AZDSF Posted January 26, 2015 ID:933081 Share Posted January 26, 2015 Hello all! I am in some desperate need of help! My partners computer seems to be full of viruses. I have tried endlessly to remove SafeHomepage (default homepage and search bar) from Firefox but it shows back up every time the browser is restarted. I noticed when the browser is loading up, the address at the left bottom screen keeps saying "istart123". And a Yahoo! Toolbar with a bunch of icons keeps showing up even though I removed it. I uninstalled many virus like programs through the control panel, and 5 minutes later the same programs or new ones will be installed all over again. ALOT. Looking for the solution to this, I'd be greatful for any help. Thank you. Here are the results from the FarBar Recovery Scan Tool. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01Ran by Alysha (administrator) on ALYSHA-PC on 26-01-2015 06:57:35Running from C:\Users\Alysha\DownloadsLoaded Profiles: Alysha (Available profiles: Alysha)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [] => [X]HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2013-08-30] (Synaptics Incorporated)HKLM\...\Run: [installerLauncher] => C:\Program Files\Bitdefender\Antivirus Free Edition\Install\Installer.exe [567888 2013-09-04] (Bitdefender)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)HKLM-x32\...\Run: [fst_ca_136] => [X]HKLM-x32\...\Run: [fst_ca_152] => [X]HKLM-x32\...\Run: [fst_ca_170] => [X]HKLM-x32\...\Run: [fst_ca_251] => [X]HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\...\Run: [PriceMeterW] => "C:\Users\Alysha\AppData\Local\PriceMeter\pricemeterw.exe"HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\...\RunOnce: [FlashPlayerUpdate] => C:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -pIFEO\jumpflip: [Debugger] tasklist.exeIFEO\stinst32.exe: [Debugger] tasklist.exeIFEO\stinst64.exe: [Debugger] tasklist.exeIFEO\utiljumpflip.exe: [Debugger] tasklist.exeIFEO\volaro: [Debugger] tasklist.exeIFEO\vonteera: [Debugger] tasklist.exeIFEO\websteroids.exe: [Debugger] tasklist.exeIFEO\websteroidsservice.exe: [Debugger] tasklist.exeHKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dllHKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dllGroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.ProxyServer: [.DEFAULT] => http=127.0.0.1:54073;https=127.0.0.1:54073HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123.com/?type=hp&ts=1408165399&from=tt4u&uid=TOSHIBAXMK5065GSXN_814FC5ISTXX814FC5ISTHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1408165399&from=tt4u&uid=TOSHIBAXMK5065GSXN_814FC5ISTXX814FC5IST&q={searchTerms}HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1408165399&from=tt4u&uid=TOSHIBAXMK5065GSXN_814FC5ISTXX814FC5ISTHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.comHKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1408165399&from=tt4u&uid=TOSHIBAXMK5065GSXN_814FC5ISTXX814FC5IST&q={searchTerms}HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1408165399&from=tt4u&uid=TOSHIBAXMK5065GSXN_814FC5ISTXX814FC5IST&q={searchTerms}URLSearchHook: HKLM-x32 - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871}URLSearchHook: HKLM-x32 - SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files (x86)\SimilarSites\similarsites.dll No FileStartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1408165399&from=tt4u&uid=TOSHIBAXMK5065GSXN_814FC5ISTXX814FC5IST&q={searchTerms}SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_21_ch&cd=2XzuyEtN2Y1L1QzuyByE0D0EtB0ByC0DzyyDtBtDtBtBtC0BtN0D0Tzu0SzzyBtCtN1L2XzutBtFtBtDtFtCtAtFzztN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyE0D0A0AtD0EtBtG0B0Czy0BtG0CtA0B0AtGyByB0CyEtGyDyEyE0ByB0DyEyBzztD0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtBtD0AyEtAyDyCtGyByByDtDtGyDtBtC0FtGtC0DtBtBtGtByCtD0BtB0C0E0D0Azyzy0C2Q&cr=1120806935&ir=SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1408165399&from=tt4u&uid=TOSHIBAXMK5065GSXN_814FC5ISTXX814FC5IST&q={searchTerms}SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCASearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E74yobryu1,d474e45c-9faa-4867-acf4-d05688b34927,&q={searchTerms}SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=157&itype=n&ver=12349&tm=345&src=ds&p={searchTerms}SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =BHO: Torntv V9.0 -> {11111111-1111-1111-1111-110511131190} -> C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho64.dll No FileBHO: video MediaPlayer -> {11111111-1111-1111-1111-110511951199} -> C:\Program Files (x86)\video MediaPlayer\video MediaPlayer-bho64.dll ()BHO: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)BHO: No Name -> {336D0C35-8A85-403a-B9D2-65C292C39087} -> No FileBHO: No Name -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> No FileBHO: Boost -> {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} -> C:\Program Files (x86)\Boost\64Boost.dll No FileBHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll No FileBHO-x32: Boost -> {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} -> C:\Program Files (x86)\Boost\Boost.dll No FileBHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)Toolbar: HKLM-x32 - SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files (x86)\SimilarSites\similarsites.dll No FileToolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)Toolbar: HKU\S-1-5-21-1580903306-1420406646-1734795358-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-1580903306-1420406646-1734795358-1000 -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No FileToolbar: HKU\S-1-5-21-1580903306-1420406646-1734795358-1000 -> No Name - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No FileToolbar: HKU\S-1-5-21-1580903306-1420406646-1734795358-1000 -> No Name - {B81767E1-672D-4DA1-B5CC-D277185815A6} - No FileToolbar: HKU\S-1-5-21-1580903306-1420406646-1734795358-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Hosts: Hosts file not detected in the default directoryTcpip\Parameters: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{FBBEAC93-8E3C-4DD8-9233-68E2B41BD304}: [NameServer] 208.69.150.250,208.69.150.252FireFox:========FF ProfilePath: C:\Users\Alysha\AppData\Roaming\Mozilla\Firefox\Profiles\snkgi2ip.default-1422257803235FF DefaultSearchEngine: GoogleFF Homepage: www.google.comFF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No FileFF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Extension: Yahoo! Toolbar - C:\Users\Alysha\AppData\Roaming\Mozilla\Firefox\Profiles\snkgi2ip.default-1422257803235\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-01-26]FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\FirefoxFF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox [2012-05-21]FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Web Assistant\FirefoxChrome:=======CHR dev: Chrome dev build detected! <======= ATTENTIONCHR Profile: C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Docs) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-26]CHR Extension: (Google Drive) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-26]CHR Extension: (No Name) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj [2014-08-17]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]CHR Extension: (YouTube) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-26]CHR Extension: (Fraven 1.1) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cghglbggfogikpminlhbocmmbkppikhf [2014-07-05]CHR Extension: (Google Search) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-26]CHR Extension: (Bcool) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfjjfdocehnaoldljofpjigbchchimcg [2014-08-17]CHR Extension: (video MediaPlayer) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\jflocljnfndnnnlmfaamgbkbibnfmlkf [2014-07-06]CHR Extension: (Google Wallet) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]CHR Extension: (Gmail) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-26]CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - No PathCHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-05-21]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)S4 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)S2 RTZnjsXcl; C:\ProgramData\XXmhBb\RTZnjsXcl.exe [2316152 2014-07-07] () [File not signed]S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)S2 1ca156e3; "C:\windows\system32\rundll32.exe" "c:\Program Files (x86)\LibraryInstance\LibraryInstance.dll",servS2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]S2 Wajam Internet Enhancer Service; C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [X] <==== ATTENTION==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-05-21] ()R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)R4 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-01-26] ()R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-05-21] ()R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-26] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]S3 RTL8192Ce; system32\DRIVERS\rtl8192Ce.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-01-26 06:57 - 2015-01-26 06:58 - 00019199 _____ () C:\Users\Alysha\Downloads\FRST.txt2015-01-26 06:57 - 2015-01-26 06:57 - 00000000 ____D () C:\FRST2015-01-26 06:55 - 2015-01-26 06:55 - 02129920 _____ (Farbar) C:\Users\Alysha\Downloads\FRST64.exe2015-01-26 06:42 - 2015-01-26 06:42 - 00000000 ____D () C:\Users\Alysha\AppData\Local\Macromedia2015-01-26 06:19 - 2015-01-26 06:19 - 00020339 _____ () C:\Users\Alysha\Desktop\JRT.txt2015-01-26 05:48 - 2015-01-26 05:48 - 00003464 _____ () C:\windows\System32\Tasks\ProPCCleaner_Popup2015-01-26 05:48 - 2015-01-26 05:48 - 00003200 _____ () C:\windows\System32\Tasks\ProPCCleaner_Start2015-01-26 05:47 - 2015-01-26 05:47 - 00000000 ____D () C:\windows\ERUNT2015-01-26 05:47 - 2015-01-26 05:47 - 00000000 ____D () C:\Users\Alysha\AppData\Roaming\Rainmaker Software Group LLC.2015-01-26 05:47 - 2015-01-26 05:47 - 00000000 ____D () C:\Users\Alysha\AppData\Local\Rainmaker_Software_Group_2015-01-26 05:46 - 2015-01-26 05:46 - 01707939 _____ (Thisisu) C:\Users\Alysha\Downloads\JRT(1).exe2015-01-26 05:44 - 2015-01-26 05:45 - 00236392 _____ () C:\Users\Alysha\Downloads\JRT.exe2015-01-26 05:44 - 2015-01-26 05:44 - 00058633 _____ () C:\ProgramData\1422268984.bdinstall.bin2015-01-26 05:43 - 2015-01-26 05:43 - 00037839 _____ () C:\ProgramData\1422268980.bdinstall.bin2015-01-26 05:39 - 2015-01-26 05:39 - 00175507 _____ () C:\ProgramData\1422268733.bdinstall.bin2015-01-26 05:39 - 2015-01-26 05:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition2015-01-26 05:39 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\windows\system32\Drivers\gzflt.sys2015-01-26 05:39 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\windows\system32\Drivers\avc3.sys2015-01-26 05:38 - 2015-01-26 05:38 - 00037823 _____ () C:\ProgramData\1422268728.bdinstall.bin2015-01-26 05:32 - 2015-01-26 05:39 - 00000000 _____ () C:\windows\system32\Drivers\avchv.sys2015-01-26 05:24 - 2015-01-26 05:31 - 00002842 _____ () C:\windows\system32\lic2.xml248012015-01-26 05:23 - 2015-01-26 05:23 - 00186815 _____ () C:\ProgramData\1422267727.bdinstall.bin2015-01-26 05:23 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\windows\system32\Drivers\SETCFEB.tmp2015-01-26 05:22 - 2015-01-26 05:23 - 00000000 ____D () C:\Program Files\Bitdefender2015-01-26 05:22 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys2015-01-26 05:22 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\windows\system32\Drivers\avckf.sys2015-01-26 05:16 - 2015-01-26 05:16 - 00041760 _____ () C:\ProgramData\1422267390.3196.bin2015-01-26 05:16 - 2015-01-26 05:16 - 00002055 _____ () C:\ProgramData\1422267390.4124.bin2015-01-26 05:13 - 2015-01-26 05:13 - 00000000 ____D () C:\windows\SysWOW64\Drivers\AVG2015-01-26 05:11 - 2015-01-26 05:11 - 00045448 _____ () C:\ProgramData\1422267081.bdinstall.bin2015-01-26 05:11 - 2015-01-26 05:11 - 00000000 ____D () C:\Users\Alysha\AppData\Roaming\QuickScan2015-01-26 04:53 - 2015-01-26 04:53 - 00043664 _____ () C:\windows\system32\Drivers\hitmanpro37.sys2015-01-26 04:49 - 2015-01-26 04:49 - 00006616 _____ () C:\windows\system32\.crusader2015-01-26 04:20 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2015-01-26 04:20 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll2015-01-26 04:20 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2015-01-26 04:20 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2015-01-26 04:20 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2015-01-26 04:20 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2015-01-26 04:20 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2015-01-26 04:20 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2015-01-26 04:20 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2015-01-26 04:20 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll2015-01-26 04:20 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2015-01-26 04:20 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2015-01-26 04:20 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2015-01-26 04:20 - 2014-11-21 21:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2015-01-26 04:20 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2015-01-26 04:20 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2015-01-26 04:20 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2015-01-26 04:20 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2015-01-26 04:20 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2015-01-26 04:20 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2015-01-26 04:20 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2015-01-26 04:20 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2015-01-26 04:20 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2015-01-26 04:20 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2015-01-26 04:20 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2015-01-26 04:20 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2015-01-26 04:20 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2015-01-26 04:20 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2015-01-26 04:20 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll2015-01-26 04:20 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2015-01-26 04:20 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2015-01-26 04:20 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2015-01-26 04:20 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2015-01-26 04:20 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2015-01-26 04:20 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2015-01-26 04:20 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2015-01-26 04:20 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2015-01-26 04:20 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll2015-01-26 04:20 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2015-01-26 04:20 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2015-01-26 04:20 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2015-01-26 04:20 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2015-01-26 04:20 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2015-01-26 04:20 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2015-01-26 04:20 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2015-01-26 04:20 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2015-01-26 04:20 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2015-01-26 04:20 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2015-01-26 04:20 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2015-01-26 04:20 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll2015-01-26 04:20 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2015-01-26 04:20 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2015-01-26 04:20 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2015-01-26 04:20 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2015-01-26 04:20 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2015-01-26 04:20 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2015-01-26 04:03 - 2015-01-26 04:51 - 00000000 ____D () C:\ProgramData\HitmanPro2015-01-26 04:03 - 2015-01-26 04:03 - 00000000 ____D () C:\Program Files\HitmanPro2015-01-26 04:01 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll2015-01-26 04:01 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll2015-01-26 03:21 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll2015-01-26 03:21 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll2015-01-26 03:21 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll2015-01-26 03:21 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe2015-01-26 03:21 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe2015-01-26 03:21 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll2015-01-26 03:21 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll2015-01-26 03:21 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe2015-01-26 03:21 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe2015-01-26 03:21 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll2015-01-26 02:05 - 2015-01-26 02:05 - 00003108 _____ () C:\windows\System32\Tasks\{0292252A-A284-4587-B3D6-522A7A44213A}2015-01-26 02:04 - 2015-01-26 02:04 - 00003152 _____ () C:\windows\System32\Tasks\{7AD44212-DF08-4CB7-95B6-C3C4D8F0717C}2015-01-26 01:20 - 2015-01-26 01:20 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-01-25 22:33 - 2015-01-25 22:33 - 00000000 ____D () C:\Program Files (x86)\dOwanLoaAdittkeep2015-01-25 22:32 - 2015-01-26 04:49 - 00000000 ____D () C:\Program Files (x86)\SmairtCCoMMpoare2015-01-25 22:32 - 2015-01-25 22:32 - 00000000 ____D () C:\Program Files (x86)\Film Stack2015-01-25 22:32 - 2015-01-25 22:32 - 00000000 ____D () C:\Program Files (x86)\deealster2015-01-25 22:32 - 2015-01-25 22:32 - 00000000 ____D () C:\Program Files (x86)\ddeaal4reaL2015-01-25 22:31 - 2015-01-26 04:49 - 00000000 ____D () C:\Program Files (x86)\tperfectcouupon2015-01-25 22:31 - 2015-01-25 22:33 - 00000000 ____D () C:\ProgramData\12500255382420710552015-01-25 21:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL2015-01-25 21:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL2015-01-25 21:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL2015-01-25 21:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL2015-01-25 21:55 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL2015-01-25 21:55 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL2015-01-25 21:55 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL2015-01-25 21:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL2015-01-25 21:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL2015-01-25 21:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL2015-01-25 21:55 - 2014-07-08 17:38 - 00419992 _____ () C:\windows\system32\locale.nls2015-01-25 21:55 - 2014-07-08 17:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls2015-01-25 21:46 - 2015-01-25 21:46 - 00000000 ____D () C:\Users\Default\AppData\Roaming\AVG20122015-01-25 21:46 - 2015-01-25 21:46 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\AVG20122015-01-25 21:46 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll2015-01-25 21:46 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll2015-01-25 21:45 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll2015-01-25 21:45 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll2015-01-25 21:45 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll2015-01-25 21:45 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll2015-01-25 21:45 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll2015-01-25 21:45 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll2015-01-25 21:45 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll2015-01-25 21:45 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll2015-01-25 21:45 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll2015-01-25 21:45 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll2015-01-25 21:45 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll2015-01-25 21:40 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll2015-01-25 21:40 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll2015-01-25 21:40 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll2015-01-25 21:40 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll2015-01-25 21:40 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll2015-01-25 21:40 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll2015-01-25 21:40 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll2015-01-25 21:40 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll2015-01-25 21:39 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys2015-01-25 21:39 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll2015-01-25 21:39 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll2015-01-25 21:39 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll2015-01-25 21:39 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll2015-01-25 21:39 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll2015-01-25 21:39 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll2015-01-25 21:35 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys2015-01-25 21:33 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe2015-01-25 21:33 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL2015-01-25 21:33 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL2015-01-25 21:29 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll2015-01-25 21:29 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll2015-01-25 21:29 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll2015-01-25 21:29 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll2015-01-25 21:29 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys2015-01-25 21:29 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll2015-01-25 21:29 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll2015-01-25 21:29 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll2015-01-25 21:28 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll2015-01-25 21:28 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll2015-01-25 21:28 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll2015-01-25 21:28 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll2015-01-25 21:28 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll2015-01-25 21:28 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll2015-01-25 21:28 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll2015-01-25 21:28 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll2015-01-25 21:28 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll2015-01-25 21:27 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe2015-01-25 21:27 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe2015-01-25 21:27 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll2015-01-25 21:27 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll2015-01-25 21:27 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll2015-01-25 21:27 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll2015-01-25 21:27 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe2015-01-25 21:27 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll2015-01-25 21:27 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll2015-01-25 21:27 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll2015-01-25 21:27 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll2015-01-25 21:27 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe2015-01-25 21:27 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll2015-01-25 21:27 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll2015-01-25 21:26 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2015-01-25 21:26 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll2015-01-25 21:26 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe2015-01-25 21:26 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll2015-01-25 21:26 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe2015-01-25 21:26 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe2015-01-25 21:26 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll2015-01-25 21:26 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll2015-01-25 21:26 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll2015-01-25 21:26 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll2015-01-25 21:26 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll2015-01-25 21:26 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll2015-01-25 21:26 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll2015-01-25 21:26 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll2015-01-25 21:26 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll2015-01-25 21:26 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll2015-01-25 21:26 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll2015-01-25 21:26 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll2015-01-25 21:26 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll2015-01-25 21:26 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll2015-01-25 21:26 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll2015-01-25 21:25 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll2015-01-25 21:25 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll2015-01-25 21:25 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe2015-01-25 21:25 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll2015-01-25 21:25 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll2015-01-25 21:25 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll2015-01-25 21:25 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys2015-01-25 21:25 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys2015-01-25 21:24 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2015-01-25 21:13 - 2015-01-26 02:47 - 00290304 _____ (Microsoft Corporation) C:\windows\SysWOW64\subinacl.exe2015-01-25 21:11 - 2015-01-26 02:47 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool2015-01-25 20:51 - 2015-01-26 05:10 - 00000000 ____D () C:\Users\Alysha\Desktop\Cleaners2015-01-25 20:50 - 2015-01-25 20:52 - 00000000 ____D () C:\Users\Alysha\Desktop\Games2015-01-25 20:29 - 2015-01-26 02:05 - 00000000 ____D () C:\ProgramData\3743113802015-01-25 20:28 - 2015-01-25 20:28 - 00000000 ____D () C:\Program Files (x86)\RRobboSavero2015-01-25 20:26 - 2015-01-25 20:26 - 00000000 ____D () C:\Program Files (x86)\Ieseaveer2015-01-25 20:26 - 2015-01-25 20:26 - 00000000 ____D () C:\Program Files (x86)\deAlster2015-01-25 20:25 - 2015-01-25 20:25 - 00000000 ____D () C:\Program Files (x86)\Happyi2uSiavEe2015-01-25 20:22 - 2015-01-25 20:22 - 00000000 ____D () C:\Program Files (x86)\Reason==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-01-26 19:46 - 2014-05-12 00:51 - 00000102 _____ () C:\Users\Alysha\AppData\Roaming\WB.CFG2015-01-26 06:46 - 2011-10-20 06:24 - 01236050 _____ () C:\windows\WindowsUpdate.log2015-01-26 06:44 - 2011-10-20 13:02 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2015-01-26 06:42 - 2014-05-11 22:31 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2015-01-26 06:42 - 2014-05-11 22:31 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2015-01-26 06:42 - 2014-05-11 22:31 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2015-01-26 06:42 - 2014-05-11 22:31 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2015-01-26 06:31 - 2014-08-13 22:53 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2015-01-26 06:24 - 2014-06-30 18:13 - 00000000 ____D () C:\Program Files (x86)\video MediaPlayer2015-01-26 06:08 - 2013-06-14 02:52 - 00000340 _____ () C:\windows\Tasks\HP Photo Creations Communicator.job2015-01-26 05:50 - 2009-07-14 00:13 - 00781790 _____ () C:\windows\system32\PerfStringBackup.INI2015-01-26 05:50 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-01-26 05:50 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-01-26 05:42 - 2014-07-07 15:54 - 00000288 _____ () C:\windows\Tasks\PerfMonitor_strtp.job2015-01-26 05:42 - 2014-07-06 12:31 - 00001404 _____ () C:\windows\Tasks\ecd06da5-7041-4c5c-acbf-762244f49e9d-5_user.job2015-01-26 05:42 - 2014-06-30 18:17 - 00001544 _____ () C:\windows\Tasks\5d2076bc-d559-4c68-aca0-29a2e5982b96-5_user.job2015-01-26 05:42 - 2014-06-30 18:13 - 00000942 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job2015-01-26 05:42 - 2013-06-08 15:53 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job2015-01-26 05:42 - 2011-10-20 13:02 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-01-26 05:41 - 2010-11-20 22:47 - 00353538 _____ () C:\windows\PFRO.log2015-01-26 05:41 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2015-01-26 05:41 - 2009-07-13 23:51 - 00104262 _____ () C:\windows\setupact.log2015-01-26 05:17 - 2011-12-03 04:34 - 00000000 ____D () C:\ProgramData\AVG20122015-01-26 05:15 - 2011-12-03 04:01 - 00000000 ____D () C:\ProgramData\MFAData2015-01-26 05:13 - 2011-12-03 11:17 - 00000000 ___HD () C:\$AVG2015-01-26 05:08 - 2013-06-19 21:23 - 00000000 ____D () C:\Users\Alysha\AppData\Roaming\Nico Mak Computing2015-01-26 04:51 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions2015-01-26 04:22 - 2013-07-19 04:00 - 00000000 ____D () C:\windows\system32\MRT2015-01-26 03:51 - 2009-07-13 23:45 - 00340936 _____ () C:\windows\system32\FNTCACHE.DAT2015-01-26 03:40 - 2011-12-03 03:21 - 00000000 ____D () C:\ProgramData\Microsoft Help2015-01-26 03:22 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF2015-01-26 02:11 - 2014-08-10 20:25 - 00001162 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk2015-01-26 02:05 - 2014-07-07 15:32 - 00000000 ____D () C:\ProgramData\Radsteroids2015-01-26 02:01 - 2014-07-04 20:20 - 00000000 ____D () C:\Program Files\Common Files\Goobzo2015-01-26 02:01 - 2011-10-20 13:02 - 00000000 ____D () C:\Program Files\Google2015-01-26 02:01 - 2011-10-20 13:02 - 00000000 ____D () C:\Program Files (x86)\Google2015-01-26 01:20 - 2014-08-13 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-01-26 01:20 - 2014-08-13 22:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-01-25 20:50 - 2011-12-03 03:11 - 00000000 ____D () C:\ProgramData\HP2015-01-25 20:50 - 2011-12-03 03:11 - 00000000 ____D () C:\Program Files (x86)\HP2015-01-25 20:50 - 2011-12-03 03:10 - 00000000 ____D () C:\Program Files\HP2015-01-25 20:49 - 2014-08-10 20:25 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2015-01-25 20:49 - 2013-06-01 13:06 - 00002270 _____ () C:\Users\Alysha\Desktop\Google Chrome.lnk2015-01-25 20:49 - 2011-12-03 03:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP2015-01-25 20:49 - 2011-11-30 19:01 - 00001428 _____ () C:\Users\Alysha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-01-25 20:49 - 2011-11-30 18:57 - 00000000 ____D () C:\Users\Alysha\AppData\Local\Google2015-01-25 20:49 - 2011-10-20 13:02 - 00000000 ____D () C:\ProgramData\Google2015-01-25 20:46 - 2011-10-20 12:56 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Games2015-01-25 20:45 - 2011-10-20 12:56 - 00000000 ____D () C:\ProgramData\WildTangent2015-01-25 20:45 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2015-01-25 20:44 - 2011-10-20 12:56 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games2015-01-25 20:42 - 2012-05-21 12:31 - 00000000 ____D () C:\Users\Alysha\AppData\Roaming\WildTangent2015-01-25 20:38 - 2012-01-30 17:29 - 00000000 ____D () C:\Program Files (x86)\uTorrentBar2015-01-25 20:37 - 2014-05-24 15:32 - 00000258 __RSH () C:\ProgramData\ntuser.pol2015-01-25 20:28 - 2014-06-29 17:33 - 00000000 ____D () C:\Users\Alysha\AppData\Local\fst_ca_1522015-01-25 20:28 - 2014-06-18 19:37 - 00000000 ____D () C:\ProgramData\1158fb9aa715ca0f2014-12-31 13:12 - 2011-12-02 12:54 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe==================== Files in the root of some directories =======2014-05-11 22:32 - 2014-05-24 15:33 - 0000320 _____ () C:\Users\Alysha\AppData\Roaming\aps.uninstall.scan.results2014-07-08 12:00 - 2014-07-08 15:55 - 0005265 _____ () C:\Users\Alysha\AppData\Roaming\callbanner.png2014-05-12 00:51 - 2015-01-26 19:46 - 0000102 _____ () C:\Users\Alysha\AppData\Roaming\WB.CFG2014-05-11 22:36 - 2014-05-11 22:36 - 0301488 _____ (VuuPC Limited) C:\Users\Alysha\AppData\Local\nsr33EA.tmp2015-01-26 05:11 - 2015-01-26 05:11 - 0045448 _____ () C:\ProgramData\1422267081.bdinstall.bin2015-01-26 05:16 - 2015-01-26 05:16 - 0041760 _____ () C:\ProgramData\1422267390.3196.bin2015-01-26 05:16 - 2015-01-26 05:16 - 0002055 _____ () C:\ProgramData\1422267390.4124.bin2015-01-26 05:23 - 2015-01-26 05:23 - 0186815 _____ () C:\ProgramData\1422267727.bdinstall.bin2015-01-26 05:38 - 2015-01-26 05:38 - 0037823 _____ () C:\ProgramData\1422268728.bdinstall.bin2015-01-26 05:39 - 2015-01-26 05:39 - 0175507 _____ () C:\ProgramData\1422268733.bdinstall.bin2015-01-26 05:43 - 2015-01-26 05:43 - 0037839 _____ () C:\ProgramData\1422268980.bdinstall.bin2015-01-26 05:44 - 2015-01-26 05:44 - 0058633 _____ () C:\ProgramData\1422268984.bdinstall.bin2011-12-03 03:09 - 2011-12-03 03:09 - 0000057 _____ () C:\ProgramData\Ament.iniSome content of TEMP:====================C:\Users\Alysha\AppData\Local\Temp\ose00000.exeC:\Users\Alysha\AppData\Local\Temp\rootsupd.exeC:\Users\Alysha\AppData\Local\Temp\UNINSTALL.EXESome zero byte size files/folders:==========================C:\Windows\System32\Drivers\avchv.sys==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-08-31 13:49==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01Ran by Alysha at 2015-01-26 06:59:13Running from C:\Users\Alysha\DownloadsBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Flash Player 11 ActiveX (HKLM-x32\...\{41042E28-CCA1-4147-869F-9E928B38F04C}) (Version: 11.9.900.170 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)Adobe Reader 9.3.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)Any Media Converter (HKLM-x32\...\Any Media Converter) (Version: 1.14 - Any Media Converter) <==== ATTENTION!Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ATI Catalyst Install Manager (HKLM\...\{4ACA5AE7-E68C-5A48-F8E6-D67946267506}) (Version: 3.0.829.0 - ATI Technologies, Inc.)Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.24.7 - Google Inc.) HiddenHitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP Photo Creations)HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)InterActual Player (HKLM-x32\...\InterActual Player) (Version: - )iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)Java 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLibraryInstance (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{1ca156e3}) (Version: - Software Publisher) <==== ATTENTIONLPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTIONMalwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMessenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)Mozilla Firefox 32.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)Pro PC Cleaner (HKLM-x32\...\{23497AFC-382C-417E-AC1F-42D98A5A8ADA}) (Version: 2.5.6 - Rainmaker Software Group LLC.)Radsteroids (HKLM-x32\...\Radsteroids) (Version: 2.7.19 - Deals Interactive Media, LLC)RegClean-Pro (HKLM-x32\...\RegClean-Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTIONRoller Coaster Tycoon 2 (HKLM-x32\...\Roller Coaster Tycoon 2) (Version: - )RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\{99ED6D18-AF6B-4443-31C2-AAC299D5D048}) (Version: 1.0 - )Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.12349 - Aztec Media Inc) <==== ATTENTIONShould I Remove It (HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) HiddenSkype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)Snap.Do (HKLM-x32\...\{F97A8857-2A38-4CE9-A53A-F07E491F2DA8}) (Version: 11.77.1.17697 - ReSoft Ltd.) <==== ATTENTIONSupporter 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}) (Version: - SaveClicker) <==== ATTENTIONSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.1 - Synaptics Incorporated)System Optimizer Pro (HKLM\...\System Optimizer Pro) (Version: 1.0 - 383 Media, Inc.) <==== ATTENTIONThe Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}) (Version: 2.0.16.64 - TOSHIBA Corporation)TOSHIBA ConfigFree (HKLM-x32\...\{80F696E0-AB85-433E-99E3-8CC6D98CF167}) (Version: 8.0.35 - TOSHIBA CORPORATION)TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.14 - TOSHIBA Corporation)TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 for x64 - TOSHIBA Corporation)TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.45 - TOSHIBA)TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.07 - TOSHIBA Corporation)TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.22.64 - TOSHIBA Corporation)TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.1.1 - TOSHIBA Corporation)TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CA5CF466-CAE3-4D99-8BB4-C80F4AC55028}) (Version: 1.0.2 - TOSHIBA CORPORATION)TuneUp 2.4.8.5 (HKLM-x32\...\TuneUpMedia) (Version: 2.4.8.5 - TuneUp Media, Inc.)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)Web Assistant 2.0.0.600 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version: 2.0.0.600 - IncrediBar) <==== ATTENTIONWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)==================== Restore Points =========================29-08-2014 20:42:19 Windows Update11-09-2014 22:40:40 Windows Update25-01-2015 20:19:34 Installed Should I Remove It25-01-2015 20:38:22 Removed HP Deskjet 3050A J611 series Help25-01-2015 20:48:10 Removed HP Deskjet 3050A J611 series Basic Device Software26-01-2015 03:01:36 Windows Update26-01-2015 04:21:23 Windows Update26-01-2015 04:47:31 Checkpoint by HitmanPro26-01-2015 04:48:31 Checkpoint by HitmanPro26-01-2015 05:06:56 WinZip Registry Optimizer Mon, Jan 26, 15 05:0626-01-2015 05:11:53 Removed AVG 201226-01-2015 05:14:25 Removed AVG 2012==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {074BE6D4-DAFD-49B9-A678-08184AAB876E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {10CBB72F-905B-413C-9588-6E0599C4EFD9} - \5d2076bc-d559-4c68-aca0-29a2e5982b96-5_user No Task File <==== ATTENTIONTask: {2E6258B2-98E5-4381-BE92-0ED39A7ECF23} - \ecd06da5-7041-4c5c-acbf-762244f49e9d-5_user No Task File <==== ATTENTIONTask: {61D439EF-7116-4C2C-9FA7-C9615DBD2BB0} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-06-03] (TOSHIBA CORPORATION)Task: {6B17F106-F02A-41D1-9F95-2E09FD41176E} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-06-14] ()Task: {744D259F-0F06-4C6E-9E02-04508C5F59A9} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{93F60A17-7585-452C-AB3C-7B557FFEF3FA}.exeTask: {7B30F967-05FA-45B9-8C88-59637C4E9C0C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20] (Google Inc.)Task: {89627367-43D4-4678-ABDC-B6DFCE657AFC} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTIONTask: {8F2A4A6A-CD77-477E-83ED-D25A0C809F78} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-26] (Adobe Systems Incorporated)Task: {C1CBB365-D4C5-40E9-8709-2E9B0222FDCF} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exeTask: {CD36C117-A5DE-4033-9213-5373A17EDBF5} - System32\Tasks\{7AD44212-DF08-4CB7-95B6-C3C4D8F0717C} => pcalua.exe -a C:\Users\Alysha\AppData\Roaming\istart123\UninstallManager.exe -c -ptid=tt4uTask: {D6E18488-65FF-4206-A678-4A6213E7D301} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exeTask: {D858E40D-2EFB-4FDE-B967-69C93C34F5AE} - System32\Tasks\PerfMonitor_strtp => C:\Program Files (x86)\Optimizer Elite Max\PerformanceMonitor.exe <==== ATTENTIONTask: {E39FE271-0E44-4F48-B07F-6DBC2F0A68CE} - System32\Tasks\{0292252A-A284-4587-B3D6-522A7A44213A} => pcalua.exe -a C:\ProgramData\Radsteroids\uninstall.exe -c /kb=y /ic=1Task: {ECE0D3B8-E659-4FC0-8C6C-102F71009177} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {FED29064-7F57-4E04-A082-02F0941999B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20] (Google Inc.)Task: C:\windows\Tasks\5d2076bc-d559-4c68-aca0-29a2e5982b96-5_user.job => C:\Program Files (x86)\video MediaPlayer\5d2076bc-d559-4c68-aca0-29a2e5982b96-5.exe <==== ATTENTIONTask: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{93F60A17-7585-452C-AB3C-7B557FFEF3FA}.exeTask: C:\windows\Tasks\ecd06da5-7041-4c5c-acbf-762244f49e9d-5_user.job => C:\Program Files (x86)\Torntv V9.0\ecd06da5-7041-4c5c-acbf-762244f49e9d-5.exe <==== ATTENTIONTask: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTIONTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exeTask: C:\windows\Tasks\PerfMonitor_strtp.job => C:\Program Files (x86)\Optimizer Elite Max\PerformanceMonitor.exe <==== ATTENTION==================== Loaded Modules (whitelisted) =============2014-02-06 02:52 - 2014-02-06 02:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-06 02:52 - 2014-02-06 02:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-09-17 16:13 - 2014-09-17 16:15 - 03716720 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)AlternateDataStreams: C:\ProgramData\TEMP:373E1720AlternateDataStreams: C:\ProgramData\TEMP:56E2E879==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)MSCONFIG\startupreg: (default) =>MSCONFIG\startupreg: 00TCrdMain => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exeMSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"MSCONFIG\startupreg: ETDCtrl => C:\Program Files\Elantech\ETDCtrl.exeMSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exeMSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /tMSCONFIG\startupreg: SmartFaceVWatcher => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exeMSCONFIG\startupreg: SmoothView => C:\Program Files\Toshiba\SmoothView\SmoothView.exeMSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunMSCONFIG\startupreg: ToshibaServiceStation => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60MSCONFIG\startupreg: TosNC => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exeMSCONFIG\startupreg: TosReelTimeMonitor => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exeMSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exeMSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exeMSCONFIG\startupreg: TPwrMain => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXEMSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"========================= Accounts: ==========================Administrator (S-1-5-21-1580903306-1420406646-1734795358-500 - Administrator - Disabled)Alysha (S-1-5-21-1580903306-1420406646-1734795358-1000 - Administrator - Enabled) => C:\Users\AlyshaGuest (S-1-5-21-1580903306-1420406646-1734795358-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1580903306-1420406646-1734795358-1002 - Limited - Enabled)==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================System errors:=============Microsoft Office Sessions:=========================CodeIntegrity Errors:=================================== Date: 2013-06-19 22:13:48.703 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-19 22:06:53.731 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-19 21:31:42.138 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Processor: AMD E-450 APU with Radeon HD GraphicsPercentage of memory in use: 35%Total physical RAM: 3686.87 MBAvailable physical RAM: 2393.24 MBTotal Pagefile: 7371.92 MBAvailable Pagefile: 5811.17 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB==================== Drives ================================Drive c: (S3A8666D006) (Fixed) (Total:433.54 GB) (Free:283.15 GB) NTFS ==>[system with boot components (obtained from reading drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: D2F26588)Partition 1: (Active) - (Size=1.5 GB) - (Type=27)Partition 2: (Not Active) - (Size=433.5 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=19.8 GB) - (Type=17)Partition 4: (Not Active) - (Size=10.9 GB) - (Type=17)==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Psychotic Posted January 26, 2015 ID:933083 Share Posted January 26, 2015 Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window. Scan with Gmer rootkit scannerPlease download Gmer from here by clicking on the "Download EXE" Button.Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. In the right panel, you will see several boxes that have been checked. Uncheck the following ...Sections IAT/EAT Show All ( should be unchecked by default )[*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Scan with TDSS-KillerPlease read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.Download TDSSKiller.zip and extract to your desktopExecute TDSSKiller.exe by doubleclicking on it. Press Start ScanIf Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txtPlease attach this file to your next reply. Link to post Share on other sites More sharing options...
AZDSF Posted January 26, 2015 Author ID:933091 Share Posted January 26, 2015 Thank you for helping. GMER 2.1.19357 - http://www.gmer.netRootkit scan 2015-01-26 07:35:33Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK5065GSXN rev.GH101M 465.76GBRunning: ye5644gt.exe; Driver: C:\Users\Alysha\AppData\Local\Temp\uwliqpod.sys---- Threads - GMER 2.1 ----Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3840:2296] 0000000077c13e85Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3840:2324] 00000000756b7587Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3840:3460] 000000006ea47712Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3840:2844] 0000000077c12e65Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3840:3344] 0000000077c13e85Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3840:1032] 0000000077c13e85---- EOF - GMER 2.1 ---- 07:41:01.0017 0x0730 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:0407:41:06.0165 0x0730 ============================================================07:41:06.0165 0x0730 Current date / time: 2015/01/26 07:41:06.016507:41:06.0165 0x0730 SystemInfo:07:41:06.0165 0x0730 07:41:06.0165 0x0730 OS Version: 6.1.7601 ServicePack: 1.007:41:06.0165 0x0730 Product type: Workstation07:41:06.0165 0x0730 ComputerName: ALYSHA-PC07:41:06.0165 0x0730 UserName: Alysha07:41:06.0165 0x0730 Windows directory: C:\windows07:41:06.0165 0x0730 System windows directory: C:\windows07:41:06.0165 0x0730 Running under WOW6407:41:06.0165 0x0730 Processor architecture: Intel x6407:41:06.0165 0x0730 Number of processors: 207:41:06.0165 0x0730 Page size: 0x100007:41:06.0165 0x0730 Boot type: Normal boot07:41:06.0165 0x0730 ============================================================07:41:08.0349 0x0730 KLMD registered as C:\windows\system32\drivers\51896361.sys07:41:08.0817 0x0730 System UUID: {BEB60A79-36E1-A7DA-0CFA-356275F82E7B}07:41:09.0940 0x0730 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004007:41:10.0034 0x0730 ============================================================07:41:10.0034 0x0730 \Device\Harddisk0\DR0:07:41:10.0034 0x0730 MBR partitions:07:41:10.0034 0x0730 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x3631580007:41:10.0034 0x0730 ============================================================07:41:10.0081 0x0730 C: <-> \Device\Harddisk0\DR0\Partition107:41:10.0081 0x0730 ============================================================07:41:10.0081 0x0730 Initialize success07:41:10.0081 0x0730 ============================================================07:41:16.0695 0x0cc8 ============================================================07:41:16.0695 0x0cc8 Scan started07:41:16.0695 0x0cc8 Mode: Manual; 07:41:16.0695 0x0cc8 ============================================================07:41:16.0695 0x0cc8 KSN ping started07:41:19.0581 0x0cc8 KSN ping finished: true07:41:21.0094 0x0cc8 ================ Scan system memory ========================07:41:21.0094 0x0cc8 System memory - ok07:41:21.0094 0x0cc8 ================ Scan services =============================07:41:21.0250 0x0cc8 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\drivers\1394ohci.sys07:41:21.0266 0x0cc8 1394ohci - ok07:41:21.0391 0x0cc8 [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] 1ca156e3 C:\windows\system32\rundll32.exe07:41:21.0391 0x0cc8 1ca156e3 - ok07:41:21.0437 0x0cc8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys07:41:21.0453 0x0cc8 ACPI - ok07:41:21.0500 0x0cc8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys07:41:21.0500 0x0cc8 AcpiPmi - ok07:41:21.0609 0x0cc8 [ A2A9C100FE1BE20A76C0B80D4CA44103, C34B4A31C8563E29EC6A3D318C40075F43C891C23D156F53EE2102C959B7887F ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe07:41:21.0625 0x0cc8 AdobeFlashPlayerUpdateSvc - ok07:41:21.0687 0x0cc8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\drivers\adp94xx.sys07:41:21.0718 0x0cc8 adp94xx - ok07:41:21.0781 0x0cc8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\drivers\adpahci.sys07:41:21.0796 0x0cc8 adpahci - ok07:41:21.0843 0x0cc8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\drivers\adpu320.sys07:41:21.0859 0x0cc8 adpu320 - ok07:41:21.0921 0x0cc8 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\windows\System32\aelupsvc.dll07:41:21.0921 0x0cc8 AeLookupSvc - ok07:41:22.0015 0x0cc8 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\windows\system32\drivers\afd.sys07:41:22.0030 0x0cc8 AFD - ok07:41:22.0077 0x0cc8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys07:41:22.0093 0x0cc8 agp440 - ok07:41:22.0124 0x0cc8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe07:41:22.0124 0x0cc8 ALG - ok07:41:22.0186 0x0cc8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys07:41:22.0186 0x0cc8 aliide - ok07:41:22.0233 0x0cc8 [ 2F2E91FD092811353C3BC968BEC274D8, F71D4C1C54FF5163AFB5603529F7F9950BBBC09FBDFEB24E404AEF77F416691A ] AMD External Events Utility C:\windows\system32\atiesrxx.exe07:41:22.0249 0x0cc8 AMD External Events Utility - ok07:41:22.0295 0x0cc8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys07:41:22.0295 0x0cc8 amdide - ok07:41:22.0342 0x0cc8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\drivers\amdk8.sys07:41:22.0342 0x0cc8 AmdK8 - ok07:41:22.0919 0x0cc8 [ 194D76D2083318A2E7071A988E02ECF4, DC989BBA41446EB5306C876AE3301A7E67F03EBA43C7FDBE9AB01784895514F6 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys07:41:23.0543 0x0cc8 amdkmdag - ok07:41:23.0684 0x0cc8 [ 1EEFFCE9A3A65A56A28793EAA3F57026, 9ED49D049713813A69131D0E06DBF13F08D227BD4348A505A5AAB4763C4C7CBE ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys07:41:23.0699 0x0cc8 amdkmdap - ok07:41:23.0731 0x0cc8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys07:41:23.0731 0x0cc8 AmdPPM - ok07:41:23.0793 0x0cc8 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\windows\system32\drivers\amdsata.sys07:41:23.0809 0x0cc8 amdsata - ok07:41:23.0840 0x0cc8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\windows\system32\drivers\amdsbs.sys07:41:23.0855 0x0cc8 amdsbs - ok07:41:23.0887 0x0cc8 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\windows\system32\drivers\amdxata.sys07:41:23.0902 0x0cc8 amdxata - ok07:41:23.0933 0x0cc8 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\windows\system32\drivers\appid.sys07:41:23.0933 0x0cc8 AppID - ok07:41:23.0965 0x0cc8 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\windows\System32\appidsvc.dll07:41:23.0980 0x0cc8 AppIDSvc - ok07:41:24.0027 0x0cc8 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\windows\System32\appinfo.dll07:41:24.0027 0x0cc8 Appinfo - ok07:41:24.0167 0x0cc8 [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe07:41:24.0167 0x0cc8 Apple Mobile Device - ok07:41:24.0214 0x0cc8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\windows\system32\drivers\arc.sys07:41:24.0214 0x0cc8 arc - ok07:41:24.0245 0x0cc8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\windows\system32\drivers\arcsas.sys07:41:24.0245 0x0cc8 arcsas - ok07:41:24.0386 0x0cc8 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe07:41:24.0401 0x0cc8 aspnet_state - ok07:41:24.0417 0x0cc8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys07:41:24.0417 0x0cc8 AsyncMac - ok07:41:24.0479 0x0cc8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\windows\system32\drivers\atapi.sys07:41:24.0479 0x0cc8 atapi - ok07:41:24.0557 0x0cc8 [ FC0E8778C000291CAF60EB88C011E931, 09BCCA3DE01021AEF76DFB46F01D21BA6FF409E816FA7547E5C3DFBF3A615ED2 ] atksgt C:\windows\system32\DRIVERS\atksgt.sys07:41:24.0573 0x0cc8 atksgt - ok07:41:24.0651 0x0cc8 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll07:41:24.0682 0x0cc8 AudioEndpointBuilder - ok07:41:24.0713 0x0cc8 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\windows\System32\Audiosrv.dll07:41:24.0745 0x0cc8 AudioSrv - ok07:41:24.0854 0x0cc8 [ AAE1DAE483DD57D0E267FCA42FCB5133, CB0A2DE350E975015C4601F66294B54DEFA9708082272DCB57E1BBB288ACE280 ] avc3 C:\windows\system32\DRIVERS\avc3.sys07:41:24.0885 0x0cc8 avc3 - ok07:41:24.0994 0x0cc8 [ 8183B715BD56561C27BEBB68B1192B7A, 19C65D0684D24956CDB3A3369AFFF4ECAC3FB7D2AA38ED41AD75AF3DDDFE882B ] avckf C:\windows\system32\DRIVERS\avckf.sys07:41:25.0025 0x0cc8 avckf - ok07:41:25.0057 0x0cc8 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\windows\System32\AxInstSV.dll07:41:25.0072 0x0cc8 AxInstSV - ok07:41:25.0119 0x0cc8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys07:41:25.0150 0x0cc8 b06bdrv - ok07:41:25.0197 0x0cc8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys07:41:25.0213 0x0cc8 b57nd60a - ok07:41:25.0244 0x0cc8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\windows\System32\bdesvc.dll07:41:25.0259 0x0cc8 BDESVC - ok07:41:25.0462 0x0cc8 [ C0247341C1BCD7FF2742821D0AD7AFBC, EC2B246F3233302DB540394AC0F11F294CA16FB9E44110126CC9807BAC20EA35 ] bdfwfpf C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys07:41:25.0462 0x0cc8 bdfwfpf - ok07:41:25.0493 0x0cc8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\windows\system32\drivers\Beep.sys07:41:25.0493 0x0cc8 Beep - ok07:41:25.0571 0x0cc8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\windows\System32\bfe.dll07:41:25.0603 0x0cc8 BFE - ok07:41:25.0681 0x0cc8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\windows\System32\qmgr.dll07:41:25.0712 0x0cc8 BITS - ok07:41:25.0743 0x0cc8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys07:41:25.0743 0x0cc8 blbdrive - ok07:41:25.0837 0x0cc8 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe07:41:25.0852 0x0cc8 Bonjour Service - ok07:41:25.0930 0x0cc8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\windows\system32\DRIVERS\bowser.sys07:41:25.0930 0x0cc8 bowser - ok07:41:25.0961 0x0cc8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys07:41:25.0961 0x0cc8 BrFiltLo - ok07:41:25.0961 0x0cc8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys07:41:25.0977 0x0cc8 BrFiltUp - ok07:41:26.0024 0x0cc8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\windows\System32\browser.dll07:41:26.0024 0x0cc8 Browser - ok07:41:26.0039 0x0cc8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\windows\System32\Drivers\Brserid.sys07:41:26.0055 0x0cc8 Brserid - ok07:41:26.0071 0x0cc8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys07:41:26.0071 0x0cc8 BrSerWdm - ok07:41:26.0086 0x0cc8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys07:41:26.0086 0x0cc8 BrUsbMdm - ok07:41:26.0102 0x0cc8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys07:41:26.0102 0x0cc8 BrUsbSer - ok07:41:26.0133 0x0cc8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys07:41:26.0133 0x0cc8 BTHMODEM - ok07:41:26.0180 0x0cc8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\windows\system32\bthserv.dll07:41:26.0180 0x0cc8 bthserv - ok07:41:26.0383 0x0cc8 [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe07:41:26.0445 0x0cc8 c2cautoupdatesvc - ok07:41:26.0617 0x0cc8 [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe07:41:26.0710 0x0cc8 c2cpnrsvc - ok07:41:26.0741 0x0cc8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys07:41:26.0741 0x0cc8 cdfs - ok07:41:26.0788 0x0cc8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\windows\system32\DRIVERS\cdrom.sys07:41:26.0804 0x0cc8 cdrom - ok07:41:26.0851 0x0cc8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\windows\System32\certprop.dll07:41:26.0851 0x0cc8 CertPropSvc - ok07:41:26.0944 0x0cc8 [ 41E7C4FA6491747402CFCA77CC1C7AAB, 676CD982A0D33B60A646AC7C0158F7421E395C8B4B12E544C55AF5C09E470CC5 ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe07:41:26.0960 0x0cc8 cfWiMAXService - ok07:41:26.0991 0x0cc8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\windows\system32\drivers\circlass.sys07:41:26.0991 0x0cc8 circlass - ok07:41:27.0053 0x0cc8 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\windows\system32\CLFS.sys07:41:27.0069 0x0cc8 CLFS - ok07:41:27.0147 0x0cc8 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe07:41:27.0147 0x0cc8 clr_optimization_v2.0.50727_32 - ok07:41:27.0209 0x0cc8 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe07:41:27.0209 0x0cc8 clr_optimization_v2.0.50727_64 - ok07:41:27.0319 0x0cc8 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe07:41:27.0350 0x0cc8 clr_optimization_v4.0.30319_32 - ok07:41:27.0381 0x0cc8 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe07:41:27.0397 0x0cc8 clr_optimization_v4.0.30319_64 - ok07:41:27.0428 0x0cc8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys07:41:27.0428 0x0cc8 CmBatt - ok07:41:27.0475 0x0cc8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\windows\system32\drivers\cmdide.sys07:41:27.0475 0x0cc8 cmdide - ok07:41:27.0553 0x0cc8 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\windows\system32\Drivers\cng.sys07:41:27.0568 0x0cc8 CNG - ok07:41:27.0615 0x0cc8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\windows\system32\drivers\compbatt.sys07:41:27.0615 0x0cc8 Compbatt - ok07:41:27.0646 0x0cc8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys07:41:27.0646 0x0cc8 CompositeBus - ok07:41:27.0662 0x0cc8 COMSysApp - ok07:41:27.0709 0x0cc8 [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe07:41:27.0709 0x0cc8 ConfigFree Service - ok07:41:27.0755 0x0cc8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\windows\system32\drivers\crcdisk.sys07:41:27.0755 0x0cc8 crcdisk - ok07:41:27.0818 0x0cc8 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\windows\system32\cryptsvc.dll07:41:27.0833 0x0cc8 CryptSvc - ok07:41:27.0896 0x0cc8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\windows\system32\rpcss.dll07:41:27.0911 0x0cc8 DcomLaunch - ok07:41:27.0958 0x0cc8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\windows\System32\defragsvc.dll07:41:27.0974 0x0cc8 defragsvc - ok07:41:28.0005 0x0cc8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\windows\system32\Drivers\dfsc.sys07:41:28.0021 0x0cc8 DfsC - ok07:41:28.0067 0x0cc8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\windows\system32\dhcpcore.dll07:41:28.0083 0x0cc8 Dhcp - ok07:41:28.0114 0x0cc8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\windows\system32\drivers\discache.sys07:41:28.0114 0x0cc8 discache - ok07:41:28.0161 0x0cc8 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\windows\system32\drivers\disk.sys07:41:28.0161 0x0cc8 Disk - ok07:41:28.0223 0x0cc8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\windows\System32\dnsrslvr.dll07:41:28.0239 0x0cc8 Dnscache - ok07:41:28.0286 0x0cc8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\windows\System32\dot3svc.dll07:41:28.0286 0x0cc8 dot3svc - ok07:41:28.0333 0x0cc8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\windows\system32\dps.dll07:41:28.0348 0x0cc8 DPS - ok07:41:28.0395 0x0cc8 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\windows\system32\drivers\drmkaud.sys07:41:28.0411 0x0cc8 drmkaud - ok07:41:28.0504 0x0cc8 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys07:41:28.0551 0x0cc8 DXGKrnl - ok07:41:28.0582 0x0cc8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\windows\System32\eapsvc.dll07:41:28.0598 0x0cc8 EapHost - ok07:41:28.0816 0x0cc8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\windows\system32\drivers\evbda.sys07:41:29.0003 0x0cc8 ebdrv - ok07:41:29.0066 0x0cc8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\windows\System32\lsass.exe07:41:29.0066 0x0cc8 EFS - ok07:41:29.0159 0x0cc8 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\windows\ehome\ehRecvr.exe07:41:29.0191 0x0cc8 ehRecvr - ok07:41:29.0237 0x0cc8 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\windows\ehome\ehsched.exe07:41:29.0237 0x0cc8 ehSched - ok07:41:29.0300 0x0cc8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\windows\system32\drivers\elxstor.sys07:41:29.0315 0x0cc8 elxstor - ok07:41:29.0347 0x0cc8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\windows\system32\drivers\errdev.sys07:41:29.0347 0x0cc8 ErrDev - ok07:41:29.0409 0x0cc8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\windows\system32\es.dll07:41:29.0425 0x0cc8 EventSystem - ok07:41:29.0456 0x0cc8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\windows\system32\drivers\exfat.sys07:41:29.0471 0x0cc8 exfat - ok07:41:29.0518 0x0cc8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\windows\system32\drivers\fastfat.sys07:41:29.0518 0x0cc8 fastfat - ok07:41:29.0612 0x0cc8 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\windows\system32\fxssvc.exe07:41:29.0643 0x0cc8 Fax - ok07:41:29.0674 0x0cc8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\windows\system32\drivers\fdc.sys07:41:29.0674 0x0cc8 fdc - ok07:41:29.0721 0x0cc8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\windows\system32\fdPHost.dll07:41:29.0721 0x0cc8 fdPHost - ok07:41:29.0737 0x0cc8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\windows\system32\fdrespub.dll07:41:29.0752 0x0cc8 FDResPub - ok07:41:29.0783 0x0cc8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\windows\system32\drivers\fileinfo.sys07:41:29.0783 0x0cc8 FileInfo - ok07:41:29.0815 0x0cc8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\windows\system32\drivers\filetrace.sys07:41:29.0815 0x0cc8 Filetrace - ok07:41:29.0846 0x0cc8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\windows\system32\drivers\flpydisk.sys07:41:29.0846 0x0cc8 flpydisk - ok07:41:29.0893 0x0cc8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\windows\system32\drivers\fltmgr.sys07:41:29.0924 0x0cc8 FltMgr - ok07:41:30.0033 0x0cc8 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\windows\system32\FntCache.dll07:41:30.0095 0x0cc8 FontCache - ok07:41:30.0142 0x0cc8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe07:41:30.0142 0x0cc8 FontCache3.0.0.0 - ok07:41:30.0173 0x0cc8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\windows\system32\drivers\FsDepends.sys07:41:30.0173 0x0cc8 FsDepends - ok07:41:30.0236 0x0cc8 [ 07DA62C960DDCCC2D35836AEAB4FC578, C67A29E928AF59BF7FB573FAC2176C5598F595406AA90DDB4A364A15BC89A6C4 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys07:41:30.0236 0x0cc8 fssfltr - ok07:41:30.0392 0x0cc8 [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe07:41:30.0470 0x0cc8 fsssvc - ok07:41:30.0517 0x0cc8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys07:41:30.0517 0x0cc8 Fs_Rec - ok07:41:30.0579 0x0cc8 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys07:41:30.0595 0x0cc8 fvevol - ok07:41:30.0641 0x0cc8 [ 60ACB128E64C35C2B4E4AAB1B0A5C293, 7B476AB5E95529A894F95397C753662F4C58D1FE89F4648271251DA77C5A3FA9 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys07:41:30.0657 0x0cc8 FwLnk - ok07:41:30.0688 0x0cc8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys07:41:30.0704 0x0cc8 gagp30kx - ok07:41:30.0735 0x0cc8 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys07:41:30.0751 0x0cc8 GEARAspiWDM - ok07:41:30.0782 0x0cc8 globalUpdate - ok07:41:30.0797 0x0cc8 globalUpdatem - ok07:41:30.0875 0x0cc8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\windows\System32\gpsvc.dll07:41:30.0907 0x0cc8 gpsvc - ok07:41:31.0016 0x0cc8 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe07:41:31.0031 0x0cc8 gupdate - ok07:41:31.0063 0x0cc8 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe07:41:31.0063 0x0cc8 gupdatem - ok07:41:31.0109 0x0cc8 [ 408B664926675C270D911160F1631D6B, 6BF7E613B708E2E81916DE6C83256F969797B9D039C16A20003541D698055BC7 ] gzflt C:\windows\system32\DRIVERS\gzflt.sys07:41:31.0109 0x0cc8 gzflt - ok07:41:31.0187 0x0cc8 [ B5CBEB9EB25A8230463037A647BC1469, 03643B05F9309ED4EF415CB6455D8B1FC39707745982C31AF0A42398C5A30B52 ] gzserv C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe07:41:31.0187 0x0cc8 gzserv - ok07:41:31.0219 0x0cc8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys07:41:31.0234 0x0cc8 hcw85cir - ok07:41:31.0281 0x0cc8 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys07:41:31.0297 0x0cc8 HdAudAddService - ok07:41:31.0328 0x0cc8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys07:41:31.0343 0x0cc8 HDAudBus - ok07:41:31.0359 0x0cc8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\windows\system32\drivers\HidBatt.sys07:41:31.0359 0x0cc8 HidBatt - ok07:41:31.0390 0x0cc8 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\windows\system32\drivers\hidbth.sys07:41:31.0390 0x0cc8 HidBth - ok07:41:31.0406 0x0cc8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\windows\system32\drivers\hidir.sys07:41:31.0406 0x0cc8 HidIr - ok07:41:31.0437 0x0cc8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\windows\system32\hidserv.dll07:41:31.0437 0x0cc8 hidserv - ok07:41:31.0484 0x0cc8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\windows\system32\drivers\hidusb.sys07:41:31.0499 0x0cc8 HidUsb - ok07:41:31.0577 0x0cc8 [ 1474511588FA04EC0009D83C38EDBFB3, 1FE4CC1030B7CD7DC1FA1A6EE5DCA5494AF5013F37B6C158D3370439AB5D3925 ] hitmanpro37 C:\windows\system32\drivers\hitmanpro37.sys07:41:31.0577 0x0cc8 hitmanpro37 - ok07:41:31.0609 0x0cc8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\windows\system32\kmsvc.dll07:41:31.0609 0x0cc8 hkmsvc - ok07:41:31.0655 0x0cc8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll07:41:31.0671 0x0cc8 HomeGroupListener - ok07:41:31.0702 0x0cc8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll07:41:31.0702 0x0cc8 HomeGroupProvider - ok07:41:31.0749 0x0cc8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys07:41:31.0749 0x0cc8 HpSAMD - ok07:41:31.0811 0x0cc8 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\windows\system32\drivers\HTTP.sys07:41:31.0843 0x0cc8 HTTP - ok07:41:31.0874 0x0cc8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys07:41:31.0889 0x0cc8 hwpolicy - ok07:41:31.0921 0x0cc8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys07:41:31.0936 0x0cc8 i8042prt - ok07:41:32.0014 0x0cc8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\windows\system32\drivers\iaStorV.sys07:41:32.0045 0x0cc8 iaStorV - ok07:41:32.0201 0x0cc8 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe07:41:32.0233 0x0cc8 idsvc - ok07:41:32.0264 0x0cc8 IEEtwCollectorService - ok07:41:32.0311 0x0cc8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\windows\system32\drivers\iirsp.sys07:41:32.0326 0x0cc8 iirsp - ok07:41:32.0404 0x0cc8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\windows\System32\ikeext.dll07:41:32.0451 0x0cc8 IKEEXT - ok07:41:32.0498 0x0cc8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\windows\system32\drivers\intelide.sys07:41:32.0498 0x0cc8 intelide - ok07:41:32.0545 0x0cc8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\windows\system32\drivers\intelppm.sys07:41:32.0545 0x0cc8 intelppm - ok07:41:32.0591 0x0cc8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\windows\system32\ipbusenum.dll07:41:32.0591 0x0cc8 IPBusEnum - ok07:41:32.0623 0x0cc8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys07:41:32.0623 0x0cc8 IpFilterDriver - ok07:41:32.0701 0x0cc8 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\windows\System32\iphlpsvc.dll07:41:32.0732 0x0cc8 iphlpsvc - ok07:41:32.0747 0x0cc8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys07:41:32.0763 0x0cc8 IPMIDRV - ok07:41:32.0794 0x0cc8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\windows\system32\drivers\ipnat.sys07:41:32.0810 0x0cc8 IPNAT - ok07:41:32.0950 0x0cc8 [ 835FC2EA0631B734BB06C12B0665F01D, B8A8B0148C6C3AFC40835B44E3D6508CB9EEE8AC430A7904711C8B51C2116A8D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe07:41:32.0981 0x0cc8 iPod Service - ok07:41:32.0997 0x0cc8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\windows\system32\drivers\irenum.sys07:41:33.0013 0x0cc8 IRENUM - ok07:41:33.0044 0x0cc8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\windows\system32\drivers\isapnp.sys07:41:33.0044 0x0cc8 isapnp - ok07:41:33.0091 0x0cc8 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys07:41:33.0106 0x0cc8 iScsiPrt - ok07:41:33.0137 0x0cc8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys07:41:33.0137 0x0cc8 kbdclass - ok07:41:33.0169 0x0cc8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys07:41:33.0184 0x0cc8 kbdhid - ok07:41:33.0200 0x0cc8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\windows\system32\lsass.exe07:41:33.0200 0x0cc8 KeyIso - ok07:41:33.0247 0x0cc8 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys07:41:33.0262 0x0cc8 KSecDD - ok07:41:33.0309 0x0cc8 [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys07:41:33.0325 0x0cc8 KSecPkg - ok07:41:33.0371 0x0cc8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\windows\system32\drivers\ksthunk.sys07:41:33.0371 0x0cc8 ksthunk - ok07:41:33.0434 0x0cc8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\windows\system32\msdtckrm.dll07:41:33.0449 0x0cc8 KtmRm - ok07:41:33.0496 0x0cc8 [ 655A5D8E80869781CCE23760ADA7E695, 86DA2FC5DBA28762A89BC70D9DA0F370FC4A9F4F28E6802AD5972C387F4EEFD3 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys07:41:33.0512 0x0cc8 L1C - ok07:41:33.0559 0x0cc8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\windows\system32\srvsvc.dll07:41:33.0559 0x0cc8 LanmanServer - ok07:41:33.0605 0x0cc8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll07:41:33.0605 0x0cc8 LanmanWorkstation - ok07:41:33.0668 0x0cc8 [ 156AB2E56DC3CA0B582E3362E07CDED7, 7B03929273861690DC42E4C686E655BE5A1C60136AE5E739D7E62306AFD4AB9A ] lirsgt C:\windows\system32\DRIVERS\lirsgt.sys07:41:33.0668 0x0cc8 lirsgt - ok07:41:33.0699 0x0cc8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\windows\system32\DRIVERS\lltdio.sys07:41:33.0699 0x0cc8 lltdio - ok07:41:33.0761 0x0cc8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\windows\System32\lltdsvc.dll07:41:33.0777 0x0cc8 lltdsvc - ok07:41:33.0793 0x0cc8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\windows\System32\lmhsvc.dll07:41:33.0793 0x0cc8 lmhosts - ok07:41:33.0839 0x0cc8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys07:41:33.0839 0x0cc8 LSI_FC - ok07:41:33.0886 0x0cc8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys07:41:33.0902 0x0cc8 LSI_SAS - ok07:41:33.0917 0x0cc8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys07:41:33.0933 0x0cc8 LSI_SAS2 - ok07:41:33.0949 0x0cc8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys07:41:33.0964 0x0cc8 LSI_SCSI - ok07:41:33.0995 0x0cc8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\windows\system32\drivers\luafv.sys07:41:34.0011 0x0cc8 luafv - ok07:41:34.0089 0x0cc8 [ CA43F8904E24BBE49982E4C0B29E6579, 2E3E6D02980706061C478C1643F8838310DDAC573C8722AE7F3290CE36B02CB2 ] MBAMProtector C:\windows\system32\drivers\mbam.sys07:41:34.0089 0x0cc8 MBAMProtector - ok07:41:34.0261 0x0cc8 [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe07:41:34.0339 0x0cc8 MBAMScheduler - ok07:41:34.0463 0x0cc8 [ 5F82D8188B370B0CF185D4AE2B9B4A0E, 549B53DD989A069E1C38347C4CEF5283DF9B428CE102799B06A20D3D8F23825F ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe07:41:34.0510 0x0cc8 MBAMService - ok07:41:34.0573 0x0cc8 [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy C:\windows\system32\drivers\MBAMSwissArmy.sys07:41:34.0573 0x0cc8 MBAMSwissArmy - ok07:41:34.0635 0x0cc8 [ A646C2DDB8C46E9B20A326FAF566646C, F46E3BF392CB4EB53D323BC8CC41EFBB9C5D7C935FECF255F524EB18583A2A37 ] MBAMWebAccessControl C:\windows\system32\drivers\mwac.sys07:41:34.0651 0x0cc8 MBAMWebAccessControl - ok07:41:34.0666 0x0cc8 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll07:41:34.0682 0x0cc8 Mcx2Svc - ok07:41:34.0697 0x0cc8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\windows\system32\drivers\megasas.sys07:41:34.0713 0x0cc8 megasas - ok07:41:34.0744 0x0cc8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\windows\system32\drivers\MegaSR.sys07:41:34.0760 0x0cc8 MegaSR - ok07:41:34.0791 0x0cc8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\windows\system32\mmcss.dll07:41:34.0807 0x0cc8 MMCSS - ok07:41:34.0822 0x0cc8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\windows\system32\drivers\modem.sys07:41:34.0822 0x0cc8 Modem - ok07:41:34.0853 0x0cc8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\windows\system32\DRIVERS\monitor.sys07:41:34.0853 0x0cc8 monitor - ok07:41:34.0885 0x0cc8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys07:41:34.0900 0x0cc8 mouclass - ok07:41:34.0931 0x0cc8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys07:41:34.0931 0x0cc8 mouhid - ok07:41:34.0947 0x0cc8 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\windows\system32\drivers\mountmgr.sys07:41:34.0963 0x0cc8 mountmgr - ok07:41:35.0025 0x0cc8 [ 817EFA0406E506784AB734CFB7DBD28E, 301C14DFCFE9AA27E93A5161E3BA74A8139EA8778FC9C4AA16623B673B6DD58F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe07:41:35.0025 0x0cc8 MozillaMaintenance - ok07:41:35.0072 0x0cc8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\windows\system32\drivers\mpio.sys07:41:35.0072 0x0cc8 mpio - ok07:41:35.0103 0x0cc8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys07:41:35.0119 0x0cc8 mpsdrv - ok07:41:35.0197 0x0cc8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\windows\system32\mpssvc.dll07:41:35.0228 0x0cc8 MpsSvc - ok07:41:35.0290 0x0cc8 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\windows\system32\drivers\mrxdav.sys07:41:35.0290 0x0cc8 MRxDAV - ok07:41:35.0353 0x0cc8 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys07:41:35.0353 0x0cc8 mrxsmb - ok07:41:35.0384 0x0cc8 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys07:41:35.0399 0x0cc8 mrxsmb10 - ok07:41:35.0431 0x0cc8 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys07:41:35.0431 0x0cc8 mrxsmb20 - ok07:41:35.0493 0x0cc8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\windows\system32\drivers\msahci.sys07:41:35.0493 0x0cc8 msahci - ok07:41:35.0540 0x0cc8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\windows\system32\drivers\msdsm.sys07:41:35.0540 0x0cc8 msdsm - ok07:41:35.0571 0x0cc8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\windows\System32\msdtc.exe07:41:35.0571 0x0cc8 MSDTC - ok07:41:35.0618 0x0cc8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\windows\system32\drivers\Msfs.sys07:41:35.0618 0x0cc8 Msfs - ok07:41:35.0633 0x0cc8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys07:41:35.0633 0x0cc8 mshidkmdf - ok07:41:35.0665 0x0cc8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\windows\system32\drivers\msisadrv.sys07:41:35.0665 0x0cc8 msisadrv - ok07:41:35.0711 0x0cc8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\windows\system32\iscsiexe.dll07:41:35.0711 0x0cc8 MSiSCSI - ok07:41:35.0727 0x0cc8 msiserver - ok07:41:35.0758 0x0cc8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys07:41:35.0758 0x0cc8 MSKSSRV - ok07:41:35.0774 0x0cc8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys07:41:35.0789 0x0cc8 MSPCLOCK - ok07:41:35.0805 0x0cc8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\windows\system32\drivers\MSPQM.sys07:41:35.0805 0x0cc8 MSPQM - ok07:41:35.0852 0x0cc8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\windows\system32\drivers\MsRPC.sys07:41:35.0867 0x0cc8 MsRPC - ok07:41:35.0914 0x0cc8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys07:41:35.0914 0x0cc8 mssmbios - ok07:41:35.0961 0x0cc8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\windows\system32\drivers\MSTEE.sys07:41:35.0961 0x0cc8 MSTEE - ok07:41:35.0977 0x0cc8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\windows\system32\drivers\MTConfig.sys07:41:35.0977 0x0cc8 MTConfig - ok07:41:36.0008 0x0cc8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\windows\system32\Drivers\mup.sys07:41:36.0008 0x0cc8 Mup - ok07:41:36.0055 0x0cc8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\windows\system32\qagentRT.dll07:41:36.0086 0x0cc8 napagent - ok07:41:36.0148 0x0cc8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys07:41:36.0164 0x0cc8 NativeWifiP - ok07:41:36.0273 0x0cc8 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\windows\system32\drivers\ndis.sys07:41:36.0304 0x0cc8 NDIS - ok07:41:36.0351 0x0cc8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys07:41:36.0367 0x0cc8 NdisCap - ok07:41:36.0398 0x0cc8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys07:41:36.0398 0x0cc8 NdisTapi - ok07:41:36.0413 0x0cc8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys07:41:36.0429 0x0cc8 Ndisuio - ok07:41:36.0445 0x0cc8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys07:41:36.0460 0x0cc8 NdisWan - ok07:41:36.0476 0x0cc8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\windows\system32\drivers\NDProxy.sys07:41:36.0491 0x0cc8 NDProxy - ok07:41:36.0523 0x0cc8 [ 6F4607E2333FE21E9E3FF8133A88B35B, F7B7B262D85D03552A8D0F3F91E795B31E3D09020DDA1E3D62A4A3209D916BB6 ] Netaapl C:\windows\system32\DRIVERS\netaapl64.sys07:41:36.0523 0x0cc8 Netaapl - ok07:41:36.0554 0x0cc8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys07:41:36.0554 0x0cc8 NetBIOS - ok07:41:36.0601 0x0cc8 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\windows\system32\DRIVERS\netbt.sys07:41:36.0616 0x0cc8 NetBT - ok07:41:36.0632 0x0cc8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\windows\system32\lsass.exe07:41:36.0632 0x0cc8 Netlogon - ok07:41:36.0694 0x0cc8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\windows\System32\netman.dll07:41:36.0710 0x0cc8 Netman - ok07:41:36.0757 0x0cc8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe07:41:36.0772 0x0cc8 NetMsmqActivator - ok07:41:36.0772 0x0cc8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe07:41:36.0788 0x0cc8 NetPipeActivator - ok07:41:36.0835 0x0cc8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\windows\System32\netprofm.dll07:41:36.0866 0x0cc8 netprofm - ok07:41:36.0897 0x0cc8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe07:41:36.0913 0x0cc8 NetTcpActivator - ok07:41:36.0928 0x0cc8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe07:41:36.0928 0x0cc8 NetTcpPortSharing - ok07:41:36.0975 0x0cc8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys07:41:36.0975 0x0cc8 nfrd960 - ok07:41:37.0038 0x0cc8 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\windows\System32\nlasvc.dll07:41:37.0054 0x0cc8 NlaSvc - ok07:41:37.0101 0x0cc8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\windows\system32\drivers\Npfs.sys07:41:37.0101 0x0cc8 Npfs - ok07:41:37.0132 0x0cc8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\windows\system32\nsisvc.dll07:41:37.0132 0x0cc8 nsi - ok07:41:37.0179 0x0cc8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys07:41:37.0179 0x0cc8 nsiproxy - ok07:41:37.0335 0x0cc8 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\windows\system32\drivers\Ntfs.sys07:41:37.0413 0x0cc8 Ntfs - ok07:41:37.0460 0x0cc8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\windows\system32\drivers\Null.sys07:41:37.0460 0x0cc8 Null - ok07:41:37.0506 0x0cc8 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\windows\system32\drivers\nvraid.sys07:41:37.0522 0x0cc8 nvraid - ok07:41:37.0569 0x0cc8 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\windows\system32\drivers\nvstor.sys07:41:37.0569 0x0cc8 nvstor - ok07:41:37.0600 0x0cc8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\windows\system32\drivers\nv_agp.sys07:41:37.0616 0x0cc8 nv_agp - ok07:41:37.0740 0x0cc8 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE07:41:37.0772 0x0cc8 odserv - ok07:41:37.0803 0x0cc8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys07:41:37.0803 0x0cc8 ohci1394 - ok07:41:37.0881 0x0cc8 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE07:41:37.0881 0x0cc8 ose - ok07:41:37.0959 0x0cc8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\windows\system32\pnrpsvc.dll07:41:37.0974 0x0cc8 p2pimsvc - ok07:41:38.0021 0x0cc8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\windows\system32\p2psvc.dll07:41:38.0052 0x0cc8 p2psvc - ok07:41:38.0099 0x0cc8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\windows\system32\drivers\parport.sys07:41:38.0099 0x0cc8 Parport - ok07:41:38.0146 0x0cc8 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\windows\system32\drivers\partmgr.sys07:41:38.0162 0x0cc8 partmgr - ok07:41:38.0193 0x0cc8 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\windows\System32\pcasvc.dll07:41:38.0208 0x0cc8 PcaSvc - ok07:41:38.0240 0x0cc8 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\windows\system32\drivers\pci.sys07:41:38.0255 0x0cc8 pci - ok07:41:38.0302 0x0cc8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\windows\system32\drivers\pciide.sys07:41:38.0302 0x0cc8 pciide - ok07:41:38.0333 0x0cc8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\windows\system32\drivers\pcmcia.sys07:41:38.0349 0x0cc8 pcmcia - ok07:41:38.0380 0x0cc8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\windows\system32\drivers\pcw.sys07:41:38.0380 0x0cc8 pcw - ok07:41:38.0427 0x0cc8 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\windows\system32\drivers\peauth.sys07:41:38.0458 0x0cc8 PEAUTH - ok07:41:38.0536 0x0cc8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\windows\SysWow64\perfhost.exe07:41:38.0552 0x0cc8 PerfHost - ok07:41:38.0598 0x0cc8 [ 91111CEBBDE8015E822C46120ED9537C, 255B85FEF663C2E0652CECF3F9B67B12B576F924A34415DEE13F0F5137E1E7F7 ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys07:41:38.0614 0x0cc8 PGEffect - ok07:41:38.0723 0x0cc8 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\windows\system32\pla.dll07:41:38.0786 0x0cc8 pla - ok07:41:38.0848 0x0cc8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\windows\system32\umpnpmgr.dll07:41:38.0864 0x0cc8 PlugPlay - ok07:41:38.0879 0x0cc8 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll07:41:38.0895 0x0cc8 PNRPAutoReg - ok07:41:38.0926 0x0cc8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\windows\system32\pnrpsvc.dll07:41:38.0942 0x0cc8 PNRPsvc - ok07:41:39.0004 0x0cc8 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\windows\System32\ipsecsvc.dll07:41:39.0035 0x0cc8 PolicyAgent - ok07:41:39.0066 0x0cc8 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\windows\system32\umpo.dll07:41:39.0082 0x0cc8 Power - ok07:41:39.0113 0x0cc8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys07:41:39.0129 0x0cc8 PptpMiniport - ok07:41:39.0144 0x0cc8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\windows\system32\drivers\processr.sys07:41:39.0144 0x0cc8 Processor - ok07:41:39.0207 0x0cc8 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\windows\system32\profsvc.dll07:41:39.0207 0x0cc8 ProfSvc - ok07:41:39.0238 0x0cc8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\windows\system32\lsass.exe07:41:39.0254 0x0cc8 ProtectedStorage - ok07:41:39.0285 0x0cc8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\windows\system32\DRIVERS\pacer.sys07:41:39.0285 0x0cc8 Psched - ok07:41:39.0410 0x0cc8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\windows\system32\drivers\ql2300.sys07:41:39.0472 0x0cc8 ql2300 - ok07:41:39.0519 0x0cc8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\windows\system32\drivers\ql40xx.sys07:41:39.0519 0x0cc8 ql40xx - ok07:41:39.0566 0x0cc8 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\windows\system32\qwave.dll07:41:39.0566 0x0cc8 QWAVE - ok07:41:39.0597 0x0cc8 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys07:41:39.0597 0x0cc8 QWAVEdrv - ok07:41:39.0628 0x0cc8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys07:41:39.0628 0x0cc8 RasAcd - ok07:41:39.0659 0x0cc8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys07:41:39.0659 0x0cc8 RasAgileVpn - ok07:41:39.0690 0x0cc8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\windows\System32\rasauto.dll07:41:39.0706 0x0cc8 RasAuto - ok07:41:39.0722 0x0cc8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys07:41:39.0737 0x0cc8 Rasl2tp - ok07:41:39.0768 0x0cc8 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\windows\System32\rasmans.dll07:41:39.0784 0x0cc8 RasMan - ok07:41:39.0815 0x0cc8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys07:41:39.0815 0x0cc8 RasPppoe - ok07:41:39.0862 0x0cc8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys07:41:39.0862 0x0cc8 RasSstp - ok07:41:39.0909 0x0cc8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\windows\system32\DRIVERS\rdbss.sys07:41:39.0924 0x0cc8 rdbss - ok07:41:39.0940 0x0cc8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\windows\system32\drivers\rdpbus.sys07:41:39.0940 0x0cc8 rdpbus - ok07:41:39.0956 0x0cc8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys07:41:39.0971 0x0cc8 RDPCDD - ok07:41:40.0002 0x0cc8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys07:41:40.0002 0x0cc8 RDPENCDD - ok07:41:40.0018 0x0cc8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys07:41:40.0018 0x0cc8 RDPREFMP - ok07:41:40.0112 0x0cc8 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys07:41:40.0112 0x0cc8 RdpVideoMiniport - ok07:41:40.0158 0x0cc8 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\windows\system32\drivers\RDPWD.sys07:41:40.0174 0x0cc8 RDPWD - ok07:41:40.0236 0x0cc8 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\windows\system32\drivers\rdyboost.sys07:41:40.0236 0x0cc8 rdyboost - ok07:41:40.0268 0x0cc8 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\windows\System32\mprdim.dll07:41:40.0283 0x0cc8 RemoteAccess - ok07:41:40.0314 0x0cc8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll07:41:40.0330 0x0cc8 RemoteRegistry - ok07:41:40.0361 0x0cc8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll07:41:40.0361 0x0cc8 RpcEptMapper - ok07:41:40.0392 0x0cc8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\windows\system32\locator.exe07:41:40.0408 0x0cc8 RpcLocator - ok07:41:40.0455 0x0cc8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\windows\system32\rpcss.dll07:41:40.0470 0x0cc8 RpcSs - ok07:41:40.0533 0x0cc8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys07:41:40.0533 0x0cc8 rspndr - ok07:41:40.0548 0x0cc8 RSUSBSTOR - ok07:41:40.0564 0x0cc8 RTL8192Ce - ok07:41:40.0689 0x0cc8 [ F84917461BDB7C51B2ED7FF062B3A64A, 0DC81BA49BDDB4F425F526A21357E1CF70C94D67E99B3020E9FF14B680851EEC ] RTWlanE C:\windows\system32\DRIVERS\rtwlane.sys07:41:40.0767 0x0cc8 RTWlanE - ok07:41:41.0016 0x0cc8 [ 43652A826527F6A57DBDB5D154546D09, A365D8868D798FD182072663700A0D93A506CE5692388E615D4BBE551D24556A ] RTZnjsXcl C:\ProgramData\XXmhBb\RTZnjsXcl.exe07:41:41.0126 0x0cc8 RTZnjsXcl - ok07:41:41.0157 0x0cc8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\windows\system32\lsass.exe07:41:41.0157 0x0cc8 SamSs - ok07:41:41.0188 0x0cc8 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\windows\system32\drivers\sbp2port.sys07:41:41.0204 0x0cc8 sbp2port - ok07:41:41.0235 0x0cc8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\windows\System32\SCardSvr.dll07:41:41.0250 0x0cc8 SCardSvr - ok07:41:41.0282 0x0cc8 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys07:41:41.0282 0x0cc8 scfilter - ok07:41:41.0375 0x0cc8 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\windows\system32\schedsvc.dll07:41:41.0422 0x0cc8 Schedule - ok07:41:41.0453 0x0cc8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\windows\System32\certprop.dll07:41:41.0453 0x0cc8 SCPolicySvc - ok07:41:41.0500 0x0cc8 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\windows\System32\SDRSVC.dll07:41:41.0516 0x0cc8 SDRSVC - ok07:41:41.0562 0x0cc8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys07:41:41.0562 0x0cc8 secdrv - ok07:41:41.0594 0x0cc8 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\windows\system32\seclogon.dll07:41:41.0594 0x0cc8 seclogon - ok07:41:41.0625 0x0cc8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\windows\System32\sens.dll07:41:41.0625 0x0cc8 SENS - ok07:41:41.0656 0x0cc8 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\windows\system32\sensrsvc.dll07:41:41.0656 0x0cc8 SensrSvc - ok07:41:41.0703 0x0cc8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\windows\system32\drivers\serenum.sys07:41:41.0703 0x0cc8 Serenum - ok07:41:41.0734 0x0cc8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\windows\system32\drivers\serial.sys07:41:41.0750 0x0cc8 Serial - ok07:41:41.0781 0x0cc8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\windows\system32\drivers\sermouse.sys07:41:41.0781 0x0cc8 sermouse - ok07:41:41.0828 0x0cc8 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\windows\system32\sessenv.dll07:41:41.0843 0x0cc8 SessionEnv - ok07:41:41.0859 0x0cc8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\windows\system32\drivers\sffdisk.sys07:41:41.0859 0x0cc8 sffdisk - ok07:41:41.0890 0x0cc8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys07:41:41.0906 0x0cc8 sffp_mmc - ok07:41:41.0906 0x0cc8 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys07:41:41.0906 0x0cc8 sffp_sd - ok07:41:41.0921 0x0cc8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\windows\system32\drivers\sfloppy.sys07:41:41.0921 0x0cc8 sfloppy - ok07:41:41.0984 0x0cc8 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\windows\System32\ipnathlp.dll07:41:41.0999 0x0cc8 SharedAccess - ok07:41:42.0046 0x0cc8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll07:41:42.0077 0x0cc8 ShellHWDetection - ok07:41:42.0108 0x0cc8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys07:41:42.0108 0x0cc8 SiSRaid2 - ok07:41:42.0155 0x0cc8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys07:41:42.0155 0x0cc8 SiSRaid4 - ok07:41:42.0186 0x0cc8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\windows\system32\DRIVERS\smb.sys07:41:42.0186 0x0cc8 Smb - ok07:41:42.0249 0x0cc8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\windows\System32\snmptrap.exe07:41:42.0249 0x0cc8 SNMPTRAP - ok07:41:42.0280 0x0cc8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\windows\system32\drivers\spldr.sys07:41:42.0280 0x0cc8 spldr - ok07:41:42.0358 0x0cc8 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\windows\System32\spoolsv.exe07:41:42.0389 0x0cc8 Spooler - ok07:41:42.0623 0x0cc8 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\windows\system32\sppsvc.exe07:41:42.0826 0x0cc8 sppsvc - ok07:41:42.0873 0x0cc8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\windows\system32\sppuinotify.dll07:41:42.0873 0x0cc8 sppuinotify - ok07:41:42.0935 0x0cc8 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\windows\system32\DRIVERS\srv.sys07:41:42.0966 0x0cc8 srv - ok07:41:43.0013 0x0cc8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\windows\system32\DRIVERS\srv2.sys07:41:43.0029 0x0cc8 srv2 - ok07:41:43.0076 0x0cc8 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys07:41:43.0091 0x0cc8 srvnet - ok07:41:43.0122 0x0cc8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\windows\System32\ssdpsrv.dll07:41:43.0138 0x0cc8 SSDPSRV - ok07:41:43.0154 0x0cc8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\windows\system32\sstpsvc.dll07:41:43.0154 0x0cc8 SstpSvc - ok07:41:43.0185 0x0cc8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\windows\system32\drivers\stexstor.sys07:41:43.0185 0x0cc8 stexstor - ok07:41:43.0263 0x0cc8 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\windows\System32\wiaservc.dll07:41:43.0294 0x0cc8 stisvc - ok07:41:43.0325 0x0cc8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\windows\system32\DRIVERS\swenum.sys07:41:43.0325 0x0cc8 swenum - ok07:41:43.0388 0x0cc8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\windows\System32\swprv.dll07:41:43.0403 0x0cc8 swprv - ok07:41:43.0497 0x0cc8 [ 57D63DB8BC5C3D9A1F2E2BBDAE8492B6, 6F71109E95B3D413158F4A60AB9EA850D625EA7CE40E9A07FEBC09F6D6E8BDA2 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys07:41:43.0528 0x0cc8 SynTP - ok07:41:43.0653 0x0cc8 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\windows\system32\sysmain.dll07:41:43.0731 0x0cc8 SysMain - ok07:41:43.0778 0x0cc8 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll07:41:43.0793 0x0cc8 TabletInputService - ok07:41:43.0824 0x0cc8 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\windows\System32\tapisrv.dll07:41:43.0856 0x0cc8 TapiSrv - ok07:41:43.0871 0x0cc8 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\windows\System32\tbssvc.dll07:41:43.0887 0x0cc8 TBS - ok07:41:44.0043 0x0cc8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\windows\system32\drivers\tcpip.sys07:41:44.0121 0x0cc8 Tcpip - ok07:41:44.0261 0x0cc8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys07:41:44.0339 0x0cc8 TCPIP6 - ok07:41:44.0402 0x0cc8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys07:41:44.0402 0x0cc8 tcpipreg - ok07:41:44.0464 0x0cc8 [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys07:41:44.0464 0x0cc8 tdcmdpst - ok07:41:44.0511 0x0cc8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\windows\system32\drivers\tdpipe.sys07:41:44.0511 0x0cc8 TDPIPE - ok07:41:44.0542 0x0cc8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys07:41:44.0542 0x0cc8 TDTCP - ok07:41:44.0604 0x0cc8 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\windows\system32\DRIVERS\tdx.sys07:41:44.0604 0x0cc8 tdx - ok07:41:44.0651 0x0cc8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\windows\system32\DRIVERS\termdd.sys07:41:44.0667 0x0cc8 TermDD - ok07:41:44.0745 0x0cc8 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\windows\System32\termsrv.dll07:41:44.0776 0x0cc8 TermService - ok07:41:44.0823 0x0cc8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\windows\system32\themeservice.dll07:41:44.0823 0x0cc8 Themes - ok07:41:44.0870 0x0cc8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\windows\system32\mmcss.dll07:41:44.0870 0x0cc8 THREADORDER - ok07:41:44.0948 0x0cc8 [ DFE9BA871B9F3DBB591BD113611CBCC0, 8AD07A7C08A68B590819F93614D518D15121BAB4BBC453B12A4E5137874FD4BC ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe07:41:44.0948 0x0cc8 TMachInfo - ok07:41:44.0979 0x0cc8 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19, CFE8A69E3F2A42C3BA2B38EC9233076D0AD32C441500E6407219F2E866905D9B ] TODDSrv C:\windows\system32\TODDSrv.exe07:41:44.0994 0x0cc8 TODDSrv - ok07:41:45.0104 0x0cc8 [ DB9719688C08F42705FEB3F6A0C98B91, D8E837F2F5C3838312001CCDD37448ABAE3DD6452CE6DC26241678E0F3A584CE ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe07:41:45.0119 0x0cc8 TosCoSrv - ok07:41:45.0182 0x0cc8 [ 74C2FA8C3765EE71A9C22182EC108457, A7073FAB6CE6FB9824544A9CDCCA441D08FD87D68EB564DCB1186FC257776221 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe07:41:45.0197 0x0cc8 TOSHIBA HDD SSD Alert Service - ok07:41:45.0244 0x0cc8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\windows\System32\trkwks.dll07:41:45.0244 0x0cc8 TrkWks - ok07:41:45.0322 0x0cc8 [ 132C0E39AF0312E6B9611E2E1B344D41, 8B26EB55C5E0721498FF28A2865697FF761D237626A920608B5A80360BBD1285 ] trufos C:\windows\system32\DRIVERS\trufos.sys07:41:45.0338 0x0cc8 trufos - ok07:41:45.0384 0x0cc8 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe07:41:45.0400 0x0cc8 TrustedInstaller - ok07:41:45.0447 0x0cc8 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys07:41:45.0447 0x0cc8 tssecsrv - ok07:41:45.0494 0x0cc8 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys07:41:45.0509 0x0cc8 TsUsbFlt - ok07:41:45.0540 0x0cc8 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys07:41:45.0540 0x0cc8 TsUsbGD - ok07:41:45.0603 0x0cc8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys07:41:45.0618 0x0cc8 tunnel - ok07:41:45.0650 0x0cc8 [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS07:41:45.0665 0x0cc8 TVALZ - ok07:41:45.0681 0x0cc8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\windows\system32\drivers\uagp35.sys07:41:45.0681 0x0cc8 uagp35 - ok07:41:45.0728 0x0cc8 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\windows\system32\DRIVERS\udfs.sys07:41:45.0743 0x0cc8 udfs - ok07:41:45.0790 0x0cc8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\windows\system32\UI0Detect.exe07:41:45.0790 0x0cc8 UI0Detect - ok07:41:45.0837 0x0cc8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys07:41:45.0837 0x0cc8 uliagpkx - ok07:41:45.0868 0x0cc8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\windows\system32\DRIVERS\umbus.sys07:41:45.0884 0x0cc8 umbus - ok07:41:45.0884 0x0cc8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\windows\system32\drivers\umpass.sys07:41:45.0884 0x0cc8 UmPass - ok07:41:45.0946 0x0cc8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\windows\System32\upnphost.dll07:41:45.0962 0x0cc8 upnphost - ok07:41:46.0024 0x0cc8 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys07:41:46.0024 0x0cc8 USBAAPL64 - ok07:41:46.0055 0x0cc8 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys07:41:46.0071 0x0cc8 usbccgp - ok07:41:46.0118 0x0cc8 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\windows\system32\drivers\usbcir.sys07:41:46.0118 0x0cc8 usbcir - ok07:41:46.0164 0x0cc8 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys07:41:46.0164 0x0cc8 usbehci - ok07:41:46.0227 0x0cc8 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys07:41:46.0242 0x0cc8 usbhub - ok07:41:46.0274 0x0cc8 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\windows\system32\DRIVERS\usbohci.sys07:41:46.0274 0x0cc8 usbohci - ok07:41:46.0305 0x0cc8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\windows\system32\drivers\usbprint.sys07:41:46.0320 0x0cc8 usbprint - ok07:41:46.0352 0x0cc8 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS07:41:46.0367 0x0cc8 USBSTOR - ok07:41:46.0398 0x0cc8 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\windows\system32\drivers\usbuhci.sys07:41:46.0398 0x0cc8 usbuhci - ok07:41:46.0476 0x0cc8 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys07:41:46.0476 0x0cc8 usbvideo - ok07:41:46.0508 0x0cc8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\windows\System32\uxsms.dll07:41:46.0523 0x0cc8 UxSms - ok07:41:46.0539 0x0cc8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\windows\system32\lsass.exe07:41:46.0539 0x0cc8 VaultSvc - ok07:41:46.0586 0x0cc8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys07:41:46.0586 0x0cc8 vdrvroot - ok07:41:46.0648 0x0cc8 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\windows\System32\vds.exe07:41:46.0679 0x0cc8 vds - ok07:41:46.0710 0x0cc8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\windows\system32\DRIVERS\vgapnp.sys07:41:46.0726 0x0cc8 vga - ok07:41:46.0742 0x0cc8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\windows\System32\drivers\vga.sys07:41:46.0742 0x0cc8 VgaSave - ok07:41:46.0773 0x0cc8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\windows\system32\drivers\vhdmp.sys07:41:46.0788 0x0cc8 vhdmp - ok07:41:46.0820 0x0cc8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\windows\system32\drivers\viaide.sys07:41:46.0835 0x0cc8 viaide - ok07:41:46.0866 0x0cc8 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\windows\system32\drivers\volmgr.sys07:41:46.0882 0x0cc8 volmgr - ok07:41:46.0913 0x0cc8 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\windows\system32\drivers\volmgrx.sys07:41:46.0929 0x0cc8 volmgrx - ok07:41:46.0960 0x0cc8 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\windows\system32\drivers\volsnap.sys07:41:46.0976 0x0cc8 volsnap - ok07:41:47.0022 0x0cc8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\windows\system32\drivers\vsmraid.sys07:41:47.0038 0x0cc8 vsmraid - ok07:41:47.0163 0x0cc8 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\windows\system32\vssvc.exe07:41:47.0225 0x0cc8 VSS - ok07:41:47.0256 0x0cc8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys07:41:47.0256 0x0cc8 vwifibus - ok07:41:47.0288 0x0cc8 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys07:41:47.0303 0x0cc8 vwififlt - ok07:41:47.0334 0x0cc8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\windows\system32\w32time.dll07:41:47.0350 0x0cc8 W32Time - ok07:41:47.0397 0x0cc8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\windows\system32\drivers\wacompen.sys07:41:47.0397 0x0cc8 WacomPen - ok07:41:47.0412 0x0cc8 Wajam Internet Enhancer Service - ok07:41:47.0459 0x0cc8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys07:41:47.0459 0x0cc8 WANARP - ok07:41:47.0475 0x0cc8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys07:41:47.0475 0x0cc8 Wanarpv6 - ok07:41:47.0615 0x0cc8 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe07:41:47.0662 0x0cc8 WatAdminSvc - ok07:41:47.0787 0x0cc8 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\windows\system32\wbengine.exe07:41:47.0849 0x0cc8 wbengine - ok07:41:47.0880 0x0cc8 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\windows\System32\wbiosrvc.dll07:41:47.0896 0x0cc8 WbioSrvc - ok07:41:47.0943 0x0cc8 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\windows\System32\wcncsvc.dll07:41:47.0958 0x0cc8 wcncsvc - ok07:41:47.0990 0x0cc8 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll07:41:47.0990 0x0cc8 WcsPlugInService - ok07:41:48.0021 0x0cc8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\windows\system32\drivers\wd.sys07:41:48.0021 0x0cc8 Wd - ok07:41:48.0099 0x0cc8 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys07:41:48.0146 0x0cc8 Wdf01000 - ok07:41:48.0177 0x0cc8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\windows\system32\wdi.dll07:41:48.0177 0x0cc8 WdiServiceHost - ok07:41:48.0192 0x0cc8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\windows\system32\wdi.dll07:41:48.0208 0x0cc8 WdiSystemHost - ok07:41:48.0255 0x0cc8 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\windows\System32\webclnt.dll07:41:48.0270 0x0cc8 WebClient - ok07:41:48.0317 0x0cc8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\windows\system32\wecsvc.dll07:41:48.0317 0x0cc8 Wecsvc - ok07:41:48.0348 0x0cc8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\windows\System32\wercplsupport.dll07:41:48.0364 0x0cc8 wercplsupport - ok07:41:48.0411 0x0cc8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\windows\System32\WerSvc.dll07:41:48.0411 0x0cc8 WerSvc - ok07:41:48.0442 0x0cc8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys07:41:48.0442 0x0cc8 WfpLwf - ok07:41:48.0458 0x0cc8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\windows\system32\drivers\wimmount.sys07:41:48.0473 0x0cc8 WIMMount - ok07:41:48.0504 0x0cc8 WinDefend - ok07:41:48.0520 0x0cc8 WinHttpAutoProxySvc - ok07:41:48.0598 0x0cc8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll07:41:48.0614 0x0cc8 Winmgmt - ok07:41:48.0770 0x0cc8 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\windows\system32\WsmSvc.dll07:41:48.0863 0x0cc8 WinRM - ok07:41:48.0941 0x0cc8 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys07:41:48.0957 0x0cc8 WinUsb - ok07:41:49.0019 0x0cc8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\windows\System32\wlansvc.dll07:41:49.0066 0x0cc8 Wlansvc - ok07:41:49.0128 0x0cc8 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe07:41:49.0128 0x0cc8 wlcrasvc - ok07:41:49.0331 0x0cc8 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE07:41:49.0425 0x0cc8 wlidsvc - ok07:41:49.0456 0x0cc8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys07:41:49.0472 0x0cc8 WmiAcpi - ok07:41:49.0518 0x0cc8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe07:41:49.0518 0x0cc8 wmiApSrv - ok07:41:49.0550 0x0cc8 WMPNetworkSvc - ok07:41:49.0581 0x0cc8 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\windows\System32\wpcsvc.dll07:41:49.0581 0x0cc8 WPCSvc - ok07:41:49.0612 0x0cc8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\windows\system32\wpdbusenum.dll07:41:49.0612 0x0cc8 WPDBusEnum - ok07:41:49.0643 0x0cc8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys07:41:49.0643 0x0cc8 ws2ifsl - ok07:41:49.0674 0x0cc8 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\windows\System32\wscsvc.dll07:41:49.0674 0x0cc8 wscsvc - ok07:41:49.0690 0x0cc8 WSearch - ok07:41:49.0877 0x0cc8 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\windows\system32\wuaueng.dll07:41:50.0018 0x0cc8 wuauserv - ok07:41:50.0080 0x0cc8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys07:41:50.0080 0x0cc8 WudfPf - ok07:41:50.0111 0x0cc8 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys07:41:50.0127 0x0cc8 WUDFRd - ok07:41:50.0174 0x0cc8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll07:41:50.0174 0x0cc8 wudfsvc - ok07:41:50.0236 0x0cc8 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\windows\System32\wwansvc.dll07:41:50.0252 0x0cc8 WwanSvc - ok07:41:50.0314 0x0cc8 ================ Scan global ===============================07:41:50.0345 0x0cc8 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll07:41:50.0392 0x0cc8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll07:41:50.0423 0x0cc8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll07:41:50.0454 0x0cc8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll07:41:50.0501 0x0cc8 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe07:41:50.0517 0x0cc8 [ Global ] - ok07:41:50.0517 0x0cc8 ================ Scan MBR ==================================07:41:50.0532 0x0cc8 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR007:41:50.0782 0x0cc8 \Device\Harddisk0\DR0 - ok07:41:50.0782 0x0cc8 ================ Scan VBR ==================================07:41:50.0813 0x0cc8 [ DD09B8FB27C48239AAD9D7A686E4889C ] \Device\Harddisk0\DR0\Partition107:41:50.0813 0x0cc8 \Device\Harddisk0\DR0\Partition1 - ok07:41:50.0813 0x0cc8 ================ Scan generic autorun ======================07:41:50.0891 0x0cc8 [ D2E3E6D94A9E1CFA1561D9C748136FD0, C8CD851F1872086D18A329B47C7DEFAD2CE2E3A8F4321411247D06D07B2DB1D3 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe07:41:50.0891 0x0cc8 iTunesHelper - ok07:41:51.0016 0x0cc8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe07:41:51.0063 0x0cc8 Sidebar - ok07:41:51.0094 0x0cc8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe07:41:51.0094 0x0cc8 mctadmin - ok07:41:51.0172 0x0cc8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe07:41:51.0219 0x0cc8 Sidebar - ok07:41:51.0250 0x0cc8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe07:41:51.0250 0x0cc8 mctadmin - ok07:41:51.0312 0x0cc8 PriceMeterW - ok07:41:51.0312 0x0cc8 Waiting for KSN requests completion. In queue: 6007:41:52.0326 0x0cc8 Waiting for KSN requests completion. In queue: 6007:41:53.0340 0x0cc8 Waiting for KSN requests completion. In queue: 6007:41:54.0448 0x0cc8 AV detected via SS2: Bitdefender Antivirus Free Edition, C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe ( 1.0.21.1099 ), 0x40000 ( disabled : updated )07:41:54.0479 0x0cc8 Win FW state via NFP2: enabled07:41:58.0379 0x0cc8 ============================================================07:41:58.0379 0x0cc8 Scan finished07:41:58.0379 0x0cc8 ============================================================07:41:58.0395 0x05bc Detected object count: 007:41:58.0395 0x05bc Actual detected object count: 0 Link to post Share on other sites More sharing options...
Psychotic Posted January 26, 2015 ID:933129 Share Posted January 26, 2015 We need to remove some programs with Revo Uninstaller Free:Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.Please download and install Revo Uninstaller Freenote: there is no need to click anything on that page, the download will start automaticallyDouble click Revo Uninstaller to run itFrom the list of programs double click on the listed program(s), or anything similar, to remove it:Web Assistant 2.0.0.600System Optimizer ProSnap.DoSupporter 1.80Settings ManagerRegClean-ProPro PC CleanerLPT System Updater ServiceLibraryInstanceAny Media ConverterWhen prompted if you want to uninstall click YesBe sure the Moderate option is selected then click NextThe program will run, If prompted again click YesWhen the built-in uninstaller is finished click on NextOnce the program has searched for leftovers click NextCheck the items in bold only on the list then click Deletenote: you may have to expand some folders by clicking the "+" markWhen prompted click on Yes and then on NextPut a check on any folders that are found and select DeleteWhen prompted select Yes then NextOnce done click Finish Fix with FRST (normal mode)WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Download the attached fixlist.txt and save it to the location where FRST is saved to.Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply. Full System Scan with Malwarebytes Antimalware If not existing, please download Malwarebytes Anti-Malware to your desktop.Double-click the downloaded setup file and follow the prompts to install the program.At the end, be sure a checkmark is placed next to the following:Launch Malwarebytes Anti-MalwareA 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.Click Finish.If the program is already installed:Run Malwarebytes AntimalwareOn the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes.After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the scan log which shows the Date and time of the scan just performed.Click 'Copy to Clipboard'Paste the contents of the clipboard into your reply. Scan with ESET Online ScanGo here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as AdministratorNote: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.Click the blue Run ESET Online Scanner buttonTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install buttonOnce the activex control is installed, on the next screen click on Enable detection of potentially unwanted applicationsClick on Advanced SettingsMake sure that the option Remove found threats is unticked.Ensure these options are tickedScan archivesScan for potentially unsafe applicationsEnable Anti-Stealth technologyClick StartWait for the scan to finishWhen the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.Close the ESET online scan, and let me know how things are now. fixlist.txt Link to post Share on other sites More sharing options...
AZDSF Posted January 27, 2015 Author ID:933346 Share Posted January 27, 2015 I ran into some issues while using the Revo Uninstaller. So I did not follow any steps after it so you could see. Here were the problems. While trying to uninstall the LibraryInstance I got this error message"There was a problem starting C:\PROGRA~2\LIBRAR~1.DLL The specified module could not be found." While trying to unstinall RegClean-Pro"WARNING running the applications uninstaller failed! Possible invalid uninstall command!" While trying to uninstall Supporter 1.80"RUNDLL there was a problem starting C:\PROGRA~2\SUPPOR~1\SUPPOR~1.DLL" While trying to remove Settings Manager"WARNING running the applications uninstaller failed! Possible invalid uninstall command!" While trying to remove Pro PC Cleaner"There is a problem with this windows installer package. A dll required for this install to complete could not be run. Contact your support personnel or package vendor." System Optimizer Pro - Doesn't show up on the list.LPT System Updater - Doesn't show up on the list. What should I do now? Thank you. Link to post Share on other sites More sharing options...
Psychotic Posted January 27, 2015 ID:933470 Share Posted January 27, 2015 Skip Revo and proceed with the other steps, please Link to post Share on other sites More sharing options...
AZDSF Posted January 28, 2015 Author ID:933676 Share Posted January 28, 2015 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01 Ran by Alysha at 2015-01-27 21:31:56 Run:1 Running from C:\Users\Alysha\Downloads Loaded Profiles: Alysha (Available profiles: Alysha) Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: C:\windows\Tasks\PerfMonitor_strtp.job => C:\Program Files (x86)\Optimizer Elite Max\PerformanceMonitor.exe <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:373E1720 AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 Task: C:\windows\Tasks\ecd06da5-7041-4c5c-acbf-762244f49e9d-5_user.job => C:\Program Files (x86)\Torntv V9.0\ecd06da5-7041-4c5c-acbf-762244f49e9d-5.exe <==== ATTENTION Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\windows\Tasks\5d2076bc-d559-4c68-aca0-29a2e5982b96-5_user.job => C:\Program Files (x86)\video MediaPlayer\5d2076bc-d559-4c68-aca0-29a2e5982b96-5.exe <==== ATTENTION Task: {C1CBB365-D4C5-40E9-8709-2E9B0222FDCF} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe Task: {CD36C117-A5DE-4033-9213-5373A17EDBF5} - System32\Tasks\{7AD44212-DF08-4CB7-95B6-C3C4D8F0717C} => pcalua.exe -a C:\Users\Alysha\AppData\Roaming\istart123\UninstallManager.exe -c -ptid=tt4u Task: {D6E18488-65FF-4206-A678-4A6213E7D301} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe Task: {D858E40D-2EFB-4FDE-B967-69C93C34F5AE} - System32\Tasks\PerfMonitor_strtp => C:\Program Files (x86)\Optimizer Elite Max\PerformanceMonitor.exe <==== ATTENTION Task: {89627367-43D4-4678-ABDC-B6DFCE657AFC} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: {10CBB72F-905B-413C-9588-6E0599C4EFD9} - \5d2076bc-d559-4c68-aca0-29a2e5982b96-5_user No Task File <==== ATTENTION Task: {2E6258B2-98E5-4381-BE92-0ED39A7ECF23} - \ecd06da5-7041-4c5c-acbf-762244f49e9d-5_user No Task File <==== ATTENTION CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - No Path CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-05-21] CHR Extension: (Bcool) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfjjfdocehnaoldljofpjigbchchimcg [2014-08-17] CHR Extension: (video MediaPlayer) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\jflocljnfndnnnlmfaamgbkbibnfmlkf [2014-07-06] FF Extension: Yahoo! Toolbar - C:\Users\Alysha\AppData\Roaming\Mozilla\Firefox\Profiles\snkgi2ip.default-1422257803235\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-01-26] FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox [2012-05-21] FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Web Assistant\Firefox Tcpip\..\Interfaces\{FBBEAC93-8E3C-4DD8-9233-68E2B41BD304}: [NameServer] 208.69.150.250,208.69.150.252 Toolbar: HKU\S-1-5-21-1580903306-1420406646-1734795358-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-1580903306-1420406646-1734795358-1000 -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File Toolbar: HKU\S-1-5-21-1580903306-1420406646-1734795358-1000 -> No Name - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No File Toolbar: HKU\S-1-5-21-1580903306-1420406646-1734795358-1000 -> No Name - {B81767E1-672D-4DA1-B5CC-D277185815A6} - No File Toolbar: HKU\S-1-5-21-1580903306-1420406646-1734795358-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files (x86)\SimilarSites\similarsites.dll No File Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll No File BHO-x32: Boost -> {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} -> C:\Program Files (x86)\Boost\Boost.dll No File SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123...q={searchTerms} SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...=1120806935&ir= SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123...q={searchTerms} SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7TSCA SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.ne...q={searchTerms} SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-s...p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Torntv V9.0 -> {11111111-1111-1111-1111-110511131190} -> C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho64.dll No File BHO: video MediaPlayer -> {11111111-1111-1111-1111-110511951199} -> C:\Program Files (x86)\video MediaPlayer\video MediaPlayer-bho64.dll () BHO: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\windows\system32\mscoree.dll (Microsoft Corporation) BHO: No Name -> {336D0C35-8A85-403a-B9D2-65C292C39087} -> No File BHO: No Name -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> No File BHO: Boost -> {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} -> C:\Program Files (x86)\Boost\64Boost.dll No File ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:54073;https=127.0.0.1:54073 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123...5ISTXX814FC5IST HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123...q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...5ISTXX814FC5IST HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...q={searchTerms} URLSearchHook: HKLM-x32 - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871} URLSearchHook: HKLM-x32 - SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files (x86)\SimilarSites\similarsites.dll No File IFEO\jumpflip: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM-x32\...\Run: [fst_ca_136] => [X] HKLM-x32\...\Run: [fst_ca_152] => [X] HKLM-x32\...\Run: [fst_ca_170] => [X] HKLM-x32\...\Run: [fst_ca_251] => [X] HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\...\Run: [PriceMeterW] => "C:\Users\Alysha\AppData\Local\PriceMeter\pricemeterw.exe" S2 1ca156e3; "C:\windows\system32\rundll32.exe" "c:\Program Files (x86)\LibraryInstance\LibraryInstance.dll",serv S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] S2 Wajam Internet Enhancer Service; C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [X] <==== ATTENTION S2 RTZnjsXcl; C:\ProgramData\XXmhBb\RTZnjsXcl.exe [2316152 2014-07-07] () [File not signed] C:\Users\Alysha\AppData\Local\PriceMeter C:\Program Files (x86)\Settings Manager C:\Program Files (x86)\Boost C:\Program Files (x86)\SupTab C:\Program Files\Web Assistant C:\ProgramData\XXmhBb C:\Program Files (x86)\Wajam C:\Windows\System32\Drivers\avchv.sys C:\Users\Alysha\AppData\Roaming\istart123 C:\Program Files (x86)\Pro PC Cleaner C:\Program Files (x86)\Torntv V9.0 C:\Program Files (x86)\Optimizer Elite Max C:\Program Files (x86)\globalUpdate C:\Program Files (x86)\video MediaPlayer 2015-01-25 20:29 - 2015-01-26 02:05 - 00000000 ____D () C:\ProgramData\374311380 2015-01-25 20:28 - 2015-01-25 20:28 - 00000000 ____D () C:\Program Files (x86)\RRobboSavero 2015-01-25 20:26 - 2015-01-25 20:26 - 00000000 ____D () C:\Program Files (x86)\Ieseaveer 2015-01-25 20:26 - 2015-01-25 20:26 - 00000000 ____D () C:\Program Files (x86)\deAlster 2015-01-25 20:25 - 2015-01-25 20:25 - 00000000 ____D () C:\Program Files (x86)\Happyi2uSiavEe 2015-01-25 20:22 - 2015-01-25 20:22 - 00000000 ____D () C:\Program Files (x86)\Reason 2015-01-25 22:33 - 2015-01-25 22:33 - 00000000 ____D () C:\Program Files (x86)\dOwanLoaAdittkeep 2015-01-25 22:32 - 2015-01-26 04:49 - 00000000 ____D () C:\Program Files (x86)\SmairtCCoMMpoare 2015-01-25 22:32 - 2015-01-25 22:32 - 00000000 ____D () C:\Program Files (x86)\Film Stack 2015-01-25 22:32 - 2015-01-25 22:32 - 00000000 ____D () C:\Program Files (x86)\deealster 2015-01-25 22:32 - 2015-01-25 22:32 - 00000000 ____D () C:\Program Files (x86)\ddeaal4reaL 2015-01-25 22:31 - 2015-01-26 04:49 - 00000000 ____D () C:\Program Files (x86)\tperfectcouupon 2015-01-25 22:31 - 2015-01-25 22:33 - 00000000 ____D () C:\ProgramData\1250025538242071055 2014-05-11 22:36 - 2014-05-11 22:36 - 0301488 _____ (VuuPC Limited) C:\Users\Alysha\AppData\Local\nsr33EA.tmp EmptyTemp: Reboot: ***************** C:\windows\Tasks\PerfMonitor_strtp.job => Moved successfully. C:\ProgramData\TEMP => ":373E1720" ADS removed successfully. C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully. C:\windows\Tasks\ecd06da5-7041-4c5c-acbf-762244f49e9d-5_user.job => Moved successfully. C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully. C:\windows\Tasks\5d2076bc-d559-4c68-aca0-29a2e5982b96-5_user.job => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C1CBB365-D4C5-40E9-8709-2E9B0222FDCF}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1CBB365-D4C5-40E9-8709-2E9B0222FDCF}" => Key deleted successfully. C:\Windows\System32\Tasks\ProPCCleaner_Start => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD36C117-A5DE-4033-9213-5373A17EDBF5}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD36C117-A5DE-4033-9213-5373A17EDBF5}" => Key deleted successfully. C:\Windows\System32\Tasks\{7AD44212-DF08-4CB7-95B6-C3C4D8F0717C} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7AD44212-DF08-4CB7-95B6-C3C4D8F0717C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6E18488-65FF-4206-A678-4A6213E7D301}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6E18488-65FF-4206-A678-4A6213E7D301}" => Key deleted successfully. C:\Windows\System32\Tasks\ProPCCleaner_Popup => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D858E40D-2EFB-4FDE-B967-69C93C34F5AE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D858E40D-2EFB-4FDE-B967-69C93C34F5AE}" => Key deleted successfully. C:\Windows\System32\Tasks\PerfMonitor_strtp => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PerfMonitor_strtp" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{89627367-43D4-4678-ABDC-B6DFCE657AFC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89627367-43D4-4678-ABDC-B6DFCE657AFC}" => Key deleted successfully. C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{10CBB72F-905B-413C-9588-6E0599C4EFD9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10CBB72F-905B-413C-9588-6E0599C4EFD9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5d2076bc-d559-4c68-aca0-29a2e5982b96-5_user" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E6258B2-98E5-4381-BE92-0ED39A7ECF23}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E6258B2-98E5-4381-BE92-0ED39A7ECF23}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ecd06da5-7041-4c5c-acbf-762244f49e9d-5_user" => Key deleted successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd" => Key deleted successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd" => Key deleted successfully. C:\Program Files\Web Assistant\source.crx => Moved successfully. C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfjjfdocehnaoldljofpjigbchchimcg => Moved successfully. C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\jflocljnfndnnnlmfaamgbkbibnfmlkf => Moved successfully. C:\Users\Alysha\AppData\Roaming\Mozilla\Firefox\Profiles\snkgi2ip.default-1422257803235\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} => Moved successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} => value deleted successfully. C:\Program Files\Web Assistant\Firefox => Moved successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502} => value deleted successfully. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FBBEAC93-8E3C-4DD8-9233-68E2B41BD304}\\NameServer => value deleted successfully. HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => value deleted successfully. HKCR\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Key not found. HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F92A9FE4-2850-4198-B9D5-279880E49B16} => value deleted successfully. HKCR\CLSID\{F92A9FE4-2850-4198-B9D5-279880E49B16} => Key not found. HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B81767E1-672D-4DA1-B5CC-D277185815A6} => value deleted successfully. HKCR\CLSID\{B81767E1-672D-4DA1-B5CC-D277185815A6} => Key not found. HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully. HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully. "HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{FE69C007-C452-4d3e-86D2-1730DF8BC871} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{FE69C007-C452-4d3e-86D2-1730DF8BC871}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}" => Key deleted successfully. HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully. HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}" => Key deleted successfully. HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key deleted successfully. HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131190}" => Key deleted successfully. "HKCR\CLSID\{11111111-1111-1111-1111-110511131190}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951199}" => Key deleted successfully. "HKCR\CLSID\{11111111-1111-1111-1111-110511951199}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => Key deleted successfully. "HKCR\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}" => Key deleted successfully. HKCR\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}" => Key deleted successfully. HKCR\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}" => Key deleted successfully. "HKCR\CLSID\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}" => Key deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{FE69C007-C452-4d3e-86D2-1730DF8BC871} => value deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully. HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => value deleted successfully. HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => value deleted successfully. C:\windows\system32\GroupPolicy\Machine => Moved successfully. C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_ca_136 => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_ca_152 => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_ca_170 => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_ca_251 => value deleted successfully. HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PriceMeterW => value deleted successfully. 1ca156e3 => Service deleted successfully. globalUpdate => Service deleted successfully. globalUpdatem => Service deleted successfully. Wajam Internet Enhancer Service => Service deleted successfully. RTZnjsXcl => Service deleted successfully. C:\Users\Alysha\AppData\Local\PriceMeter => Moved successfully. C:\Program Files (x86)\Settings Manager => Moved successfully. "C:\Program Files (x86)\Boost" => File/Directory not found. "C:\Program Files (x86)\SupTab" => File/Directory not found. C:\Program Files\Web Assistant => Moved successfully. C:\ProgramData\XXmhBb => Moved successfully. "C:\Program Files (x86)\Wajam" => File/Directory not found. C:\Windows\System32\Drivers\avchv.sys => Moved successfully. "C:\Users\Alysha\AppData\Roaming\istart123" => File/Directory not found. "C:\Program Files (x86)\Pro PC Cleaner" => File/Directory not found. "C:\Program Files (x86)\Torntv V9.0" => File/Directory not found. "C:\Program Files (x86)\Optimizer Elite Max" => File/Directory not found. "C:\Program Files (x86)\globalUpdate" => File/Directory not found. C:\Program Files (x86)\video MediaPlayer => Moved successfully. C:\ProgramData\374311380 => Moved successfully. C:\Program Files (x86)\RRobboSavero => Moved successfully. C:\Program Files (x86)\Ieseaveer => Moved successfully. C:\Program Files (x86)\deAlster => Moved successfully. C:\Program Files (x86)\Happyi2uSiavEe => Moved successfully. C:\Program Files (x86)\Reason => Moved successfully. C:\Program Files (x86)\dOwanLoaAdittkeep => Moved successfully. C:\Program Files (x86)\SmairtCCoMMpoare => Moved successfully. C:\Program Files (x86)\Film Stack => Moved successfully. C:\Program Files (x86)\deealster => Moved successfully. C:\Program Files (x86)\ddeaal4reaL => Moved successfully. C:\Program Files (x86)\tperfectcouupon => Moved successfully. C:\ProgramData\1250025538242071055 => Moved successfully. C:\Users\Alysha\AppData\Local\nsr33EA.tmp => Moved successfully. EmptyTemp: => Removed 2.5 GB temporary data. The system needed a reboot. ==== End of Fixlog 21:34:04 ==== Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 27/01/2015 Scan Time: 9:40:24 PM Logfile: Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.01.28.02 Rootkit Database: v2015.01.14.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Alysha Scan Type: Threat Scan Result: Completed Objects Scanned: 381709 Time Elapsed: 32 min, 42 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 96 PUP.Optional.PricePeep.A, HKLM\SOFTWARE\CLASSES\APPID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}, Quarantined, [259da4581178092d4272e9457f8424dc], PUP.Optional.PricePeep.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}, Quarantined, [259da4581178092d4272e9457f8424dc], PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [a71b68948108a096e23b6c8e17ebf10f], PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [a71b68948108a096e23b6c8e17ebf10f], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [a51dd12bdbae54e222ca53a617eb30d0], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [a51dd12bdbae54e222ca53a617eb30d0], PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [358d24d80d7c5ed81bb5c46983803ec2], PUP.Optional.QuickShare.A, HKLM\SOFTWARE\CLASSES\IESmartBar.BHO, Quarantined, [358d24d80d7c5ed81bb5c46983803ec2], PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IESmartBar.BHO, Quarantined, [358d24d80d7c5ed81bb5c46983803ec2], PUP.Optional.QuickShare.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [358d24d80d7c5ed81bb5c46983803ec2], PUP.Optional.QuickShare.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [358d24d80d7c5ed81bb5c46983803ec2], Adware.Agent, HKLM\SOFTWARE\CLASSES\TYPELIB\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}, Quarantined, [70529c605d2ce94d37fc1de06d950ef2], Adware.Agent, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}, Quarantined, [70529c605d2ce94d37fc1de06d950ef2], Adware.Agent, HKLM\SOFTWARE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B}, Quarantined, [70529c605d2ce94d37fc1de06d950ef2], Adware.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}, Quarantined, [70529c605d2ce94d37fc1de06d950ef2], Adware.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B}, Quarantined, [70529c605d2ce94d37fc1de06d950ef2], Adware.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}, Quarantined, [70529c605d2ce94d37fc1de06d950ef2], PUP.Optional.StartPage.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{336D0C35-8A85-403A-B9D2-65C292C39087}, Quarantined, [2d9558a499f05dd980f830c462a06c94], PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\Extension.ExtensionHelperObject, Quarantined, [2d9558a499f05dd980f830c462a06c94], PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\Extension.ExtensionHelperObject.1, Quarantined, [2d9558a499f05dd980f830c462a06c94], PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Extension.ExtensionHelperObject, Quarantined, [2d9558a499f05dd980f830c462a06c94], PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Extension.ExtensionHelperObject.1, Quarantined, [2d9558a499f05dd980f830c462a06c94], PUP.Optional.SupTab.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [5c660fed33565ed8cf88b6431be7f808], PUP.Optional.SupTab.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [5c660fed33565ed8cf88b6431be7f808], PUP.Optional.Linkey.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [caf8f7050584ae8813256395fd05f709], PUP.Optional.Boost.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}, Quarantined, [616104f8f891b482cf890e242ed5e020], PUP.Optional.Boost.A, HKLM\SOFTWARE\CLASSES\Boost.BoostBho, Quarantined, [616104f8f891b482cf890e242ed5e020], PUP.Optional.Boost.A, HKLM\SOFTWARE\CLASSES\Boost.BoostBho.1, Quarantined, [616104f8f891b482cf890e242ed5e020], PUP.Optional.Boost.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Boost.BoostBho, Quarantined, [616104f8f891b482cf890e242ed5e020], PUP.Optional.Boost.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Boost.BoostBho.1, Quarantined, [616104f8f891b482cf890e242ed5e020], PUP.Optional.Boost.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}, Quarantined, [616104f8f891b482cf890e242ed5e020], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636, Quarantined, [932faa523e4b2610ba6712a40af9a858], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874, Quarantined, [dae859a3256483b356cbb00615ee728e], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [d1f1ea121277f244461a0def15ef18e8], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [d8ea6993abde68ce045bb54740c425db], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPlyLive, Quarantined, [8a38a95341485dd9dcd890490bf9fd03], PUP.Optional.DealsPlugin.A, HKLM\SOFTWARE\WOW6432NODE\Deals Plugin Extension, Quarantined, [d9e903f92663c670fc6e03a51be87987], PUP.Optional.FreeSoftToday.A, HKLM\SOFTWARE\WOW6432NODE\FrEeSoFtOdAy, Quarantined, [18aa827a4a3fe056a8aa6a32cd36b34d], Adware.EoRezo, HKLM\SOFTWARE\WOW6432NODE\FREESOFTTODAY, Quarantined, [d1f144b80b7e9e9895b206d8f80c14ec], PUP.Optional.Eorezo.A, HKLM\SOFTWARE\WOW6432NODE\FREE_SOFTTODAY, Quarantined, [00c2b943b7d2999deb858618c142ff01], PUP.Optional.FreeSoftToday.A, HKLM\SOFTWARE\WOW6432NODE\FREE_SOFT_TODAY, Quarantined, [04bed7251d6c83b3fc1aef0b3bc951af], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [1fa3f00c7019989ee651dfe404ff3fc1], PUP.Optional.IStart123.A, HKLM\SOFTWARE\WOW6432NODE\istart123Software, Quarantined, [279bfc005a2f310590ea99fb699aff01], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\PriceMeterLiveUpdate, Quarantined, [546ea55774156bcbbf50d0afd92a837d], PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, Quarantined, [9b273fbdf19855e13b00708825df06fa], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, Quarantined, [d1f11ede84050d29a986ddb6ea19dc24], PUP.Optional.SystemK.A, HKLM\SOFTWARE\WOW6432NODE\SystemK, Quarantined, [a61c4cb05d2cfa3ce91e23751ce7c739], PUP.Optional.TornTV.A, HKLM\SOFTWARE\WOW6432NODE\Torntv V9.0, Quarantined, [dfe389737910f44249d82c9860a33bc5], PUP.Optional.VideoMediaPlayer.A, HKLM\SOFTWARE\WOW6432NODE\video MediaPlayer, Quarantined, [932fc13b2465df5700706041c63d837d], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\Wajam, Quarantined, [239f5f9db9d00e28d0e4827028dc4eb2], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, Quarantined, [576b9a62ec9def4787dca6f518eb7c84], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\21636, Quarantined, [f3cfc438830684b260c1d2e430d3a15f], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\3874, Quarantined, [b30fec100d7c38fe66bbbbfb8f748f71], PUP.Optional.Linkury.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}, Quarantined, [02c0b745e3a64de9bfc6f5b4cb38a060], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [4b7747b52a5f68ceb68096654abab848], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [19a914e8444541f5fd3a1ae14abac13f], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, Quarantined, [467cad4f2c5d84b288e3acf350b338c8], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, Quarantined, [00c2a05c06832b0ba28c20731be8b848], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK\General, Quarantined, [be0424d87d0c3204d27e31849e65e818], PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, Quarantined, [f6ccfb01ee9bc076f137aeef81827987], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, [5270f00c7811f1451369cdd08083867a], PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, Quarantined, [0eb43fbd2762c373114b95f330d307f9], PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [bd05ca3286038fa79bc25434a85bfc04], PUP.Optional.BlockAndSurf.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, Quarantined, [7e4479833a4f4aec65eec8d0d72cd32d], PUP.Optional.ClipHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Clip-High_D_06, Quarantined, [1ba77488a0e9171fb4596d3512f1d729], PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Fraven 1.1, Quarantined, [14ae8c70b1d878be7b061091c93ac33d], PUP.Optional.PriceGong.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [f6cca25aa3e676c0bdd19ee7689b48b8], PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, Quarantined, [08ba49b3e8a11d1932bc68540bf819e7], PUP.Optional.VideoMediaPlayer.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\video MediaPlayer, Quarantined, [af139a62a1e895a13240eeb34bb8619f], PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [11b187750980ae8800aa2aaf94703ac6], PUP.Optional.FreeSoftToday.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\freesofttoday, Quarantined, [16accc30a5e4d4628590b04a887c6e92], PUP.Optional.SmartBar, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarBackup, Quarantined, [e3dfad4fe1a8d95d581cb23e39cb0bf5], PUP.Optional.SmartBar, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarLog, Quarantined, [1ca629d3f99079bd116270805fa557a9], PUP.Optional.Softonic.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, Quarantined, [814178846a1fa88e478e2a57798a57a9], PUP.Optional.WebSearches.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, Quarantined, [1fa30defb4d54de906d7197b53b0f709], PUP.Optional.SweetIM.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SweetIM, Quarantined, [249ecb310f7a4de9b985cfb17c87b947], PUP.Optional.SystemK.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SystemK, Quarantined, [853df10bb7d2fc3a5a66c9dae02321df], PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, Quarantined, [20a22bd1fa8fe65084e48c6fcf35ca36], PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, Quarantined, [942e21dba6e3ff373320adeb5aa942be], PUP.Optional.Conduit.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [6f5355a716735bdb7182cfb5d92a1ae6], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [269c42ba4544ab8b95f219d3768e3dc3], PUP.Optional.MultiIE.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [744ecc30ed9c6dc9e6c19c5954b08779], PUP.Optional.PriceGong.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [f0d21ce05633a195721c523314efb050], PUP.Optional.TornTV.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, Quarantined, [13af26d60a7f1e18806e902cce358e72], PUP.Optional.VideoMediaPlayer.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\video MediaPlayer, Quarantined, [f3cf16e60d7c7eb8cca6b0f1e320e41c], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [d6ecf5070f7a9e98ad9b1ea48d768e72], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [cdf5f10b2564ad89114b964258ac40c0], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636, Quarantined, [b11133c9d1b833030448c1ceaa59f30d], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874, Quarantined, [dde56c9092f7d066a1abc2cd9a691de3], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\enter, Quarantined, [9b27f606b9d087af56776095976d3fc1], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\installdaddy, Quarantined, [89398775abdef3435ee4eceda55f34cc], PUP.Optional.FastStart.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [586a52aa8aff181ef74ff69abd46e917], PUP.Optional.SnapDo.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, Quarantined, [f0d28a72b4d577bf0c2611b1ad56e41c], PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, Quarantined, [2a984fadf1981c1a7d7c4a93ea1a21df], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Quarantined, [ffc39567b8d1c0763f3c653835ced927], PUP.Optional.Wajam.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM, Quarantined, [5072629abfca092dadf8ae2d1aea4fb1], Registry Values: 8 PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [576b9a62ec9def4787dca6f518eb7c84] PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, Quarantined, [467cad4f2c5d84b288e3acf350b338c8], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, tt4u, Quarantined, [00c2a05c06832b0ba28c20731be8b848] PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK|browser, ie ff cr, Quarantined, [319121db4c3d23132d24b7fe986b23dd] PUP.Optional.InstallCore.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 1V2X1Q1R1M1F, Quarantined, [cdf5f10b2564ad89114b964258ac40c0] PUP.Optional.FastStart.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Quarantined, [586a52aa8aff181ef74ff69abd46e917] PUP.Optional.SnapDo.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|Publisher, SnapdoTT, Quarantined, [f0d28a72b4d577bf0c2611b1ad56e41c] PUP.Optional.Wajam.A, HKU\S-1-5-21-1580903306-1420406646-1734795358-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM|affiliate_id, 2222, Quarantined, [5072629abfca092dadf8ae2d1aea4fb1] Registry Data: 0 (No malicious items detected) Folders: 16 PUP.Optional.Radsteroids.A, C:\Users\Alysha\AppData\Local\Radsteroids, Quarantined, [10b241bb0c7d191d952a58eeb053cc34], PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids, Quarantined, [02c0817b2b5e52e403bdc87e42c1d030], PUP.Optional.CrossRider.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf, Quarantined, [61616a92404991a5943ccc81da29eb15], PUP.Optional.FreeSoftToday.A, C:\Users\Alysha\AppData\Local\fst_ca_152, Quarantined, [3e84609c37524bebe0401645669db54b], PUP.Optional.FreeSoftToday.A, C:\Users\Alysha\AppData\Local\fst_ca_152\fst_ca_152, Quarantined, [3e84609c37524bebe0401645669db54b], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo, Quarantined, [903225d7dbaede588e6590d4b64d9d63], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}, Quarantined, [477b97657e0b0234930089dd966d847c], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\B545B99D64128CA1, Quarantined, [477b97657e0b0234930089dd966d847c], PUP.Optional.uTorrentBar.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj, Quarantined, [9929807cc6c3c2742cc08bdfe61ddf21], PUP.Optional.uTorrentBar.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.3.3_0, Quarantined, [9929807cc6c3c2742cc08bdfe61ddf21], PUP.Optional.uTorrentBar.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.3.3_0\js, Quarantined, [9929807cc6c3c2742cc08bdfe61ddf21], PUP.Optional.uTorrentBar.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.3.3_0\Media, Quarantined, [9929807cc6c3c2742cc08bdfe61ddf21], PUP.Optional.uTorrentBar.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.3.3_0\Media\base64, Quarantined, [9929807cc6c3c2742cc08bdfe61ddf21], PUP.Optional.uTorrentBar.A, C:\Program Files (x86)\uTorrentBar, Quarantined, [7052b14b6029cd6926cd9bcf73909b65], PUP.Optional.NewPlayer.A, C:\Users\Alysha\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha, Quarantined, [59696a92daaf1c1ae0f7e096f40f0bf5], PUP.Optional.NewPlayer.A, C:\Users\Alysha\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha\2.1.1.9, Quarantined, [59696a92daaf1c1ae0f7e096f40f0bf5], Files: 26 PUP.Optional.SnapDo.A, C:\Windows\Installer\7ed7d.msi, Quarantined, [d9e96696256402345280b0f8a75a56aa], PUP.Optional.VeriStaff, C:\Windows\Installer\7ed82.msi, Quarantined, [635ff00cdfaa96a089f7aeaf9769e41c], PUP.Optional.QuickStart.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, Quarantined, [7a48e814cabf1026b4082a6818ebc739], PUP.Optional.Boost.A, C:\Users\Alysha\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\boost@boost.net.xpi, Quarantined, [b90918e4f891c571a1978d0eb44f09f7], PUP.Optional.SelectNGo.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Quarantined, [b50d98649eeb6fc70c54f2b5966d5ea2], PUP.Optional.Radsteroids.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d.radsteroids.com_0.localstorage, Quarantined, [358dfb016a1fd2642f216c3edb281ae6], PUP.Optional.Incredibar.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage, Quarantined, [2a98de1ed0b91a1c76b3fdb372915fa1], PUP.Optional.Radsteroids.A, C:\Users\Alysha\AppData\Local\Radsteroids\data2.dat, Quarantined, [10b241bb0c7d191d952a58eeb053cc34], PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\app.dat, Quarantined, [02c0817b2b5e52e403bdc87e42c1d030], PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\data.dat, Quarantined, [02c0817b2b5e52e403bdc87e42c1d030], PUP.Optional.Radsteroids.A, C:\ProgramData\Radsteroids\Radsteroids.ico, Quarantined, [02c0817b2b5e52e403bdc87e42c1d030], PUP.Optional.CrossRider.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\000239.log, Quarantined, [61616a92404991a5943ccc81da29eb15], PUP.Optional.CrossRider.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\000240.ldb, Quarantined, [61616a92404991a5943ccc81da29eb15], PUP.Optional.CrossRider.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\CURRENT, Quarantined, [61616a92404991a5943ccc81da29eb15], PUP.Optional.CrossRider.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\LOCK, Quarantined, [61616a92404991a5943ccc81da29eb15], PUP.Optional.CrossRider.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\LOG, Quarantined, [61616a92404991a5943ccc81da29eb15], PUP.Optional.CrossRider.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\LOG.old, Quarantined, [61616a92404991a5943ccc81da29eb15], PUP.Optional.CrossRider.A, C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bbhgoadfgiandmaieopaphefbhcdpfaf\MANIFEST-000237, Quarantined, [61616a92404991a5943ccc81da29eb15], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\20120521114549.log, Quarantined, [477b97657e0b0234930089dd966d847c], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.dat, Quarantined, [477b97657e0b0234930089dd966d847c], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.exe, Quarantined, [477b97657e0b0234930089dd966d847c], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.ico, Quarantined, [477b97657e0b0234930089dd966d847c], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\TsuDll.dll, Quarantined, [477b97657e0b0234930089dd966d847c], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\_Setup.dll, Quarantined, [477b97657e0b0234930089dd966d847c], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\_Setupx.dll, Quarantined, [477b97657e0b0234930089dd966d847c], PUP.Optional.NewPlayer.A, C:\Users\Alysha\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha\2.1.1.9\user.config, Quarantined, [59696a92daaf1c1ae0f7e096f40f0bf5], Physical Sectors: 0 (No malicious items detected) (end) C:\FRST\Quarantine\C\Program Files\Web Assistant\source.crx.xBAD Win32/Toolbar.Perion.K potentially unwanted application C:\FRST\Quarantine\C\Program Files\Web Assistant\Firefox\chrome\content\main.js Win32/Toolbar.Perion.K potentially unwanted application C:\FRST\Quarantine\C\Program Files\Web Assistant\Web Assistant\DGChrome.exe a variant of Win32/Toolbar.Perion.J potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\Helper.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\Internet Explorer Settings.exe a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\syskldr.dll a variant of Win32/Toolbar.SearchSuite.S potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\syskldr_u.dll a variant of Win32/Toolbar.SearchSuite.S potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemk.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemkbho.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemkChrome.dll a variant of Win32/AdWare.Bandoo.AE application C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemkmgrc1.cfg Win32/AdWare.Bandoo.AF application C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\SystemkService.exe a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemku.exe a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\tbicon.exe a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\Internet Explorer Settings.exe a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\syskldr.dll a variant of Win64/Toolbar.SearchSuite.C potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\syskldr_u.dll a variant of Win64/Toolbar.SearchSuite.C potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\systemk.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\systemkbho.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg a variant of Win64/Adware.Bandoo.B application C:\FRST\Quarantine\C\Program Files (x86)\video MediaPlayer\360-59599.crx JS/Toolbar.Crossrider.B potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\video MediaPlayer\59599.crx JS/Toolbar.Crossrider.B potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\video MediaPlayer\59599.xpi JS/Toolbar.Crossrider.B potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\video MediaPlayer\5d2076bc-d559-4c68-aca0-29a2e5982b96.crx JS/Toolbar.Crossrider.B potentially unwanted application C:\FRST\Quarantine\C\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\jflocljnfndnnnlmfaamgbkbibnfmlkf\12242.8797.4551_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Program Files\Adware-Removal-Tool\ARTP3.exe MSIL/FakeTool.PS trojan C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\Extensions\cghglbggfogikpminlhbocmmbkppikhf\16486.3041.8795_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\Extensions\jflocljnfndnnnlmfaamgbkbibnfmlkf\12242.8797.4551_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\File System\003\t\00\00000000 a variant of Win32/SoftPulse.F potentially unwanted application C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\File System\004\t\00\00000000 Win32/AdWare.1ClickDownload.AT application C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\File System\005\t\00\00000001 a variant of Win32/SoftPulse.F potentially unwanted application C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application C:\Users\Alysha\.frostwire5\updates\frostwire-5.7.4.windows.coc.premium.exe a variant of Win32/OpenCandy.C potentially unsafe application C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkhoffneejdanaohepnipfcpolocgbjp\121\uEanKrj.js Win32/Adware.MultiPlug.EB application C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciaaiedhdplbckgciamhkoejibpoegke\232\emxfo.js Win32/Adware.MultiPlug.EB application C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.24_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehpabhmfaobjofbklnedfageenjifadk\210\ANwOvMnH0PqI.js Win32/Adware.MultiPlug.EB application C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fijmkohfdgdeoojkklkidejooijnfbdp\6.1\O228adIsA.js JS/Kryptik.ATB trojan C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm\165\AhlzMppM.js JS/Kryptik.ATB trojan C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpalmfangdjjgfegljeemahmmpnpimga\3.1\BzmpX.js Win32/Adware.MultiPlug.EB application C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmlpbkpknjcnfabomjkecmkigcphgomk\137\BdW.js Win32/Adware.MultiPlug.EB application C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.86_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ollfjiihaphmpjemfhmkngaajbdblbkb\250\L7BIXI3Kwt6.js Win32/Adware.MultiPlug.EB application C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cghglbggfogikpminlhbocmmbkppikhf\16486.3041.8795_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000 a variant of Win32/SoftPulse.F potentially unwanted application C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000 Win32/AdWare.1ClickDownload.AT application C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000001 a variant of Win32/SoftPulse.F potentially unwanted application C:\Users\Alysha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application C:\Users\Alysha\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar Win32/Toolbar.Conduit potentially unwanted application C:\Users\Alysha\Documents\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application C:\Users\Alysha\Documents\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application C:\Users\Alysha\Downloads\ReimageRepair(1).exe Win32/Toolbar.Babylon.T potentially unwanted application C:\Users\Alysha\Downloads\ReimageRepair(2).exe Win32/Toolbar.Babylon.T potentially unwanted application C:\Users\Alysha\Downloads\ReimageRepair.exe Win32/Toolbar.Babylon.T potentially unwanted application C:\Users\Alysha\Downloads\E1A0tmp\speedupmypc.exe Win32/SpeedUpMyPC.A potentially unwanted application C:\Users\Alysha\Downloads\E24Dtmp\cloud_backup_setup.exe Win32/MyPCBackup.A potentially unwanted application C:\Users\Alysha\Downloads\E347tmp\msiinstaller.msi Win32/Toolbar.Linkury.D potentially unwanted application C:\Users\Alysha\Downloads\E8F3tmp\setup.exe Win32/Packed.ScrambleWrapper.M potentially unwanted application C:\Users\Alysha\Downloads\F0A2tmp\setup.exe Win32/Packed.ScrambleWrapper.M potentially unwanted application C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js Win32/Adware.MultiPlug.EB application C:\Users\Public\Downloads\RCTycoon3_Platinum-dm.exe a variant of Win32/Adware.Trymedia.A potentially unwanted application C:\Users\Public\Downloads\RollerCoasterTycoon2-dm.exe a variant of Win32/Adware.Trymedia.A potentially unwanted application C:\Windows\Installer\MSID307.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application Link to post Share on other sites More sharing options...
AZDSF Posted January 28, 2015 Author ID:933680 Share Posted January 28, 2015 My firefox browser is still hijacked by SageHomepage and there are still a few programs on my computer that didn't uninstall. "System Optimizer Pro", "Web Assistant". So not much of a change yet. Link to post Share on other sites More sharing options...
Psychotic Posted January 28, 2015 ID:933688 Share Posted January 28, 2015 CombofixCombofix should only be run when adviced by a team member!LinkImportant - Save the file to your desktop! Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work. Run Combofix.exeWhen finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this. Link to post Share on other sites More sharing options...
AZDSF Posted January 29, 2015 Author ID:933979 Share Posted January 29, 2015 ComboFix 15-01-28.01 - Alysha 28/01/2015 23:52:29.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3687.1483 [GMT -5:00] Running from: c:\users\Alysha\Desktop\ComboFix.exe AV: Bitdefender Antivirus Free Edition *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4} SP: Bitdefender Antivirus Free Edition *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\LILC1E9.tmp C:\LILC1F9.tmp C:\LILC1FA.tmp C:\LILC218.tmp c:\programdata\1422267081.bdinstall.bin c:\programdata\1422267390.3196.bin c:\programdata\1422267390.4124.bin c:\programdata\1422267727.bdinstall.bin c:\programdata\1422268728.bdinstall.bin c:\programdata\1422268733.bdinstall.bin c:\programdata\1422268980.bdinstall.bin c:\programdata\1422268984.bdinstall.bin c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkhoffneejdanaohepnipfcpolocgbjp c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkhoffneejdanaohepnipfcpolocgbjp\121\background.html c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkhoffneejdanaohepnipfcpolocgbjp\121\content.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkhoffneejdanaohepnipfcpolocgbjp\121\lsdb.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkhoffneejdanaohepnipfcpolocgbjp\121\manifest.json c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkhoffneejdanaohepnipfcpolocgbjp\121\uEanKrj.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciaaiedhdplbckgciamhkoejibpoegke c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciaaiedhdplbckgciamhkoejibpoegke\232\background.html c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciaaiedhdplbckgciamhkoejibpoegke\232\content.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciaaiedhdplbckgciamhkoejibpoegke\232\emxfo.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciaaiedhdplbckgciamhkoejibpoegke\232\lsdb.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ciaaiedhdplbckgciamhkoejibpoegke\232\manifest.json c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehpabhmfaobjofbklnedfageenjifadk c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehpabhmfaobjofbklnedfageenjifadk\210\ANwOvMnH0PqI.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehpabhmfaobjofbklnedfageenjifadk\210\background.html c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehpabhmfaobjofbklnedfageenjifadk\210\content.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehpabhmfaobjofbklnedfageenjifadk\210\lsdb.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehpabhmfaobjofbklnedfageenjifadk\210\manifest.json c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fijmkohfdgdeoojkklkidejooijnfbdp c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fijmkohfdgdeoojkklkidejooijnfbdp\6.1\background.html c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fijmkohfdgdeoojkklkidejooijnfbdp\6.1\content.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fijmkohfdgdeoojkklkidejooijnfbdp\6.1\lsdb.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fijmkohfdgdeoojkklkidejooijnfbdp\6.1\manifest.json c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fijmkohfdgdeoojkklkidejooijnfbdp\6.1\O228adIsA.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm\165\AhlzMppM.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm\165\background.html c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm\165\content.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm\165\lsdb.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm\165\manifest.json c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpalmfangdjjgfegljeemahmmpnpimga c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpalmfangdjjgfegljeemahmmpnpimga\3.1\background.html c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpalmfangdjjgfegljeemahmmpnpimga\3.1\BzmpX.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpalmfangdjjgfegljeemahmmpnpimga\3.1\content.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpalmfangdjjgfegljeemahmmpnpimga\3.1\lsdb.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hpalmfangdjjgfegljeemahmmpnpimga\3.1\manifest.json c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmlpbkpknjcnfabomjkecmkigcphgomk c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmlpbkpknjcnfabomjkecmkigcphgomk\137\background.html c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmlpbkpknjcnfabomjkecmkigcphgomk\137\BdW.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmlpbkpknjcnfabomjkecmkigcphgomk\137\content.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmlpbkpknjcnfabomjkecmkigcphgomk\137\lsdb.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmlpbkpknjcnfabomjkecmkigcphgomk\137\manifest.json c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ollfjiihaphmpjemfhmkngaajbdblbkb c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ollfjiihaphmpjemfhmkngaajbdblbkb\250\background.html c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ollfjiihaphmpjemfhmkngaajbdblbkb\250\content.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ollfjiihaphmpjemfhmkngaajbdblbkb\250\L7BIXI3Kwt6.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ollfjiihaphmpjemfhmkngaajbdblbkb\250\lsdb.js c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ollfjiihaphmpjemfhmkngaajbdblbkb\250\manifest.json c:\users\Alysha\AppData\Local\Comodo\Dragon\User Data\Default\Preferences c:\users\Alysha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb c:\users\Alysha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html c:\users\Alysha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js c:\users\Alysha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js c:\users\Alysha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json c:\users\Alysha\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js c:\users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bkhoffneejdanaohepnipfcpolocgbjp_0.localstorage c:\users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ciaaiedhdplbckgciamhkoejibpoegke_0.localstorage c:\users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehpabhmfaobjofbklnedfageenjifadk_0.localstorage c:\users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\background.html c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\content.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\manifest.json c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\eopnhlebcnpfgcdmjggmpkefpoiniplb\2.1\MNOIKJ.js c:\windows\isRS-000.tmp . . ((((((((((((((((((((((((( Files Created from 2014-12-28 to 2015-01-29 ))))))))))))))))))))))))))))))) . . 2015-01-29 05:05 . 2015-01-29 05:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-01-28 07:45 . 2015-01-28 07:45 6000640 ----a-w- c:\program files (x86)\GUT9246.tmp 2015-01-28 07:45 . 2015-01-28 07:45 -------- d-----w- c:\program files (x86)\GUM9245.tmp 2015-01-28 03:25 . 2015-01-28 03:25 -------- d-----w- c:\program files (x86)\ESET 2015-01-28 02:47 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe 2015-01-28 02:47 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2015-01-27 01:32 . 2015-01-27 01:32 -------- d-----w- c:\program files (x86)\VS Revo Group 2015-01-26 11:57 . 2015-01-28 02:34 -------- d-----w- C:\FRST 2015-01-26 11:42 . 2015-01-26 11:42 -------- d-----w- c:\users\Alysha\AppData\Local\Macromedia 2015-01-26 10:47 . 2015-01-26 10:47 -------- d-----w- c:\users\Alysha\AppData\Local\Rainmaker_Software_Group_ 2015-01-26 10:47 . 2015-01-26 10:47 -------- d-----w- c:\windows\ERUNT 2015-01-26 10:47 . 2015-01-26 10:47 -------- d-----w- c:\users\Alysha\AppData\Roaming\Rainmaker Software Group LLC.? 2015-01-26 10:39 . 2013-04-22 18:21 148696 ----a-w- c:\windows\system32\drivers\gzflt.sys 2015-01-26 10:39 . 2013-04-17 19:59 718840 ----a-w- c:\windows\system32\drivers\avc3.sys 2015-01-26 10:23 . 2012-11-02 19:17 261056 ----a-w- c:\windows\system32\drivers\SETCFEB.tmp 2015-01-26 10:22 . 2013-04-17 19:59 593144 ----a-w- c:\windows\system32\drivers\avckf.sys 2015-01-26 10:22 . 2015-01-26 10:23 -------- d-----w- c:\program files\Bitdefender 2015-01-26 10:22 . 2013-05-28 17:12 382536 ----a-w- c:\windows\system32\drivers\trufos.sys 2015-01-26 10:13 . 2015-01-26 10:13 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2015-01-26 10:11 . 2015-01-26 10:11 -------- d-----w- c:\users\Alysha\AppData\Roaming\QuickScan 2015-01-26 09:53 . 2015-01-26 09:53 43664 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys 2015-01-26 09:03 . 2015-01-26 09:03 -------- d-----w- c:\program files\HitmanPro 2015-01-26 09:03 . 2015-01-26 09:51 -------- d-----w- c:\programdata\HitmanPro 2015-01-26 09:01 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll 2015-01-26 09:01 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll 2015-01-26 08:21 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe 2015-01-26 08:21 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe 2015-01-26 08:21 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll 2015-01-26 08:21 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe 2015-01-26 08:21 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll 2015-01-26 08:21 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll 2015-01-26 08:21 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll 2015-01-26 08:21 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe 2015-01-26 08:21 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll 2015-01-26 08:21 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll 2015-01-26 02:55 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL 2015-01-26 02:55 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL 2015-01-26 02:55 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL 2015-01-26 02:55 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL 2015-01-26 02:55 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL 2015-01-26 02:55 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL 2015-01-26 02:55 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL 2015-01-26 02:46 . 2015-01-26 02:46 -------- d-----w- c:\users\Default\AppData\Roaming\AVG2012 2015-01-26 02:46 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll 2015-01-26 02:46 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll 2015-01-26 02:45 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll 2015-01-26 02:45 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll 2015-01-26 02:45 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll 2015-01-26 02:45 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2015-01-26 02:45 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll 2015-01-26 02:45 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll 2015-01-26 02:45 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll 2015-01-26 02:45 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll 2015-01-26 02:45 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll 2015-01-26 02:45 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll 2015-01-26 02:45 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll 2015-01-26 02:40 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll 2015-01-26 02:40 . 2014-10-14 02:09 146432 ----a-w- c:\windows\system32\msaudite.dll 2015-01-26 02:40 . 2014-10-14 02:07 681984 ----a-w- c:\windows\system32\adtschema.dll 2015-01-26 02:40 . 2014-10-14 01:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll 2015-01-26 02:40 . 2014-10-14 01:46 681984 ----a-w- c:\windows\SysWow64\adtschema.dll 2015-01-26 02:40 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll 2015-01-26 02:40 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll 2015-01-26 02:40 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2015-01-26 02:39 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys 2015-01-26 02:39 . 2014-11-11 03:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2015-01-26 02:39 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2015-01-26 02:39 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2015-01-26 02:39 . 2014-08-21 06:40 2048 ----a-w- c:\windows\system32\msxml3r.dll 2015-01-26 02:39 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll 2015-01-26 02:39 . 2014-08-21 06:23 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2015-01-26 02:35 . 2014-11-11 01:46 119296 ----a-w- c:\windows\system32\drivers\tdx.sys 2015-01-26 02:33 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL 2015-01-26 02:33 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL 2015-01-26 02:33 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe 2015-01-26 02:29 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll 2015-01-26 02:29 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2015-01-26 02:29 . 2014-10-14 02:12 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2015-01-26 02:29 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll 2015-01-26 02:29 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll 2015-01-26 02:29 . 2014-10-14 02:16 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2015-01-26 02:29 . 2014-10-14 01:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2015-01-26 02:29 . 2014-10-14 01:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2015-01-26 02:28 . 2014-10-03 02:12 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll 2015-01-26 02:28 . 2014-10-03 02:11 284672 ----a-w- c:\windows\system32\EncDump.dll 2015-01-26 02:28 . 2014-10-03 02:11 680960 ----a-w- c:\windows\system32\audiosrv.dll 2015-01-26 02:28 . 2014-10-03 02:11 440832 ----a-w- c:\windows\system32\AudioEng.dll 2015-01-26 02:28 . 2014-10-03 02:11 296448 ----a-w- c:\windows\system32\AudioSes.dll 2015-01-26 02:28 . 2014-10-03 01:44 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll 2015-01-26 02:28 . 2014-10-03 01:44 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll 2015-01-26 02:28 . 2014-10-03 01:44 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll 2015-01-26 02:28 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll 2015-01-26 02:26 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe 2015-01-26 02:25 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll 2015-01-26 02:25 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll 2015-01-26 02:25 . 2014-07-17 02:07 235520 ----a-w- c:\windows\system32\winsta.dll 2015-01-26 02:25 . 2014-07-17 02:07 150528 ----a-w- c:\windows\system32\rdpcorekmts.dll 2015-01-26 02:25 . 2014-07-17 02:07 455168 ----a-w- c:\windows\system32\winlogon.exe 2015-01-26 02:25 . 2014-07-17 01:40 157696 ----a-w- c:\windows\SysWow64\winsta.dll 2015-01-26 02:25 . 2014-07-17 01:21 212480 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2015-01-26 02:25 . 2014-07-17 01:21 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2015-01-26 02:24 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys 2015-01-26 02:13 . 2015-01-26 07:47 290304 ----a-w- c:\windows\SysWow64\subinacl.exe 2015-01-26 02:11 . 2015-01-26 07:47 -------- d-----w- c:\program files\Adware-Removal-Tool 2015-01-26 02:11 . 2015-01-26 02:11 -------- d-----w- c:\program files\Common Files\Microsoft . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-01-28 07:38 . 2014-08-14 03:53 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-01-27 13:19 . 2014-05-12 03:31 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-01-27 13:19 . 2014-05-12 03:31 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-01-26 10:28 . 2012-05-21 20:09 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2015-01-26 09:26 . 2012-05-21 20:10 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2015-01-26 09:24 . 2012-05-21 20:09 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2014-12-31 18:12 . 2011-12-02 17:54 113365784 ----a-w- c:\windows\system32\MRT.exe 2014-11-21 11:14 . 2014-08-14 03:51 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-11-21 11:14 . 2014-08-14 03:51 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-11-21 11:14 . 2014-08-14 03:51 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-11-18 19:56 . 2014-11-18 19:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-27 152392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x] R4 gzserv;Bitdefender Antivirus Free Edition;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe [x] R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x] S1 bdfwfpf;bdfwfpf;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x] S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x] S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-01-28 12:55 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.93\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-01-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-12 13:19] . 2015-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20 12:44] . 2015-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20 12:44] . 2015-01-28 c:\windows\Tasks\HP Photo Creations Communicator.job - c:\programdata\HP Photo Creations\Communicator.exe [2013-06-14 07:51] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "InstallerLauncher"="c:\program files\Bitdefender\Antivirus Free Edition\Install\setuplauncher.exe" [2013-03-25 815600] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Bar = hxxp://www.google.com uSearchAssistant = hxxp://www.google.com TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{FBBEAC93-8E3C-4DD8-9233-68E2B41BD304}: DhcpNameServer = 209.91.107.11 209.121.225.11 FF - ProfilePath - c:\users\Alysha\AppData\Roaming\Mozilla\Firefox\Profiles\snkgi2ip.default-1422257803235\ FF - prefs.js: browser.startup.homepage - www.google.com . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) Toolbar-10 - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-RegClean Pro_is1 - c:\program files (x86)\RegClean Pro\unins000.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1580903306-1420406646-1734795358-1000\Software\SecuROM\License information*] "datasecu"=hex:a7,71,e4,ca,62,eb,8b,4b,cc,51,c0,43,1c,a0,ad,1e,7c,6e,1a,47,cb, e4,ca,75,89,d5,8a,98,4e,00,17,50,53,0e,b1,30,9c,15,7c,ad,52,e6,9b,07,00,1b,\ "rkeysecu"=hex:16,10,e2,58,a5,5e,44,8d,31,7c,e7,f0,6b,e5,ac,e8 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.16" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2015-01-29 00:09:06 ComboFix-quarantined-files.txt 2015-01-29 05:09 . Pre-Run: 305,313,292,288 bytes free Post-Run: 304,907,628,544 bytes free . - - End Of File - - 370EFF446A86E109F547A98C556ED92A 5B5E648D12FCADC244C1EC30318E1EB9 Link to post Share on other sites More sharing options...
Psychotic Posted January 29, 2015 ID:934021 Share Posted January 29, 2015 what about the redirects now? Link to post Share on other sites More sharing options...
AZDSF Posted January 30, 2015 Author ID:934335 Share Posted January 30, 2015 Hello, still having the same issues. SafeHompage will not go away, and it still shows that istart123 is what loads it in the bottom left of the browser. Link to post Share on other sites More sharing options...
Psychotic Posted January 30, 2015 ID:934362 Share Posted January 30, 2015 Please rescan with FRST (create a new addition.txt as well) and post the logs. Link to post Share on other sites More sharing options...
AZDSF Posted January 31, 2015 Author ID:934712 Share Posted January 31, 2015 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015 Ran by Alysha (administrator) on ALYSHA-PC on 31-01-2015 00:27:20 Running from C:\Users\Alysha\Downloads Loaded Profiles: Alysha (Available profiles: Alysha) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2013-08-30] (Synaptics Incorporated) HKLM\...\Run: [InstallerLauncher] => C:\Program Files\Bitdefender\Antivirus Free Edition\Install\Installer.exe [567888 2013-09-04] (Bitdefender) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Alysha\AppData\Roaming\Mozilla\Firefox\Profiles\snkgi2ip.default-1422257803235 FF DefaultSearchEngine: Google FF Homepage: www.google.com FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Docs) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-26] CHR Extension: (Google Drive) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-26] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27] CHR Extension: (YouTube) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-26] CHR Extension: (Fraven 1.1) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cghglbggfogikpminlhbocmmbkppikhf [2014-07-05] CHR Extension: (Google Search) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-26] CHR Extension: (Google Wallet) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07] CHR Extension: (Gmail) - C:\Users\Alysha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-26] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S4 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender) S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-05-21] () R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender) S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender) R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL) S4 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC) S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-01-26] () R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-05-21] () R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-28] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed] R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation ) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X] S3 RTL8192Ce; system32\DRIVERS\rtl8192Ce.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-31 00:27 - 2015-01-31 00:27 - 00000000 ____D () C:\Users\Alysha\Downloads\FRST-OlderVersion 2015-01-29 00:14 - 2015-01-29 00:14 - 00000000 __SHD () C:\Users\Alysha\AppData\Local\EmieBrowserModeList 2015-01-29 00:09 - 2015-01-29 00:09 - 00043880 _____ () C:\ComboFix.txt 2015-01-28 23:48 - 2015-01-29 00:09 - 00000000 ____D () C:\Qoobox 2015-01-28 23:48 - 2015-01-29 00:06 - 00000000 ____D () C:\windows\erdnt 2015-01-28 23:48 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe 2015-01-28 23:48 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe 2015-01-28 23:48 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2015-01-28 23:48 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2015-01-28 23:48 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2015-01-28 23:48 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe 2015-01-28 23:48 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe 2015-01-28 23:48 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe 2015-01-28 23:46 - 2015-01-28 23:47 - 05610841 ____R (Swearware) C:\Users\Alysha\Desktop\ComboFix.exe 2015-01-28 02:45 - 2015-01-28 02:45 - 06000640 _____ () C:\Program Files (x86)\GUT9246.tmp 2015-01-28 02:45 - 2015-01-28 02:45 - 00000000 ____D () C:\Program Files (x86)\GUM9245.tmp 2015-01-28 01:20 - 2015-01-28 01:20 - 00011600 _____ () C:\Users\Alysha\Desktop\eset.txt 2015-01-27 22:42 - 2015-01-27 22:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-27 22:25 - 2015-01-27 22:25 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-27 22:23 - 2015-01-27 22:24 - 02347384 _____ (ESET) C:\Users\Alysha\Downloads\esetsmartinstaller_enu.exe 2015-01-27 21:47 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2015-01-27 21:47 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2015-01-26 20:32 - 2015-01-26 20:32 - 00001239 _____ () C:\Users\Alysha\Desktop\Revo Uninstaller.lnk 2015-01-26 20:32 - 2015-01-26 20:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-26 20:31 - 2015-01-26 20:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Alysha\Downloads\revosetup.exe 2015-01-26 09:15 - 2015-01-26 09:15 - 00458536 _____ () C:\windows\Minidump\012615-36597-01.dmp 2015-01-26 07:40 - 2015-01-26 07:40 - 00000000 ____D () C:\Users\Alysha\Desktop\tdsskiller 2015-01-26 07:38 - 2015-01-26 07:39 - 04176437 _____ () C:\Users\Alysha\Desktop\tdsskiller.zip 2015-01-26 07:35 - 2015-01-26 07:35 - 00000935 _____ () C:\Users\Alysha\Desktop\ark.txt 2015-01-26 07:19 - 2015-01-26 07:19 - 00380416 _____ () C:\Users\Alysha\Downloads\ye5644gt.exe 2015-01-26 06:59 - 2015-01-26 06:59 - 00022362 _____ () C:\Users\Alysha\Downloads\Addition.txt 2015-01-26 06:57 - 2015-01-31 00:27 - 00011560 _____ () C:\Users\Alysha\Downloads\FRST.txt 2015-01-26 06:57 - 2015-01-31 00:27 - 00000000 ____D () C:\FRST 2015-01-26 06:55 - 2015-01-31 00:27 - 02130432 _____ (Farbar) C:\Users\Alysha\Downloads\FRST64.exe 2015-01-26 06:42 - 2015-01-26 06:42 - 00000000 ____D () C:\Users\Alysha\AppData\Local\Macromedia 2015-01-26 06:19 - 2015-01-26 06:19 - 00020339 _____ () C:\Users\Alysha\Desktop\JRT.txt 2015-01-26 05:47 - 2015-01-26 05:47 - 00000000 ____D () C:\windows\ERUNT 2015-01-26 05:47 - 2015-01-26 05:47 - 00000000 ____D () C:\Users\Alysha\AppData\Roaming\Rainmaker Software Group LLC. 2015-01-26 05:47 - 2015-01-26 05:47 - 00000000 ____D () C:\Users\Alysha\AppData\Local\Rainmaker_Software_Group_ 2015-01-26 05:46 - 2015-01-26 05:46 - 01707939 _____ (Thisisu) C:\Users\Alysha\Downloads\JRT(1).exe 2015-01-26 05:44 - 2015-01-26 05:45 - 00236392 _____ () C:\Users\Alysha\Downloads\JRT.exe 2015-01-26 05:39 - 2015-01-26 05:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition 2015-01-26 05:39 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\windows\system32\Drivers\gzflt.sys 2015-01-26 05:39 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\windows\system32\Drivers\avc3.sys 2015-01-26 05:24 - 2015-01-26 05:31 - 00002842 _____ () C:\windows\system32\lic2.xml24801 2015-01-26 05:23 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\windows\system32\Drivers\SETCFEB.tmp 2015-01-26 05:22 - 2015-01-26 05:23 - 00000000 ____D () C:\Program Files\Bitdefender 2015-01-26 05:22 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys 2015-01-26 05:22 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\windows\system32\Drivers\avckf.sys 2015-01-26 05:13 - 2015-01-26 05:13 - 00000000 ____D () C:\windows\SysWOW64\Drivers\AVG 2015-01-26 05:11 - 2015-01-26 05:11 - 00000000 ____D () C:\Users\Alysha\AppData\Roaming\QuickScan 2015-01-26 04:53 - 2015-01-26 04:53 - 00043664 _____ () C:\windows\system32\Drivers\hitmanpro37.sys 2015-01-26 04:49 - 2015-01-26 04:49 - 00006616 _____ () C:\windows\system32\.crusader 2015-01-26 04:20 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2015-01-26 04:20 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2015-01-26 04:20 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2015-01-26 04:20 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2015-01-26 04:20 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2015-01-26 04:20 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2015-01-26 04:20 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2015-01-26 04:20 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2015-01-26 04:20 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2015-01-26 04:20 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2015-01-26 04:20 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2015-01-26 04:20 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2015-01-26 04:20 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2015-01-26 04:20 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2015-01-26 04:20 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2015-01-26 04:20 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2015-01-26 04:20 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2015-01-26 04:20 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2015-01-26 04:20 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2015-01-26 04:20 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2015-01-26 04:20 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2015-01-26 04:20 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2015-01-26 04:20 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2015-01-26 04:20 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2015-01-26 04:20 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2015-01-26 04:20 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2015-01-26 04:20 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2015-01-26 04:20 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2015-01-26 04:20 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2015-01-26 04:20 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2015-01-26 04:20 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2015-01-26 04:20 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2015-01-26 04:20 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2015-01-26 04:20 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2015-01-26 04:20 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2015-01-26 04:20 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2015-01-26 04:20 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2015-01-26 04:20 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2015-01-26 04:20 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2015-01-26 04:20 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-01-26 04:20 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2015-01-26 04:20 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2015-01-26 04:20 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2015-01-26 04:20 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2015-01-26 04:20 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2015-01-26 04:20 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2015-01-26 04:20 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2015-01-26 04:20 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2015-01-26 04:20 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2015-01-26 04:20 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2015-01-26 04:20 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2015-01-26 04:20 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2015-01-26 04:20 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2015-01-26 04:20 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2015-01-26 04:03 - 2015-01-26 04:51 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-01-26 04:03 - 2015-01-26 04:03 - 00000000 ____D () C:\Program Files\HitmanPro 2015-01-26 04:01 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll 2015-01-26 04:01 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll 2015-01-26 03:21 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll 2015-01-26 03:21 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll 2015-01-26 03:21 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll 2015-01-26 03:21 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe 2015-01-26 03:21 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe 2015-01-26 03:21 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll 2015-01-26 03:21 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll 2015-01-26 03:21 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe 2015-01-26 03:21 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe 2015-01-26 03:21 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll 2015-01-26 02:05 - 2015-01-26 02:05 - 00003108 _____ () C:\windows\System32\Tasks\{0292252A-A284-4587-B3D6-522A7A44213A} 2015-01-26 01:20 - 2015-01-26 01:20 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-01-25 21:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL 2015-01-25 21:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL 2015-01-25 21:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL 2015-01-25 21:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL 2015-01-25 21:55 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL 2015-01-25 21:55 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL 2015-01-25 21:55 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL 2015-01-25 21:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL 2015-01-25 21:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL 2015-01-25 21:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL 2015-01-25 21:55 - 2014-07-08 17:38 - 00419992 _____ () C:\windows\system32\locale.nls 2015-01-25 21:55 - 2014-07-08 17:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls 2015-01-25 21:46 - 2015-01-25 21:46 - 00000000 ____D () C:\Users\Default\AppData\Roaming\AVG2012 2015-01-25 21:46 - 2015-01-25 21:46 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\AVG2012 2015-01-25 21:46 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll 2015-01-25 21:46 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll 2015-01-25 21:45 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll 2015-01-25 21:45 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll 2015-01-25 21:45 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll 2015-01-25 21:45 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2015-01-25 21:45 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll 2015-01-25 21:45 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll 2015-01-25 21:45 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll 2015-01-25 21:45 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll 2015-01-25 21:45 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll 2015-01-25 21:45 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll 2015-01-25 21:45 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll 2015-01-25 21:40 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll 2015-01-25 21:40 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll 2015-01-25 21:40 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll 2015-01-25 21:40 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll 2015-01-25 21:40 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2015-01-25 21:40 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2015-01-25 21:40 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll 2015-01-25 21:40 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll 2015-01-25 21:39 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys 2015-01-25 21:39 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2015-01-25 21:39 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2015-01-25 21:39 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2015-01-25 21:39 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll 2015-01-25 21:39 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll 2015-01-25 21:39 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll 2015-01-25 21:35 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys 2015-01-25 21:33 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2015-01-25 21:33 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL 2015-01-25 21:33 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL 2015-01-25 21:29 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2015-01-25 21:29 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll 2015-01-25 21:29 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2015-01-25 21:29 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll 2015-01-25 21:29 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2015-01-25 21:29 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2015-01-25 21:29 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2015-01-25 21:29 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2015-01-25 21:28 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll 2015-01-25 21:28 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll 2015-01-25 21:28 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll 2015-01-25 21:28 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll 2015-01-25 21:28 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll 2015-01-25 21:28 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll 2015-01-25 21:28 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll 2015-01-25 21:28 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll 2015-01-25 21:28 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll 2015-01-25 21:27 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe 2015-01-25 21:27 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe 2015-01-25 21:27 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll 2015-01-25 21:27 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll 2015-01-25 21:27 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll 2015-01-25 21:27 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll 2015-01-25 21:27 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe 2015-01-25 21:27 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll 2015-01-25 21:27 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll 2015-01-25 21:27 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll 2015-01-25 21:27 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll 2015-01-25 21:27 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe 2015-01-25 21:27 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll 2015-01-25 21:27 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll 2015-01-25 21:26 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-01-25 21:26 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-01-25 21:26 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-01-25 21:26 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-01-25 21:26 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2015-01-25 21:26 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2015-01-25 21:26 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2015-01-25 21:26 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2015-01-25 21:26 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2015-01-25 21:26 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2015-01-25 21:26 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2015-01-25 21:26 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2015-01-25 21:26 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2015-01-25 21:26 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2015-01-25 21:26 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2015-01-25 21:26 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2015-01-25 21:26 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2015-01-25 21:26 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll 2015-01-25 21:26 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2015-01-25 21:26 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2015-01-25 21:26 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2015-01-25 21:25 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll 2015-01-25 21:25 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll 2015-01-25 21:25 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2015-01-25 21:25 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll 2015-01-25 21:25 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll 2015-01-25 21:25 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll 2015-01-25 21:25 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys 2015-01-25 21:25 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys 2015-01-25 21:24 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2015-01-25 21:13 - 2015-01-26 02:47 - 00290304 _____ (Microsoft Corporation) C:\windows\SysWOW64\subinacl.exe 2015-01-25 21:11 - 2015-01-26 02:47 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool 2015-01-25 20:51 - 2015-01-26 05:10 - 00000000 ____D () C:\Users\Alysha\Desktop\Cleaners 2015-01-25 20:50 - 2015-01-25 20:52 - 00000000 ____D () C:\Users\Alysha\Desktop\Games ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-31 00:24 - 2011-10-20 13:02 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-31 00:24 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-01-31 00:24 - 2009-07-13 23:51 - 00104990 _____ () C:\windows\setupact.log 2015-01-30 14:48 - 2011-10-20 06:24 - 01604276 _____ () C:\windows\WindowsUpdate.log 2015-01-30 14:17 - 2014-05-11 22:31 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-01-30 14:08 - 2013-06-14 02:52 - 00000340 _____ () C:\windows\Tasks\HP Photo Creations Communicator.job 2015-01-30 13:49 - 2011-10-20 13:02 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-30 00:47 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-30 00:47 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-30 00:45 - 2009-07-14 00:13 - 00781790 _____ () C:\windows\system32\PerfStringBackup.INI 2015-01-30 00:40 - 2010-11-20 22:47 - 00368736 _____ () C:\windows\PFRO.log 2015-01-29 00:09 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default 2015-01-29 00:05 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini 2015-01-28 07:44 - 2011-10-20 13:02 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-01-28 07:44 - 2011-10-20 13:02 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-01-28 05:41 - 2014-08-10 20:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-28 02:38 - 2014-08-13 22:53 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-28 01:57 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache 2015-01-27 22:14 - 2014-07-07 15:55 - 00000000 ____D () C:\Users\Alysha\AppData\Local\com 2015-01-27 22:14 - 2012-05-21 12:45 - 00000000 ____D () C:\ProgramData\InstallMate 2015-01-27 21:36 - 2014-05-24 15:32 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2015-01-27 21:31 - 2009-07-13 22:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy 2015-01-27 08:19 - 2014-05-11 22:31 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-01-27 08:19 - 2014-05-11 22:31 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-27 08:19 - 2014-05-11 22:31 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-01-26 19:46 - 2014-05-12 00:51 - 00000102 _____ () C:\Users\Alysha\AppData\Roaming\WB.CFG 2015-01-26 09:15 - 2013-08-07 22:58 - 00000000 ____D () C:\windows\Minidump 2015-01-26 09:14 - 2013-08-27 18:19 - 456600548 _____ () C:\windows\MEMORY.DMP 2015-01-26 07:14 - 2011-12-03 03:21 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-01-26 05:17 - 2011-12-03 04:34 - 00000000 ____D () C:\ProgramData\AVG2012 2015-01-26 05:15 - 2011-12-03 04:01 - 00000000 ____D () C:\ProgramData\MFAData 2015-01-26 05:13 - 2011-12-03 11:17 - 00000000 ____D () C:\$AVG 2015-01-26 05:08 - 2013-06-19 21:23 - 00000000 ____D () C:\Users\Alysha\AppData\Roaming\Nico Mak Computing 2015-01-26 04:51 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions 2015-01-26 04:22 - 2013-07-19 04:00 - 00000000 ____D () C:\windows\system32\MRT 2015-01-26 03:51 - 2009-07-13 23:45 - 00340936 _____ () C:\windows\system32\FNTCACHE.DAT 2015-01-26 03:22 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF 2015-01-26 02:11 - 2014-08-10 20:25 - 00001162 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-26 02:01 - 2011-10-20 13:02 - 00000000 ____D () C:\Program Files\Google 2015-01-26 02:01 - 2011-10-20 13:02 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-26 01:20 - 2014-08-13 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-01-26 01:20 - 2014-08-13 22:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-01-25 20:50 - 2011-12-03 03:11 - 00000000 ____D () C:\ProgramData\HP 2015-01-25 20:50 - 2011-12-03 03:11 - 00000000 ____D () C:\Program Files (x86)\HP 2015-01-25 20:50 - 2011-12-03 03:10 - 00000000 ____D () C:\Program Files\HP 2015-01-25 20:49 - 2014-08-10 20:25 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-25 20:49 - 2013-06-01 13:06 - 00002270 _____ () C:\Users\Alysha\Desktop\Google Chrome.lnk 2015-01-25 20:49 - 2011-12-03 03:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-01-25 20:49 - 2011-11-30 19:01 - 00001428 _____ () C:\Users\Alysha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-25 20:49 - 2011-11-30 18:57 - 00000000 ____D () C:\Users\Alysha\AppData\Local\Google 2015-01-25 20:49 - 2011-10-20 13:02 - 00000000 ____D () C:\ProgramData\Google 2015-01-25 20:46 - 2011-10-20 12:56 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Games 2015-01-25 20:45 - 2011-10-20 12:56 - 00000000 ____D () C:\ProgramData\WildTangent 2015-01-25 20:45 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-01-25 20:44 - 2011-10-20 12:56 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games 2015-01-25 20:42 - 2012-05-21 12:31 - 00000000 ____D () C:\Users\Alysha\AppData\Roaming\WildTangent 2015-01-25 20:28 - 2014-06-18 19:37 - 00000000 ____D () C:\ProgramData\1158fb9aa715ca0f ==================== Files in the root of some directories ======= 2015-01-28 02:45 - 2015-01-28 02:45 - 6000640 _____ () C:\Program Files (x86)\GUT9246.tmp 2014-05-11 22:32 - 2014-05-24 15:33 - 0000320 _____ () C:\Users\Alysha\AppData\Roaming\aps.uninstall.scan.results 2014-07-08 12:00 - 2014-07-08 15:55 - 0005265 _____ () C:\Users\Alysha\AppData\Roaming\callbanner.png 2014-05-12 00:51 - 2015-01-26 19:46 - 0000102 _____ () C:\Users\Alysha\AppData\Roaming\WB.CFG 2011-12-03 03:09 - 2011-12-03 03:09 - 0000057 _____ () C:\ProgramData\Ament.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-28 01:49 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
AZDSF Posted February 2, 2015 Author ID:935423 Share Posted February 2, 2015 Hello, just wondering if you are still able to help? Link to post Share on other sites More sharing options...
Psychotic Posted February 2, 2015 ID:935453 Share Posted February 2, 2015 Yes, I am.But I have a normal 5x9 job so Im not in the office at the weekend. Please post the addtiotion.txt as well Link to post Share on other sites More sharing options...
AZDSF Posted February 4, 2015 Author ID:936012 Share Posted February 4, 2015 Oh okay, thank you.Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015Ran by Alysha at 2015-02-03 20:09:15Running from C:\Users\Alysha\DownloadsBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)Adobe Reader 9.3.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ATI Catalyst Install Manager (HKLM\...\{4ACA5AE7-E68C-5A48-F8E6-D67946267506}) (Version: 3.0.829.0 - ATI Technologies, Inc.)Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenHitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP Photo Creations)HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)InterActual Player (HKLM-x32\...\InterActual Player) (Version: - )iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMalwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMessenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Roller Coaster Tycoon 2 (HKLM-x32\...\Roller Coaster Tycoon 2) (Version: - )RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\{99ED6D18-AF6B-4443-31C2-AAC299D5D048}) (Version: 1.0 - )Should I Remove It (HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) HiddenSkype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.1 - Synaptics Incorporated)System Optimizer Pro (HKLM\...\System Optimizer Pro) (Version: 1.0 - 383 Media, Inc.) <==== ATTENTIONThe Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}) (Version: 2.0.16.64 - TOSHIBA Corporation)TOSHIBA ConfigFree (HKLM-x32\...\{80F696E0-AB85-433E-99E3-8CC6D98CF167}) (Version: 8.0.35 - TOSHIBA CORPORATION)TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.14 - TOSHIBA Corporation)TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 for x64 - TOSHIBA Corporation)TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.45 - TOSHIBA)TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.07 - TOSHIBA Corporation)TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.22.64 - TOSHIBA Corporation)TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.1.1 - TOSHIBA Corporation)TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CA5CF466-CAE3-4D99-8BB4-C80F4AC55028}) (Version: 1.0.2 - TOSHIBA CORPORATION)TuneUp 2.4.8.5 (HKLM-x32\...\TuneUpMedia) (Version: 2.4.8.5 - TuneUp Media, Inc.)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)Web Assistant 2.0.0.600 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version: 2.0.0.600 - IncrediBar) <==== ATTENTIONWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)==================== Restore Points =========================26-01-2015 20:45:58 Revo Uninstaller's restore point - Snap.Do26-01-2015 20:47:12 Revo Uninstaller's restore point - Supporter 1.8026-01-2015 20:49:50 Revo Uninstaller's restore point - Settings Manager26-01-2015 20:52:08 Revo Uninstaller's restore point - Pro PC Cleaner26-01-2015 20:57:34 Revo Uninstaller's restore point - Radsteroids28-01-2015 02:45:55 Windows Update02-02-2015 06:16:50 Installed SlimDX Runtime .NET 2.0 (January 2012)==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2015-01-29 00:05 - 2015-01-29 00:05 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {074BE6D4-DAFD-49B9-A678-08184AAB876E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {61D439EF-7116-4C2C-9FA7-C9615DBD2BB0} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-06-03] (TOSHIBA CORPORATION)Task: {6B17F106-F02A-41D1-9F95-2E09FD41176E} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-06-14] ()Task: {7B30F967-05FA-45B9-8C88-59637C4E9C0C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-28] (Google Inc.)Task: {8F2A4A6A-CD77-477E-83ED-D25A0C809F78} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-27] (Adobe Systems Incorporated)Task: {E39FE271-0E44-4F48-B07F-6DBC2F0A68CE} - System32\Tasks\{0292252A-A284-4587-B3D6-522A7A44213A} => pcalua.exe -a C:\ProgramData\Radsteroids\uninstall.exe -c /kb=y /ic=1Task: {ECE0D3B8-E659-4FC0-8C6C-102F71009177} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {FED29064-7F57-4E04-A082-02F0941999B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-28] (Google Inc.)Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe==================== Loaded Modules (whitelisted) =============2013-06-14 02:51 - 2013-06-14 02:51 - 00185920 _____ () C:\ProgramData\HP Photo Creations\Communicator.exe2014-02-06 02:52 - 2014-02-06 02:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-06 02:52 - 2014-02-06 02:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2015-01-27 22:42 - 2015-01-27 22:42 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)MSCONFIG\startupreg: (default) => MSCONFIG\startupreg: 00TCrdMain => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exeMSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"MSCONFIG\startupreg: ETDCtrl => C:\Program Files\Elantech\ETDCtrl.exeMSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exeMSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /tMSCONFIG\startupreg: SmartFaceVWatcher => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exeMSCONFIG\startupreg: SmoothView => C:\Program Files\Toshiba\SmoothView\SmoothView.exeMSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunMSCONFIG\startupreg: ToshibaServiceStation => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60MSCONFIG\startupreg: TosNC => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exeMSCONFIG\startupreg: TosReelTimeMonitor => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exeMSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exeMSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exeMSCONFIG\startupreg: TPwrMain => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXEMSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"========================= Accounts: ==========================Administrator (S-1-5-21-1580903306-1420406646-1734795358-500 - Administrator - Disabled)Alysha (S-1-5-21-1580903306-1420406646-1734795358-1000 - Administrator - Enabled) => C:\Users\AlyshaGuest (S-1-5-21-1580903306-1420406646-1734795358-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1580903306-1420406646-1734795358-1002 - Limited - Enabled)==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (02/03/2015 08:00:26 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (02/02/2015 05:40:44 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224Exception code: 0x80000003Fault offset: 0x00001425Faulting process id: 0x1404Faulting application start time: 0xplugin-container.exe0Faulting application path: plugin-container.exe1Faulting module path: plugin-container.exe2Report Id: plugin-container.exe3Error: (02/02/2015 02:16:56 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (02/02/2015 01:42:03 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224Exception code: 0x80000003Fault offset: 0x00001425Faulting process id: 0x1334Faulting application start time: 0xplugin-container.exe0Faulting application path: plugin-container.exe1Faulting module path: plugin-container.exe2Report Id: plugin-container.exe3Error: (02/02/2015 01:30:52 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Sims3LauncherW.exe, version: 0.2.0.209, time stamp: 0x52d87c53Faulting module name: CmdPortalClient.dll_unloaded, version: 0.0.0.0, time stamp: 0x4d6d1ae1Exception code: 0xc0000005Fault offset: 0x0bed54a8Faulting process id: 0x570Faulting application start time: 0xSims3LauncherW.exe0Faulting application path: Sims3LauncherW.exe1Faulting module path: Sims3LauncherW.exe2Report Id: Sims3LauncherW.exe3Error: (02/01/2015 11:14:33 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (02/01/2015 02:54:44 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/31/2015 08:39:21 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/31/2015 00:26:09 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/30/2015 00:42:02 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003System errors:=============Error: (02/03/2015 07:59:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start.Module Path: C:\windows\system32\Rtlihvs.dllError Code: 126Error: (02/02/2015 06:26:43 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}Error: (02/01/2015 11:12:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start.Module Path: C:\windows\system32\Rtlihvs.dllError Code: 126Error: (02/01/2015 11:52:43 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}Error: (02/01/2015 02:53:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start.Module Path: C:\windows\system32\Rtlihvs.dllError Code: 126Error: (01/31/2015 00:56:10 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}Error: (01/31/2015 08:37:40 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start.Module Path: C:\windows\system32\Rtlihvs.dllError Code: 126Error: (01/31/2015 08:36:06 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}Error: (01/31/2015 00:24:27 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start.Module Path: C:\windows\system32\Rtlihvs.dllError Code: 126Error: (01/30/2015 02:47:52 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}Microsoft Office Sessions:=========================CodeIntegrity Errors:=================================== Date: 2015-01-29 00:03:37.652 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-29 00:03:36.918 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-19 22:13:48.703 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-19 22:06:53.731 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-19 21:31:42.138 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.==================== Memory info =========================== Processor: AMD E-450 APU with Radeon(tm) HD GraphicsPercentage of memory in use: 33%Total physical RAM: 3686.87 MBAvailable physical RAM: 2445.68 MBTotal Pagefile: 7371.92 MBAvailable Pagefile: 5950.43 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.86 MB==================== Drives ================================Drive c: (S3A8666D006) (Fixed) (Total:433.54 GB) (Free:281.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: D2F26588)Partition 1: (Active) - (Size=1.5 GB) - (Type=27)Partition 2: (Not Active) - (Size=433.5 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=19.8 GB) - (Type=17)Partition 4: (Not Active) - (Size=10.9 GB) - (Type=17)==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Psychotic Posted February 4, 2015 ID:936133 Share Posted February 4, 2015 We need to remove some programs with Revo Uninstaller Free:Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.Please download and install Revo Uninstaller Freenote: there is no need to click anything on that page, the download will start automaticallyDouble click Revo Uninstaller to run itFrom the list of programs double click on the listed program(s), or anything similar, to remove it:System Optimizer ProWeb Assistant 2.0.0.600When prompted if you want to uninstall click YesBe sure the Moderate option is selected then click NextThe program will run, If prompted again click YesWhen the built-in uninstaller is finished click on NextOnce the program has searched for leftovers click NextCheck the items in bold only on the list then click Deletenote: you may have to expand some folders by clicking the "+" markWhen prompted click on Yes and then on NextPut a check on any folders that are found and select DeleteWhen prompted select Yes then NextOnce done click Finish Fix with FRST (normal mode)WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Download the attached fixlist.txt and save it to the location where FRST is saved to.Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply. fixlist.txt Link to post Share on other sites More sharing options...
AZDSF Posted February 7, 2015 Author ID:937296 Share Posted February 7, 2015 Hello, I have no internet for a few days due to service errors with the internet company. Please do not close the thread, I will reply back as soon as I can. Link to post Share on other sites More sharing options...
Psychotic Posted February 9, 2015 ID:937864 Share Posted February 9, 2015 OK Link to post Share on other sites More sharing options...
AZDSF Posted February 10, 2015 Author ID:938419 Share Posted February 10, 2015 I ran the Revo Uninstaller and the two programs you asked me to remove will not show up in the programs list.Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015Ran by Alysha at 2015-02-10 12:55:12 Run:2Running from C:\Users\Alysha\DownloadsLoaded Profiles: Alysha (Available profiles: Alysha)Boot Mode: Normal==============================================Content of fixlist:*****************2015-01-28 02:45 - 2015-01-28 02:45 - 06000640 _____ () C:\Program Files (x86)\GUT9246.tmp2015-01-28 02:45 - 2015-01-28 02:45 - 00000000 ____D () C:\Program Files (x86)\GUM9245.tmpC:\ProgramData\1158fb9aa715ca0fHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1580903306-1420406646-1734795358-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONEmptyTemp:*****************C:\Program Files (x86)\GUT9246.tmp => Moved successfully.C:\Program Files (x86)\GUM9245.tmp => Moved successfully.C:\ProgramData\1158fb9aa715ca0f => Moved successfully."HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully."HKU\S-1-5-21-1580903306-1420406646-1734795358-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.EmptyTemp: => Removed 652.7 MB temporary data.The system needed a reboot. ==== End of Fixlog 12:56:17 ==== Link to post Share on other sites More sharing options...
Psychotic Posted February 11, 2015 ID:938607 Share Posted February 11, 2015 Full System Scan with Malwarebytes AntimalwareIf not existing, please download Malwarebytes Anti-Malware to your desktop. Double-click the downloaded setup file and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Launch Malwarebytes Anti-Malware A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program. [*]Click Finish.If the program is already installed:Run Malwarebytes Antimalware On the Dashboard, click the 'Update Now >>' link After the update completes, click the 'Scan Now >>' button. Or, on the Dashboard, click the Scan Now >> button. If an update is available, click the Update Now button. A Threat Scan will begin. When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected. In most cases, a restart will be required. Wait for the prompt to restart the computer to appear, then click on Yes.After the restart once you are back at your desktop, open MBAM once more. Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click 'Copy to Clipboard' Paste the contents of the clipboard into your reply. Scan with ESET Online ScanPlease go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
AZDSF Posted February 18, 2015 Author ID:940605 Share Posted February 18, 2015 Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 2/17/15 Scan Time: 7:45:11 PM Logfile: Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.02.17.13 Rootkit Database: v2015.02.03.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Alysha Scan Type: Threat Scan Result: Completed Objects Scanned: 415951 Time Elapsed: 33 min, 1 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, Quarantined, [345d7aa594f69e98e0637aa43cc92cd4], Registry Values: 1 PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, CFDC4B31-7A15-443A-861A-9AAE16FF41DE, Quarantined, [345d7aa594f69e98e0637aa43cc92cd4] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.SafeInstall.A, C:\Users\Alysha\Downloads\manualdownload.exe, Quarantined, [afe2819e6c1e1a1c61038be92ed3738d], Physical Sectors: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Recommended Posts