21:27 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2015-01-25 21:27 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-25 21:27 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2015-01-25 21:27 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2015-01-25 21:27 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2015-01-25 21:27 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2015-01-25 21:27 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2015-01-25 21:26 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-25 21:26 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-25 21:26 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-25 21:26 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-25 21:26 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-25 21:26 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-25 21:26 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-25 21:26 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-01-25 21:26 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-01-25 21:26 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-01-25 21:26 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-01-25 21:26 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-01-25 21:26 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-01-25 21:26 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-01-25 21:26 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-01-25 21:26 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-01-25 21:26 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-01-25 21:26 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-01-25 21:26 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-01-25 21:26 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-01-25 21:26 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-01-25 21:25 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2015-01-25 21:25 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2015-01-25 21:25 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2015-01-25 21:25 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2015-01-25 21:25 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2015-01-25 21:25 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2015-01-25 21:25 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2015-01-25 21:25 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2015-01-25 21:24 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-01-25 21:13 - 2015-01-26 02:47 - 00290304 _____ (Microsoft Corporation) C:\windows\SysWOW64\subinacl.exe
2015-01-25 21:11 - 2015-01-26 02:47 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-01-25 20:51 - 2015-01-26 05:10 - 00000000 ____D () C:\Users\Alysha\Desktop\Cleaners
2015-01-25 20:50 - 2015-01-25 20:52 - 00000000 ____D () C:\Users\Alysha\Desktop\Games
2015-01-25 20:29 - 2015-01-26 02:05 - 00000000 ____D () C:\ProgramData\374311380
2015-01-25 20:28 - 2015-01-25 20:28 - 00000000 ____D () C:\Program Files (x86)\RRobboSavero
2015-01-25 20:26 - 2015-01-25 20:26 - 00000000 ____D () C:\Program Files (x86)\Ieseaveer
2015-01-25 20:26 - 2015-01-25 20:26 - 00000000 ____D () C:\Program Files (x86)\deAlster
2015-01-25 20:25 - 2015-01-25 20:25 - 00000000 ____D () C:\Program Files (x86)\Happyi2uSiavEe
2015-01-25 20:22 - 2015-01-25 20:22 - 00000000 ____D () C:\Program Files (x86)\Reason

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 19:46 - 2014-05-12 00:51 - 00000102 _____ () C:\Users\Alysha\AppData\Roaming\WB.CFG
2015-01-26 06:46 - 2011-10-20 06:24 - 01236050 _____ () C:\windows\WindowsUpdate.log
2015-01-26 06:44 - 2011-10-20 13:02 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 06:42 - 2014-05-11 22:31 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 06:42 - 2014-05-11 22:31 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 06:42 - 2014-05-11 22:31 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-26 06:42 - 2014-05-11 22:31 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-26 06:31 - 2014-08-13 22:53 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-26 06:24 - 2014-06-30 18:13 - 00000000 ____D () C:\Program Files (x86)\video MediaPlayer
2015-01-26 06:08 - 2013-06-14 02:52 - 00000340 _____ () C:\windows\Tasks\HP Photo Creations Communicator.job
2015-01-26 05:50 - 2009-07-14 00:13 - 00781790 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-26 05:50 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 05:50 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-26 05:42 - 2014-07-07 15:54 - 00000288 _____ () C:\windows\Tasks\PerfMonitor_strtp.job
2015-01-26 05:42 - 2014-07-06 12:31 - 00001404 _____ () C:\windows\Tasks\ecd06da5-7041-4c5c-acbf-762244f49e9d-5_user.job
2015-01-26 05:42 - 2014-06-30 18:17 - 00001544 _____ () C:\windows\Tasks\5d2076bc-d559-4c68-aca0-29a2e5982b96-5_user.job
2015-01-26 05:42 - 2014-06-30 18:13 - 00000942 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-01-26 05:42 - 2013-06-08 15:53 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-01-26 05:42 - 2011-10-20 13:02 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 05:41 - 2010-11-20 22:47 - 00353538 _____ () C:\windows\PFRO.log
2015-01-26 05:41 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-26 05:41 - 2009-07-13 23:51 - 00104262 _____ () C:\windows\setupact.log
2015-01-26 05:17 - 2011-12-03 04:34 - 00000000 ____D () C:\ProgramData\AVG2012
2015-01-26 05:15 - 2011-12-03 04:01 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-26 05:13 - 2011-12-03 11:17 - 00000000 ___HD () C:\$AVG
2015-01-26 05:08 - 2013-06-19 21:23 - 00000000 ____D () C:\Users\Alysha\AppData\Roaming\Nico Mak Computing
2015-01-26 04:51 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-01-26 04:22 - 2013-07-19 04:00 - 00000000 ____D () C:\windows\system32\MRT
2015-01-26 03:51 - 2009-07-13 23:45 - 00340936 _____ () C:\windows\system32\FNTCACHE.DAT
2015-01-26 03:40 - 2011-12-03 03:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-26 03:22 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2015-01-26 02:11 - 2014-08-10 20:25 - 00001162 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-26 02:05 - 2014-07-07 15:32 - 00000000 ____D () C:\ProgramData\Radsteroids
2015-01-26 02:01 - 2014-07-04 20:20 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2015-01-26 02:01 - 2011-10-20 13:02 - 00000000 ____D () C:\Program Files\Google
2015-01-26 02:01 - 2011-10-20 13:02 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-26 01:20 - 2014-08-13 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-26 01:20 - 2014-08-13 22:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-25 20:50 - 2011-12-03 03:11 - 00000000 ____D () C:\ProgramData\HP
2015-01-25 20:50 - 2011-12-03 03:11 - 00000000 ____D () C:\Program Files (x86)\HP
2015-01-25 20:50 - 2011-12-03 03:10 - 00000000 ____D () C:\Program Files\HP
2015-01-25 20:49 - 2014-08-10 20:25 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-25 20:49 - 2013-06-01 13:06 - 00002270 _____ () C:\Users\Alysha\Desktop\Google Chrome.lnk
2015-01-25 20:49 - 2011-12-03 03:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-25 20:49 - 2011-11-30 19:01 - 00001428 _____ () C:\Users\Alysha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-25 20:49 - 2011-11-30 18:57 - 00000000 ____D () C:\Users\Alysha\AppData\Local\Google
2015-01-25 20:49 - 2011-10-20 13:02 - 00000000 ____D () C:\ProgramData\Google
2015-01-25 20:46 - 2011-10-20 12:56 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Games
2015-01-25 20:45 - 2011-10-20 12:56 - 00000000 ____D () C:\ProgramData\WildTangent
2015-01-25 20:45 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-25 20:44 - 2011-10-20 12:56 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-01-25 20:42 - 2012-05-21 12:31 - 00000000 ____D () C:\Users\Alysha\AppData\Roaming\WildTangent
2015-01-25 20:38 - 2012-01-30 17:29 - 00000000 ____D () C:\Program Files (x86)\uTorrentBar
2015-01-25 20:37 - 2014-05-24 15:32 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-01-25 20:28 - 2014-06-29 17:33 - 00000000 ____D () C:\Users\Alysha\AppData\Local\fst_ca_152
2015-01-25 20:28 - 2014-06-18 19:37 - 00000000 ____D () C:\ProgramData\1158fb9aa715ca0f
2014-12-31 13:12 - 2011-12-02 12:54 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-05-11 22:32 - 2014-05-24 15:33 - 0000320 _____ () C:\Users\Alysha\AppData\Roaming\aps.uninstall.scan.results
2014-07-08 12:00 - 2014-07-08 15:55 - 0005265 _____ () C:\Users\Alysha\AppData\Roaming\callbanner.png
2014-05-12 00:51 - 2015-01-26 19:46 - 0000102 _____ () C:\Users\Alysha\AppData\Roaming\WB.CFG
2014-05-11 22:36 - 2014-05-11 22:36 - 0301488 _____ (VuuPC Limited) C:\Users\Alysha\AppData\Local\nsr33EA.tmp
2015-01-26 05:11 - 2015-01-26 05:11 - 0045448 _____ () C:\ProgramData\1422267081.bdinstall.bin
2015-01-26 05:16 - 2015-01-26 05:16 - 0041760 _____ () C:\ProgramData\1422267390.3196.bin
2015-01-26 05:16 - 2015-01-26 05:16 - 0002055 _____ () C:\ProgramData\1422267390.4124.bin
2015-01-26 05:23 - 2015-01-26 05:23 - 0186815 _____ () C:\ProgramData\1422267727.bdinstall.bin
2015-01-26 05:38 - 2015-01-26 05:38 - 0037823 _____ () C:\ProgramData\1422268728.bdinstall.bin
2015-01-26 05:39 - 2015-01-26 05:39 - 0175507 _____ () C:\ProgramData\1422268733.bdinstall.bin
2015-01-26 05:43 - 2015-01-26 05:43 - 0037839 _____ () C:\ProgramData\1422268980.bdinstall.bin
2015-01-26 05:44 - 2015-01-26 05:44 - 0058633 _____ () C:\ProgramData\1422268984.bdinstall.bin
2011-12-03 03:09 - 2011-12-03 03:09 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Alysha\AppData\Local\Temp\ose00000.exe
C:\Users\Alysha\AppData\Local\Temp\rootsupd.exe
C:\Users\Alysha\AppData\Local\Temp\UNINSTALL.EXE


Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\avchv.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-31 13:49

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Alysha at 2015-01-26 06:59:13
Running from C:\Users\Alysha\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 ActiveX (HKLM-x32\...\{41042E28-CCA1-4147-869F-9E928B38F04C}) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)
Any Media Converter (HKLM-x32\...\Any Media Converter) (Version: 1.14 - Any Media Converter) <==== ATTENTION!
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{4ACA5AE7-E68C-5A48-F8E6-D67946267506}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP Photo Creations)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
InterActual Player (HKLM-x32\...\InterActual Player) (Version:  - )
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LibraryInstance (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{1ca156e3}) (Version:  - Software Publisher) <==== ATTENTION
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 32.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Pro PC Cleaner (HKLM-x32\...\{23497AFC-382C-417E-AC1F-42D98A5A8ADA}) (Version: 2.5.6 - Rainmaker Software Group LLC.)
Radsteroids (HKLM-x32\...\Radsteroids) (Version: 2.7.19 - Deals Interactive Media, LLC)
RegClean-Pro (HKLM-x32\...\RegClean-Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
Roller Coaster Tycoon 2 (HKLM-x32\...\Roller Coaster Tycoon 2) (Version:  - )
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\{99ED6D18-AF6B-4443-31C2-AAC299D5D048}) (Version: 1.0 - )
Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.12349 - Aztec Media Inc) <==== ATTENTION
Should I Remove It (HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Snap.Do (HKLM-x32\...\{F97A8857-2A38-4CE9-A53A-F07E491F2DA8}) (Version: 11.77.1.17697 - ReSoft Ltd.) <==== ATTENTION
Supporter 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}) (Version:  - SaveClicker) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.1 - Synaptics Incorporated)
System Optimizer Pro (HKLM\...\System Optimizer Pro) (Version: 1.0 - 383 Media, Inc.) <==== ATTENTION
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}) (Version: 2.0.16.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{80F696E0-AB85-433E-99E3-8CC6D98CF167}) (Version: 8.0.35 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.14 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.45 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.07 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.22.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.1.1 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CA5CF466-CAE3-4D99-8BB4-C80F4AC55028}) (Version: 1.0.2 - TOSHIBA CORPORATION)
TuneUp 2.4.8.5 (HKLM-x32\...\TuneUpMedia) (Version: 2.4.8.5 - TuneUp Media, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Web Assistant 2.0.0.600 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version: 2.0.0.600 - IncrediBar) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

29-08-2014 20:42:19 Windows Update
11-09-2014 22:40:40 Windows Update
25-01-2015 20:19:34 Installed Should I Remove It
25-01-2015 20:38:22 Removed HP Deskjet 3050A J611 series Help
25-01-2015 20:48:10 Removed HP Deskjet 3050A J611 series Basic Device Software
26-01-2015 03:01:36 Windows Update
26-01-2015 04:21:23 Windows Update
26-01-2015 04:47:31 Checkpoint by HitmanPro
26-01-2015 04:48:31 Checkpoint by HitmanPro
26-01-2015 05:06:56 WinZip Registry Optimizer Mon, Jan 26, 15  05:06
26-01-2015 05:11:53 Removed AVG 2012
26-01-2015 05:14:25 Removed AVG 2012

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {074BE6D4-DAFD-49B9-A678-08184AAB876E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {10CBB72F-905B-413C-9588-6E0599C4EFD9} - \5d2076bc-d559-4c68-aca0-29a2e5982b96-5_user No Task File <==== ATTENTION
Task: {2E6258B2-98E5-4381-BE92-0ED39A7ECF23} - \ecd06da5-7041-4c5c-acbf-762244f49e9d-5_user No Task File <==== ATTENTION
Task: {61D439EF-7116-4C2C-9FA7-C9615DBD2BB0} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-06-03] (TOSHIBA CORPORATION)
Task: {6B17F106-F02A-41D1-9F95-2E09FD41176E} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-06-14] ()
Task: {744D259F-0F06-4C6E-9E02-04508C5F59A9} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{93F60A17-7585-452C-AB3C-7B557FFEF3FA}.exe
Task: {7B30F967-05FA-45B9-8C88-59637C4E9C0C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20] (Google Inc.)
Task: {89627367-43D4-4678-ABDC-B6DFCE657AFC} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {8F2A4A6A-CD77-477E-83ED-D25A0C809F78} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-26] (Adobe Systems Incorporated)
Task: {C1CBB365-D4C5-40E9-8709-2E9B0222FDCF} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {CD36C117-A5DE-4033-9213-5373A17EDBF5} - System32\Tasks\{7AD44212-DF08-4CB7-95B6-C3C4D8F0717C} => pcalua.exe -a C:\Users\Alysha\AppData\Roaming\istart123\UninstallManager.exe -c  -ptid=tt4u
Task: {D6E18488-65FF-4206-A678-4A6213E7D301} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
Task: {D858E40D-2EFB-4FDE-B967-69C93C34F5AE} - System32\Tasks\PerfMonitor_strtp => C:\Program Files (x86)\Optimizer Elite Max\PerformanceMonitor.exe <==== ATTENTION
Task: {E39FE271-0E44-4F48-B07F-6DBC2F0A68CE} - System32\Tasks\{0292252A-A284-4587-B3D6-522A7A44213A} => pcalua.exe -a C:\ProgramData\Radsteroids\uninstall.exe -c /kb=y /ic=1
Task: {ECE0D3B8-E659-4FC0-8C6C-102F71009177} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FED29064-7F57-4E04-A082-02F0941999B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20] (Google Inc.)
Task: C:\windows\Tasks\5d2076bc-d559-4c68-aca0-29a2e5982b96-5_user.job => C:\Program Files (x86)\video MediaPlayer\5d2076bc-d559-4c68-aca0-29a2e5982b96-5.exe <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{93F60A17-7585-452C-AB3C-7B557FFEF3FA}.exe
Task: C:\windows\Tasks\ecd06da5-7041-4c5c-acbf-762244f49e9d-5_user.job => C:\Program Files (x86)\Torntv V9.0\ecd06da5-7041-4c5c-acbf-762244f49e9d-5.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\windows\Tasks\PerfMonitor_strtp.job => C:\Program Files (x86)\Optimizer Elite Max\PerformanceMonitor.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-02-06 02:52 - 2014-02-06 02:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 02:52 - 2014-02-06 02:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-17 16:13 - 2014-09-17 16:15 - 03716720 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: (default) =>
MSCONFIG\startupreg: 00TCrdMain => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
MSCONFIG\startupreg: ETDCtrl => C:\Program Files\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: SmartFaceVWatcher => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => C:\Program Files\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: ToshibaServiceStation => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
MSCONFIG\startupreg: TosNC => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TPwrMain => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1580903306-1420406646-1734795358-500 - Administrator - Disabled)
Alysha (S-1-5-21-1580903306-1420406646-1734795358-1000 - Administrator - Enabled) => C:\Users\Alysha
Guest (S-1-5-21-1580903306-1420406646-1734795358-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1580903306-1420406646-1734795358-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-06-19 22:13:48.703
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-19 22:06:53.731
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-19 21:31:42.138
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD E-450 APU with Radeon HD Graphics
Percentage of memory in use: 35%
Total physical RAM: 3686.87 MB
Available physical RAM: 2393.24 MB
Total Pagefile: 7371.92 MB
Available Pagefile: 5811.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (S3A8666D006) (Fixed) (Total:433.54 GB) (Free:283.15 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: D2F26588)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=433.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.8 GB) - (Type=17)
Partition 4: (Not Active) - (Size=10.9 GB) - (Type=17)

==================== End Of Log ============================

 

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.

Link to post
Share on other sites

Thank you for helping.

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-01-26 07:35:33
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK5065GSXN rev.GH101M 465.76GB
Running: ye5644gt.exe; Driver: C:\Users\Alysha\AppData\Local\Temp\uwliqpod.sys


---- Threads - GMER 2.1 ----

Thread  C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3840:2296]  0000000077c13e85
Thread  C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3840:2324]  00000000756b7587
Thread  C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3840:3460]  000000006ea47712
Thread  C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3840:2844]  0000000077c12e65
Thread  C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3840:3344]  0000000077c13e85
Thread  C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3840:1032]  0000000077c13e85

---- EOF - GMER 2.1 ----
 

07:41:01.0017 0x0730  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:0407:41:06.0165 0x0730  ============================================================07:41:06.0165 0x0730  Current date / time: 2015/01/26 07:41:06.016507:41:06.0165 0x0730  SystemInfo:07:41:06.0165 0x0730  07:41:06.0165 0x0730  OS Version: 6.1.7601 ServicePack: 1.007:41:06.0165 0x0730  Product type: Workstation07:41:06.0165 0x0730  ComputerName: ALYSHA-PC07:41:06.0165 0x0730  UserName: Alysha07:41:06.0165 0x0730  Windows directory: C:\windows07:41:06.0165 0x0730  System windows directory: C:\windows07:41:06.0165 0x0730  Running under WOW6407:41:06.0165 0x0730  Processor architecture: Intel x6407:41:06.0165 0x0730  Number of processors: 207:41:06.0165 0x0730  Page size: 0x100007:41:06.0165 0x0730  Boot type: Normal boot07:41:06.0165 0x0730  ============================================================07:41:08.0349 0x0730  KLMD registered as C:\windows\system32\drivers\51896361.sys07:41:08.0817 0x0730  System UUID: {BEB60A79-36E1-A7DA-0CFA-356275F82E7B}07:41:09.0940 0x0730  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004007:41:10.0034 0x0730  ============================================================07:41:10.0034 0x0730  \Device\Harddisk0\DR0:07:41:10.0034 0x0730  MBR partitions:07:41:10.0034 0x0730  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x3631580007:41:10.0034 0x0730  ============================================================07:41:10.0081 0x0730  C: <-> \Device\Harddisk0\DR0\Partition107:41:10.0081 0x0730  ============================================================07:41:10.0081 0x0730  Initialize success07:41:10.0081 0x0730  ============================================================07:41:16.0695 0x0cc8  ============================================================07:41:16.0695 0x0cc8  Scan started07:41:16.0695 0x0cc8  Mode: Manual; 07:41:16.0695 0x0cc8  ============================================================07:41:16.0695 0x0cc8  KSN ping started07:41:19.0581 0x0cc8  KSN ping finished: true07:41:21.0094 0x0cc8  ================ Scan system memory ========================07:41:21.0094 0x0cc8  System memory - ok07:41:21.0094 0x0cc8  ================ Scan services =============================07:41:21.0250 0x0cc8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys07:41:21.0266 0x0cc8  1394ohci - ok07:41:21.0391 0x0cc8  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] 1ca156e3        C:\windows\system32\rundll32.exe07:41:21.0391 0x0cc8  1ca156e3 - ok07:41:21.0437 0x0cc8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys07:41:21.0453 0x0cc8  ACPI - ok07:41:21.0500 0x0cc8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys07:41:21.0500 0x0cc8  AcpiPmi - ok07:41:21.0609 0x0cc8  [ A2A9C100FE1BE20A76C0B80D4CA44103, C34B4A31C8563E29EC6A3D318C40075F43C891C23D156F53EE2102C959B7887F ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe07:41:21.0625 0x0cc8  AdobeFlashPlayerUpdateSvc - ok07:41:21.0687 0x0cc8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys07:41:21.0718 0x0cc8  adp94xx - ok07:41:21.0781 0x0cc8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\drivers\adpahci.sys07:41:21.0796 0x0cc8  adpahci - ok07:41:21.0843 0x0cc8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\drivers\adpu320.sys07:41:21.0859 0x0cc8  adpu320 - ok07:41:21.0921 0x0cc8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll07:41:21.0921 0x0cc8  AeLookupSvc - ok07:41:22.0015 0x0cc8  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\windows\system32\drivers\afd.sys07:41:22.0030 0x0cc8  AFD - ok07:41:22.0077 0x0cc8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys07:41:22.0093 0x0cc8  agp440 - ok07:41:22.0124 0x0cc8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe07:41:22.0124 0x0cc8  ALG - ok07:41:22.0186 0x0cc8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys07:41:22.0186 0x0cc8  aliide - ok07:41:22.0233 0x0cc8  [ 2F2E91FD092811353C3BC968BEC274D8, F71D4C1C54FF5163AFB5603529F7F9950BBBC09FBDFEB24E404AEF77F416691A ] AMD External Events Utility C:\windows\system32\atiesrxx.exe07:41:22.0249 0x0cc8  AMD External Events Utility - ok07:41:22.0295 0x0cc8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys07:41:22.0295 0x0cc8  amdide - ok07:41:22.0342 0x0cc8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\drivers\amdk8.sys07:41:22.0342 0x0cc8  AmdK8 - ok07:41:22.0919 0x0cc8  [ 194D76D2083318A2E7071A988E02ECF4, DC989BBA41446EB5306C876AE3301A7E67F03EBA43C7FDBE9AB01784895514F6 ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys07:41:23.0543 0x0cc8  amdkmdag - ok07:41:23.0684 0x0cc8  [ 1EEFFCE9A3A65A56A28793EAA3F57026, 9ED49D049713813A69131D0E06DBF13F08D227BD4348A505A5AAB4763C4C7CBE ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys07:41:23.0699 0x0cc8  amdkmdap - ok07:41:23.0731 0x0cc8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys07:41:23.0731 0x0cc8  AmdPPM - ok07:41:23.0793 0x0cc8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys07:41:23.0809 0x0cc8  amdsata - ok07:41:23.0840 0x0cc8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys07:41:23.0855 0x0cc8  amdsbs - ok07:41:23.0887 0x0cc8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys07:41:23.0902 0x0cc8  amdxata - ok07:41:23.0933 0x0cc8  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys07:41:23.0933 0x0cc8  AppID - ok07:41:23.0965 0x0cc8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll07:41:23.0980 0x0cc8  AppIDSvc - ok07:41:24.0027 0x0cc8  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll07:41:24.0027 0x0cc8  Appinfo - ok07:41:24.0167 0x0cc8  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe07:41:24.0167 0x0cc8  Apple Mobile Device - ok07:41:24.0214 0x0cc8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\drivers\arc.sys07:41:24.0214 0x0cc8  arc - ok07:41:24.0245 0x0cc8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys07:41:24.0245 0x0cc8  arcsas - ok07:41:24.0386 0x0cc8  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe07:41:24.0401 0x0cc8  aspnet_state - ok07:41:24.0417 0x0cc8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys07:41:24.0417 0x0cc8  AsyncMac - ok07:41:24.0479 0x0cc8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys07:41:24.0479 0x0cc8  atapi - ok07:41:24.0557 0x0cc8  [ FC0E8778C000291CAF60EB88C011E931, 09BCCA3DE01021AEF76DFB46F01D21BA6FF409E816FA7547E5C3DFBF3A615ED2 ] atksgt          C:\windows\system32\DRIVERS\atksgt.sys07:41:24.0573 0x0cc8  atksgt - ok07:41:24.0651 0x0cc8  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll07:41:24.0682 0x0cc8  AudioEndpointBuilder - ok07:41:24.0713 0x0cc8  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\windows\System32\Audiosrv.dll07:41:24.0745 0x0cc8  AudioSrv - ok07:41:24.0854 0x0cc8  [ AAE1DAE483DD57D0E267FCA42FCB5133, CB0A2DE350E975015C4601F66294B54DEFA9708082272DCB57E1BBB288ACE280 ] avc3            C:\windows\system32\DRIVERS\avc3.sys07:41:24.0885 0x0cc8  avc3 - ok07:41:24.0994 0x0cc8  [ 8183B715BD56561C27BEBB68B1192B7A, 19C65D0684D24956CDB3A3369AFFF4ECAC3FB7D2AA38ED41AD75AF3DDDFE882B ] avckf           C:\windows\system32\DRIVERS\avckf.sys07:41:25.0025 0x0cc8  avckf - ok07:41:25.0057 0x0cc8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll07:41:25.0072 0x0cc8  AxInstSV - ok07:41:25.0119 0x0cc8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys07:41:25.0150 0x0cc8  b06bdrv - ok07:41:25.0197 0x0cc8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys07:41:25.0213 0x0cc8  b57nd60a - ok07:41:25.0244 0x0cc8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll07:41:25.0259 0x0cc8  BDESVC - ok07:41:25.0462 0x0cc8  [ C0247341C1BCD7FF2742821D0AD7AFBC, EC2B246F3233302DB540394AC0F11F294CA16FB9E44110126CC9807BAC20EA35 ] bdfwfpf         C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys07:41:25.0462 0x0cc8  bdfwfpf - ok07:41:25.0493 0x0cc8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys07:41:25.0493 0x0cc8  Beep - ok07:41:25.0571 0x0cc8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll07:41:25.0603 0x0cc8  BFE - ok07:41:25.0681 0x0cc8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\System32\qmgr.dll07:41:25.0712 0x0cc8  BITS - ok07:41:25.0743 0x0cc8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys07:41:25.0743 0x0cc8  blbdrive - ok07:41:25.0837 0x0cc8  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe07:41:25.0852 0x0cc8  Bonjour Service - ok07:41:25.0930 0x0cc8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys07:41:25.0930 0x0cc8  bowser - ok07:41:25.0961 0x0cc8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys07:41:25.0961 0x0cc8  BrFiltLo - ok07:41:25.0961 0x0cc8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys07:41:25.0977 0x0cc8  BrFiltUp - ok07:41:26.0024 0x0cc8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll07:41:26.0024 0x0cc8  Browser - ok07:41:26.0039 0x0cc8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys07:41:26.0055 0x0cc8  Brserid - ok07:41:26.0071 0x0cc8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys07:41:26.0071 0x0cc8  BrSerWdm - ok07:41:26.0086 0x0cc8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys07:41:26.0086 0x0cc8  BrUsbMdm - ok07:41:26.0102 0x0cc8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys07:41:26.0102 0x0cc8  BrUsbSer - ok07:41:26.0133 0x0cc8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys07:41:26.0133 0x0cc8  BTHMODEM - ok07:41:26.0180 0x0cc8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll07:41:26.0180 0x0cc8  bthserv - ok07:41:26.0383 0x0cc8  [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe07:41:26.0445 0x0cc8  c2cautoupdatesvc - ok07:41:26.0617 0x0cc8  [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe07:41:26.0710 0x0cc8  c2cpnrsvc - ok07:41:26.0741 0x0cc8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys07:41:26.0741 0x0cc8  cdfs - ok07:41:26.0788 0x0cc8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys07:41:26.0804 0x0cc8  cdrom - ok07:41:26.0851 0x0cc8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll07:41:26.0851 0x0cc8  CertPropSvc - ok07:41:26.0944 0x0cc8  [ 41E7C4FA6491747402CFCA77CC1C7AAB, 676CD982A0D33B60A646AC7C0158F7421E395C8B4B12E544C55AF5C09E470CC5 ] cfWiMAXService  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe07:41:26.0960 0x0cc8  cfWiMAXService - ok07:41:26.0991 0x0cc8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys07:41:26.0991 0x0cc8  circlass - ok07:41:27.0053 0x0cc8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys07:41:27.0069 0x0cc8  CLFS - ok07:41:27.0147 0x0cc8  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe07:41:27.0147 0x0cc8  clr_optimization_v2.0.50727_32 - ok07:41:27.0209 0x0cc8  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe07:41:27.0209 0x0cc8  clr_optimization_v2.0.50727_64 - ok07:41:27.0319 0x0cc8  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe07:41:27.0350 0x0cc8  clr_optimization_v4.0.30319_32 - ok07:41:27.0381 0x0cc8  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe07:41:27.0397 0x0cc8  clr_optimization_v4.0.30319_64 - ok07:41:27.0428 0x0cc8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys07:41:27.0428 0x0cc8  CmBatt - ok07:41:27.0475 0x0cc8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys07:41:27.0475 0x0cc8  cmdide - ok07:41:27.0553 0x0cc8  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\windows\system32\Drivers\cng.sys07:41:27.0568 0x0cc8  CNG - ok07:41:27.0615 0x0cc8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\drivers\compbatt.sys07:41:27.0615 0x0cc8  Compbatt - ok07:41:27.0646 0x0cc8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys07:41:27.0646 0x0cc8  CompositeBus - ok07:41:27.0662 0x0cc8  COMSysApp - ok07:41:27.0709 0x0cc8  [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe07:41:27.0709 0x0cc8  ConfigFree Service - ok07:41:27.0755 0x0cc8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys07:41:27.0755 0x0cc8  crcdisk - ok07:41:27.0818 0x0cc8  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\windows\system32\cryptsvc.dll07:41:27.0833 0x0cc8  CryptSvc - ok07:41:27.0896 0x0cc8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll07:41:27.0911 0x0cc8  DcomLaunch - ok07:41:27.0958 0x0cc8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll07:41:27.0974 0x0cc8  defragsvc - ok07:41:28.0005 0x0cc8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys07:41:28.0021 0x0cc8  DfsC - ok07:41:28.0067 0x0cc8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll07:41:28.0083 0x0cc8  Dhcp - ok07:41:28.0114 0x0cc8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys07:41:28.0114 0x0cc8  discache - ok07:41:28.0161 0x0cc8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys07:41:28.0161 0x0cc8  Disk - ok07:41:28.0223 0x0cc8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll07:41:28.0239 0x0cc8  Dnscache - ok07:41:28.0286 0x0cc8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll07:41:28.0286 0x0cc8  dot3svc - ok07:41:28.0333 0x0cc8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll07:41:28.0348 0x0cc8  DPS - ok07:41:28.0395 0x0cc8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys07:41:28.0411 0x0cc8  drmkaud - ok07:41:28.0504 0x0cc8  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys07:41:28.0551 0x0cc8  DXGKrnl - ok07:41:28.0582 0x0cc8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll07:41:28.0598 0x0cc8  EapHost - ok07:41:28.0816 0x0cc8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\drivers\evbda.sys07:41:29.0003 0x0cc8  ebdrv - ok07:41:29.0066 0x0cc8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\windows\System32\lsass.exe07:41:29.0066 0x0cc8  EFS - ok07:41:29.0159 0x0cc8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe07:41:29.0191 0x0cc8  ehRecvr - ok07:41:29.0237 0x0cc8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe07:41:29.0237 0x0cc8  ehSched - ok07:41:29.0300 0x0cc8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\drivers\elxstor.sys07:41:29.0315 0x0cc8  elxstor - ok07:41:29.0347 0x0cc8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys07:41:29.0347 0x0cc8  ErrDev - ok07:41:29.0409 0x0cc8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll07:41:29.0425 0x0cc8  EventSystem - ok07:41:29.0456 0x0cc8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys07:41:29.0471 0x0cc8  exfat - ok07:41:29.0518 0x0cc8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys07:41:29.0518 0x0cc8  fastfat - ok07:41:29.0612 0x0cc8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe07:41:29.0643 0x0cc8  Fax - ok07:41:29.0674 0x0cc8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\drivers\fdc.sys07:41:29.0674 0x0cc8  fdc - ok07:41:29.0721 0x0cc8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll07:41:29.0721 0x0cc8  fdPHost - ok07:41:29.0737 0x0cc8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll07:41:29.0752 0x0cc8  FDResPub - ok07:41:29.0783 0x0cc8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys07:41:29.0783 0x0cc8  FileInfo - ok07:41:29.0815 0x0cc8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys07:41:29.0815 0x0cc8  Filetrace - ok07:41:29.0846 0x0cc8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys07:41:29.0846 0x0cc8  flpydisk - ok07:41:29.0893 0x0cc8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys07:41:29.0924 0x0cc8  FltMgr - ok07:41:30.0033 0x0cc8  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\windows\system32\FntCache.dll07:41:30.0095 0x0cc8  FontCache - ok07:41:30.0142 0x0cc8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe07:41:30.0142 0x0cc8  FontCache3.0.0.0 - ok07:41:30.0173 0x0cc8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys07:41:30.0173 0x0cc8  FsDepends - ok07:41:30.0236 0x0cc8  [ 07DA62C960DDCCC2D35836AEAB4FC578, C67A29E928AF59BF7FB573FAC2176C5598F595406AA90DDB4A364A15BC89A6C4 ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys07:41:30.0236 0x0cc8  fssfltr - ok07:41:30.0392 0x0cc8  [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe07:41:30.0470 0x0cc8  fsssvc - ok07:41:30.0517 0x0cc8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys07:41:30.0517 0x0cc8  Fs_Rec - ok07:41:30.0579 0x0cc8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys07:41:30.0595 0x0cc8  fvevol - ok07:41:30.0641 0x0cc8  [ 60ACB128E64C35C2B4E4AAB1B0A5C293, 7B476AB5E95529A894F95397C753662F4C58D1FE89F4648271251DA77C5A3FA9 ] FwLnk           C:\windows\system32\DRIVERS\FwLnk.sys07:41:30.0657 0x0cc8  FwLnk - ok07:41:30.0688 0x0cc8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys07:41:30.0704 0x0cc8  gagp30kx - ok07:41:30.0735 0x0cc8  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys07:41:30.0751 0x0cc8  GEARAspiWDM - ok07:41:30.0782 0x0cc8  globalUpdate - ok07:41:30.0797 0x0cc8  globalUpdatem - ok07:41:30.0875 0x0cc8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll07:41:30.0907 0x0cc8  gpsvc - ok07:41:31.0016 0x0cc8  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe07:41:31.0031 0x0cc8  gupdate - ok07:41:31.0063 0x0cc8  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe07:41:31.0063 0x0cc8  gupdatem - ok07:41:31.0109 0x0cc8  [ 408B664926675C270D911160F1631D6B, 6BF7E613B708E2E81916DE6C83256F969797B9D039C16A20003541D698055BC7 ] gzflt           C:\windows\system32\DRIVERS\gzflt.sys07:41:31.0109 0x0cc8  gzflt - ok07:41:31.0187 0x0cc8  [ B5CBEB9EB25A8230463037A647BC1469, 03643B05F9309ED4EF415CB6455D8B1FC39707745982C31AF0A42398C5A30B52 ] gzserv          C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe07:41:31.0187 0x0cc8  gzserv - ok07:41:31.0219 0x0cc8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys07:41:31.0234 0x0cc8  hcw85cir - ok07:41:31.0281 0x0cc8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys07:41:31.0297 0x0cc8  HdAudAddService - ok07:41:31.0328 0x0cc8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys07:41:31.0343 0x0cc8  HDAudBus - ok07:41:31.0359 0x0cc8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys07:41:31.0359 0x0cc8  HidBatt - ok07:41:31.0390 0x0cc8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\drivers\hidbth.sys07:41:31.0390 0x0cc8  HidBth - ok07:41:31.0406 0x0cc8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\drivers\hidir.sys07:41:31.0406 0x0cc8  HidIr - ok07:41:31.0437 0x0cc8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\system32\hidserv.dll07:41:31.0437 0x0cc8  hidserv - ok07:41:31.0484 0x0cc8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\drivers\hidusb.sys07:41:31.0499 0x0cc8  HidUsb - ok07:41:31.0577 0x0cc8  [ 1474511588FA04EC0009D83C38EDBFB3, 1FE4CC1030B7CD7DC1FA1A6EE5DCA5494AF5013F37B6C158D3370439AB5D3925 ] hitmanpro37     C:\windows\system32\drivers\hitmanpro37.sys07:41:31.0577 0x0cc8  hitmanpro37 - ok07:41:31.0609 0x0cc8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll07:41:31.0609 0x0cc8  hkmsvc - ok07:41:31.0655 0x0cc8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll07:41:31.0671 0x0cc8  HomeGroupListener - ok07:41:31.0702 0x0cc8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll07:41:31.0702 0x0cc8  HomeGroupProvider - ok07:41:31.0749 0x0cc8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys07:41:31.0749 0x0cc8  HpSAMD - ok07:41:31.0811 0x0cc8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys07:41:31.0843 0x0cc8  HTTP - ok07:41:31.0874 0x0cc8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys07:41:31.0889 0x0cc8  hwpolicy - ok07:41:31.0921 0x0cc8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys07:41:31.0936 0x0cc8  i8042prt - ok07:41:32.0014 0x0cc8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys07:41:32.0045 0x0cc8  iaStorV - ok07:41:32.0201 0x0cc8  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe07:41:32.0233 0x0cc8  idsvc - ok07:41:32.0264 0x0cc8  IEEtwCollectorService - ok07:41:32.0311 0x0cc8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\drivers\iirsp.sys07:41:32.0326 0x0cc8  iirsp - ok07:41:32.0404 0x0cc8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll07:41:32.0451 0x0cc8  IKEEXT - ok07:41:32.0498 0x0cc8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys07:41:32.0498 0x0cc8  intelide - ok07:41:32.0545 0x0cc8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\drivers\intelppm.sys07:41:32.0545 0x0cc8  intelppm - ok07:41:32.0591 0x0cc8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll07:41:32.0591 0x0cc8  IPBusEnum - ok07:41:32.0623 0x0cc8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys07:41:32.0623 0x0cc8  IpFilterDriver - ok07:41:32.0701 0x0cc8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll07:41:32.0732 0x0cc8  iphlpsvc - ok07:41:32.0747 0x0cc8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys07:41:32.0763 0x0cc8  IPMIDRV - ok07:41:32.0794 0x0cc8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys07:41:32.0810 0x0cc8  IPNAT - ok07:41:32.0950 0x0cc8  [ 835FC2EA0631B734BB06C12B0665F01D, B8A8B0148C6C3AFC40835B44E3D6508CB9EEE8AC430A7904711C8B51C2116A8D ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe07:41:32.0981 0x0cc8  iPod Service - ok07:41:32.0997 0x0cc8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys07:41:33.0013 0x0cc8  IRENUM - ok07:41:33.0044 0x0cc8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys07:41:33.0044 0x0cc8  isapnp - ok07:41:33.0091 0x0cc8  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys07:41:33.0106 0x0cc8  iScsiPrt - ok07:41:33.0137 0x0cc8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys07:41:33.0137 0x0cc8  kbdclass - ok07:41:33.0169 0x0cc8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys07:41:33.0184 0x0cc8  kbdhid - ok07:41:33.0200 0x0cc8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\windows\system32\lsass.exe07:41:33.0200 0x0cc8  KeyIso - ok07:41:33.0247 0x0cc8  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys07:41:33.0262 0x0cc8  KSecDD - ok07:41:33.0309 0x0cc8  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys07:41:33.0325 0x0cc8  KSecPkg - ok07:41:33.0371 0x0cc8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys07:41:33.0371 0x0cc8  ksthunk - ok07:41:33.0434 0x0cc8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll07:41:33.0449 0x0cc8  KtmRm - ok07:41:33.0496 0x0cc8  [ 655A5D8E80869781CCE23760ADA7E695, 86DA2FC5DBA28762A89BC70D9DA0F370FC4A9F4F28E6802AD5972C387F4EEFD3 ] L1C             C:\windows\system32\DRIVERS\L1C62x64.sys07:41:33.0512 0x0cc8  L1C - ok07:41:33.0559 0x0cc8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\system32\srvsvc.dll07:41:33.0559 0x0cc8  LanmanServer - ok07:41:33.0605 0x0cc8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll07:41:33.0605 0x0cc8  LanmanWorkstation - ok07:41:33.0668 0x0cc8  [ 156AB2E56DC3CA0B582E3362E07CDED7, 7B03929273861690DC42E4C686E655BE5A1C60136AE5E739D7E62306AFD4AB9A ] lirsgt          C:\windows\system32\DRIVERS\lirsgt.sys07:41:33.0668 0x0cc8  lirsgt - ok07:41:33.0699 0x0cc8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys07:41:33.0699 0x0cc8  lltdio - ok07:41:33.0761 0x0cc8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll07:41:33.0777 0x0cc8  lltdsvc - ok07:41:33.0793 0x0cc8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll07:41:33.0793 0x0cc8  lmhosts - ok07:41:33.0839 0x0cc8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys07:41:33.0839 0x0cc8  LSI_FC - ok07:41:33.0886 0x0cc8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys07:41:33.0902 0x0cc8  LSI_SAS - ok07:41:33.0917 0x0cc8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys07:41:33.0933 0x0cc8  LSI_SAS2 - ok07:41:33.0949 0x0cc8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys07:41:33.0964 0x0cc8  LSI_SCSI - ok07:41:33.0995 0x0cc8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys07:41:34.0011 0x0cc8  luafv - ok07:41:34.0089 0x0cc8  [ CA43F8904E24BBE49982E4C0B29E6579, 2E3E6D02980706061C478C1643F8838310DDAC573C8722AE7F3290CE36B02CB2 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys07:41:34.0089 0x0cc8  MBAMProtector - ok07:41:34.0261 0x0cc8  [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe07:41:34.0339 0x0cc8  MBAMScheduler - ok07:41:34.0463 0x0cc8  [ 5F82D8188B370B0CF185D4AE2B9B4A0E, 549B53DD989A069E1C38347C4CEF5283DF9B428CE102799B06A20D3D8F23825F ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe07:41:34.0510 0x0cc8  MBAMService - ok07:41:34.0573 0x0cc8  [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy   C:\windows\system32\drivers\MBAMSwissArmy.sys07:41:34.0573 0x0cc8  MBAMSwissArmy - ok07:41:34.0635 0x0cc8  [ A646C2DDB8C46E9B20A326FAF566646C, F46E3BF392CB4EB53D323BC8CC41EFBB9C5D7C935FECF255F524EB18583A2A37 ] MBAMWebAccessControl C:\windows\system32\drivers\mwac.sys07:41:34.0651 0x0cc8  MBAMWebAccessControl - ok07:41:34.0666 0x0cc8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll07:41:34.0682 0x0cc8  Mcx2Svc - ok07:41:34.0697 0x0cc8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\drivers\megasas.sys07:41:34.0713 0x0cc8  megasas - ok07:41:34.0744 0x0cc8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys07:41:34.0760 0x0cc8  MegaSR - ok07:41:34.0791 0x0cc8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll07:41:34.0807 0x0cc8  MMCSS - ok07:41:34.0822 0x0cc8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys07:41:34.0822 0x0cc8  Modem - ok07:41:34.0853 0x0cc8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys07:41:34.0853 0x0cc8  monitor - ok07:41:34.0885 0x0cc8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys07:41:34.0900 0x0cc8  mouclass - ok07:41:34.0931 0x0cc8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys07:41:34.0931 0x0cc8  mouhid - ok07:41:34.0947 0x0cc8  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys07:41:34.0963 0x0cc8  mountmgr - ok07:41:35.0025 0x0cc8  [ 817EFA0406E506784AB734CFB7DBD28E, 301C14DFCFE9AA27E93A5161E3BA74A8139EA8778FC9C4AA16623B673B6DD58F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe07:41:35.0025 0x0cc8  MozillaMaintenance - ok07:41:35.0072 0x0cc8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys07:41:35.0072 0x0cc8  mpio - ok07:41:35.0103 0x0cc8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys07:41:35.0119 0x0cc8  mpsdrv - ok07:41:35.0197 0x0cc8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll07:41:35.0228 0x0cc8  MpsSvc - ok07:41:35.0290 0x0cc8  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys07:41:35.0290 0x0cc8  MRxDAV - ok07:41:35.0353 0x0cc8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys07:41:35.0353 0x0cc8  mrxsmb - ok07:41:35.0384 0x0cc8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys07:41:35.0399 0x0cc8  mrxsmb10 - ok07:41:35.0431 0x0cc8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys07:41:35.0431 0x0cc8  mrxsmb20 - ok07:41:35.0493 0x0cc8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys07:41:35.0493 0x0cc8  msahci - ok07:41:35.0540 0x0cc8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys07:41:35.0540 0x0cc8  msdsm - ok07:41:35.0571 0x0cc8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe07:41:35.0571 0x0cc8  MSDTC - ok07:41:35.0618 0x0cc8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys07:41:35.0618 0x0cc8  Msfs - ok07:41:35.0633 0x0cc8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys07:41:35.0633 0x0cc8  mshidkmdf - ok07:41:35.0665 0x0cc8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys07:41:35.0665 0x0cc8  msisadrv - ok07:41:35.0711 0x0cc8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll07:41:35.0711 0x0cc8  MSiSCSI - ok07:41:35.0727 0x0cc8  msiserver - ok07:41:35.0758 0x0cc8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys07:41:35.0758 0x0cc8  MSKSSRV - ok07:41:35.0774 0x0cc8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys07:41:35.0789 0x0cc8  MSPCLOCK - ok07:41:35.0805 0x0cc8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys07:41:35.0805 0x0cc8  MSPQM - ok07:41:35.0852 0x0cc8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys07:41:35.0867 0x0cc8  MsRPC - ok07:41:35.0914 0x0cc8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys07:41:35.0914 0x0cc8  mssmbios - ok07:41:35.0961 0x0cc8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys07:41:35.0961 0x0cc8  MSTEE - ok07:41:35.0977 0x0cc8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys07:41:35.0977 0x0cc8  MTConfig - ok07:41:36.0008 0x0cc8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys07:41:36.0008 0x0cc8  Mup - ok07:41:36.0055 0x0cc8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll07:41:36.0086 0x0cc8  napagent - ok07:41:36.0148 0x0cc8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys07:41:36.0164 0x0cc8  NativeWifiP - ok07:41:36.0273 0x0cc8  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys07:41:36.0304 0x0cc8  NDIS - ok07:41:36.0351 0x0cc8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys07:41:36.0367 0x0cc8  NdisCap - ok07:41:36.0398 0x0cc8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys07:41:36.0398 0x0cc8  NdisTapi - ok07:41:36.0413 0x0cc8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys07:41:36.0429 0x0cc8  Ndisuio - ok07:41:36.0445 0x0cc8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys07:41:36.0460 0x0cc8  NdisWan - ok07:41:36.0476 0x0cc8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys07:41:36.0491 0x0cc8  NDProxy - ok07:41:36.0523 0x0cc8  [ 6F4607E2333FE21E9E3FF8133A88B35B, F7B7B262D85D03552A8D0F3F91E795B31E3D09020DDA1E3D62A4A3209D916BB6 ] Netaapl         C:\windows\system32\DRIVERS\netaapl64.sys07:41:36.0523 0x0cc8  Netaapl - ok07:41:36.0554 0x0cc8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys07:41:36.0554 0x0cc8  NetBIOS - ok07:41:36.0601 0x0cc8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys07:41:36.0616 0x0cc8  NetBT - ok07:41:36.0632 0x0cc8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\windows\system32\lsass.exe07:41:36.0632 0x0cc8  Netlogon - ok07:41:36.0694 0x0cc8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll07:41:36.0710 0x0cc8  Netman - ok07:41:36.0757 0x0cc8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe07:41:36.0772 0x0cc8  NetMsmqActivator - ok07:41:36.0772 0x0cc8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe07:41:36.0788 0x0cc8  NetPipeActivator - ok07:41:36.0835 0x0cc8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll07:41:36.0866 0x0cc8  netprofm - ok07:41:36.0897 0x0cc8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe07:41:36.0913 0x0cc8  NetTcpActivator - ok07:41:36.0928 0x0cc8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe07:41:36.0928 0x0cc8  NetTcpPortSharing - ok07:41:36.0975 0x0cc8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys07:41:36.0975 0x0cc8  nfrd960 - ok07:41:37.0038 0x0cc8  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\windows\System32\nlasvc.dll07:41:37.0054 0x0cc8  NlaSvc - ok07:41:37.0101 0x0cc8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys07:41:37.0101 0x0cc8  Npfs - ok07:41:37.0132 0x0cc8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll07:41:37.0132 0x0cc8  nsi - ok07:41:37.0179 0x0cc8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys07:41:37.0179 0x0cc8  nsiproxy - ok07:41:37.0335 0x0cc8  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys07:41:37.0413 0x0cc8  Ntfs - ok07:41:37.0460 0x0cc8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys07:41:37.0460 0x0cc8  Null - ok07:41:37.0506 0x0cc8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys07:41:37.0522 0x0cc8  nvraid - ok07:41:37.0569 0x0cc8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys07:41:37.0569 0x0cc8  nvstor - ok07:41:37.0600 0x0cc8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys07:41:37.0616 0x0cc8  nv_agp - ok07:41:37.0740 0x0cc8  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE07:41:37.0772 0x0cc8  odserv - ok07:41:37.0803 0x0cc8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys07:41:37.0803 0x0cc8  ohci1394 - ok07:41:37.0881 0x0cc8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE07:41:37.0881 0x0cc8  ose - ok07:41:37.0959 0x0cc8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll07:41:37.0974 0x0cc8  p2pimsvc - ok07:41:38.0021 0x0cc8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll07:41:38.0052 0x0cc8  p2psvc - ok07:41:38.0099 0x0cc8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\drivers\parport.sys07:41:38.0099 0x0cc8  Parport - ok07:41:38.0146 0x0cc8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys07:41:38.0162 0x0cc8  partmgr - ok07:41:38.0193 0x0cc8  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll07:41:38.0208 0x0cc8  PcaSvc - ok07:41:38.0240 0x0cc8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys07:41:38.0255 0x0cc8  pci - ok07:41:38.0302 0x0cc8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys07:41:38.0302 0x0cc8  pciide - ok07:41:38.0333 0x0cc8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys07:41:38.0349 0x0cc8  pcmcia - ok07:41:38.0380 0x0cc8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys07:41:38.0380 0x0cc8  pcw - ok07:41:38.0427 0x0cc8  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys07:41:38.0458 0x0cc8  PEAUTH - ok07:41:38.0536 0x0cc8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe07:41:38.0552 0x0cc8  PerfHost - ok07:41:38.0598 0x0cc8  [ 91111CEBBDE8015E822C46120ED9537C, 255B85FEF663C2E0652CECF3F9B67B12B576F924A34415DEE13F0F5137E1E7F7 ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys07:41:38.0614 0x0cc8  PGEffect - ok07:41:38.0723 0x0cc8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll07:41:38.0786 0x0cc8  pla - ok07:41:38.0848 0x0cc8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll07:41:38.0864 0x0cc8  PlugPlay - ok07:41:38.0879 0x0cc8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll07:41:38.0895 0x0cc8  PNRPAutoReg - ok07:41:38.0926 0x0cc8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll07:41:38.0942 0x0cc8  PNRPsvc - ok07:41:39.0004 0x0cc8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll07:41:39.0035 0x0cc8  PolicyAgent - ok07:41:39.0066 0x0cc8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll07:41:39.0082 0x0cc8  Power - ok07:41:39.0113 0x0cc8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys07:41:39.0129 0x0cc8  PptpMiniport - ok07:41:39.0144 0x0cc8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\drivers\processr.sys07:41:39.0144 0x0cc8  Processor - ok07:41:39.0207 0x0cc8  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\windows\system32\profsvc.dll07:41:39.0207 0x0cc8  ProfSvc - ok07:41:39.0238 0x0cc8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\windows\system32\lsass.exe07:41:39.0254 0x0cc8  ProtectedStorage - ok07:41:39.0285 0x0cc8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys07:41:39.0285 0x0cc8  Psched - ok07:41:39.0410 0x0cc8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\drivers\ql2300.sys07:41:39.0472 0x0cc8  ql2300 - ok07:41:39.0519 0x0cc8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\drivers\ql40xx.sys07:41:39.0519 0x0cc8  ql40xx - ok07:41:39.0566 0x0cc8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll07:41:39.0566 0x0cc8  QWAVE - ok07:41:39.0597 0x0cc8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys07:41:39.0597 0x0cc8  QWAVEdrv - ok07:41:39.0628 0x0cc8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys07:41:39.0628 0x0cc8  RasAcd - ok07:41:39.0659 0x0cc8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys07:41:39.0659 0x0cc8  RasAgileVpn - ok07:41:39.0690 0x0cc8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll07:41:39.0706 0x0cc8  RasAuto - ok07:41:39.0722 0x0cc8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys07:41:39.0737 0x0cc8  Rasl2tp - ok07:41:39.0768 0x0cc8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll07:41:39.0784 0x0cc8  RasMan - ok07:41:39.0815 0x0cc8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys07:41:39.0815 0x0cc8  RasPppoe - ok07:41:39.0862 0x0cc8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys07:41:39.0862 0x0cc8  RasSstp - ok07:41:39.0909 0x0cc8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys07:41:39.0924 0x0cc8  rdbss - ok07:41:39.0940 0x0cc8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\drivers\rdpbus.sys07:41:39.0940 0x0cc8  rdpbus - ok07:41:39.0956 0x0cc8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys07:41:39.0971 0x0cc8  RDPCDD - ok07:41:40.0002 0x0cc8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys07:41:40.0002 0x0cc8  RDPENCDD - ok07:41:40.0018 0x0cc8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys07:41:40.0018 0x0cc8  RDPREFMP - ok07:41:40.0112 0x0cc8  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys07:41:40.0112 0x0cc8  RdpVideoMiniport - ok07:41:40.0158 0x0cc8  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\windows\system32\drivers\RDPWD.sys07:41:40.0174 0x0cc8  RDPWD - ok07:41:40.0236 0x0cc8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys07:41:40.0236 0x0cc8  rdyboost - ok07:41:40.0268 0x0cc8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll07:41:40.0283 0x0cc8  RemoteAccess - ok07:41:40.0314 0x0cc8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll07:41:40.0330 0x0cc8  RemoteRegistry - ok07:41:40.0361 0x0cc8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll07:41:40.0361 0x0cc8  RpcEptMapper - ok07:41:40.0392 0x0cc8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe07:41:40.0408 0x0cc8  RpcLocator - ok07:41:40.0455 0x0cc8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll07:41:40.0470 0x0cc8  RpcSs - ok07:41:40.0533 0x0cc8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys07:41:40.0533 0x0cc8  rspndr - ok07:41:40.0548 0x0cc8  RSUSBSTOR - ok07:41:40.0564 0x0cc8  RTL8192Ce - ok07:41:40.0689 0x0cc8  [ F84917461BDB7C51B2ED7FF062B3A64A, 0DC81BA49BDDB4F425F526A21357E1CF70C94D67E99B3020E9FF14B680851EEC ] RTWlanE         C:\windows\system32\DRIVERS\rtwlane.sys07:41:40.0767 0x0cc8  RTWlanE - ok07:41:41.0016 0x0cc8  [ 43652A826527F6A57DBDB5D154546D09, A365D8868D798FD182072663700A0D93A506CE5692388E615D4BBE551D24556A ] RTZnjsXcl       C:\ProgramData\XXmhBb\RTZnjsXcl.exe07:41:41.0126 0x0cc8  RTZnjsXcl - ok07:41:41.0157 0x0cc8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\windows\system32\lsass.exe07:41:41.0157 0x0cc8  SamSs - ok07:41:41.0188 0x0cc8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys07:41:41.0204 0x0cc8  sbp2port - ok07:41:41.0235 0x0cc8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll07:41:41.0250 0x0cc8  SCardSvr - ok07:41:41.0282 0x0cc8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys07:41:41.0282 0x0cc8  scfilter - ok07:41:41.0375 0x0cc8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll07:41:41.0422 0x0cc8  Schedule - ok07:41:41.0453 0x0cc8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll07:41:41.0453 0x0cc8  SCPolicySvc - ok07:41:41.0500 0x0cc8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll07:41:41.0516 0x0cc8  SDRSVC - ok07:41:41.0562 0x0cc8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys07:41:41.0562 0x0cc8  secdrv - ok07:41:41.0594 0x0cc8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll07:41:41.0594 0x0cc8  seclogon - ok07:41:41.0625 0x0cc8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\System32\sens.dll07:41:41.0625 0x0cc8  SENS - ok07:41:41.0656 0x0cc8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll07:41:41.0656 0x0cc8  SensrSvc - ok07:41:41.0703 0x0cc8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\drivers\serenum.sys07:41:41.0703 0x0cc8  Serenum - ok07:41:41.0734 0x0cc8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\drivers\serial.sys07:41:41.0750 0x0cc8  Serial - ok07:41:41.0781 0x0cc8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\drivers\sermouse.sys07:41:41.0781 0x0cc8  sermouse - ok07:41:41.0828 0x0cc8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll07:41:41.0843 0x0cc8  SessionEnv - ok07:41:41.0859 0x0cc8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys07:41:41.0859 0x0cc8  sffdisk - ok07:41:41.0890 0x0cc8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys07:41:41.0906 0x0cc8  sffp_mmc - ok07:41:41.0906 0x0cc8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys07:41:41.0906 0x0cc8  sffp_sd - ok07:41:41.0921 0x0cc8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys07:41:41.0921 0x0cc8  sfloppy - ok07:41:41.0984 0x0cc8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll07:41:41.0999 0x0cc8  SharedAccess - ok07:41:42.0046 0x0cc8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll07:41:42.0077 0x0cc8  ShellHWDetection - ok07:41:42.0108 0x0cc8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys07:41:42.0108 0x0cc8  SiSRaid2 - ok07:41:42.0155 0x0cc8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys07:41:42.0155 0x0cc8  SiSRaid4 - ok07:41:42.0186 0x0cc8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys07:41:42.0186 0x0cc8  Smb - ok07:41:42.0249 0x0cc8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe07:41:42.0249 0x0cc8  SNMPTRAP - ok07:41:42.0280 0x0cc8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys07:41:42.0280 0x0cc8  spldr - ok07:41:42.0358 0x0cc8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe07:41:42.0389 0x0cc8  Spooler - ok07:41:42.0623 0x0cc8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe07:41:42.0826 0x0cc8  sppsvc - ok07:41:42.0873 0x0cc8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll07:41:42.0873 0x0cc8  sppuinotify - ok07:41:42.0935 0x0cc8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys07:41:42.0966 0x0cc8  srv - ok07:41:43.0013 0x0cc8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys07:41:43.0029 0x0cc8  srv2 - ok07:41:43.0076 0x0cc8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys07:41:43.0091 0x0cc8  srvnet - ok07:41:43.0122 0x0cc8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll07:41:43.0138 0x0cc8  SSDPSRV - ok07:41:43.0154 0x0cc8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll07:41:43.0154 0x0cc8  SstpSvc - ok07:41:43.0185 0x0cc8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\drivers\stexstor.sys07:41:43.0185 0x0cc8  stexstor - ok07:41:43.0263 0x0cc8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll07:41:43.0294 0x0cc8  stisvc - ok07:41:43.0325 0x0cc8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\DRIVERS\swenum.sys07:41:43.0325 0x0cc8  swenum - ok07:41:43.0388 0x0cc8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll07:41:43.0403 0x0cc8  swprv - ok07:41:43.0497 0x0cc8  [ 57D63DB8BC5C3D9A1F2E2BBDAE8492B6, 6F71109E95B3D413158F4A60AB9EA850D625EA7CE40E9A07FEBC09F6D6E8BDA2 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys07:41:43.0528 0x0cc8  SynTP - ok07:41:43.0653 0x0cc8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll07:41:43.0731 0x0cc8  SysMain - ok07:41:43.0778 0x0cc8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll07:41:43.0793 0x0cc8  TabletInputService - ok07:41:43.0824 0x0cc8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll07:41:43.0856 0x0cc8  TapiSrv - ok07:41:43.0871 0x0cc8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll07:41:43.0887 0x0cc8  TBS - ok07:41:44.0043 0x0cc8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\windows\system32\drivers\tcpip.sys07:41:44.0121 0x0cc8  Tcpip - ok07:41:44.0261 0x0cc8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys07:41:44.0339 0x0cc8  TCPIP6 - ok07:41:44.0402 0x0cc8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys07:41:44.0402 0x0cc8  tcpipreg - ok07:41:44.0464 0x0cc8  [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys07:41:44.0464 0x0cc8  tdcmdpst - ok07:41:44.0511 0x0cc8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys07:41:44.0511 0x0cc8  TDPIPE - ok07:41:44.0542 0x0cc8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys07:41:44.0542 0x0cc8  TDTCP - ok07:41:44.0604 0x0cc8  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\windows\system32\DRIVERS\tdx.sys07:41:44.0604 0x0cc8  tdx - ok07:41:44.0651 0x0cc8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\DRIVERS\termdd.sys07:41:44.0667 0x0cc8  TermDD - ok07:41:44.0745 0x0cc8  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\windows\System32\termsrv.dll07:41:44.0776 0x0cc8  TermService - ok07:41:44.0823 0x0cc8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll07:41:44.0823 0x0cc8  Themes - ok07:41:44.0870 0x0cc8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll07:41:44.0870 0x0cc8  THREADORDER - ok07:41:44.0948 0x0cc8  [ DFE9BA871B9F3DBB591BD113611CBCC0, 8AD07A7C08A68B590819F93614D518D15121BAB4BBC453B12A4E5137874FD4BC ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe07:41:44.0948 0x0cc8  TMachInfo - ok07:41:44.0979 0x0cc8  [ 8E2C799D3476EAC32C3BA0DF7CE6AF19, CFE8A69E3F2A42C3BA2B38EC9233076D0AD32C441500E6407219F2E866905D9B ] TODDSrv         C:\windows\system32\TODDSrv.exe07:41:44.0994 0x0cc8  TODDSrv - ok07:41:45.0104 0x0cc8  [ DB9719688C08F42705FEB3F6A0C98B91, D8E837F2F5C3838312001CCDD37448ABAE3DD6452CE6DC26241678E0F3A584CE ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe07:41:45.0119 0x0cc8  TosCoSrv - ok07:41:45.0182 0x0cc8  [ 74C2FA8C3765EE71A9C22182EC108457, A7073FAB6CE6FB9824544A9CDCCA441D08FD87D68EB564DCB1186FC257776221 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe07:41:45.0197 0x0cc8  TOSHIBA HDD SSD Alert Service - ok07:41:45.0244 0x0cc8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll07:41:45.0244 0x0cc8  TrkWks - ok07:41:45.0322 0x0cc8  [ 132C0E39AF0312E6B9611E2E1B344D41, 8B26EB55C5E0721498FF28A2865697FF761D237626A920608B5A80360BBD1285 ] trufos          C:\windows\system32\DRIVERS\trufos.sys07:41:45.0338 0x0cc8  trufos - ok07:41:45.0384 0x0cc8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe07:41:45.0400 0x0cc8  TrustedInstaller - ok07:41:45.0447 0x0cc8  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys07:41:45.0447 0x0cc8  tssecsrv - ok07:41:45.0494 0x0cc8  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys07:41:45.0509 0x0cc8  TsUsbFlt - ok07:41:45.0540 0x0cc8  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys07:41:45.0540 0x0cc8  TsUsbGD - ok07:41:45.0603 0x0cc8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys07:41:45.0618 0x0cc8  tunnel - ok07:41:45.0650 0x0cc8  [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS07:41:45.0665 0x0cc8  TVALZ - ok07:41:45.0681 0x0cc8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\drivers\uagp35.sys07:41:45.0681 0x0cc8  uagp35 - ok07:41:45.0728 0x0cc8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys07:41:45.0743 0x0cc8  udfs - ok07:41:45.0790 0x0cc8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe07:41:45.0790 0x0cc8  UI0Detect - ok07:41:45.0837 0x0cc8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys07:41:45.0837 0x0cc8  uliagpkx - ok07:41:45.0868 0x0cc8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys07:41:45.0884 0x0cc8  umbus - ok07:41:45.0884 0x0cc8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\drivers\umpass.sys07:41:45.0884 0x0cc8  UmPass - ok07:41:45.0946 0x0cc8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll07:41:45.0962 0x0cc8  upnphost - ok07:41:46.0024 0x0cc8  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys07:41:46.0024 0x0cc8  USBAAPL64 - ok07:41:46.0055 0x0cc8  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys07:41:46.0071 0x0cc8  usbccgp - ok07:41:46.0118 0x0cc8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys07:41:46.0118 0x0cc8  usbcir - ok07:41:46.0164 0x0cc8  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys07:41:46.0164 0x0cc8  usbehci - ok07:41:46.0227 0x0cc8  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys07:41:46.0242 0x0cc8  usbhub - ok07:41:46.0274 0x0cc8  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys07:41:46.0274 0x0cc8  usbohci - ok07:41:46.0305 0x0cc8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\drivers\usbprint.sys07:41:46.0320 0x0cc8  usbprint - ok07:41:46.0352 0x0cc8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS07:41:46.0367 0x0cc8  USBSTOR - ok07:41:46.0398 0x0cc8  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys07:41:46.0398 0x0cc8  usbuhci - ok07:41:46.0476 0x0cc8  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys07:41:46.0476 0x0cc8  usbvideo - ok07:41:46.0508 0x0cc8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll07:41:46.0523 0x0cc8  UxSms - ok07:41:46.0539 0x0cc8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\windows\system32\lsass.exe07:41:46.0539 0x0cc8  VaultSvc - ok07:41:46.0586 0x0cc8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys07:41:46.0586 0x0cc8  vdrvroot - ok07:41:46.0648 0x0cc8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe07:41:46.0679 0x0cc8  vds - ok07:41:46.0710 0x0cc8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys07:41:46.0726 0x0cc8  vga - ok07:41:46.0742 0x0cc8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys07:41:46.0742 0x0cc8  VgaSave - ok07:41:46.0773 0x0cc8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys07:41:46.0788 0x0cc8  vhdmp - ok07:41:46.0820 0x0cc8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys07:41:46.0835 0x0cc8  viaide - ok07:41:46.0866 0x0cc8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys07:41:46.0882 0x0cc8  volmgr - ok07:41:46.0913 0x0cc8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys07:41:46.0929 0x0cc8  volmgrx - ok07:41:46.0960 0x0cc8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\windows\system32\drivers\volsnap.sys07:41:46.0976 0x0cc8  volsnap - ok07:41:47.0022 0x0cc8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\drivers\vsmraid.sys07:41:47.0038 0x0cc8  vsmraid - ok07:41:47.0163 0x0cc8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe07:41:47.0225 0x0cc8  VSS - ok07:41:47.0256 0x0cc8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys07:41:47.0256 0x0cc8  vwifibus - ok07:41:47.0288 0x0cc8  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys07:41:47.0303 0x0cc8  vwififlt - ok07:41:47.0334 0x0cc8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll07:41:47.0350 0x0cc8  W32Time - ok07:41:47.0397 0x0cc8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\drivers\wacompen.sys07:41:47.0397 0x0cc8  WacomPen - ok07:41:47.0412 0x0cc8  Wajam Internet Enhancer Service - ok07:41:47.0459 0x0cc8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys07:41:47.0459 0x0cc8  WANARP - ok07:41:47.0475 0x0cc8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys07:41:47.0475 0x0cc8  Wanarpv6 - ok07:41:47.0615 0x0cc8  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe07:41:47.0662 0x0cc8  WatAdminSvc - ok07:41:47.0787 0x0cc8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe07:41:47.0849 0x0cc8  wbengine - ok07:41:47.0880 0x0cc8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll07:41:47.0896 0x0cc8  WbioSrvc - ok07:41:47.0943 0x0cc8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll07:41:47.0958 0x0cc8  wcncsvc - ok07:41:47.0990 0x0cc8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll07:41:47.0990 0x0cc8  WcsPlugInService - ok07:41:48.0021 0x0cc8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\drivers\wd.sys07:41:48.0021 0x0cc8  Wd - ok07:41:48.0099 0x0cc8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys07:41:48.0146 0x0cc8  Wdf01000 - ok07:41:48.0177 0x0cc8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll07:41:48.0177 0x0cc8  WdiServiceHost - ok07:41:48.0192 0x0cc8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll07:41:48.0208 0x0cc8  WdiSystemHost - ok07:41:48.0255 0x0cc8  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\windows\System32\webclnt.dll07:41:48.0270 0x0cc8  WebClient - ok07:41:48.0317 0x0cc8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll07:41:48.0317 0x0cc8  Wecsvc - ok07:41:48.0348 0x0cc8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll07:41:48.0364 0x0cc8  wercplsupport - ok07:41:48.0411 0x0cc8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll07:41:48.0411 0x0cc8  WerSvc - ok07:41:48.0442 0x0cc8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys07:41:48.0442 0x0cc8  WfpLwf - ok07:41:48.0458 0x0cc8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys07:41:48.0473 0x0cc8  WIMMount - ok07:41:48.0504 0x0cc8  WinDefend - ok07:41:48.0520 0x0cc8  WinHttpAutoProxySvc - ok07:41:48.0598 0x0cc8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll07:41:48.0614 0x0cc8  Winmgmt - ok07:41:48.0770 0x0cc8  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\windows\system32\WsmSvc.dll07:41:48.0863 0x0cc8  WinRM - ok07:41:48.0941 0x0cc8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys07:41:48.0957 0x0cc8  WinUsb - ok07:41:49.0019 0x0cc8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll07:41:49.0066 0x0cc8  Wlansvc - ok07:41:49.0128 0x0cc8  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe07:41:49.0128 0x0cc8  wlcrasvc - ok07:41:49.0331 0x0cc8  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE07:41:49.0425 0x0cc8  wlidsvc - ok07:41:49.0456 0x0cc8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys07:41:49.0472 0x0cc8  WmiAcpi - ok07:41:49.0518 0x0cc8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe07:41:49.0518 0x0cc8  wmiApSrv - ok07:41:49.0550 0x0cc8  WMPNetworkSvc - ok07:41:49.0581 0x0cc8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll07:41:49.0581 0x0cc8  WPCSvc - ok07:41:49.0612 0x0cc8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll07:41:49.0612 0x0cc8  WPDBusEnum - ok07:41:49.0643 0x0cc8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys07:41:49.0643 0x0cc8  ws2ifsl - ok07:41:49.0674 0x0cc8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\System32\wscsvc.dll07:41:49.0674 0x0cc8  wscsvc - ok07:41:49.0690 0x0cc8  WSearch - ok07:41:49.0877 0x0cc8  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\windows\system32\wuaueng.dll07:41:50.0018 0x0cc8  wuauserv - ok07:41:50.0080 0x0cc8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys07:41:50.0080 0x0cc8  WudfPf - ok07:41:50.0111 0x0cc8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys07:41:50.0127 0x0cc8  WUDFRd - ok07:41:50.0174 0x0cc8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll07:41:50.0174 0x0cc8  wudfsvc - ok07:41:50.0236 0x0cc8  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll07:41:50.0252 0x0cc8  WwanSvc - ok07:41:50.0314 0x0cc8  ================ Scan global ===============================07:41:50.0345 0x0cc8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll07:41:50.0392 0x0cc8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll07:41:50.0423 0x0cc8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll07:41:50.0454 0x0cc8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll07:41:50.0501 0x0cc8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe07:41:50.0517 0x0cc8  [ Global ] - ok07:41:50.0517 0x0cc8  ================ Scan MBR ==================================07:41:50.0532 0x0cc8  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR007:41:50.0782 0x0cc8  \Device\Harddisk0\DR0 - ok07:41:50.0782 0x0cc8  ================ Scan VBR ==================================07:41:50.0813 0x0cc8  [ DD09B8FB27C48239AAD9D7A686E4889C ] \Device\Harddisk0\DR0\Partition107:41:50.0813 0x0cc8  \Device\Harddisk0\DR0\Partition1 - ok07:41:50.0813 0x0cc8  ================ Scan generic autorun ======================07:41:50.0891 0x0cc8  [ D2E3E6D94A9E1CFA1561D9C748136FD0, C8CD851F1872086D18A329B47C7DEFAD2CE2E3A8F4321411247D06D07B2DB1D3 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe07:41:50.0891 0x0cc8  iTunesHelper - ok07:41:51.0016 0x0cc8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe07:41:51.0063 0x0cc8  Sidebar - ok07:41:51.0094 0x0cc8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe07:41:51.0094 0x0cc8  mctadmin - ok07:41:51.0172 0x0cc8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe07:41:51.0219 0x0cc8  Sidebar - ok07:41:51.0250 0x0cc8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe07:41:51.0250 0x0cc8  mctadmin - ok07:41:51.0312 0x0cc8  PriceMeterW - ok07:41:51.0312 0x0cc8  Waiting for KSN requests completion. In queue: 6007:41:52.0326 0x0cc8  Waiting for KSN requests completion. In queue: 6007:41:53.0340 0x0cc8  Waiting for KSN requests completion. In queue: 6007:41:54.0448 0x0cc8  AV detected via SS2: Bitdefender Antivirus Free Edition, C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe ( 1.0.21.1099 ), 0x40000 ( disabled : updated )07:41:54.0479 0x0cc8  Win FW state via NFP2: enabled07:41:58.0379 0x0cc8  ============================================================07:41:58.0379 0x0cc8  Scan finished07:41:58.0379 0x0cc8  ============================================================07:41:58.0395 0x05bc  Detected object count: 007:41:58.0395 0x05bc  Actual detected object count: 0
Link to post
Share on other sites

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Web Assistant 2.0.0.600System Optimizer ProSnap.DoSupporter 1.80Settings ManagerRegClean-ProPro PC CleanerLPT System Updater ServiceLibraryInstanceAny Media Converter
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

 

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

 

fixlist.txt

Link to post
Share on other sites

I ran into some issues while using the Revo Uninstaller. So I did not follow any steps after it so you could see. Here were the problems.

 

While trying to uninstall the LibraryInstance I got this error message

"There was a problem starting C:\PROGRA~2\LIBRAR~1.DLL The specified module could not be found."

 

While trying to unstinall RegClean-Pro

"WARNING running the applications uninstaller failed! Possible invalid uninstall command!"

 

While trying to uninstall Supporter 1.80

"RUNDLL there was a problem starting C:\PROGRA~2\SUPPOR~1\SUPPOR~1.DLL"

 

While trying to remove Settings Manager

"WARNING running the applications uninstaller failed! Possible invalid uninstall command!"

 

While trying to remove Pro PC Cleaner

"There is a problem with this windows installer package. A dll required for this install to complete could not be run. Contact your support personnel or package vendor."

 

System Optimizer Pro - Doesn't show up on the list.

LPT System Updater - Doesn't show up on the list.

 

 

What should I do now? Thank you.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01

Ran by Alysha at 2015-01-27 21:31:56 Run:1

Running from C:\Users\Alysha\Downloads

Loaded Profiles: Alysha (Available profiles: Alysha)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

Task: C:\windows\Tasks\PerfMonitor_strtp.job => C:\Program Files (x86)\Optimizer Elite Max\PerformanceMonitor.exe <==== ATTENTION

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

Task: C:\windows\Tasks\ecd06da5-7041-4c5c-acbf-762244f49e9d-5_user.job => C:\Program Files (x86)\Torntv V9.0\ecd06da5-7041-4c5c-acbf-762244f49e9d-5.exe <==== ATTENTION

Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION

Task: C:\windows\Tasks\5d2076bc-d559-4c68-aca0-29a2e5982b96-5_user.job => C:\Program Files (x86)\video MediaPlayer\5d2076bc-d559-4c68-aca0-29a2e5982b96-5.exe <==== ATTENTION

Task: {C1CBB365-D4C5-40E9-8709-2E9B0222FDCF} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe

Task: {CD36C117-A5DE-4033-9213-5373A17EDBF5} - System32\Tasks\{7AD44212-DF08-4CB7-95B6-C3C4D8F0717C} => pcalua.exe -a C:\Users\Alysha\AppData\Roaming\istart123\UninstallManager.exe -c -ptid=tt4u

Task: {D6E18488-65FF-4206-A678-4A6213E7D301} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe

Task: {D858E40D-2EFB-4FDE-B967-69C93C34F5AE} - System32\Tasks\PerfMonitor_strtp => C:\Program Files (x86)\Optimizer Elite Max\PerformanceMonitor.exe <==== ATTENTION

Task: {89627367-43D4-4678-ABDC-B6DFCE657AFC} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION

Task: {10CBB72F-905B-413C-9588-6E0599C4EFD9} - \5d2076bc-d559-4c68-aca0-29a2e5982b96-5_user No Task File <==== ATTENTION

Task: {2E6258B2-98E5-4381-BE92-0ED39A7ECF23} - \ecd06da5-7041-4c5c-acbf-762244f49e9d-5_user No Task File <==== ATTENTION

CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - No Path

CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-05-21]

CHR Extension: (Bcool) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfjjfdocehnaoldljofpjigbchchimcg [2014-08-17]

CHR Extension: (video MediaPlayer) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\jflocljnfndnnnlmfaamgbkbibnfmlkf [2014-07-06]

FF Extension: Yahoo! Toolbar - C:\Users\Alysha\AppData\Roaming\Mozilla\Firefox\Profiles\snkgi2ip.default-1422257803235\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-01-26]

FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox

FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox [2012-05-21]

FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Web Assistant\Firefox

Tcpip\..\Interfaces\{FBBEAC93-8E3C-4DD8-9233-68E2B41BD304}: [NameServer] 208.69.150.250,208.69.150.252

Toolbar: HKU\S-1-5-21-1580903306-1420406646-1734795358-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKU\S-1-5-21-1580903306-1420406646-1734795358-1000 -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

Toolbar: HKU\S-1-5-21-1580903306-1420406646-1734795358-1000 -> No Name - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No File

Toolbar: HKU\S-1-5-21-1580903306-1420406646-1734795358-1000 -> No Name - {B81767E1-672D-4DA1-B5CC-D277185815A6} - No File

Toolbar: HKU\S-1-5-21-1580903306-1420406646-1734795358-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File

Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)

Toolbar: HKLM-x32 - SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files (x86)\SimilarSites\similarsites.dll No File

Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)

BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll No File

BHO-x32: Boost -> {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} -> C:\Program Files (x86)\Boost\Boost.dll No File

SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123...q={searchTerms}

SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...=1120806935&ir=

SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123...q={searchTerms}

SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7TSCA

SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.ne...q={searchTerms}

SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-s...p={searchTerms}

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Torntv V9.0 -> {11111111-1111-1111-1111-110511131190} -> C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho64.dll No File

BHO: video MediaPlayer -> {11111111-1111-1111-1111-110511951199} -> C:\Program Files (x86)\video MediaPlayer\video MediaPlayer-bho64.dll ()

BHO: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)

BHO: No Name -> {336D0C35-8A85-403a-B9D2-65C292C39087} -> No File

BHO: No Name -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> No File

BHO: Boost -> {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} -> C:\Program Files (x86)\Boost\64Boost.dll No File

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:54073;https=127.0.0.1:54073

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123...5ISTXX814FC5IST

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123...q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...5ISTXX814FC5IST

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...q={searchTerms}

URLSearchHook: HKLM-x32 - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871}

URLSearchHook: HKLM-x32 - SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files (x86)\SimilarSites\similarsites.dll No File

IFEO\jumpflip: [Debugger] tasklist.exe

IFEO\stinst32.exe: [Debugger] tasklist.exe

IFEO\stinst64.exe: [Debugger] tasklist.exe

IFEO\utiljumpflip.exe: [Debugger] tasklist.exe

IFEO\volaro: [Debugger] tasklist.exe

IFEO\vonteera: [Debugger] tasklist.exe

IFEO\websteroids.exe: [Debugger] tasklist.exe

IFEO\websteroidsservice.exe: [Debugger] tasklist.exe

HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll

HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM-x32\...\Run: [fst_ca_136] => [X]

HKLM-x32\...\Run: [fst_ca_152] => [X]

HKLM-x32\...\Run: [fst_ca_170] => [X]

HKLM-x32\...\Run: [fst_ca_251] => [X]

HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\...\Run: [PriceMeterW] => "C:\Users\Alysha\AppData\Local\PriceMeter\pricemeterw.exe"

S2 1ca156e3; "C:\windows\system32\rundll32.exe" "c:\Program Files (x86)\LibraryInstance\LibraryInstance.dll",serv

S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]

S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]

S2 Wajam Internet Enhancer Service; C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [X] <==== ATTENTION

S2 RTZnjsXcl; C:\ProgramData\XXmhBb\RTZnjsXcl.exe [2316152 2014-07-07] () [File not signed]

C:\Users\Alysha\AppData\Local\PriceMeter

C:\Program Files (x86)\Settings Manager

C:\Program Files (x86)\Boost

C:\Program Files (x86)\SupTab

C:\Program Files\Web Assistant

C:\ProgramData\XXmhBb

C:\Program Files (x86)\Wajam

C:\Windows\System32\Drivers\avchv.sys

C:\Users\Alysha\AppData\Roaming\istart123

C:\Program Files (x86)\Pro PC Cleaner

C:\Program Files (x86)\Torntv V9.0

C:\Program Files (x86)\Optimizer Elite Max

C:\Program Files (x86)\globalUpdate

C:\Program Files (x86)\video MediaPlayer

2015-01-25 20:29 - 2015-01-26 02:05 - 00000000 ____D () C:\ProgramData\374311380

2015-01-25 20:28 - 2015-01-25 20:28 - 00000000 ____D () C:\Program Files (x86)\RRobboSavero

2015-01-25 20:26 - 2015-01-25 20:26 - 00000000 ____D () C:\Program Files (x86)\Ieseaveer

2015-01-25 20:26 - 2015-01-25 20:26 - 00000000 ____D () C:\Program Files (x86)\deAlster

2015-01-25 20:25 - 2015-01-25 20:25 - 00000000 ____D () C:\Program Files (x86)\Happyi2uSiavEe

2015-01-25 20:22 - 2015-01-25 20:22 - 00000000 ____D () C:\Program Files (x86)\Reason

2015-01-25 22:33 - 2015-01-25 22:33 - 00000000 ____D () C:\Program Files (x86)\dOwanLoaAdittkeep

2015-01-25 22:32 - 2015-01-26 04:49 - 00000000 ____D () C:\Program Files (x86)\SmairtCCoMMpoare

2015-01-25 22:32 - 2015-01-25 22:32 - 00000000 ____D () C:\Program Files (x86)\Film Stack

2015-01-25 22:32 - 2015-01-25 22:32 - 00000000 ____D () C:\Program Files (x86)\deealster

2015-01-25 22:32 - 2015-01-25 22:32 - 00000000 ____D () C:\Program Files (x86)\ddeaal4reaL

2015-01-25 22:31 - 2015-01-26 04:49 - 00000000 ____D () C:\Program Files (x86)\tperfectcouupon

2015-01-25 22:31 - 2015-01-25 22:33 - 00000000 ____D () C:\ProgramData\1250025538242071055

2014-05-11 22:36 - 2014-05-11 22:36 - 0301488 _____ (VuuPC Limited) C:\Users\Alysha\AppData\Local\nsr33EA.tmp

EmptyTemp:

Reboot:

*****************

C:\windows\Tasks\PerfMonitor_strtp.job => Moved successfully.

C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.

C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.

C:\windows\Tasks\ecd06da5-7041-4c5c-acbf-762244f49e9d-5_user.job => Moved successfully.

C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully.

C:\windows\Tasks\5d2076bc-d559-4c68-aca0-29a2e5982b96-5_user.job => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C1CBB365-D4C5-40E9-8709-2E9B0222FDCF}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1CBB365-D4C5-40E9-8709-2E9B0222FDCF}" => Key deleted successfully.

C:\Windows\System32\Tasks\ProPCCleaner_Start => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD36C117-A5DE-4033-9213-5373A17EDBF5}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD36C117-A5DE-4033-9213-5373A17EDBF5}" => Key deleted successfully.

C:\Windows\System32\Tasks\{7AD44212-DF08-4CB7-95B6-C3C4D8F0717C} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7AD44212-DF08-4CB7-95B6-C3C4D8F0717C}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6E18488-65FF-4206-A678-4A6213E7D301}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6E18488-65FF-4206-A678-4A6213E7D301}" => Key deleted successfully.

C:\Windows\System32\Tasks\ProPCCleaner_Popup => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D858E40D-2EFB-4FDE-B967-69C93C34F5AE}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D858E40D-2EFB-4FDE-B967-69C93C34F5AE}" => Key deleted successfully.

C:\Windows\System32\Tasks\PerfMonitor_strtp => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PerfMonitor_strtp" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{89627367-43D4-4678-ABDC-B6DFCE657AFC}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89627367-43D4-4678-ABDC-B6DFCE657AFC}" => Key deleted successfully.

C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{10CBB72F-905B-413C-9588-6E0599C4EFD9}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10CBB72F-905B-413C-9588-6E0599C4EFD9}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5d2076bc-d559-4c68-aca0-29a2e5982b96-5_user" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E6258B2-98E5-4381-BE92-0ED39A7ECF23}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E6258B2-98E5-4381-BE92-0ED39A7ECF23}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ecd06da5-7041-4c5c-acbf-762244f49e9d-5_user" => Key deleted successfully.

"HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd" => Key deleted successfully.

"HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd" => Key deleted successfully.

C:\Program Files\Web Assistant\source.crx => Moved successfully.

C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfjjfdocehnaoldljofpjigbchchimcg => Moved successfully.

C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\jflocljnfndnnnlmfaamgbkbibnfmlkf => Moved successfully.

C:\Users\Alysha\AppData\Roaming\Mozilla\Firefox\Profiles\snkgi2ip.default-1422257803235\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} => Moved successfully.

HKLM\Software\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} => value deleted successfully.

C:\Program Files\Web Assistant\Firefox => Moved successfully.

HKLM\Software\Mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502} => value deleted successfully.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FBBEAC93-8E3C-4DD8-9233-68E2B41BD304}\\NameServer => value deleted successfully.

HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.

HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.

HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => value deleted successfully.

HKCR\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Key not found.

HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F92A9FE4-2850-4198-B9D5-279880E49B16} => value deleted successfully.

HKCR\CLSID\{F92A9FE4-2850-4198-B9D5-279880E49B16} => Key not found.

HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B81767E1-672D-4DA1-B5CC-D277185815A6} => value deleted successfully.

HKCR\CLSID\{B81767E1-672D-4DA1-B5CC-D277185815A6} => Key not found.

HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.

HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.

"HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{FE69C007-C452-4d3e-86D2-1730DF8BC871} => value deleted successfully.

"HKCR\Wow6432Node\CLSID\{FE69C007-C452-4d3e-86D2-1730DF8BC871}" => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.

"HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}" => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}" => Key deleted successfully.

HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => Key not found.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.

HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully.

HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}" => Key deleted successfully.

HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key not found.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key deleted successfully.

HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131190}" => Key deleted successfully.

"HKCR\CLSID\{11111111-1111-1111-1111-110511131190}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951199}" => Key deleted successfully.

"HKCR\CLSID\{11111111-1111-1111-1111-110511951199}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => Key deleted successfully.

"HKCR\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}" => Key deleted successfully.

HKCR\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} => Key not found.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}" => Key deleted successfully.

HKCR\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key not found.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}" => Key deleted successfully.

"HKCR\CLSID\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}" => Key deleted successfully.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{FE69C007-C452-4d3e-86D2-1730DF8BC871} => value deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully.

HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => value deleted successfully.

HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => value deleted successfully.

C:\windows\system32\GroupPolicy\Machine => Moved successfully.

C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_ca_136 => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_ca_152 => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_ca_170 => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_ca_251 => value deleted successfully.

HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PriceMeterW => value deleted successfully.

1ca156e3 => Service deleted successfully.

globalUpdate => Service deleted successfully.

globalUpdatem => Service deleted successfully.

Wajam Internet Enhancer Service => Service deleted successfully.

RTZnjsXcl => Service deleted successfully.

C:\Users\Alysha\AppData\Local\PriceMeter => Moved successfully.

C:\Program Files (x86)\Settings Manager => Moved successfully.

"C:\Program Files (x86)\Boost" => File/Directory not found.

"C:\Program Files (x86)\SupTab" => File/Directory not found.

C:\Program Files\Web Assistant => Moved successfully.

C:\ProgramData\XXmhBb => Moved successfully.

"C:\Program Files (x86)\Wajam" => File/Directory not found.

C:\Windows\System32\Drivers\avchv.sys => Moved successfully.

"C:\Users\Alysha\AppData\Roaming\istart123" => File/Directory not found.

"C:\Program Files (x86)\Pro PC Cleaner" => File/Directory not found.

"C:\Program Files (x86)\Torntv V9.0" => File/Directory not found.

"C:\Program Files (x86)\Optimizer Elite Max" => File/Directory not found.

"C:\Program Files (x86)\globalUpdate" => File/Directory not found.

C:\Program Files (x86)\video MediaPlayer => Moved successfully.

C:\ProgramData\374311380 => Moved successfully.

C:\Program Files (x86)\RRobboSavero => Moved successfully.

C:\Program Files (x86)\Ieseaveer => Moved successfully.

C:\Program Files (x86)\deAlster => Moved successfully.

C:\Program Files (x86)\Happyi2uSiavEe => Moved successfully.

C:\Program Files (x86)\Reason => Moved successfully.

C:\Program Files (x86)\dOwanLoaAdittkeep => Moved successfully.

C:\Program Files (x86)\SmairtCCoMMpoare => Moved successfully.

C:\Program Files (x86)\Film Stack => Moved successfully.

C:\Program Files (x86)\deealster => Moved successfully.

C:\Program Files (x86)\ddeaal4reaL => Moved successfully.

C:\Program Files (x86)\tperfectcouupon => Moved successfully.

C:\ProgramData\1250025538242071055 => Moved successfully.

C:\Users\Alysha\AppData\Local\nsr33EA.tmp => Moved successfully.

EmptyTemp: => Removed 2.5 GB temporary data.

The system needed a reboot.

==== End of Fixlog 21:34:04 ====

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 27/01/2015

Scan Time: 9:40:24 PM

Logfile:

Administrator: Yes

Version: 2.00.4.1028

Malware Database: v2015.01.28.02

Rootkit Database: v2015.01.14.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Alysha

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 381709

Time Elapsed: 32 min, 42 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 96

PUP.Optional.PricePeep.A, HKLM\SOFTWARE\CLASSES\APPID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}, Quarantined, [259da4581178092d4272e9457f8424dc],

PUP.Optional.PricePeep.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}, Quarantined, [259da4581178092d4272e9457f8424dc],

PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [a71b68948108a096e23b6c8e17ebf10f],

PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [a71b68948108a096e23b6c8e17ebf10f],

PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [a51dd12bdbae54e222ca53a617eb30d0],

PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [a51dd12bdbae54e222ca53a617eb30d0],

PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [358d24d80d7c5ed81bb5c46983803ec2],

PUP.Optional.QuickShare.A, HKLM\SOFTWARE\CLASSES\IESmartBar.BHO, Quarantined, [358d24d80d7c5ed81bb5c46983803ec2],

PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IESmartBar.BHO, Quarantined, [358d24d80d7c5ed81bb5c46983803ec2],

PUP.Optional.QuickShare.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [358d24d80d7c5ed81bb5c46983803ec2],

PUP.Optional.QuickShare.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [358d24d80d7c5ed81bb5c46983803ec2],

Adware.Agent, HKLM\SOFTWARE\CLASSES\TYPELIB\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}, Quarantined, [70529c605d2ce94d37fc1de06d950ef2],

Adware.Agent, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}, Quarantined, [70529c605d2ce94d37fc1de06d950ef2],

Adware.Agent, HKLM\SOFTWARE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B}, Quarantined, [70529c605d2ce94d37fc1de06d950ef2],

Adware.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}, Quarantined, [70529c605d2ce94d37fc1de06d950ef2],

Adware.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B}, Quarantined, [70529c605d2ce94d37fc1de06d950ef2],

Adware.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}, Quarantined, [70529c605d2ce94d37fc1de06d950ef2],

PUP.Optional.StartPage.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{336D0C35-8A85-403A-B9D2-65C292C39087}, Quarantined, [2d9558a499f05dd980f830c462a06c94],

PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\Extension.ExtensionHelperObject, Quarantined, [2d9558a499f05dd980f830c462a06c94],

PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\Extension.ExtensionHelperObject.1, Quarantined, [2d9558a499f05dd980f830c462a06c94],

PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Extension.ExtensionHelperObject, Quarantined, [2d9558a499f05dd980f830c462a06c94],

PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Extension.ExtensionHelperObject.1, Quarantined, [2d9558a499f05dd980f830c462a06c94],

PUP.Optional.SupTab.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [5c660fed33565ed8cf88b6431be7f808],

PUP.Optional.SupTab.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [5c660fed33565ed8cf88b6431be7f808],

PUP.Optional.Linkey.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [caf8f7050584ae8813256395fd05f709],

PUP.Optional.Boost.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}, Quarantined, [616104f8f891b482cf890e242ed5e020],

PUP.Optional.Boost.A, HKLM\SOFTWARE\CLASSES\Boost.BoostBho, Quarantined, [616104f8f891b482cf890e242ed5e020],

PUP.Optional.Boost.A, HKLM\SOFTWARE\CLASSES\Boost.BoostBho.1, Quarantined, [616104f8f891b482cf890e242ed5e020],

PUP.Optional.Boost.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Boost.BoostBho, Quarantined, [616104f8f891b482cf890e242ed5e020],

PUP.Optional.Boost.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Boost.BoostBho.1, Quarantined, [616104f8f891b482cf890e242ed5e020],

PUP.Optional.Boost.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}, Quarantined, [616104f8f891b482cf890e242ed5e020],

PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636, Quarantined, [932faa523e4b2610ba6712a40af9a858],

PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874, Quarantined, [dae859a3256483b356cbb00615ee728e],

PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [d1f1ea121277f244461a0def15ef18e8],

PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [d8ea6993abde68ce045bb54740c425db],

PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPlyLive, Quarantined, [8a38a95341485dd9dcd890490bf9fd03],

PUP.Optional.DealsPlugin.A, HKLM\SOFTWARE\WOW6432NODE\Deals Plugin Extension, Quarantined, [d9e903f92663c670fc6e03a51be87987],

PUP.Optional.FreeSoftToday.A, HKLM\SOFTWARE\WOW6432NODE\FrEeSoFtOdAy, Quarantined, [18aa827a4a3fe056a8aa6a32cd36b34d],

Adware.EoRezo, HKLM\SOFTWARE\WOW6432NODE\FREESOFTTODAY, Quarantined, [d1f144b80b7e9e9895b206d8f80c14ec],

PUP.Optional.Eorezo.A, HKLM\SOFTWARE\WOW6432NODE\FREE_SOFTTODAY, Quarantined, [00c2b943b7d2999deb858618c142ff01],

PUP.Optional.FreeSoftToday.A, HKLM\SOFTWARE\WOW6432NODE\FREE_SOFT_TODAY, Quarantined, [04bed7251d6c83b3fc1aef0b3bc951af],

PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [1fa3f00c7019989ee651dfe404ff3fc1],

PUP.Optional.IStart123.A, HKLM\SOFTWARE\WOW6432NODE\istart123Software, Quarantined, [279bfc005a2f310590ea99fb699aff01],

PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\PriceMeterLiveUpdate, Quarantined, [546ea55774156bcbbf50d0afd92a837d],

PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, Quarantined, [9b273fbdf19855e13b00708825df06fa],

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, Quarantined, [d1f11ede84050d29a986ddb6ea19dc24],

PUP.Optional.SystemK.A, HKLM\SOFTWARE\WOW6432NODE\SystemK, Quarantined, [a61c4cb05d2cfa3ce91e23751ce7c739],

PUP.Optional.TornTV.A, HKLM\SOFTWARE\WOW6432NODE\Torntv V9.0, Quarantined, [dfe389737910f44249d82c9860a33bc5],

PUP.Optional.VideoMediaPlayer.A, HKLM\SOFTWARE\WOW6432NODE\video MediaPlayer, Quarantined, [932fc13b2465df5700706041c63d837d],

PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\Wajam, Quarantined, [239f5f9db9d00e28d0e4827028dc4eb2],

PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, Quarantined, [576b9a62ec9def4787dca6f518eb7c84],

PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\21636, Quarantined, [f3cfc438830684b260c1d2e430d3a15f],

PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\3874, Quarantined, [b30fec100d7c38fe66bbbbfb8f748f71],

PUP.Optional.Linkury.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}, Quarantined, [02c0b745e3a64de9bfc6f5b4cb38a060],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [4b7747b52a5f68ceb68096654abab848],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [19a914e8444541f5fd3a1ae14abac13f],

PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, Quarantined, [467cad4f2c5d84b288e3acf350b338c8],

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, Quarantined, [00c2a05c06832b0ba28c20731be8b848],

PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK\General, Quarantined, [be0424d87d0c3204d27e31849e65e818],

PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, Quarantined, [f6ccfb01ee9bc076f137aeef81827987],

PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, [5270f00c7811f1451369cdd08083867a],

PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, Quarantined, [0eb43fbd2762c373114b95f330d307f9],

PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [bd05ca3286038fa79bc25434a85bfc04],

PUP.Optional.BlockAndSurf.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, Quarantined, [7e4479833a4f4aec65eec8d0d72cd32d],

PUP.Optional.ClipHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Clip-High_D_06, Quarantined, [1ba77488a0e9171fb4596d3512f1d729],

PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Fraven 1.1, Quarantined, [14ae8c70b1d878be7b061091c93ac33d],

PUP.Optional.PriceGong.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [f6cca25aa3e676c0bdd19ee7689b48b8],

PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, Quarantined, [08ba49b3e8a11d1932bc68540bf819e7],

PUP.Optional.VideoMediaPlayer.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\video MediaPlayer, Quarantined, [af139a62a1e895a13240eeb34bb8619f],

PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [11b187750980ae8800aa2aaf94703ac6],

PUP.Optional.FreeSoftToday.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\freesofttoday, Quarantined, [16accc30a5e4d4628590b04a887c6e92],

PUP.Optional.SmartBar, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarBackup, Quarantined, [e3dfad4fe1a8d95d581cb23e39cb0bf5],

PUP.Optional.SmartBar, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarLog, Quarantined, [1ca629d3f99079bd116270805fa557a9],

PUP.Optional.Softonic.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, Quarantined, [814178846a1fa88e478e2a57798a57a9],

PUP.Optional.WebSearches.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, Quarantined, [1fa30defb4d54de906d7197b53b0f709],

PUP.Optional.SweetIM.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SweetIM, Quarantined, [249ecb310f7a4de9b985cfb17c87b947],

PUP.Optional.SystemK.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SystemK, Quarantined, [853df10bb7d2fc3a5a66c9dae02321df],

PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, Quarantined, [20a22bd1fa8fe65084e48c6fcf35ca36],

PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, Quarantined, [942e21dba6e3ff373320adeb5aa942be],

PUP.Optional.Conduit.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [6f5355a716735bdb7182cfb5d92a1ae6],

PUP.Optional.CrossRider.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [269c42ba4544ab8b95f219d3768e3dc3],

PUP.Optional.MultiIE.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [744ecc30ed9c6dc9e6c19c5954b08779],

PUP.Optional.PriceGong.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [f0d21ce05633a195721c523314efb050],

PUP.Optional.TornTV.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, Quarantined, [13af26d60a7f1e18806e902cce358e72],

PUP.Optional.VideoMediaPlayer.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\video MediaPlayer, Quarantined, [f3cf16e60d7c7eb8cca6b0f1e320e41c],

PUP.Optional.InstallCore.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [d6ecf5070f7a9e98ad9b1ea48d768e72],

PUP.Optional.InstallCore.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [cdf5f10b2564ad89114b964258ac40c0],

PUP.Optional.CrossRider.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636, Quarantined, [b11133c9d1b833030448c1ceaa59f30d],

PUP.Optional.CrossRider.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874, Quarantined, [dde56c9092f7d066a1abc2cd9a691de3],

PUP.Optional.CrossRider.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\enter, Quarantined, [9b27f606b9d087af56776095976d3fc1],

PUP.Optional.CrossRider.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\installdaddy, Quarantined, [89398775abdef3435ee4eceda55f34cc],

PUP.Optional.FastStart.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [586a52aa8aff181ef74ff69abd46e917],

PUP.Optional.SnapDo.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, Quarantined, [f0d28a72b4d577bf0c2611b1ad56e41c],

PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, Quarantined, [2a984fadf1981c1a7d7c4a93ea1a21df],

PUP.Optional.SystemSpeedup, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Quarantined, [ffc39567b8d1c0763f3c653835ced927],

PUP.Optional.Wajam.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM, Quarantined, [5072629abfca092dadf8ae2d1aea4fb1],

Registry Values: 8

PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [576b9a62ec9def4787dca6f518eb7c84]

PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, Quarantined, [467cad4f2c5d84b288e3acf350b338c8],

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, tt4u, Quarantined, [00c2a05c06832b0ba28c20731be8b848]

PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK|browser, ie ff cr, Quarantined, [319121db4c3d23132d24b7fe986b23dd]

PUP.Optional.InstallCore.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 1V2X1Q1R1M1F, Quarantined, [cdf5f10b2564ad89114b964258ac40c0]

PUP.Optional.FastStart.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Quarantined, [586a52aa8aff181ef74ff69abd46e917]

PUP.Optional.SnapDo.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|Publisher, SnapdoTT, Quarantined, [f0d28a72b4d577bf0c2611b1ad56e41c]

PUP.Optional.Wajam.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM|affiliate_id, 2222, Quarantined, [5072629abfca092dadf8ae2d1aea4fb1]

Registry Data: 0

(No malicious items detected)

Folders: 16

PUP.Optional.Radsteroids.A, C:\Users\Alysha\AppData\Local\Radsteroids, Quarantined, [10b241bb0c7d191d952a58eeb053cc34],

PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids, Quarantined, [02c0817b2b5e52e403bdc87e42c1d030],

PUP.Optional.CrossRider.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf, Quarantined, [61616a92404991a5943ccc81da29eb15],

PUP.Optional.FreeSoftToday.A, C:\Users\Alysha\AppData\Local\fst_ca_152, Quarantined, [3e84609c37524bebe0401645669db54b],

PUP.Optional.FreeSoftToday.A, C:\Users\Alysha\AppData\Local\fst_ca_152\fst_ca_152, Quarantined, [3e84609c37524bebe0401645669db54b],

PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo, Quarantined, [903225d7dbaede588e6590d4b64d9d63],

PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}, Quarantined, [477b97657e0b0234930089dd966d847c],

PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\B545B99D64128CA1, Quarantined, [477b97657e0b0234930089dd966d847c],

PUP.Optional.uTorrentBar.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj, Quarantined, [9929807cc6c3c2742cc08bdfe61ddf21],

PUP.Optional.uTorrentBar.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.3.3_0, Quarantined, [9929807cc6c3c2742cc08bdfe61ddf21],

PUP.Optional.uTorrentBar.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.3.3_0\js, Quarantined, [9929807cc6c3c2742cc08bdfe61ddf21],

PUP.Optional.uTorrentBar.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.3.3_0\Media, Quarantined, [9929807cc6c3c2742cc08bdfe61ddf21],

PUP.Optional.uTorrentBar.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.3.3_0\Media\base64, Quarantined, [9929807cc6c3c2742cc08bdfe61ddf21],

PUP.Optional.uTorrentBar.A, C:\Program Files (x86)\uTorrentBar, Quarantined, [7052b14b6029cd6926cd9bcf73909b65],

PUP.Optional.NewPlayer.A, C:\Users\Alysha\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha, Quarantined, [59696a92daaf1c1ae0f7e096f40f0bf5],

PUP.Optional.NewPlayer.A, C:\Users\Alysha\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha\2.1.1.9, Quarantined, [59696a92daaf1c1ae0f7e096f40f0bf5],

Files: 26

PUP.Optional.SnapDo.A, C:\Windows\Installer\7ed7d.msi, Quarantined, [d9e96696256402345280b0f8a75a56aa],

PUP.Optional.VeriStaff, C:\Windows\Installer\7ed82.msi, Quarantined, [635ff00cdfaa96a089f7aeaf9769e41c],

PUP.Optional.QuickStart.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, Quarantined, [7a48e814cabf1026b4082a6818ebc739],

PUP.Optional.Boost.A, C:\Users\Alysha\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\boost@boost.net.xpi, Quarantined, [b90918e4f891c571a1978d0eb44f09f7],

PUP.Optional.SelectNGo.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Quarantined, [b50d98649eeb6fc70c54f2b5966d5ea2],

PUP.Optional.Radsteroids.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d.radsteroids.com_0.localstorage, Quarantined, [358dfb016a1fd2642f216c3edb281ae6],

PUP.Optional.Incredibar.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage, Quarantined, [2a98de1ed0b91a1c76b3fdb372915fa1],

PUP.Optional.Radsteroids.A, C:\Users\Alysha\AppData\Local\Radsteroids\data2.dat, Quarantined, [10b241bb0c7d191d952a58eeb053cc34],

PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\app.dat, Quarantined, [02c0817b2b5e52e403bdc87e42c1d030],

PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\data.dat, Quarantined, [02c0817b2b5e52e403bdc87e42c1d030],

PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\Radsteroids.ico, Quarantined, [02c0817b2b5e52e403bdc87e42c1d030],

PUP.Optional.CrossRider.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\000239.log, Quarantined, [61616a92404991a5943ccc81da29eb15],

PUP.Optional.CrossRider.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\000240.ldb, Quarantined, [61616a92404991a5943ccc81da29eb15],

PUP.Optional.CrossRider.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\CURRENT, Quarantined, [61616a92404991a5943ccc81da29eb15],

PUP.Optional.CrossRider.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\LOCK, Quarantined, [61616a92404991a5943ccc81da29eb15],

PUP.Optional.CrossRider.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\LOG, Quarantined, [61616a92404991a5943ccc81da29eb15],

PUP.Optional.CrossRider.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\LOG.old, Quarantined, [61616a92404991a5943ccc81da29eb15],

PUP.Optional.CrossRider.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\MANIFEST-000237, Quarantined, [61616a92404991a5943ccc81da29eb15],

PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\20120521114549.log, Quarantined, [477b97657e0b0234930089dd966d847c],

PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.dat, Quarantined, [477b97657e0b0234930089dd966d847c],

PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.exe, Quarantined, [477b97657e0b0234930089dd966d847c],

PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.ico, Quarantined, [477b97657e0b0234930089dd966d847c],

PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\TsuDll.dll, Quarantined, [477b97657e0b0234930089dd966d847c],

PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\_Setup.dll, Quarantined, [477b97657e0b0234930089dd966d847c],

PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\_Setupx.dll, Quarantined, [477b97657e0b0234930089dd966d847c],

PUP.Optional.NewPlayer.A, C:\Users\Alysha\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha\2.1.1.9\user.config, Quarantined, [59696a92daaf1c1ae0f7e096f40f0bf5],

Physical Sectors: 0

(No malicious items detected)

(end)

C:\FRST\Quarantine\C\Program Files\Web Assistant\source.crx.xBAD Win32/Toolbar.Perion.K potentially unwanted application

C:\FRST\Quarantine\C\Program Files\Web Assistant\Firefox\chrome\content\main.js Win32/Toolbar.Perion.K potentially unwanted application

C:\FRST\Quarantine\C\Program Files\Web Assistant\Web Assistant\DGChrome.exe a variant of Win32/Toolbar.Perion.J potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\Helper.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\Internet Explorer Settings.exe a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\syskldr.dll a variant of Win32/Toolbar.SearchSuite.S potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\syskldr_u.dll a variant of Win32/Toolbar.SearchSuite.S potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemk.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemkbho.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemkChrome.dll a variant of Win32/AdWare.Bandoo.AE application

C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemkmgrc1.cfg Win32/AdWare.Bandoo.AF application

C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\SystemkService.exe a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemku.exe a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\tbicon.exe a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\Internet Explorer Settings.exe a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\syskldr.dll a variant of Win64/Toolbar.SearchSuite.C potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\syskldr_u.dll a variant of Win64/Toolbar.SearchSuite.C potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\systemk.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\systemkbho.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg a variant of Win64/Adware.Bandoo.B application

C:\FRST\Quarantine\C\Program Files (x86)\video MediaPlayer\360-59599.crx JS/Toolbar.Crossrider.B potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\video MediaPlayer\59599.crx JS/Toolbar.Crossrider.B potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\video MediaPlayer\59599.xpi JS/Toolbar.Crossrider.B potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\video MediaPlayer\5d2076bc-d559-4c68-aca0-29a2e5982b96.crx JS/Toolbar.Crossrider.B potentially unwanted application

C:\FRST\Quarantine\C\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\jflocljnfndnnnlmfaamgbkbibnfmlkf\12242.8797.4551_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application

C:\Program Files\Adware-Removal-Tool\ARTP3.exe MSIL/FakeTool.PS trojan

C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\Extensions\cghglbggfogikpminlhbocmmbkppikhf\16486.3041.8795_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application

C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\Extensions\jflocljnfndnnnlmfaamgbkbibnfmlkf\12242.8797.4551_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application

C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\File System\003\t\00\00000000 a variant of Win32/SoftPulse.F potentially unwanted application

C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\File System\004\t\00\00000000 Win32/AdWare.1ClickDownload.AT application

C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\File System\005\t\00\00000001 a variant of Win32/SoftPulse.F potentially unwanted application

C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application

C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application

C:\Users\Alysha\.frostwire5\updates\frostwire-5.7.4.windows.coc.premium.exe a variant of Win32/OpenCandy.C potentially unsafe application

C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkhoffneejdanaohepnipfcpolocgbjp\121\uEanKrj.js Win32/Adware.MultiPlug.EB application

C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciaaiedhdplbckgciamhkoejibpoegke\232\emxfo.js Win32/Adware.MultiPlug.EB application

C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.24_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application

C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehpabhmfaobjofbklnedfageenjifadk\210\ANwOvMnH0PqI.js Win32/Adware.MultiPlug.EB application

C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application

C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fijmkohfdgdeoojkklkidejooijnfbdp\6.1\O228adIsA.js JS/Kryptik.ATB trojan

C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm\165\AhlzMppM.js JS/Kryptik.ATB trojan

C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpalmfangdjjgfegljeemahmmpnpimga\3.1\BzmpX.js Win32/Adware.MultiPlug.EB application

C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmlpbkpknjcnfabomjkecmkigcphgomk\137\BdW.js Win32/Adware.MultiPlug.EB application

C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.86_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application

C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ollfjiihaphmpjemfhmkngaajbdblbkb\250\L7BIXI3Kwt6.js Win32/Adware.MultiPlug.EB application

C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cghglbggfogikpminlhbocmmbkppikhf\16486.3041.8795_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application

C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000 a variant of Win32/SoftPulse.F potentially unwanted application

C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000 Win32/AdWare.1ClickDownload.AT application

C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000001 a variant of Win32/SoftPulse.F potentially unwanted application

C:\Users\Alysha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application

C:\Users\Alysha\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar Win32/Toolbar.Conduit potentially unwanted application

C:\Users\Alysha\Documents\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application

C:\Users\Alysha\Documents\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

C:\Users\Alysha\Downloads\ReimageRepair(1).exe Win32/Toolbar.Babylon.T potentially unwanted application

C:\Users\Alysha\Downloads\ReimageRepair(2).exe Win32/Toolbar.Babylon.T potentially unwanted application

C:\Users\Alysha\Downloads\ReimageRepair.exe Win32/Toolbar.Babylon.T potentially unwanted application

C:\Users\Alysha\Downloads\E1A0tmp\speedupmypc.exe Win32/SpeedUpMyPC.A potentially unwanted application

C:\Users\Alysha\Downloads\E24Dtmp\cloud_backup_setup.exe Win32/MyPCBackup.A potentially unwanted application

C:\Users\Alysha\Downloads\E347tmp\msiinstaller.msi Win32/Toolbar.Linkury.D potentially unwanted application

C:\Users\Alysha\Downloads\E8F3tmp\setup.exe Win32/Packed.ScrambleWrapper.M potentially unwanted application

C:\Users\Alysha\Downloads\F0A2tmp\setup.exe Win32/Packed.ScrambleWrapper.M potentially unwanted application

C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application

C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application

C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application

C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application

C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application

C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application

C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application

C:\Users\Public\Downloads\RCTycoon3_Platinum-dm.exe a variant of Win32/Adware.Trymedia.A potentially unwanted application

C:\Users\Public\Downloads\RollerCoasterTycoon2-dm.exe a variant of Win32/Adware.Trymedia.A potentially unwanted application

C:\Windows\Installer\MSID307.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

ComboFix 15-01-28.01 - Alysha 28/01/2015 23:52:29.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3687.1483 [GMT -5:00]

Running from: c:\users\Alysha\Desktop\ComboFix.exe

AV: Bitdefender Antivirus Free Edition *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}

SP: Bitdefender Antivirus Free Edition *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\LILC1E9.tmp

C:\LILC1F9.tmp

C:\LILC1FA.tmp

C:\LILC218.tmp

c:\programdata\1422267081.bdinstall.bin

c:\programdata\1422267390.3196.bin

c:\programdata\1422267390.4124.bin

c:\programdata\1422267727.bdinstall.bin

c:\programdata\1422268728.bdinstall.bin

c:\programdata\1422268733.bdinstall.bin

c:\programdata\1422268980.bdinstall.bin

c:\programdata\1422268984.bdinstall.bin

c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb

c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html

c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js

c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js

c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json

c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkhoffneejdanaohepnipfcpolocgbjp

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkhoffneejdanaohepnipfcpolocgbjp\121\background.html

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkhoffneejdanaohepnipfcpolocgbjp\121\content.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkhoffneejdanaohepnipfcpolocgbjp\121\lsdb.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkhoffneejdanaohepnipfcpolocgbjp\121\manifest.json

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkhoffneejdanaohepnipfcpolocgbjp\121\uEanKrj.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciaaiedhdplbckgciamhkoejibpoegke

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciaaiedhdplbckgciamhkoejibpoegke\232\background.html

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciaaiedhdplbckgciamhkoejibpoegke\232\content.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciaaiedhdplbckgciamhkoejibpoegke\232\emxfo.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciaaiedhdplbckgciamhkoejibpoegke\232\lsdb.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciaaiedhdplbckgciamhkoejibpoegke\232\manifest.json

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehpabhmfaobjofbklnedfageenjifadk

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehpabhmfaobjofbklnedfageenjifadk\210\ANwOvMnH0PqI.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehpabhmfaobjofbklnedfageenjifadk\210\background.html

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehpabhmfaobjofbklnedfageenjifadk\210\content.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehpabhmfaobjofbklnedfageenjifadk\210\lsdb.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehpabhmfaobjofbklnedfageenjifadk\210\manifest.json

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fijmkohfdgdeoojkklkidejooijnfbdp

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fijmkohfdgdeoojkklkidejooijnfbdp\6.1\background.html

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fijmkohfdgdeoojkklkidejooijnfbdp\6.1\content.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fijmkohfdgdeoojkklkidejooijnfbdp\6.1\lsdb.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fijmkohfdgdeoojkklkidejooijnfbdp\6.1\manifest.json

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fijmkohfdgdeoojkklkidejooijnfbdp\6.1\O228adIsA.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm\165\AhlzMppM.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm\165\background.html

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm\165\content.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm\165\lsdb.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm\165\manifest.json

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpalmfangdjjgfegljeemahmmpnpimga

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpalmfangdjjgfegljeemahmmpnpimga\3.1\background.html

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpalmfangdjjgfegljeemahmmpnpimga\3.1\BzmpX.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpalmfangdjjgfegljeemahmmpnpimga\3.1\content.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpalmfangdjjgfegljeemahmmpnpimga\3.1\lsdb.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpalmfangdjjgfegljeemahmmpnpimga\3.1\manifest.json

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmlpbkpknjcnfabomjkecmkigcphgomk

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmlpbkpknjcnfabomjkecmkigcphgomk\137\background.html

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmlpbkpknjcnfabomjkecmkigcphgomk\137\BdW.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmlpbkpknjcnfabomjkecmkigcphgomk\137\content.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmlpbkpknjcnfabomjkecmkigcphgomk\137\lsdb.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmlpbkpknjcnfabomjkecmkigcphgomk\137\manifest.json

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ollfjiihaphmpjemfhmkngaajbdblbkb

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ollfjiihaphmpjemfhmkngaajbdblbkb\250\background.html

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ollfjiihaphmpjemfhmkngaajbdblbkb\250\content.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ollfjiihaphmpjemfhmkngaajbdblbkb\250\L7BIXI3Kwt6.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ollfjiihaphmpjemfhmkngaajbdblbkb\250\lsdb.js

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ollfjiihaphmpjemfhmkngaajbdblbkb\250\manifest.json

c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Preferences

c:\users\Alysha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb

c:\users\Alysha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html

c:\users\Alysha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js

c:\users\Alysha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js

c:\users\Alysha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json

c:\users\Alysha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js

c:\users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bkhoffneejdanaohepnipfcpolocgbjp_0.localstorage

c:\users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ciaaiedhdplbckgciamhkoejibpoegke_0.localstorage

c:\users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehpabhmfaobjofbklnedfageenjifadk_0.localstorage

c:\users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Preferences

c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb

c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html

c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js

c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js

c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json

c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js

c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb

c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html

c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js

c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js

c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb

c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html

c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js

c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js

c:\windows\isRS-000.tmp

.

.

((((((((((((((((((((((((( Files Created from 2014-12-28 to 2015-01-29 )))))))))))))))))))))))))))))))

.

.

2015-01-29 05:05 . 2015-01-29 05:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2015-01-28 07:45 . 2015-01-28 07:45 6000640 ----a-w- c:\program files (x86)\GUT9246.tmp

2015-01-28 07:45 . 2015-01-28 07:45 -------- d-----w- c:\program files (x86)\GUM9245.tmp

2015-01-28 03:25 . 2015-01-28 03:25 -------- d-----w- c:\program files (x86)\ESET

2015-01-28 02:47 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe

2015-01-28 02:47 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2015-01-27 01:32 . 2015-01-27 01:32 -------- d-----w- c:\program files (x86)\VS Revo Group

2015-01-26 11:57 . 2015-01-28 02:34 -------- d-----w- C:\FRST

2015-01-26 11:42 . 2015-01-26 11:42 -------- d-----w- c:\users\Alysha\AppData\Local\Macromedia

2015-01-26 10:47 . 2015-01-26 10:47 -------- d-----w- c:\users\Alysha\AppData\Local\Rainmaker_Software_Group_

2015-01-26 10:47 . 2015-01-26 10:47 -------- d-----w- c:\windows\ERUNT

2015-01-26 10:47 . 2015-01-26 10:47 -------- d-----w- c:\users\Alysha\AppData\Roaming\Rainmaker Software Group LLC.?

2015-01-26 10:39 . 2013-04-22 18:21 148696 ----a-w- c:\windows\system32\drivers\gzflt.sys

2015-01-26 10:39 . 2013-04-17 19:59 718840 ----a-w- c:\windows\system32\drivers\avc3.sys

2015-01-26 10:23 . 2012-11-02 19:17 261056 ----a-w- c:\windows\system32\drivers\SETCFEB.tmp

2015-01-26 10:22 . 2013-04-17 19:59 593144 ----a-w- c:\windows\system32\drivers\avckf.sys

2015-01-26 10:22 . 2015-01-26 10:23 -------- d-----w- c:\program files\Bitdefender

2015-01-26 10:22 . 2013-05-28 17:12 382536 ----a-w- c:\windows\system32\drivers\trufos.sys

2015-01-26 10:13 . 2015-01-26 10:13 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2015-01-26 10:11 . 2015-01-26 10:11 -------- d-----w- c:\users\Alysha\AppData\Roaming\QuickScan

2015-01-26 09:53 . 2015-01-26 09:53 43664 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys

2015-01-26 09:03 . 2015-01-26 09:03 -------- d-----w- c:\program files\HitmanPro

2015-01-26 09:03 . 2015-01-26 09:51 -------- d-----w- c:\programdata\HitmanPro

2015-01-26 09:01 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll

2015-01-26 09:01 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll

2015-01-26 08:21 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe

2015-01-26 08:21 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe

2015-01-26 08:21 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll

2015-01-26 08:21 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe

2015-01-26 08:21 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll

2015-01-26 08:21 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll

2015-01-26 08:21 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll

2015-01-26 08:21 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe

2015-01-26 08:21 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll

2015-01-26 08:21 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll

2015-01-26 02:55 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL

2015-01-26 02:55 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL

2015-01-26 02:55 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL

2015-01-26 02:55 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL

2015-01-26 02:55 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL

2015-01-26 02:55 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL

2015-01-26 02:55 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL

2015-01-26 02:46 . 2015-01-26 02:46 -------- d-----w- c:\users\Default\AppData\Roaming\AVG2012

2015-01-26 02:46 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll

2015-01-26 02:46 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll

2015-01-26 02:45 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll

2015-01-26 02:45 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll

2015-01-26 02:45 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll

2015-01-26 02:45 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2015-01-26 02:45 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll

2015-01-26 02:45 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll

2015-01-26 02:45 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll

2015-01-26 02:45 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll

2015-01-26 02:45 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll

2015-01-26 02:45 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll

2015-01-26 02:45 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll

2015-01-26 02:40 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll

2015-01-26 02:40 . 2014-10-14 02:09 146432 ----a-w- c:\windows\system32\msaudite.dll

2015-01-26 02:40 . 2014-10-14 02:07 681984 ----a-w- c:\windows\system32\adtschema.dll

2015-01-26 02:40 . 2014-10-14 01:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll

2015-01-26 02:40 . 2014-10-14 01:46 681984 ----a-w- c:\windows\SysWow64\adtschema.dll

2015-01-26 02:40 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll

2015-01-26 02:40 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll

2015-01-26 02:40 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2015-01-26 02:39 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys

2015-01-26 02:39 . 2014-11-11 03:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

2015-01-26 02:39 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2015-01-26 02:39 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll

2015-01-26 02:39 . 2014-08-21 06:40 2048 ----a-w- c:\windows\system32\msxml3r.dll

2015-01-26 02:39 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll

2015-01-26 02:39 . 2014-08-21 06:23 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll

2015-01-26 02:35 . 2014-11-11 01:46 119296 ----a-w- c:\windows\system32\drivers\tdx.sys

2015-01-26 02:33 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL

2015-01-26 02:33 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL

2015-01-26 02:33 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe

2015-01-26 02:29 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll

2015-01-26 02:29 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll

2015-01-26 02:29 . 2014-10-14 02:12 1460736 ----a-w- c:\windows\system32\lsasrv.dll

2015-01-26 02:29 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll

2015-01-26 02:29 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll

2015-01-26 02:29 . 2014-10-14 02:16 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2015-01-26 02:29 . 2014-10-14 01:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2015-01-26 02:29 . 2014-10-14 01:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2015-01-26 02:28 . 2014-10-03 02:12 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll

2015-01-26 02:28 . 2014-10-03 02:11 284672 ----a-w- c:\windows\system32\EncDump.dll

2015-01-26 02:28 . 2014-10-03 02:11 680960 ----a-w- c:\windows\system32\audiosrv.dll

2015-01-26 02:28 . 2014-10-03 02:11 440832 ----a-w- c:\windows\system32\AudioEng.dll

2015-01-26 02:28 . 2014-10-03 02:11 296448 ----a-w- c:\windows\system32\AudioSes.dll

2015-01-26 02:28 . 2014-10-03 01:44 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll

2015-01-26 02:28 . 2014-10-03 01:44 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll

2015-01-26 02:28 . 2014-10-03 01:44 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll

2015-01-26 02:28 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll

2015-01-26 02:26 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe

2015-01-26 02:25 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll

2015-01-26 02:25 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll

2015-01-26 02:25 . 2014-07-17 02:07 235520 ----a-w- c:\windows\system32\winsta.dll

2015-01-26 02:25 . 2014-07-17 02:07 150528 ----a-w- c:\windows\system32\rdpcorekmts.dll

2015-01-26 02:25 . 2014-07-17 02:07 455168 ----a-w- c:\windows\system32\winlogon.exe

2015-01-26 02:25 . 2014-07-17 01:40 157696 ----a-w- c:\windows\SysWow64\winsta.dll

2015-01-26 02:25 . 2014-07-17 01:21 212480 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2015-01-26 02:25 . 2014-07-17 01:21 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2015-01-26 02:24 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys

2015-01-26 02:13 . 2015-01-26 07:47 290304 ----a-w- c:\windows\SysWow64\subinacl.exe

2015-01-26 02:11 . 2015-01-26 07:47 -------- d-----w- c:\program files\Adware-Removal-Tool

2015-01-26 02:11 . 2015-01-26 02:11 -------- d-----w- c:\program files\Common Files\Microsoft

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-01-28 07:38 . 2014-08-14 03:53 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2015-01-27 13:19 . 2014-05-12 03:31 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2015-01-27 13:19 . 2014-05-12 03:31 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2015-01-26 10:28 . 2012-05-21 20:09 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2015-01-26 09:26 . 2012-05-21 20:10 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2015-01-26 09:24 . 2012-05-21 20:09 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2014-12-31 18:12 . 2011-12-02 17:54 113365784 ----a-w- c:\windows\system32\MRT.exe

2014-11-21 11:14 . 2014-08-14 03:51 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-11-21 11:14 . 2014-08-14 03:51 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-11-21 11:14 . 2014-08-14 03:51 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-11-18 19:56 . 2014-11-18 19:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-27 152392]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]

R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]

R4 gzserv;Bitdefender Antivirus Free Edition;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe [x]

R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]

S1 bdfwfpf;bdfwfpf;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]

S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]

S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2015-01-28 12:55 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.93\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2015-01-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-12 13:19]

.

2015-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20 12:44]

.

2015-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20 12:44]

.

2015-01-28 c:\windows\Tasks\HP Photo Creations Communicator.job

- c:\programdata\HP Photo Creations\Communicator.exe [2013-06-14 07:51]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"InstallerLauncher"="c:\program files\Bitdefender\Antivirus Free Edition\Install\setuplauncher.exe" [2013-03-25 815600]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Bar = hxxp://www.google.com

uSearchAssistant = hxxp://www.google.com

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{FBBEAC93-8E3C-4DD8-9233-68E2B41BD304}: DhcpNameServer = 209.91.107.11 209.121.225.11

FF - ProfilePath - c:\users\Alysha\AppData\Roaming\Mozilla\Firefox\Profiles\snkgi2ip.default-1422257803235\

FF - prefs.js: browser.startup.homepage - www.google.com

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-RegClean Pro_is1 - c:\program files (x86)\RegClean Pro\unins000.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1580903306-1420406646-1734795358-1000\Software\SecuROM\License information*]

"datasecu"=hex:a7,71,e4,ca,62,eb,8b,4b,cc,51,c0,43,1c,a0,ad,1e,7c,6e,1a,47,cb,

e4,ca,75,89,d5,8a,98,4e,00,17,50,53,0e,b1,30,9c,15,7c,ad,52,e6,9b,07,00,1b,\

"rkeysecu"=hex:16,10,e2,58,a5,5e,44,8d,31,7c,e7,f0,6b,e5,ac,e8

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.16"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2015-01-29 00:09:06

ComboFix-quarantined-files.txt 2015-01-29 05:09

.

Pre-Run: 305,313,292,288 bytes free

Post-Run: 304,907,628,544 bytes free

.

- - End Of File - - 370EFF446A86E109F547A98C556ED92A

5B5E648D12FCADC244C1EC30318E1EB9

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015

Ran by Alysha (administrator) on ALYSHA-PC on 31-01-2015 00:27:20

Running from C:\Users\Alysha\Downloads

Loaded Profiles: Alysha (Available profiles: Alysha)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2013-08-30] (Synaptics Incorporated)

HKLM\...\Run: [InstallerLauncher] => C:\Program Files\Bitdefender\Antivirus Free Edition\Install\Installer.exe [567888 2013-09-04] (Bitdefender)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF ProfilePath: C:\Users\Alysha\AppData\Roaming\Mozilla\Firefox\Profiles\snkgi2ip.default-1422257803235

FF DefaultSearchEngine: Google

FF Homepage: www.google.com

FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome:

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Docs) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-26]

CHR Extension: (Google Drive) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-26]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]

CHR Extension: (YouTube) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-26]

CHR Extension: (Fraven 1.1) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cghglbggfogikpminlhbocmmbkppikhf [2014-07-05]

CHR Extension: (Google Search) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-26]

CHR Extension: (Google Wallet) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]

CHR Extension: (Gmail) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

S4 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)

S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-05-21] ()

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)

S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)

R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)

S4 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)

S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-01-26] ()

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-05-21] ()

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-28] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]

R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]

S3 RTL8192Ce; system32\DRIVERS\rtl8192Ce.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 00:27 - 2015-01-31 00:27 - 00000000 ____D () C:\Users\Alysha\Downloads\FRST-OlderVersion

2015-01-29 00:14 - 2015-01-29 00:14 - 00000000 __SHD () C:\Users\Alysha\AppData\Local\EmieBrowserModeList

2015-01-29 00:09 - 2015-01-29 00:09 - 00043880 _____ () C:\ComboFix.txt

2015-01-28 23:48 - 2015-01-29 00:09 - 00000000 ____D () C:\Qoobox

2015-01-28 23:48 - 2015-01-29 00:06 - 00000000 ____D () C:\windows\erdnt

2015-01-28 23:48 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe

2015-01-28 23:48 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe

2015-01-28 23:48 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe

2015-01-28 23:48 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe

2015-01-28 23:48 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe

2015-01-28 23:48 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe

2015-01-28 23:48 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe

2015-01-28 23:48 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe

2015-01-28 23:46 - 2015-01-28 23:47 - 05610841 ____R (Swearware) C:\Users\Alysha\Desktop\ComboFix.exe

2015-01-28 02:45 - 2015-01-28 02:45 - 06000640 _____ () C:\Program Files (x86)\GUT9246.tmp

2015-01-28 02:45 - 2015-01-28 02:45 - 00000000 ____D () C:\Program Files (x86)\GUM9245.tmp

2015-01-28 01:20 - 2015-01-28 01:20 - 00011600 _____ () C:\Users\Alysha\Desktop\eset.txt

2015-01-27 22:42 - 2015-01-27 22:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-01-27 22:25 - 2015-01-27 22:25 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-01-27 22:23 - 2015-01-27 22:24 - 02347384 _____ (ESET) C:\Users\Alysha\Downloads\esetsmartinstaller_enu.exe

2015-01-27 21:47 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2015-01-27 21:47 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2015-01-26 20:32 - 2015-01-26 20:32 - 00001239 _____ () C:\Users\Alysha\Desktop\Revo Uninstaller.lnk

2015-01-26 20:32 - 2015-01-26 20:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2015-01-26 20:31 - 2015-01-26 20:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Alysha\Downloads\revosetup.exe

2015-01-26 09:15 - 2015-01-26 09:15 - 00458536 _____ () C:\windows\Minidump\012615-36597-01.dmp

2015-01-26 07:40 - 2015-01-26 07:40 - 00000000 ____D () C:\Users\Alysha\Desktop\tdsskiller

2015-01-26 07:38 - 2015-01-26 07:39 - 04176437 _____ () C:\Users\Alysha\Desktop\tdsskiller.zip

2015-01-26 07:35 - 2015-01-26 07:35 - 00000935 _____ () C:\Users\Alysha\Desktop\ark.txt

2015-01-26 07:19 - 2015-01-26 07:19 - 00380416 _____ () C:\Users\Alysha\Downloads\ye5644gt.exe

2015-01-26 06:59 - 2015-01-26 06:59 - 00022362 _____ () C:\Users\Alysha\Downloads\Addition.txt

2015-01-26 06:57 - 2015-01-31 00:27 - 00011560 _____ () C:\Users\Alysha\Downloads\FRST.txt

2015-01-26 06:57 - 2015-01-31 00:27 - 00000000 ____D () C:\FRST

2015-01-26 06:55 - 2015-01-31 00:27 - 02130432 _____ (Farbar) C:\Users\Alysha\Downloads\FRST64.exe

2015-01-26 06:42 - 2015-01-26 06:42 - 00000000 ____D () C:\Users\Alysha\AppData\Local\Macromedia

2015-01-26 06:19 - 2015-01-26 06:19 - 00020339 _____ () C:\Users\Alysha\Desktop\JRT.txt

2015-01-26 05:47 - 2015-01-26 05:47 - 00000000 ____D () C:\windows\ERUNT

2015-01-26 05:47 - 2015-01-26 05:47 - 00000000 ____D () C:\Users\Alysha\AppData\Roaming\Rainmaker Software Group LLC.​

2015-01-26 05:47 - 2015-01-26 05:47 - 00000000 ____D () C:\Users\Alysha\AppData\Local\Rainmaker_Software_Group_

2015-01-26 05:46 - 2015-01-26 05:46 - 01707939 _____ (Thisisu) C:\Users\Alysha\Downloads\JRT(1).exe

2015-01-26 05:44 - 2015-01-26 05:45 - 00236392 _____ () C:\Users\Alysha\Downloads\JRT.exe

2015-01-26 05:39 - 2015-01-26 05:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition

2015-01-26 05:39 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\windows\system32\Drivers\gzflt.sys

2015-01-26 05:39 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\windows\system32\Drivers\avc3.sys

2015-01-26 05:24 - 2015-01-26 05:31 - 00002842 _____ () C:\windows\system32\lic2.xml24801

2015-01-26 05:23 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\windows\system32\Drivers\SETCFEB.tmp

2015-01-26 05:22 - 2015-01-26 05:23 - 00000000 ____D () C:\Program Files\Bitdefender

2015-01-26 05:22 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys

2015-01-26 05:22 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\windows\system32\Drivers\avckf.sys

2015-01-26 05:13 - 2015-01-26 05:13 - 00000000 ____D () C:\windows\SysWOW64\Drivers\AVG

2015-01-26 05:11 - 2015-01-26 05:11 - 00000000 ____D () C:\Users\Alysha\AppData\Roaming\QuickScan

2015-01-26 04:53 - 2015-01-26 04:53 - 00043664 _____ () C:\windows\system32\Drivers\hitmanpro37.sys

2015-01-26 04:49 - 2015-01-26 04:49 - 00006616 _____ () C:\windows\system32\.crusader

2015-01-26 04:20 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2015-01-26 04:20 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2015-01-26 04:20 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2015-01-26 04:20 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2015-01-26 04:20 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2015-01-26 04:20 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2015-01-26 04:20 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2015-01-26 04:20 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2015-01-26 04:20 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2015-01-26 04:20 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll

2015-01-26 04:20 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2015-01-26 04:20 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2015-01-26 04:20 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2015-01-26 04:20 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2015-01-26 04:20 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2015-01-26 04:20 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2015-01-26 04:20 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2015-01-26 04:20 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2015-01-26 04:20 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2015-01-26 04:20 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2015-01-26 04:20 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2015-01-26 04:20 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2015-01-26 04:20 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2015-01-26 04:20 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2015-01-26 04:20 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2015-01-26 04:20 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll

2015-01-26 04:20 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2015-01-26 04:20 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll

2015-01-26 04:20 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2015-01-26 04:20 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2015-01-26 04:20 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2015-01-26 04:20 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2015-01-26 04:20 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2015-01-26 04:20 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2015-01-26 04:20 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2015-01-26 04:20 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2015-01-26 04:20 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2015-01-26 04:20 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2015-01-26 04:20 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2015-01-26 04:20 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-01-26 04:20 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2015-01-26 04:20 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2015-01-26 04:20 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2015-01-26 04:20 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2015-01-26 04:20 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2015-01-26 04:20 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2015-01-26 04:20 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2015-01-26 04:20 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll

2015-01-26 04:20 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2015-01-26 04:20 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2015-01-26 04:20 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2015-01-26 04:20 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2015-01-26 04:20 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2015-01-26 04:20 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2015-01-26 04:03 - 2015-01-26 04:51 - 00000000 ____D () C:\ProgramData\HitmanPro

2015-01-26 04:03 - 2015-01-26 04:03 - 00000000 ____D () C:\Program Files\HitmanPro

2015-01-26 04:01 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll

2015-01-26 04:01 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll

2015-01-26 03:21 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll

2015-01-26 03:21 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll

2015-01-26 03:21 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll

2015-01-26 03:21 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe

2015-01-26 03:21 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe

2015-01-26 03:21 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll

2015-01-26 03:21 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll

2015-01-26 03:21 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe

2015-01-26 03:21 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe

2015-01-26 03:21 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll

2015-01-26 02:05 - 2015-01-26 02:05 - 00003108 _____ () C:\windows\System32\Tasks\{0292252A-A284-4587-B3D6-522A7A44213A}

2015-01-26 01:20 - 2015-01-26 01:20 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-25 21:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL

2015-01-25 21:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL

2015-01-25 21:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL

2015-01-25 21:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL

2015-01-25 21:55 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL

2015-01-25 21:55 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL

2015-01-25 21:55 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL

2015-01-25 21:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL

2015-01-25 21:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL

2015-01-25 21:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL

2015-01-25 21:55 - 2014-07-08 17:38 - 00419992 _____ () C:\windows\system32\locale.nls

2015-01-25 21:55 - 2014-07-08 17:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls

2015-01-25 21:46 - 2015-01-25 21:46 - 00000000 ____D () C:\Users\Default\AppData\Roaming\AVG2012

2015-01-25 21:46 - 2015-01-25 21:46 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\AVG2012

2015-01-25 21:46 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll

2015-01-25 21:46 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll

2015-01-25 21:45 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll

2015-01-25 21:45 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll

2015-01-25 21:45 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll

2015-01-25 21:45 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll

2015-01-25 21:45 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll

2015-01-25 21:45 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll

2015-01-25 21:45 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll

2015-01-25 21:45 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll

2015-01-25 21:45 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll

2015-01-25 21:45 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll

2015-01-25 21:45 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll

2015-01-25 21:40 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll

2015-01-25 21:40 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll

2015-01-25 21:40 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll

2015-01-25 21:40 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll

2015-01-25 21:40 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll

2015-01-25 21:40 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll

2015-01-25 21:40 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll

2015-01-25 21:40 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll

2015-01-25 21:39 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys

2015-01-25 21:39 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll

2015-01-25 21:39 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll

2015-01-25 21:39 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll

2015-01-25 21:39 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll

2015-01-25 21:39 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll

2015-01-25 21:39 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll

2015-01-25 21:35 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys

2015-01-25 21:33 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe

2015-01-25 21:33 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL

2015-01-25 21:33 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL

2015-01-25 21:29 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2015-01-25 21:29 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll

2015-01-25 21:29 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll

2015-01-25 21:29 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll

2015-01-25 21:29 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys

2015-01-25 21:29 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2015-01-25 21:29 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll

2015-01-25 21:29 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

2015-01-25 21:28 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll

2015-01-25 21:28 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll

2015-01-25 21:28 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll

2015-01-25 21:28 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll

2015-01-25 21:28 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll

2015-01-25 21:28 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll

2015-01-25 21:28 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll

2015-01-25 21:28 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll

2015-01-25 21:28 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll

2015-01-25 21:27 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe

2015-01-25 21:27 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe

2015-01-25 21:27 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll

2015-01-25 21:27 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll

2015-01-25 21:27 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll

2015-01-25 21:27 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll

2015-01-25 21:27 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe

2015-01-25 21:27 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll

2015-01-25 21:27 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll

2015-01-25 21:27 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll

2015-01-25 21:27 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll

2015-01-25 21:27 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe

2015-01-25 21:27 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll

2015-01-25 21:27 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll

2015-01-25 21:26 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2015-01-25 21:26 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll

2015-01-25 21:26 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe

2015-01-25 21:26 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll

2015-01-25 21:26 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe

2015-01-25 21:26 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe

2015-01-25 21:26 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll

2015-01-25 21:26 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll

2015-01-25 21:26 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll

2015-01-25 21:26 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll

2015-01-25 21:26 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll

2015-01-25 21:26 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll

2015-01-25 21:26 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll

2015-01-25 21:26 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll

2015-01-25 21:26 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll

2015-01-25 21:26 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll

2015-01-25 21:26 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll

2015-01-25 21:26 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll

2015-01-25 21:26 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll

2015-01-25 21:26 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll

2015-01-25 21:26 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll

2015-01-25 21:25 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll

2015-01-25 21:25 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll

2015-01-25 21:25 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe

2015-01-25 21:25 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll

2015-01-25 21:25 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll

2015-01-25 21:25 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll

2015-01-25 21:25 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys

2015-01-25 21:25 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys

2015-01-25 21:24 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2015-01-25 21:13 - 2015-01-26 02:47 - 00290304 _____ (Microsoft Corporation) C:\windows\SysWOW64\subinacl.exe

2015-01-25 21:11 - 2015-01-26 02:47 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool

2015-01-25 20:51 - 2015-01-26 05:10 - 00000000 ____D () C:\Users\Alysha\Desktop\Cleaners

2015-01-25 20:50 - 2015-01-25 20:52 - 00000000 ____D () C:\Users\Alysha\Desktop\Games

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 00:24 - 2011-10-20 13:02 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-31 00:24 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2015-01-31 00:24 - 2009-07-13 23:51 - 00104990 _____ () C:\windows\setupact.log

2015-01-30 14:48 - 2011-10-20 06:24 - 01604276 _____ () C:\windows\WindowsUpdate.log

2015-01-30 14:17 - 2014-05-11 22:31 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2015-01-30 14:08 - 2013-06-14 02:52 - 00000340 _____ () C:\windows\Tasks\HP Photo Creations Communicator.job

2015-01-30 13:49 - 2011-10-20 13:02 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-30 00:47 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-30 00:47 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-30 00:45 - 2009-07-14 00:13 - 00781790 _____ () C:\windows\system32\PerfStringBackup.INI

2015-01-30 00:40 - 2010-11-20 22:47 - 00368736 _____ () C:\windows\PFRO.log

2015-01-29 00:09 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default

2015-01-29 00:05 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini

2015-01-28 07:44 - 2011-10-20 13:02 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-01-28 07:44 - 2011-10-20 13:02 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-01-28 05:41 - 2014-08-10 20:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-01-28 02:38 - 2014-08-13 22:53 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-28 01:57 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache

2015-01-27 22:14 - 2014-07-07 15:55 - 00000000 ____D () C:\Users\Alysha\AppData\Local\com

2015-01-27 22:14 - 2012-05-21 12:45 - 00000000 ____D () C:\ProgramData\InstallMate

2015-01-27 21:36 - 2014-05-24 15:32 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2015-01-27 21:31 - 2009-07-13 22:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy

2015-01-27 08:19 - 2014-05-11 22:31 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2015-01-27 08:19 - 2014-05-11 22:31 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-27 08:19 - 2014-05-11 22:31 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

2015-01-26 19:46 - 2014-05-12 00:51 - 00000102 _____ () C:\Users\Alysha\AppData\Roaming\WB.CFG

2015-01-26 09:15 - 2013-08-07 22:58 - 00000000 ____D () C:\windows\Minidump

2015-01-26 09:14 - 2013-08-27 18:19 - 456600548 _____ () C:\windows\MEMORY.DMP

2015-01-26 07:14 - 2011-12-03 03:21 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-01-26 05:17 - 2011-12-03 04:34 - 00000000 ____D () C:\ProgramData\AVG2012

2015-01-26 05:15 - 2011-12-03 04:01 - 00000000 ____D () C:\ProgramData\MFAData

2015-01-26 05:13 - 2011-12-03 11:17 - 00000000 ____D () C:\$AVG

2015-01-26 05:08 - 2013-06-19 21:23 - 00000000 ____D () C:\Users\Alysha\AppData\Roaming\Nico Mak Computing

2015-01-26 04:51 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions

2015-01-26 04:22 - 2013-07-19 04:00 - 00000000 ____D () C:\windows\system32\MRT

2015-01-26 03:51 - 2009-07-13 23:45 - 00340936 _____ () C:\windows\system32\FNTCACHE.DAT

2015-01-26 03:22 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF

2015-01-26 02:11 - 2014-08-10 20:25 - 00001162 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-01-26 02:01 - 2011-10-20 13:02 - 00000000 ____D () C:\Program Files\Google

2015-01-26 02:01 - 2011-10-20 13:02 - 00000000 ____D () C:\Program Files (x86)\Google

2015-01-26 01:20 - 2014-08-13 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-26 01:20 - 2014-08-13 22:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-25 20:50 - 2011-12-03 03:11 - 00000000 ____D () C:\ProgramData\HP

2015-01-25 20:50 - 2011-12-03 03:11 - 00000000 ____D () C:\Program Files (x86)\HP

2015-01-25 20:50 - 2011-12-03 03:10 - 00000000 ____D () C:\Program Files\HP

2015-01-25 20:49 - 2014-08-10 20:25 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-01-25 20:49 - 2013-06-01 13:06 - 00002270 _____ () C:\Users\Alysha\Desktop\Google Chrome.lnk

2015-01-25 20:49 - 2011-12-03 03:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

2015-01-25 20:49 - 2011-11-30 19:01 - 00001428 _____ () C:\Users\Alysha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-01-25 20:49 - 2011-11-30 18:57 - 00000000 ____D () C:\Users\Alysha\AppData\Local\Google

2015-01-25 20:49 - 2011-10-20 13:02 - 00000000 ____D () C:\ProgramData\Google

2015-01-25 20:46 - 2011-10-20 12:56 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Games

2015-01-25 20:45 - 2011-10-20 12:56 - 00000000 ____D () C:\ProgramData\WildTangent

2015-01-25 20:45 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2015-01-25 20:44 - 2011-10-20 12:56 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games

2015-01-25 20:42 - 2012-05-21 12:31 - 00000000 ____D () C:\Users\Alysha\AppData\Roaming\WildTangent

2015-01-25 20:28 - 2014-06-18 19:37 - 00000000 ____D () C:\ProgramData\1158fb9aa715ca0f

==================== Files in the root of some directories =======

2015-01-28 02:45 - 2015-01-28 02:45 - 6000640 _____ () C:\Program Files (x86)\GUT9246.tmp

2014-05-11 22:32 - 2014-05-24 15:33 - 0000320 _____ () C:\Users\Alysha\AppData\Roaming\aps.uninstall.scan.results

2014-07-08 12:00 - 2014-07-08 15:55 - 0005265 _____ () C:\Users\Alysha\AppData\Roaming\callbanner.png

2014-05-12 00:51 - 2015-01-26 19:46 - 0000102 _____ () C:\Users\Alysha\AppData\Roaming\WB.CFG

2011-12-03 03:09 - 2011-12-03 03:09 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-28 01:49

==================== End Of Log ============================

Link to post
Share on other sites

Oh okay, thank you.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015Ran by Alysha at 2015-02-03 20:09:15Running from C:\Users\Alysha\DownloadsBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)Adobe Reader 9.3.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ATI Catalyst Install Manager (HKLM\...\{4ACA5AE7-E68C-5A48-F8E6-D67946267506}) (Version: 3.0.829.0 - ATI Technologies, Inc.)Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenHitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP Photo Creations)HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)InterActual Player (HKLM-x32\...\InterActual Player) (Version:  - )iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMalwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMessenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Roller Coaster Tycoon 2 (HKLM-x32\...\Roller Coaster Tycoon 2) (Version:  - )RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\{99ED6D18-AF6B-4443-31C2-AAC299D5D048}) (Version: 1.0 - )Should I Remove It (HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) HiddenSkype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.1 - Synaptics Incorporated)System Optimizer Pro (HKLM\...\System Optimizer Pro) (Version: 1.0 - 383 Media, Inc.) <==== ATTENTIONThe Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}) (Version: 2.0.16.64 - TOSHIBA Corporation)TOSHIBA ConfigFree (HKLM-x32\...\{80F696E0-AB85-433E-99E3-8CC6D98CF167}) (Version: 8.0.35 - TOSHIBA CORPORATION)TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.14 - TOSHIBA Corporation)TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 for x64 - TOSHIBA Corporation)TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.45 - TOSHIBA)TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.07 - TOSHIBA Corporation)TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.22.64 - TOSHIBA Corporation)TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.1.1 - TOSHIBA Corporation)TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CA5CF466-CAE3-4D99-8BB4-C80F4AC55028}) (Version: 1.0.2 - TOSHIBA CORPORATION)TuneUp 2.4.8.5 (HKLM-x32\...\TuneUpMedia) (Version: 2.4.8.5 - TuneUp Media, Inc.)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)Web Assistant 2.0.0.600 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version: 2.0.0.600 - IncrediBar) <==== ATTENTIONWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)==================== Restore Points  =========================26-01-2015 20:45:58 Revo Uninstaller's restore point - Snap.Do26-01-2015 20:47:12 Revo Uninstaller's restore point - Supporter 1.8026-01-2015 20:49:50 Revo Uninstaller's restore point - Settings Manager26-01-2015 20:52:08 Revo Uninstaller's restore point - Pro PC Cleaner26-01-2015 20:57:34 Revo Uninstaller's restore point - Radsteroids28-01-2015 02:45:55 Windows Update02-02-2015 06:16:50 Installed SlimDX Runtime .NET 2.0 (January 2012)==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2015-01-29 00:05 - 2015-01-29 00:05 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts127.0.0.1       localhost==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {074BE6D4-DAFD-49B9-A678-08184AAB876E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {61D439EF-7116-4C2C-9FA7-C9615DBD2BB0} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-06-03] (TOSHIBA CORPORATION)Task: {6B17F106-F02A-41D1-9F95-2E09FD41176E} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-06-14] ()Task: {7B30F967-05FA-45B9-8C88-59637C4E9C0C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-28] (Google Inc.)Task: {8F2A4A6A-CD77-477E-83ED-D25A0C809F78} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-27] (Adobe Systems Incorporated)Task: {E39FE271-0E44-4F48-B07F-6DBC2F0A68CE} - System32\Tasks\{0292252A-A284-4587-B3D6-522A7A44213A} => pcalua.exe -a C:\ProgramData\Radsteroids\uninstall.exe -c /kb=y /ic=1Task: {ECE0D3B8-E659-4FC0-8C6C-102F71009177} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {FED29064-7F57-4E04-A082-02F0941999B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-28] (Google Inc.)Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe==================== Loaded Modules (whitelisted) =============2013-06-14 02:51 - 2013-06-14 02:51 - 00185920 _____ () C:\ProgramData\HP Photo Creations\Communicator.exe2014-02-06 02:52 - 2014-02-06 02:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-06 02:52 - 2014-02-06 02:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2015-01-27 22:42 - 2015-01-27 22:42 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)MSCONFIG\startupreg: (default) => MSCONFIG\startupreg: 00TCrdMain => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exeMSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"MSCONFIG\startupreg: ETDCtrl => C:\Program Files\Elantech\ETDCtrl.exeMSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exeMSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /tMSCONFIG\startupreg: SmartFaceVWatcher => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exeMSCONFIG\startupreg: SmoothView => C:\Program Files\Toshiba\SmoothView\SmoothView.exeMSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunMSCONFIG\startupreg: ToshibaServiceStation => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60MSCONFIG\startupreg: TosNC => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exeMSCONFIG\startupreg: TosReelTimeMonitor => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exeMSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exeMSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exeMSCONFIG\startupreg: TPwrMain => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXEMSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"========================= Accounts: ==========================Administrator (S-1-5-21-1580903306-1420406646-1734795358-500 - Administrator - Disabled)Alysha (S-1-5-21-1580903306-1420406646-1734795358-1000 - Administrator - Enabled) => C:\Users\AlyshaGuest (S-1-5-21-1580903306-1420406646-1734795358-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1580903306-1420406646-1734795358-1002 - Limited - Enabled)==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (02/03/2015 08:00:26 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (02/02/2015 05:40:44 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224Exception code: 0x80000003Fault offset: 0x00001425Faulting process id: 0x1404Faulting application start time: 0xplugin-container.exe0Faulting application path: plugin-container.exe1Faulting module path: plugin-container.exe2Report Id: plugin-container.exe3Error: (02/02/2015 02:16:56 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (02/02/2015 01:42:03 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224Exception code: 0x80000003Fault offset: 0x00001425Faulting process id: 0x1334Faulting application start time: 0xplugin-container.exe0Faulting application path: plugin-container.exe1Faulting module path: plugin-container.exe2Report Id: plugin-container.exe3Error: (02/02/2015 01:30:52 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Sims3LauncherW.exe, version: 0.2.0.209, time stamp: 0x52d87c53Faulting module name: CmdPortalClient.dll_unloaded, version: 0.0.0.0, time stamp: 0x4d6d1ae1Exception code: 0xc0000005Fault offset: 0x0bed54a8Faulting process id: 0x570Faulting application start time: 0xSims3LauncherW.exe0Faulting application path: Sims3LauncherW.exe1Faulting module path: Sims3LauncherW.exe2Report Id: Sims3LauncherW.exe3Error: (02/01/2015 11:14:33 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (02/01/2015 02:54:44 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/31/2015 08:39:21 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/31/2015 00:26:09 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/30/2015 00:42:02 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003System errors:=============Error: (02/03/2015 07:59:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start.Module Path: C:\windows\system32\Rtlihvs.dllError Code: 126Error: (02/02/2015 06:26:43 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}Error: (02/01/2015 11:12:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start.Module Path: C:\windows\system32\Rtlihvs.dllError Code: 126Error: (02/01/2015 11:52:43 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}Error: (02/01/2015 02:53:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start.Module Path: C:\windows\system32\Rtlihvs.dllError Code: 126Error: (01/31/2015 00:56:10 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}Error: (01/31/2015 08:37:40 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start.Module Path: C:\windows\system32\Rtlihvs.dllError Code: 126Error: (01/31/2015 08:36:06 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}Error: (01/31/2015 00:24:27 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start.Module Path: C:\windows\system32\Rtlihvs.dllError Code: 126Error: (01/30/2015 02:47:52 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}Microsoft Office Sessions:=========================CodeIntegrity Errors:===================================  Date: 2015-01-29 00:03:37.652  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.  Date: 2015-01-29 00:03:36.918  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.  Date: 2013-06-19 22:13:48.703  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.  Date: 2013-06-19 22:06:53.731  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.  Date: 2013-06-19 21:31:42.138  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.==================== Memory info =========================== Processor: AMD E-450 APU with Radeon(tm) HD GraphicsPercentage of memory in use: 33%Total physical RAM: 3686.87 MBAvailable physical RAM: 2445.68 MBTotal Pagefile: 7371.92 MBAvailable Pagefile: 5950.43 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.86 MB==================== Drives ================================Drive c: (S3A8666D006) (Fixed) (Total:433.54 GB) (Free:281.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: D2F26588)Partition 1: (Active) - (Size=1.5 GB) - (Type=27)Partition 2: (Not Active) - (Size=433.5 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=19.8 GB) - (Type=17)Partition 4: (Not Active) - (Size=10.9 GB) - (Type=17)==================== End Of Log ============================
Link to post
Share on other sites

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    System Optimizer ProWeb Assistant 2.0.0.600
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

fixlist.txt

Link to post
Share on other sites

I ran the Revo Uninstaller and the two programs you asked me to remove will not show up in the programs list.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015Ran by Alysha at 2015-02-10 12:55:12 Run:2Running from C:\Users\Alysha\DownloadsLoaded Profiles: Alysha (Available profiles: Alysha)Boot Mode: Normal==============================================Content of fixlist:*****************2015-01-28 02:45 - 2015-01-28 02:45 - 06000640 _____ () C:\Program Files (x86)\GUT9246.tmp2015-01-28 02:45 - 2015-01-28 02:45 - 00000000 ____D () C:\Program Files (x86)\GUM9245.tmpC:\ProgramData\1158fb9aa715ca0fHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1580903306-1420406646-1734795358-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONEmptyTemp:*****************C:\Program Files (x86)\GUT9246.tmp => Moved successfully.C:\Program Files (x86)\GUM9245.tmp => Moved successfully.C:\ProgramData\1158fb9aa715ca0f => Moved successfully."HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully."HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.EmptyTemp: => Removed 652.7 MB temporary data.The system needed a reboot. ==== End of Fixlog 12:56:17 ====
Link to post
Share on other sites

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes Anti-Malware to your desktop. Double-click the downloaded setup file and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

[*]Click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 2/17/15

Scan Time: 7:45:11 PM

Logfile:

Administrator: Yes

Version: 2.00.4.1028

Malware Database: v2015.02.17.13

Rootkit Database: v2015.02.03.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Alysha

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 415951

Time Elapsed: 33 min, 1 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 1

PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, Quarantined, [345d7aa594f69e98e0637aa43cc92cd4],

Registry Values: 1

PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, CFDC4B31-7A15-443A-861A-9AAE16FF41DE, Quarantined, [345d7aa594f69e98e0637aa43cc92cd4]

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 1

PUP.Optional.SafeInstall.A, C:\Users\Alysha\Downloads\manualdownload.exe, Quarantined, [afe2819e6c1e1a1c61038be92ed3738d],

Physical Sectors: 0

(No malicious items detected)

(end)

Link to post
Share on other sites