Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

how much security is too much [Solved]


  • This topic is locked This topic is locked

#16
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hello nadjaj,

 

I am stepping in for Naathim. Give me a few hours and I'll be back with further instructions.

 

Biscuithd


  • 0

Advertisements


#17
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi nadjaj,

 

Ok, Naathim will be back with us soon, but in the mean time I'll be helping you. :)

 

You asked in your Topic, "How much Security is too much"? Well my friend, I mean this in the nicest way, but, I think you've acheived "too much security". :)

 

Within your logs I see the following products

 

Avast (the whole family of products) - Installed

Online Armour - Installed

MBAM (Malwarebytes Anti-Malware) Installed

Reg Pro Cleaner - Installed

iSpeedPC - Installed

ccCleaner - Installed

And, there are odds and ends of other Security programs that you've partially removed.

 

Let's talk about the legitimate programs like Avast, MBAM and Online Armour. Having all of these running at once is the equivalent of having twenty workers trying to clean a closet. They just keep bumping into each other, not getting anything done. My strong suggestion is to stick with Avast (since you have the entire family of Avast products and not just the a/v) and uninstall MBAM and use it as an "on demand" check every few weeks.

 

Absolutely uninstall Online Armour. There is something seriously wrong with this installation and is causing quite a few errors in your logs. Might even be the source of your Blue Screen. Last, I'd take a pass on reinstalling it. Windows 8 has a wonderful Firewall built into the Operating System. Why add additional overhead especially since the product is producing errors.

 

Last, you have some things that I view as dross: (iSpeedPC, RegProCleaner). Registry Cleaners in general tend to do one of two things. If you're lucky, they do nothing. If you're unlucky, they make things worse!  Have a read here. ccCleaner does a fine job of emptying TEMP space, but we have a different program TFC that does it better and doesn't try to fuss with the Registry.

 

So, before we do anymore cleaning of malware (and there is a little bit remaining, but not a lot), let me know your thoughts and questions and if you need me to, I can coach you through the installs, etc. If you can handle it yourself, that's great! When you're done, please post another FRST log and I'll take from there. :thumbsup:

 

 


  • 0

#18
nadjaj

nadjaj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Thank you for stepping in. I will do as you asked and send a new FRST log. I wanted to mention I never added RegPro Cleaner or IspeedPC. Also some of those bits and pieces also came uninvited. It took forever to get rid of them so I am not surprised some is left behind. I used revouninstaller and it couldnt finish the task. I just added Online Armor when all this started happened thinking it would stop these unwanted programs. K I will get busy on this. Thanks 


  • 0

#19
nadjaj

nadjaj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

ccleaner.png Okay  for starters.....I uninstalled MBAM. Online Armour, ISpeedPC. RegPro Cleaner.  Using Revo uninstaller as  I mentioned only goes half way on the checking for leftovers and gets stuck .Probably why you saw bits of uninstalled programs. I then ran Ccleaner and found ISpeedPC pieces which I cleaned up. I will post FRST log next. But was wondering if you could tell me what these files are and if I should get rid of them. Sorry couldn't paste it.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014
Ran by lynda (administrator) on HOME on 26-09-2014 13:29:17
Running from C:\Users\lynda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MZ17E95
Loaded Profile: lynda (Available profiles: lynda)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-15] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\lynda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
ShortcutTarget: lollipop.lnk -> C:\Users\lynda\AppData\Local\Lollipop\Lollipop.exe (No File)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:49424;https=127.0.0.1:49424
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.ya...&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com...vast&type=iedef
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com...vast&type=iedef
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com...vast&type=iedef
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.ya...&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com...vast&type=iedef
URLSearchHook: HKLM-x32 - (No Name) - {650598e1-b35a-45d3-b607-896d7acb64c3} - No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...R&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...R&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.ya...&p={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...R&pc=ASU2JS
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.ya...&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.ya...&p={searchTerms}
SearchScopes: HKCU - URL http://search.condui...archTerms}=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...ix={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.ya...&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {650598e1-b35a-45d3-b607-896d7acb64c3} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {650598E1-B35A-45D3-B607-896D7ACB64C3} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lynda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-10]

Chrome:
=======
CHR Profile: C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-10]
CHR Extension: (Google Drive) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (YouTube) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-10]
CHR Extension: (No Name) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-10]
CHR Extension: (avast! Online Security) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-19]
CHR Extension: (History) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga [2014-03-17]
CHR Extension: (Google Wallet) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-20]
CHR Extension: (Gmail) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-15] (AVAST Software)
R3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
S2 XEWoZstEmS; C:\ProgramData\mvqCYXuaeL\XEWoZstEmS.exe [2319728 2014-09-19] (Data Protection Solutions)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-15] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-15] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 12:50 - 2014-09-26 12:50 - 00181270 _____ () C:\Users\lynda\Documents\cc_20140926_125016.reg
2014-09-24 18:58 - 2014-09-24 18:58 - 02106880 _____ (Farbar) C:\Users\lynda\Downloads\FRST64 (4).exe
2014-09-22 23:25 - 2014-09-22 23:25 - 01024790 _____ (Thisisu) C:\Users\lynda\Downloads\JRT (1).exe
2014-09-22 23:22 - 2014-09-22 23:22 - 00000000 ____D () C:\Windows\ERUNT
2014-09-22 23:21 - 2014-09-22 23:21 - 01024790 _____ (Thisisu) C:\Users\lynda\Downloads\JRT.exe
2014-09-22 19:06 - 2014-08-09 01:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-09-22 19:06 - 2014-08-09 01:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-09-21 21:38 - 2014-09-24 19:02 - 00023270 _____ () C:\Users\lynda\Downloads\Addition.txt
2014-09-21 21:36 - 2014-09-24 19:02 - 00043540 _____ () C:\Users\lynda\Downloads\FRST.txt
2014-09-21 21:34 - 2014-09-26 13:29 - 00000000 ____D () C:\FRST
2014-09-21 21:33 - 2014-09-21 21:33 - 02105856 _____ (Farbar) C:\Users\lynda\Downloads\FRST64 (3).exe
2014-09-21 21:33 - 2014-09-21 21:33 - 00896520 _____ (Elex do Brasil Participações Ltda) C:\Users\lynda\Downloads\yet_another_cleaner_nvbs.exe
2014-09-21 21:28 - 2014-09-21 21:28 - 02105856 _____ (Farbar) C:\Users\lynda\Downloads\FRST64 (2).exe
2014-09-21 21:28 - 2014-09-21 21:28 - 02105856 _____ (Farbar) C:\Users\lynda\Downloads\FRST64 (1).exe
2014-09-21 21:27 - 2014-09-21 21:27 - 02105856 _____ (Farbar) C:\Users\lynda\Downloads\FRST64.exe
2014-09-20 18:29 - 2014-09-20 18:29 - 00056050 _____ () C:\Users\lynda\Downloads\Extras.Txt
2014-09-20 18:27 - 2014-09-20 18:27 - 00105504 _____ () C:\Users\lynda\Downloads\OTL.Txt
2014-09-20 18:06 - 2014-09-20 18:06 - 00602112 _____ (OldTimer Tools) C:\Users\lynda\Downloads\OTL.exe
2014-09-20 18:06 - 2014-09-20 18:06 - 00602112 _____ (OldTimer Tools) C:\Users\lynda\Downloads\OTL (1).exe
2014-09-20 14:44 - 2014-09-20 14:44 - 10696960 _____ (Emsisoft GmbH ) C:\Users\lynda\Downloads\OnlineArmorSetup (1).exe
2014-09-20 14:43 - 2014-09-20 14:43 - 10696960 _____ (Emsisoft GmbH ) C:\Users\lynda\Downloads\OnlineArmorSetup.exe
2014-09-20 14:43 - 2014-09-20 14:43 - 00000000 ____D () C:\ProgramData\Browser
2014-09-19 13:29 - 2014-09-19 13:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\lynda\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-19 13:17 - 2014-09-22 12:27 - 00110682 _____ () C:\Windows\SysWOW64\errordetails.xml
2014-09-19 12:49 - 2014-09-21 22:26 - 00003442 _____ () C:\Windows\System32\Tasks\ISpeedPC_LogOn
2014-09-19 12:21 - 2014-09-22 12:44 - 00000000 ____D () C:\ProgramData\ShareThis
2014-09-19 12:21 - 2014-09-19 12:23 - 00000000 ____D () C:\Users\lynda\AppData\Local\ShareThis
2014-09-19 12:21 - 2014-09-19 12:21 - 00000000 ____D () C:\ProgramData\mvqCYXuaeL
2014-09-19 12:17 - 2014-09-26 12:53 - 00000000 ____D () C:\Users\lynda\AppData\Roaming\ISpeedPC
2014-09-19 12:17 - 2014-09-21 22:26 - 00003886 _____ () C:\Windows\System32\Tasks\ISpeedPC_Daily
2014-09-19 12:16 - 2014-09-19 12:16 - 00003100 _____ () C:\Windows\System32\Tasks\Reg Pro Cleaner
2014-09-19 12:16 - 2014-09-19 12:16 - 00000000 ____D () C:\Program Files (x86)\Bull Softwares
2014-09-15 21:19 - 2014-08-16 02:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-15 21:19 - 2014-08-16 02:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-15 21:19 - 2014-08-16 02:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-15 21:19 - 2014-08-16 02:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-15 21:19 - 2014-08-16 02:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-15 21:19 - 2014-08-16 02:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-15 21:19 - 2014-08-16 02:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-15 21:19 - 2014-08-16 02:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-15 21:19 - 2014-08-16 02:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-15 21:19 - 2014-08-16 02:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-15 21:19 - 2014-08-16 00:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-15 21:19 - 2014-08-16 00:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-15 21:19 - 2014-08-16 00:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-15 21:19 - 2014-08-16 00:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-15 21:19 - 2014-08-16 00:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-15 21:19 - 2014-08-16 00:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-15 21:19 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-15 21:19 - 2014-08-16 00:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-15 21:19 - 2014-03-06 17:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-15 21:19 - 2013-05-15 15:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-15 21:19 - 2013-05-15 15:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-15 21:19 - 2013-05-14 06:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-15 21:19 - 2013-05-14 02:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-15 21:19 - 2013-02-21 03:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-15 21:19 - 2013-02-21 03:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-15 21:19 - 2013-02-21 03:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-15 21:19 - 2013-02-21 03:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-15 21:19 - 2013-02-19 02:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-09-15 21:19 - 2012-11-07 21:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-15 21:19 - 2012-11-07 21:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-15 21:19 - 2012-07-25 20:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-15 21:18 - 2014-08-16 02:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-15 21:18 - 2014-08-16 02:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-15 21:18 - 2014-08-16 02:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-15 21:18 - 2014-08-16 02:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-15 21:18 - 2014-08-16 02:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-15 21:18 - 2014-08-16 00:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-15 21:18 - 2014-08-16 00:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-15 21:18 - 2014-08-16 00:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-15 21:18 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-15 21:18 - 2014-08-16 00:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-15 21:18 - 2013-02-21 03:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-15 21:18 - 2013-02-21 03:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-15 20:49 - 2014-06-23 23:41 - 10115584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-15 20:49 - 2014-06-23 23:39 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-15 20:49 - 2014-06-23 21:08 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-15 20:48 - 2014-08-20 16:40 - 00732880 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-09-15 20:48 - 2014-08-20 10:05 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-15 20:48 - 2014-08-20 10:05 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-09-15 20:48 - 2014-08-20 10:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 20:48 - 2014-08-20 10:02 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-15 20:48 - 2014-08-20 10:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 20:48 - 2014-07-31 16:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-15 20:48 - 2014-06-24 00:35 - 00010450 _____ () C:\Windows\system32\autoconfig.cab
2014-09-15 20:48 - 2014-06-23 23:40 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-09-15 20:48 - 2014-06-23 23:39 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-15 20:48 - 2014-06-23 21:06 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-15 20:48 - 2014-06-23 21:06 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-15 20:47 - 2014-08-28 04:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-15 20:47 - 2014-08-27 23:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-15 20:47 - 2014-08-27 23:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-15 20:47 - 2014-08-27 23:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-15 20:47 - 2014-08-27 23:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-15 20:47 - 2014-08-27 23:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-15 20:47 - 2014-08-27 23:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-15 20:47 - 2014-08-27 23:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-15 20:47 - 2014-08-27 23:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-15 20:47 - 2014-08-27 23:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-15 20:47 - 2014-08-27 23:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-15 20:47 - 2014-08-27 23:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-15 20:47 - 2014-08-27 23:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-15 20:47 - 2014-08-27 23:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-15 20:47 - 2014-06-04 18:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-15 20:47 - 2014-06-03 16:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-15 20:46 - 2014-09-04 15:36 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-15 20:46 - 2014-09-02 18:49 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-15 20:46 - 2014-07-23 20:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-15 20:46 - 2014-07-23 20:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-15 20:44 - 2014-09-15 20:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\lynda\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-14 15:05 - 2014-09-14 15:05 - 00003144 _____ () C:\Windows\System32\Tasks\{64E44C52-0A26-4CB9-A88C-834551A887F4}
2014-09-14 15:05 - 2014-09-14 15:05 - 00000000 ____D () C:\ProgramData\Skype
2014-09-14 12:55 - 2014-09-19 22:00 - 00000000 ____D () C:\Users\lynda\AppData\Local\Facebook
2014-09-07 18:20 - 2014-09-07 18:20 - 00000000 ____D () C:\ProgramData\COMODO
2014-09-07 18:20 - 2014-09-07 18:20 - 00000000 ____D () C:\Program Files (x86)\COMODO
2014-08-27 13:02 - 2014-08-22 23:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 13:02 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-26 12:51 - 2013-09-08 12:19 - 00000074 _____ () C:\Users\lynda\AppData\Roaming\sp_data.sys
2014-09-26 12:51 - 2013-05-28 01:09 - 00003268 _____ () C:\Windows\System32\Tasks\AsusVibeSchedule
2014-09-26 12:51 - 2013-05-28 01:09 - 00003004 _____ () C:\Windows\System32\Tasks\ASUS Splendid ColorU
2014-09-26 12:51 - 2013-05-28 01:09 - 00002988 _____ () C:\Windows\System32\Tasks\ASUS Splendid ACMON
2014-09-26 12:51 - 2013-05-28 01:07 - 00003114 _____ () C:\Windows\System32\Tasks\ASUS Live Update
2014-09-26 12:51 - 2013-05-28 01:07 - 00003056 _____ () C:\Windows\System32\Tasks\ASUS P4G
2014-09-26 12:51 - 2013-05-28 01:07 - 00003028 _____ () C:\Windows\System32\Tasks\ASUS USB Charger Plus
2014-09-26 12:51 - 2013-05-28 01:01 - 00003542 _____ () C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64)
2014-09-26 12:47 - 2013-10-10 14:30 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-26 12:47 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 12:46 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-26 12:44 - 2013-10-10 14:30 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-26 12:30 - 2013-10-10 14:30 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-26 12:29 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-24 10:06 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-22 13:11 - 2013-09-08 12:26 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1559842907-1072240736-3134371392-1001
2014-09-21 11:59 - 2013-09-19 21:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-21 11:53 - 2013-09-19 21:07 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-21 00:51 - 2014-08-23 11:08 - 00000000 ____D () C:\Users\lynda\AppData\Local\Screencast-O-Matic
2014-09-19 10:03 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-18 23:51 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache
2014-09-18 23:15 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\L2Schemas
2014-09-18 23:14 - 2014-07-19 21:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-18 23:14 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ToastData
2014-09-18 23:14 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\WinStore
2014-09-11 21:53 - 2013-05-28 00:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-05 19:28 - 2014-07-23 17:28 - 00281624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-02 12:32 - 2014-07-19 21:57 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 12:32 - 2014-07-19 21:57 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-20 13:11

==================== End Of Log ============================

 

 

 

 


  • 0

#20
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

But was wondering if you could tell me what these files are and if I should get rid of them. Sorry couldn't paste it

Sorry, not sure which files you're referring to? If it's the last two in the paste screen with the Asian looking characters, those are unicode characters and might be hold up ccclean.

 

That said, let's have a look for unicode characters and other oddities. If you don't mind, please run OTL as described below and we'll see what might be lurking. :)

 

Download OTL to your Desktop

  • Right click and select Run as administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Under Extra Registry select Use SafeList
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    services.*
    svchost.exe
    rpcss.*
    /md5stop
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will not take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

  • 0

#21
nadjaj

nadjaj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

OTL logfile created on: 2014-09-27 6:38:29 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\lynda\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17088)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
 
7.89 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 78.57% Memory free
9.08 Gb Paging File | 7.38 Gb Available in Paging File | 81.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.11 Gb Total Space | 226.39 Gb Free Space | 81.11% Space Free | Partition Type: NTFS
Drive D: | 397.87 Gb Total Space | 397.16 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: lynda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-09-27 10:05:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lynda\Downloads\OTL (2).exe
PRC - [2014-08-15 12:58:06 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014-08-15 12:57:41 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-07-02 10:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2013-04-16 17:25:30 | 000,020,792 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2013-02-26 11:08:24 | 000,176,240 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
PRC - [2012-11-28 17:56:40 | 000,054,488 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012-10-26 14:35:44 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012-10-24 15:02:32 | 001,196,416 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
PRC - [2012-10-17 19:08:40 | 000,205,184 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012-10-05 15:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012-09-18 12:51:54 | 001,124,032 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012-09-14 13:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012-08-31 19:27:20 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012-08-22 09:24:28 | 001,559,936 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2012-07-17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012-07-17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012-06-27 12:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012-06-25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012-05-28 10:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012-04-24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012-04-13 10:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2012-03-28 18:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011-11-21 14:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-09-22 03:02:44 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\30caed6dd3390553adf0d78426beb375\UIAutomationTypes.ni.dll
MOD - [2014-09-18 23:59:01 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\10216950450614b68fe2f42e33fa3c80\System.Xml.ni.dll
MOD - [2014-09-18 23:58:50 | 001,900,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\0695213fe098bc158d07e45203be633b\System.Xaml.ni.dll
MOD - [2014-09-18 23:58:46 | 012,877,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f19197acf91e929a378151a745976330\System.Windows.Forms.ni.dll
MOD - [2014-09-18 23:57:28 | 000,975,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\270a200e4a55f281235dcbde07450912\System.Configuration.ni.dll
MOD - [2014-09-18 23:57:20 | 018,785,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\d96c3e36abc8c0676be9ea0756c6a5cb\PresentationFramework.ni.dll
MOD - [2014-09-18 23:56:52 | 011,021,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\65b3f39148fe1fcac216b1430a7efece\PresentationCore.ni.dll
MOD - [2014-09-18 23:56:35 | 003,941,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\fa7822975c29eda31e6b416ab8ad774b\WindowsBase.ni.dll
MOD - [2014-09-18 23:56:14 | 010,051,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\dfb8b0724c39cdbbfcbb6f83a5be22cc\System.ni.dll
MOD - [2014-08-15 12:57:43 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014-08-15 12:57:42 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014-02-16 16:41:14 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\61be23d6a688188e3419a1eb46fc9d9d\System.Drawing.ni.dll
MOD - [2014-02-16 16:41:02 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\d3abe72a65b16c5ca129dd4509450190\PresentationFramework.Aero2.ni.dll
MOD - [2014-02-16 16:40:17 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\391541c89ed7585fc7e8936c43cee387\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-08-15 12:57:41 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014-05-29 16:02:28 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014-03-29 01:05:59 | 000,016,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013-08-15 22:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013-06-24 15:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013-06-01 02:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013-05-03 23:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-05-03 23:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013-04-08 21:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013-03-01 19:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-03-01 19:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013-01-09 16:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013-01-07 05:04:48 | 001,280,768 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2012-11-27 10:57:56 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012-11-27 10:57:26 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012-07-25 20:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012-07-25 20:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012-07-25 20:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012-07-25 20:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012-07-25 20:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012-07-25 20:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012-07-25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012-07-25 20:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012-07-25 20:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012-07-25 20:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012-07-25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012-07-25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012-07-25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012-07-25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012-07-25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012-07-25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012-04-20 14:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2014-09-19 12:21:22 | 002,319,728 | ---- | M] (Data Protection Solutions) [Auto | Stopped] -- C:\ProgramData\mvqCYXuaeL\XEWoZstEmS.exe -- (XEWoZstEmS)
SRV - [2012-12-13 15:14:24 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012-11-27 10:57:26 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012-10-05 15:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012-09-12 20:59:08 | 002,466,448 | ---- | M] (Realsil Microelectronics Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012-07-25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012-07-17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-07-17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-06-27 12:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012-06-25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012-04-24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012-04-13 10:14:00 | 000,277,120 | ---- | M] (ASUS) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011-11-21 14:19:50 | 000,096,896 | ---- | M] (ASUS) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014-08-15 12:58:04 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014-08-15 12:57:46 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014-08-15 12:57:46 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014-08-15 12:57:46 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014-08-15 12:57:46 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014-08-15 12:57:46 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014-08-15 12:57:46 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014-08-15 12:57:46 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014-03-28 12:19:38 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014-03-23 15:11:52 | 000,269,592 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014-01-22 08:52:12 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudserd.sys -- (ssudserd)
DRV:64bit: - [2014-01-22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014-01-22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2014-01-22 07:52:21 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013-10-10 04:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013-10-04 23:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013-10-01 19:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013-08-15 22:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013-08-09 23:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-07-09 01:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013-07-01 18:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013-07-01 18:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013-06-28 23:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013-05-31 20:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-04-16 17:25:46 | 000,065,784 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2013-03-02 03:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-03-02 03:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013-01-09 18:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013-01-08 19:26:24 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012-12-13 15:14:20 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012-11-27 10:57:26 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012-11-27 10:57:26 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012-11-26 20:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012-11-19 21:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012-11-18 23:57:58 | 003,728,384 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012-11-05 20:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012-10-24 11:18:32 | 000,723,088 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012-10-12 01:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-10-11 00:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012-10-08 02:47:42 | 000,298,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012-09-18 12:51:54 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012-09-13 22:15:10 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012-08-01 20:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012-07-25 22:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-07-25 22:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012-07-25 22:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012-07-25 22:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012-07-25 22:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012-07-25 22:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012-07-25 22:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012-07-25 22:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012-07-25 22:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012-07-25 22:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012-07-25 22:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012-07-25 22:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012-07-25 22:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012-07-25 22:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012-07-25 22:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012-07-25 22:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012-07-25 22:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012-07-25 21:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012-07-25 21:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012-07-25 20:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012-07-25 19:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012-07-25 19:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012-07-25 19:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012-07-25 19:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012-07-25 19:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012-07-25 19:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012-07-25 19:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012-07-25 19:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012-07-25 19:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012-07-25 19:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012-07-25 19:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012-07-25 19:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012-07-25 19:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012-07-25 19:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012-07-25 19:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012-07-25 19:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012-07-25 19:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012-07-25 19:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012-07-25 19:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012-07-25 19:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012-07-25 19:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012-07-02 15:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012-06-02 07:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2012-06-02 07:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012-06-02 07:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012-05-30 20:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV - [2011-09-07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009-07-02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com...vast&type=iedef
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.ya...&p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com...vast&type=iedef
IE - HKLM\..\URLSearchHook: {650598e1-b35a-45d3-b607-896d7acb64c3} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&pc=ASU2JS
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://ca.search.ya...&p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com...vast&type=iedef
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.ya...&p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com...vast&type=iedef
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://ca.search.ya...&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49424;https=127.0.0.1:49424
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\lynda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-15 12:57:49 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2022.121_0\
CHR - Extension: No name found = C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\
CHR - Extension: No name found = C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012-07-25 22:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {650598e1-b35a-45d3-b607-896d7acb64c3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {650598E1-B35A-45D3-B607-896D7ACB64C3} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - Startup: C:\Users\lynda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90C5DFBA-D787-431E-9CE1-E632570D2E88}: DhcpNameServer = 192.168.1.254 75.153.176.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) -  File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-09-22 23:22:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014-09-22 19:06:58 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2014-09-22 19:06:58 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll
[2014-09-21 21:34:46 | 000,000,000 | ---D | C] -- C:\FRST
[2014-09-20 14:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser
[2014-09-19 12:21:58 | 000,000,000 | ---D | C] -- C:\Users\lynda\AppData\Local\ShareThis
[2014-09-19 12:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\mvqCYXuaeL
[2014-09-19 12:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ShareThis
[2014-09-19 12:17:27 | 000,000,000 | ---D | C] -- C:\Users\lynda\AppData\Roaming\ISpeedPC
[2014-09-19 12:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bull Softwares
[2014-09-15 21:19:20 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014-09-15 21:19:20 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014-09-15 21:19:19 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014-09-15 21:19:19 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014-09-15 21:19:16 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014-09-15 21:19:15 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014-09-15 21:19:15 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014-09-15 21:19:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014-09-15 21:19:14 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014-09-15 21:19:11 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014-09-15 21:19:11 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014-09-15 21:19:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014-09-15 21:19:09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014-09-15 21:19:08 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014-09-15 21:19:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014-09-15 21:19:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014-09-15 21:19:06 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014-09-15 21:19:04 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2014-09-15 21:19:04 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2014-09-15 21:19:01 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2014-09-15 21:18:58 | 001,440,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014-09-15 21:18:57 | 001,508,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014-09-15 20:49:20 | 010,115,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2014-09-15 20:49:07 | 008,858,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2014-09-15 20:49:00 | 002,307,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014-09-15 20:48:59 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014-09-15 20:48:58 | 000,732,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NotificationUI.exe
[2014-09-15 20:48:56 | 000,694,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
[2014-09-15 20:48:55 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2014-09-15 20:48:54 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2014-09-15 20:48:53 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.dll
[2014-09-15 20:48:53 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2014-09-15 20:48:52 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2014-09-15 20:48:51 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2014-09-15 20:47:49 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2014-09-15 20:47:48 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014-09-15 20:47:48 | 000,253,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2014-09-15 20:47:47 | 001,623,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014-09-15 20:47:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2014-09-15 20:47:47 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014-09-15 20:47:47 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2014-09-15 20:47:46 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014-09-15 20:47:46 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2014-09-15 20:47:46 | 000,059,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014-09-15 20:47:46 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2014-09-15 20:47:46 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuaext.dll
[2014-09-15 20:47:45 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014-09-15 20:47:12 | 000,536,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp120_clr0400.dll
[2014-09-15 20:47:11 | 000,678,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp120_clr0400.dll
[2014-09-15 20:46:37 | 000,755,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014-09-15 20:46:37 | 000,556,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014-09-15 20:46:15 | 000,875,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr120_clr0400.dll
[2014-09-15 20:46:14 | 000,869,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr120_clr0400.dll
[2014-09-14 15:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014-09-14 12:55:34 | 000,000,000 | ---D | C] -- C:\Users\lynda\AppData\Local\Facebook
[2014-09-07 18:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2014-09-07 18:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMODO
 
========== Files - Modified Within 30 Days ==========
 
[2014-09-27 18:44:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-09-27 17:58:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-09-26 12:51:27 | 000,000,074 | ---- | M] () -- C:\Users\lynda\AppData\Roaming\sp_data.sys
[2014-09-26 12:50:57 | 000,181,270 | ---- | M] () -- C:\Users\lynda\Documents\cc_20140926_125016.reg
[2014-09-26 12:47:42 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-09-26 12:47:06 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014-09-26 12:47:06 | 2481,127,423 | -HS- | M] () -- C:\hiberfil.sys
[2014-09-22 12:27:35 | 000,110,682 | ---- | M] () -- C:\Windows\SysWow64\errordetails.xml
[2014-09-05 19:28:36 | 000,281,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014-09-04 15:36:35 | 000,755,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014-09-02 18:49:12 | 000,556,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014-09-02 12:32:27 | 000,705,480 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014-09-02 12:32:27 | 000,104,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2014-09-26 12:50:21 | 000,181,270 | ---- | C] () -- C:\Users\lynda\Documents\cc_20140926_125016.reg
[2014-09-19 13:17:56 | 000,110,682 | ---- | C] () -- C:\Windows\SysWow64\errordetails.xml
[2014-09-15 20:48:58 | 000,010,450 | ---- | C] () -- C:\Windows\SysNative\autoconfig.cab
[2014-02-19 23:22:57 | 000,000,017 | ---- | C] () -- C:\Users\lynda\AppData\Local\resmon.resmoncfg
[2013-10-10 13:57:04 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013-09-08 12:19:47 | 000,000,074 | ---- | C] () -- C:\Users\lynda\AppData\Roaming\sp_data.sys
[2013-04-23 20:36:10 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2013-04-23 20:36:09 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013-04-23 20:36:08 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012-11-27 11:26:00 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012-11-27 11:26:00 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012-11-27 11:26:00 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS
 
========== ZeroAccess Check ==========
 
[2013-10-23 20:53:07 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-03-28 01:23:06 | 019,759,104 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-03-27 23:18:26 | 017,562,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-07-25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-07-25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-07-25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2012-11-27 10:57:51 | 000,190,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013-03-05 23:29:15 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2012-07-25 20:08:16 | 000,094,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2012-07-25 20:07:01 | 000,826,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2013-10-10 02:20:43 | 000,723,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2012-07-25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2012-07-25 20:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012-07-25 20:05:36 | 000,507,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2012-07-25 20:18:26 | 000,394,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012-07-25 20:05:12 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013-07-12 23:16:06 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2012-07-25 20:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2012-10-10 22:43:40 | 000,331,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2012-10-10 22:06:02 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2012-11-27 10:57:26 | 000,210,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2012-07-25 20:05:34 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:64bit: - [2012-07-25 20:05:46 | 000,036,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2012-07-25 20:18:34 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2012-07-25 20:05:51 | 000,438,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2012-07-25 20:05:51 | 000,474,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2012-07-25 20:07:25 | 000,502,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2012-11-27 10:57:56 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2012-07-25 20:06:34 | 000,255,488 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2013-05-03 23:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012-11-27 10:57:52 | 000,356,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2012-07-25 22:26:47 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2012-11-27 10:57:51 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012-07-25 20:08:47 | 000,769,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:64bit: - [2012-07-25 20:07:03 | 000,099,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2012-07-25 20:07:03 | 000,358,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2012-07-25 20:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2012-07-25 20:07:09 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2014-03-10 17:39:12 | 000,035,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2013-04-08 21:51:41 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2012-07-25 20:07:23 | 000,309,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2012-07-25 20:07:16 | 000,565,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2012-07-25 20:19:59 | 000,506,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2014-07-31 16:40:32 | 001,287,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2012-07-25 20:07:28 | 000,305,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2012-07-25 20:20:06 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2012-07-25 20:07:30 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012-07-25 20:07:00 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2013-05-03 23:59:51 | 001,483,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2013-06-01 02:19:42 | 000,785,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:64bit: - [2013-04-08 21:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012-07-25 20:07:08 | 000,148,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2014-03-29 01:05:59 | 000,016,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012-07-25 20:07:47 | 001,731,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:64bit: - [2013-10-30 22:56:24 | 000,915,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2012-07-25 20:07:47 | 000,570,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2012-07-25 20:08:34 | 000,124,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2012-07-25 20:20:50 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2012-07-25 20:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2014-08-27 23:01:44 | 003,285,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2012-07-25 20:05:31 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2012-11-05 21:19:59 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:64bit: - [2012-07-25 20:08:02 | 000,191,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
<  %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2013-06-01 04:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\explorer.exe
[2013-06-01 04:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_aac334d9034c59e1\explorer.exe
[2013-11-26 13:16:47 | 000,217,360 | ---- | M] () MD5=2092F6917941A061962DF0BBA8B84F0C -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_ab3d00461c7696e9\explorer.exe
[2013-11-26 14:44:29 | 000,193,351 | ---- | M] () MD5=4B76AFA7419B97FBB89FD035265C57B9 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2013-11-26 14:44:40 | 000,191,929 | ---- | M] () MD5=74943A9AF71318AC04D2E1BD4FEBEA51 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2013-11-26 13:16:34 | 000,221,955 | ---- | M] () MD5=804EE8C35914DED7B852ED30C95911CB -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2013-11-26 13:16:43 | 000,220,321 | ---- | M] () MD5=A5E54126A8E4B0E0E11EE746B5D74946 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2013-11-26 14:44:45 | 000,190,101 | ---- | M] () MD5=B07B3FC1189DDE940C33E8435DDB7D93 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_b591aa9850d758e4\explorer.exe
[2013-11-26 14:44:34 | 000,191,911 | ---- | M] () MD5=C01180CEED5C85D4DCC45A1F694E9E4E -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2013-11-26 13:16:39 | 000,220,310 | ---- | M] () MD5=CD263294E7B7D1FB7C020E3189A05C92 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
[2013-06-01 03:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\SysWOW64\explorer.exe
[2013-06-01 03:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_b517df2b37ad1bdc\explorer.exe
 
< MD5 for: RPCSS.DLL  >
[2012-07-25 20:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) MD5=1EC6E533C954BDDF2A37E7851A7E58FD -- C:\Windows\SysNative\rpcss.dll
[2012-07-25 20:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) MD5=1EC6E533C954BDDF2A37E7851A7E58FD -- C:\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.2.9200.16384_none_c2948360c7a43433\rpcss.dll
 
< MD5 for: SERVICES  >
[2012-07-25 22:26:47 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.2.9200.16384_none_8e0944daeed62829\services
 
< MD5 for: SERVICES.ASFX  >
[2010-11-15 22:02:24 | 000,000,230 | ---- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx
[2010-11-15 22:02:26 | 000,000,231 | ---- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx
[2010-11-15 22:02:32 | 000,000,228 | ---- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx
[2010-11-15 22:02:32 | 000,000,228 | ---- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx
 
< MD5 for: SERVICES.CFG  >
[2010-11-15 22:02:22 | 000,032,633 | ---- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.EXE  >
[2013-10-04 21:16:55 | 000,038,189 | ---- | M] () MD5=1D466CB01D45EEADE9391BB39D231AAB -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26cd38667756c\services.exe
[2012-11-27 10:57:26 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\SysNative\services.exe
[2012-11-27 10:57:26 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d19863a6591\services.exe
[2013-10-04 21:16:56 | 000,001,252 | ---- | M] () MD5=BBE63819DC46EB3B47862B9EC9C02508 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea2e9f571eb2\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2012-07-26 00:48:33 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\Windows\SysNative\en-US\services.exe.mui
[2012-07-26 00:48:33 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_en-us_c2c6ee7bafb963b8\services.exe.mui
 
< MD5 for: SERVICES.JS  >
[2014-09-15 20:50:56 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_2.0.0.320_x64__8wekyb3d8bbwe\common\js\services.js
[2014-09-15 20:50:18 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingNews_2.0.0.320_x64__8wekyb3d8bbwe\common\js\services.js
[2012-07-26 00:54:02 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-07-26 00:53:53 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-07-26 00:53:50 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-07-26 00:54:33 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-07-26 00:53:57 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
 
< MD5 for: SERVICES.LNK  >
[2012-07-25 13:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 13:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 13:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2012-06-02 07:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2012-06-02 07:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\services.mof
 
< MD5 for: SERVICES.MSC  >
[2012-07-26 00:48:57 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\en-US\services.msc
[2012-06-02 07:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\services.msc
[2012-07-26 00:48:57 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2012-06-02 07:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2012-07-26 00:48:57 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_fd08be678622fdab\services.msc
[2012-06-02 07:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.msc
[2012-06-02 07:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_3282345b03dfdcd5\services.msc
[2012-07-26 00:48:57 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_a0ea22e3cdc58c75\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2012-07-25 13:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2012-07-25 13:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2013-10-04 21:17:22 | 000,000,609 | ---- | M] () MD5=020CF470030E26B04A711F99943ACCA8 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_0f4c7e60a8019d22\svchost.exe
[2013-11-26 15:51:34 | 000,003,208 | ---- | M] () MD5=8858EEF64A5B4A773F2F536AD9E42D56 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe
[2013-10-04 21:17:22 | 000,002,873 | ---- | M] () MD5=89FFE2FDCADA2FD40251253CD5F2D20D -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e8501058f11f3dc\svchost.exe
[2012-11-27 10:57:35 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\SysWOW64\svchost.exe
[2012-11-27 10:57:35 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb\svchost.exe
[2012-11-27 10:57:26 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\SysNative\svchost.exe
[2012-11-27 10:57:26 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401\svchost.exe
[2013-11-26 15:51:34 | 000,000,583 | ---- | M] () MD5=F935714419A9232552144B7BB304FF50 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de2dcefa42bec\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2012-07-25 20:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe
[2012-07-25 20:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
[2012-07-25 20:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe
[2012-07-25 20:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2014-07-20 18:58:42 | 000,082,423 | ---- | M] () MD5=0A6B2608E6446768E1305EB09734A486 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2014-07-20 18:58:44 | 000,072,808 | ---- | M] () MD5=18CFA2E022DA118D54C30850DDD983FD -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21012_none_c95fd5c6779c8076\winlogon.exe
[2013-11-26 14:35:25 | 000,053,876 | ---- | M] () MD5=204A743E80AA375968BD6D354E6F50E5 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2013-10-04 21:24:34 | 000,001,645 | ---- | M] () MD5=2B4382D2FD8B5A1CA9B78C8DCFEB84CE -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2013-11-26 14:35:26 | 000,001,620 | ---- | M] () MD5=34F41862C3C2D2E55516C1F02CED99B5 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe
[2014-04-12 02:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\SysNative\winlogon.exe
[2014-04-12 02:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16891_none_c87ee12f5ec0739b\winlogon.exe
[2014-04-12 02:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.17014_none_c8d83b755e7d1081\winlogon.exe
[2014-07-20 18:58:45 | 000,072,808 | ---- | M] () MD5=898B01DE0F69CEBFAC70F89B6D497A45 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21133_none_c94b381e77abced6\winlogon.exe
[2013-10-04 21:24:34 | 000,001,614 | ---- | M] () MD5=CC5F5689C296E03D40D6CCD4DE3443DA -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
 
<  dir C:\ /S /A:L /C >
 Volume in drive C is OS
 Volume Serial Number is 6A19-8BC1
 Directory of C:\
2012-07-26  12:22 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
2012-07-26  12:22 AM    <JUNCTION>     Application Data [C:\ProgramData]
2012-07-26  12:22 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
2012-07-26  12:22 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
2012-07-26  12:22 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
2012-07-26  12:22 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
2012-07-26  12:22 AM    <SYMLINKD>     All Users [C:\ProgramData]
2012-07-26  12:22 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
2012-07-26  12:22 AM    <JUNCTION>     Application Data [C:\ProgramData]
2012-07-26  12:22 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
2012-07-26  12:22 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
2012-07-26  12:22 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
2012-07-26  12:22 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
2012-07-26  12:22 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
2012-07-26  12:22 AM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
2012-07-26  12:22 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
2012-07-26  12:22 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
2012-07-26  12:22 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
2012-07-26  12:22 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
2012-07-26  12:22 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
2012-07-26  12:22 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
2012-07-26  12:22 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
2012-07-26  12:22 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
2012-07-26  12:22 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
2012-07-26  12:22 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
2012-07-26  12:22 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
2012-07-26  12:22 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
2012-07-26  12:22 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
2012-07-26  12:22 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\lynda
2013-09-08  12:15 PM    <JUNCTION>     Application Data [C:\Users\lynda\AppData\Roaming]
2013-09-08  12:15 PM    <JUNCTION>     Cookies [C:\Users\lynda\AppData\Roaming\Microsoft\Windows\Cookies]
2013-09-08  12:15 PM    <JUNCTION>     Local Settings [C:\Users\lynda\AppData\Local]
2013-09-08  12:15 PM    <JUNCTION>     My Documents [C:\Users\lynda\Documents]
2013-09-08  12:15 PM    <JUNCTION>     NetHood [C:\Users\lynda\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
2013-09-08  12:15 PM    <JUNCTION>     PrintHood [C:\Users\lynda\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
2013-09-08  12:15 PM    <JUNCTION>     Recent [C:\Users\lynda\AppData\Roaming\Microsoft\Windows\Recent]
2013-09-08  12:15 PM    <JUNCTION>     SendTo [C:\Users\lynda\AppData\Roaming\Microsoft\Windows\SendTo]
2013-09-08  12:15 PM    <JUNCTION>     Start Menu [C:\Users\lynda\AppData\Roaming\Microsoft\Windows\Start Menu]
2013-09-08  12:15 PM    <JUNCTION>     Templates [C:\Users\lynda\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\lynda\AppData\Local
2013-09-08  12:15 PM    <JUNCTION>     Application Data [C:\Users\lynda\AppData\Local]
2013-09-08  12:15 PM    <JUNCTION>     History [C:\Users\lynda\AppData\Local\Microsoft\Windows\History]
2013-09-08  12:15 PM    <JUNCTION>     Temporary Internet Files [C:\Users\lynda\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\lynda\AppData\LocalLow
2013-09-19  09:16 PM    <JUNCTION>     PlayReady [C:\ProgramData\Microsoft\PlayReady]
               0 File(s)              0 bytes
 Directory of C:\Users\lynda\Documents
2013-09-08  12:15 PM    <JUNCTION>     My Music [C:\Users\lynda\Music]
2013-09-08  12:15 PM    <JUNCTION>     My Pictures [C:\Users\lynda\Pictures]
2013-09-08  12:15 PM    <JUNCTION>     My Videos [C:\Users\lynda\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
2012-07-26  12:22 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
2012-07-26  12:22 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
2012-07-26  12:22 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              49 Dir(s)  243,088,891,904 bytes free
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720

< End of report >


  • 0

#22
nadjaj

nadjaj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

And yes sorry it was the Asian printing that I was curious about.

 

OTL Extras logfile created on: 2014-09-27 6:38:29 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\lynda\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17088)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
 
7.89 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 78.57% Memory free
9.08 Gb Paging File | 7.38 Gb Available in Paging File | 81.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.11 Gb Total Space | 226.39 Gb Free Space | 81.11% Space Free | Partition Type: NTFS
Drive D: | 397.87 Gb Total Space | 397.16 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: lynda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053BC459-2FEE-4FC5-B2C9-3DF66DAFB58C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0C1D42C6-27B6-4F06-8551-FAC2AF271FCD}" = lport=137 | protocol=17 | dir=in | app=system |
"{0EB3C420-E6C3-480F-B869-3A4F02081CE3}" = lport=139 | protocol=6 | dir=in | app=system |
"{1227877C-FE88-4A35-8E0F-0576D427181D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{175B077D-0C19-4091-A2EF-9B739CD90B34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C841C3B-AABE-4796-83D1-85B7DD55E905}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C9D8C69-3705-4050-BBD2-3DC7D8B750A0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{216E760F-CA9A-4498-8B75-2094E807D6E9}" = lport=138 | protocol=17 | dir=in | app=system |
"{3C9FFBFE-D519-4559-A24E-8AB8F8014B9D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4272BB87-2771-4F66-BDA1-89C2B072660B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{69EEAB65-3B7E-4D70-9749-AF4FB310DD97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89A8808F-8A4A-4CD6-8FFD-B8643FC13ABF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8B1D90C0-1290-402A-A078-436B730FE3FE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8C591CF8-8E0B-4724-B5F0-6290D26DD37C}" = rport=137 | protocol=17 | dir=out | app=system |
"{93B5D20E-50A1-4A23-A159-C51AF193BB8E}" = rport=138 | protocol=17 | dir=out | app=system |
"{94E10CEF-C139-4809-9AEF-5078AD86D615}" = lport=445 | protocol=6 | dir=in | app=system |
"{963C85A6-046F-40AB-92E5-424F10D98037}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A1377298-FBDF-4707-9746-7C7DCC21775F}" = rport=139 | protocol=6 | dir=out | app=system |
"{B050E5E6-5EDE-40B1-81A8-6E3407E8E871}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{C24E69EC-326A-42E1-8402-E81FE15BBB45}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C87091FC-4DC8-4ABF-A699-26694CC73B8B}" = rport=445 | protocol=6 | dir=out | app=system |
"{D6696EB2-3255-45CE-8481-512E128AE0F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E47DFF12-663D-4B8E-8888-5F51BAAE0E86}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FAD35F94-F7D1-4BF4-8E04-FC72171E69F6}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078FCB75-CEED-4EA7-8E77-FD09AE345437}" = dir=out | name=fresh paint |
"{10494C55-8993-4C0F-90E6-253E05F231F7}" = dir=out | [email protected]{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{1197D1CE-7FD7-4D5D-A519-5500C466B565}" = protocol=58 | dir=out | [email protected],-28546 |
"{148F4585-5C13-4C77-AFAB-F7742E8AE1A6}" = dir=out | name=netflix |
"{1704CE87-0E40-4B85-9B96-ABBF0AE19C69}" = protocol=1 | dir=out | [email protected],-28544 |
"{1AECC0CF-FAEB-44B6-A71D-57D3ED62A43C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{20BA6691-1CAC-432A-9CDA-9B6974DF116A}" = dir=in | name=pinball fx2 |
"{210695B7-5057-4CDC-B214-7B9858F7E10B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2410FF2A-5F6C-4021-AFE6-1D9B1D461096}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2CE2E75F-3D48-4793-B0EB-658E9193CFA4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3840FA41-13D2-453A-9E1C-7C9892D5892B}" = dir=in | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{415E0AB2-2405-44C8-984A-99BA0D58EEEE}" = protocol=58 | dir=in | [email protected],-28545 |
"{42950E7C-0AC4-49C4-89F9-AF8FB8493714}" = dir=in | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{43B8D215-7C81-4851-94A1-1E18E7925BD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45CB05C6-783D-4A3B-A8FD-B82B451071D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A6D1A10-CA4F-4DD2-A9B2-B33657081BCB}" = dir=out | [email protected]{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{5013315E-07E8-410D-8A8E-BE5A06E6EA98}" = dir=out | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{54B69B3B-C44D-4E7A-9F02-359ED754D0B6}" = dir=out | [email protected]{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{57B719B5-951C-4291-8C9A-3E1F0BB15480}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5987CC73-6226-40A7-A7C7-2B69E42F62CF}" = dir=out | [email protected]{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{5A5681F8-610F-4716-A105-D2B374E2C92A}" = protocol=1 | dir=in | [email protected],-28543 |
"{631487E7-3C6B-4007-83AF-1F067F3C0BDD}" = dir=out | name=microsoft solitaire collection |
"{63C61969-6554-4A74-857C-61162983067D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{686466C5-AB14-4BB6-AD29-0B49C97C3428}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6A25BD2F-C811-4381-9847-CC48243FFF2B}" = dir=out | [email protected]{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{6B80A028-54CE-4315-BDF5-5DA669F2628E}" = dir=out | [email protected]{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{6E607AC2-B76C-42A6-93A4-8F00C9CFD334}" = dir=in | [email protected]{microsoft.skypeapp_1.0.0.266_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{76837CB4-99AD-40F3-B62F-9DD68130F3FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8E111FFA-7403-41C1-8090-B3DCD1869FE8}" = dir=out | name=windows_ie_ac_001 |
"{A1133D8B-08F6-4684-8BAD-4F0B900B7734}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{AC6581B2-98C7-4D8E-84E6-81583D7FA770}" = dir=out | [email protected]{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{AEF1886F-B265-4E88-A0CA-DF1F1F9095AC}" = dir=out | [email protected]{microsoft.skypeapp_1.0.0.266_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{B6D4CF99-ECD0-4B38-AE8E-8151159C21B8}" = dir=out | [email protected]{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{B7571D25-43CB-4903-852B-A0A18769B28D}" = dir=out | name=pinball fx2 |
"{B817702A-CB1E-4ABB-8461-53568BAEC851}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BBD84DE4-C80C-456B-BC5C-42453B30DB14}" = dir=out | [email protected]{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{BBFE5E0F-3B98-4E4D-B7C2-B9E07FAC008E}" = dir=in | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{C3945987-A678-4B70-A737-04C38C394432}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C4BDB851-DA16-4CB2-9579-DE6029BBD07D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CA851DD6-D87D-488A-B8DA-4EAEA63F52EA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CBB747D7-E2F2-4A0B-B7A9-6B0F405D6CB7}" = dir=out | name=taptiles |
"{CCCDD6EE-8938-4BCF-BB22-FDC762ED941A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D029E65C-10EF-4763-919D-F8FBCC421CC6}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{D5F6D9B6-7699-4C82-AE78-F54D37086DE4}" = dir=out | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{D9BE10E4-1755-4919-8F4D-772B597872F5}" = dir=out | [email protected]{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{E566C6BB-E3EB-4803-AAAE-D656E09799AE}" = protocol=6 | dir=out | app=system |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E8658AA9-E192-4DF7-913B-B2B0391E1846}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E88520B7-6748-4C19-89AF-E1CCC7CB2EA7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EABE2212-B1AD-4FDC-9AD8-0B57DC48E928}" = dir=out | name=adera |
"{FAA03D7C-3820-46B1-B2F2-11A281C39658}" = dir=out | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5" = Windows Driver Package - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials
"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack
"{44A3A561-AE74-472D-A51C-43F4C9E7B5E5}" = Windows Live 软件包
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{802E137D-DA8F-47CC-AC21-6DD075CD948C}" = Windows Live UX Platform Language Pack
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C40D110E-0718-4E11-A69B-D4EC7BF2EB04}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{EA2BE047-FF29-4336-BB70-6AF201085BAF}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Google Chrome" = Google Chrome
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2014-09-12 1:37:01 PM | Computer Name = home | Source = Application Hang | ID = 1002
Description = The program Netflix.exe version 1.12.0.64 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: d04    Start
 Time: 01cfcea2ad1d671c    Termination Time: 4294967295    Application Path: C:\Program
Files\WindowsApps\4DF9E0F8.Netflix_1.12.0.64_x64__mcm4njqhnhss8\Netflix.exe    Report
 Id: 55995b1d-3aa3-11e4-bf19-74d02bc326bc    Faulting package full name: 4DF9E0F8.Netflix_1.12.0.64_x64__mcm4njqhnhss8

Faulting
 package-relative application ID: App 
 
Error - 2014-09-13 3:08:03 AM | Computer Name = home | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2014-09-13 8:43:11 PM | Computer Name = home | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17054,
 time stamp: 0x53d0b9f0  Faulting module name: Flash.ocx, version: 14.0.0.176, time
 stamp: 0x53d83347  Exception code: 0xc0000005  Fault offset: 0x00760e35  Faulting process
 id: 0x13bc  Faulting application start time: 0x01cfcfa50fe012f5  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx  Report Id: 19e3881e-3ba8-11e4-bf1a-74d02bc326bc
Faulting
 package full name:   Faulting package-relative application ID:
 
Error - 2014-09-14 12:00:17 AM | Computer Name = home | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17054,
 time stamp: 0x53d0b9f0  Faulting module name: Flash.ocx, version: 14.0.0.176, time
 stamp: 0x53d83347  Exception code: 0xc0000005  Fault offset: 0x00360b5c  Faulting process
 id: 0x5c50  Faulting application start time: 0x01cfcfcc7ad0ca45  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx  Report Id: a2d185f3-3bc3-11e4-bf1a-74d02bc326bc
Faulting
 package full name:   Faulting package-relative application ID:
 
Error - 2014-09-14 3:33:34 PM | Computer Name = home | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17054,
 time stamp: 0x53d0b9f0  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x00000000  Faulting process id:
 0x5ac8  Faulting application start time: 0x01cfd0517a3d44b0  Faulting application path:
 C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path: unknown
Report
 Id: 0381a7d5-3c46-11e4-bf1a-74d02bc326bc  Faulting package full name:   Faulting package-relative
 application ID:
 
Error - 2014-09-14 4:02:24 PM | Computer Name = home | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2014-09-14 6:05:52 PM | Computer Name = home | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.17054 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: f24c    Start
 Time: 01cfd067521e3b07    Termination Time: 35    Application Path: C:\Program Files (x86)\Internet
 Explorer\IEXPLORE.EXE    Report Id: 45024a2f-3c5b-11e4-bf1a-74d02bc326bc    Faulting package
 full name:     Faulting package-relative application ID:  
 
Error - 2014-09-19 1:02:04 PM | Computer Name = home | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2014-09-20 3:26:07 AM | Computer Name = home | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2014-09-20 5:04:53 PM | Computer Name = home | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537,
 time stamp: 0x512347f7  Faulting module name: jscript9.dll, version: 10.0.9200.17088,
 time stamp: 0x53eee690  Exception code: 0xc0000005  Fault offset: 0x00062694  Faulting
 process id: 0x19998  Faulting application start time: 0x01cfd5166628357b  Faulting
application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting
module path: C:\Windows\SYSTEM32\jscript9.dll  Report Id: c423b960-4109-11e4-bf1d-74d02bc326bc
Faulting
 package full name:   Faulting package-relative application ID:
 
[ System Events ]
Error - 2014-09-18 11:00:17 PM | Computer Name = home | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
 
Error - 2014-09-19 2:13:16 AM | Computer Name = home | Source = DCOM | ID = 10010
Description =
 
Error - 2014-09-19 2:13:16 AM | Computer Name = home | Source = DCOM | ID = 10010
Description =
 
Error - 2014-09-19 2:15:04 AM | Computer Name = home | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
 
Error - 2014-09-19 3:02:39 AM | Computer Name = home | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
 
Error - 2014-09-19 12:09:38 PM | Computer Name = home | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
 
Error - 2014-09-19 2:13:52 PM | Computer Name = home | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
 
Error - 2014-09-19 3:32:26 PM | Computer Name = home | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
 
Error - 2014-09-19 4:07:16 PM | Computer Name = home | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
 
Error - 2014-09-19 4:19:32 PM | Computer Name = home | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
 
 
< End of report >


  • 0

#23
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

From what I can see, you have this installed

 

"{44A3A561-AE74-472D-A51C-43F4C9E7B5E5}" = Windows Live 软件包

 

If you don't need it (and I'm guessing that you don't), go to Control Panel, add/remove programs and uninstall it.

 

It is also possible that some of the installed files for this program, tripped up your a/v or MBAM and are now located in a quarantine file that Revo can see. BTW, are you using the Windows 8 compatable version of Revo which I believe is only Revo Pro?  Have a look at this link.

 

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.



  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

 

Also, let me know how the computer is working.


  • 0

#24
nadjaj

nadjaj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hmmm cannot find that program to uninstall it. Am using revo uninstaller no pro. Will try getting rid of it and download the pro. I cannot run a scan it keeps saying application corrupt. Not having much luck. Havent used computer much to say if it is any better as there are too many little quirks that I don't want to have turn into bigger problems. Where to from here??? Thanks for your help. 


  • 0

#25
nadjaj

nadjaj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Well I'll be darned it showed up.

 

 

 

ComboFix 14-09-29.02 - lynda 2014-09-29  11:03:49.2.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.2.1033.18.8078.6225 [GMT -7:00]
Running from: c:\users\lynda\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SetStretch.exe
c:\programdata\SetStretch.VBS
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\pd5fq_tw.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\N1vX.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\aZ4L.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\JciscfQNzm.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\pd5fq_tw.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\N1vX.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\aZ4L.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\JciscfQNzm.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\pd5fq_tw.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\N1vX.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\aZ4L.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\JciscfQNzm.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\newtab.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\pd5fq_tw.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\N1vX.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\aZ4L.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\JciscfQNzm.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\newtab.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\pd5fq_tw.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\N1vX.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\aZ4L.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\JciscfQNzm.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\pd5fq_tw.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\N1vX.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\aZ4L.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\JciscfQNzm.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\pd5fq_tw.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\N1vX.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\aZ4L.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\JciscfQNzm.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\newtab.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\pd5fq_tw.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\N1vX.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\aZ4L.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\JciscfQNzm.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\pd5fq_tw.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\N1vX.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\aZ4L.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\JciscfQNzm.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\pd5fq_tw.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\N1vX.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\aZ4L.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\JciscfQNzm.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\pd5fq_tw.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\N1vX.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\aZ4L.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\JciscfQNzm.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\iaoinlfmpicdfdeclphmjbcbogpekgpp\1.1\pd5fq_tw.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\N1vX.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\aZ4L.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jldcnfilmnaifnfpkfmopcohmfgggjfl\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\JciscfQNzm.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kelbcagbhdfnmbipiofmlkielmhpmmnf\2.1\newtab.html
c:\users\lynda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iaoinlfmpicdfdeclphmjbcbogpekgpp_0.localstorage
c:\users\lynda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ibiiaimghkbhffgkkdogldehnidojjga_0.localstorage-journal
c:\users\lynda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ibiiaimghkbhffgkkdogldehnidojjga_0.localstorage
c:\users\lynda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jldcnfilmnaifnfpkfmopcohmfgggjfl_0.localstorage
c:\users\lynda\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-28 to 2014-09-30  )))))))))))))))))))))))))))))))
.
.
2014-09-30 00:34 . 2014-09-30 00:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-29 23:53 . 2014-09-29 23:53 -------- d-----w- c:\users\lynda\AppData\Local\VS Revo Group
2014-09-29 23:53 . 2014-09-29 23:53 -------- d-----w- c:\programdata\VS Revo Group
2014-09-29 23:53 . 2009-12-30 17:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-09-29 23:53 . 2014-09-29 23:53 -------- d-----w- c:\program files\VS Revo Group
2014-09-23 06:22 . 2014-09-23 06:22 -------- d-----w- c:\windows\ERUNT
2014-09-23 02:06 . 2014-08-09 08:30 148480 ----a-w- c:\windows\system32\poqexec.exe
2014-09-23 02:06 . 2014-08-09 08:29 144896 ----a-w- c:\windows\system32\tssdisai.dll
2014-09-22 04:34 . 2014-09-26 20:32 -------- d-----w- C:\FRST
2014-09-20 21:43 . 2014-09-20 21:43 -------- d-----w- c:\programdata\Browser
2014-09-19 19:21 . 2014-09-19 19:23 -------- d-----w- c:\users\lynda\AppData\Local\ShareThis
2014-09-19 19:21 . 2014-09-19 19:21 -------- d-----w- c:\programdata\mvqCYXuaeL
2014-09-19 19:21 . 2014-09-22 19:44 -------- d-----w- c:\programdata\ShareThis
2014-09-19 19:17 . 2014-09-26 19:53 -------- d-----w- c:\users\lynda\AppData\Roaming\ISpeedPC
2014-09-19 19:16 . 2014-09-19 19:16 -------- d-----w- c:\program files (x86)\Bull Softwares
2014-09-19 06:08 . 2014-09-19 06:08 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2014-09-16 04:18 . 2014-08-16 09:34 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-09-16 03:49 . 2014-06-24 06:41 10115584 ----a-w- c:\windows\system32\twinui.dll
2014-09-16 03:49 . 2014-06-24 04:08 8858624 ----a-w- c:\windows\SysWow64\twinui.dll
2014-09-16 03:49 . 2014-06-24 06:39 2307072 ----a-w- c:\windows\system32\authui.dll
2014-09-16 03:48 . 2014-06-24 04:06 2037760 ----a-w- c:\windows\SysWow64\authui.dll
2014-09-16 03:48 . 2014-08-20 23:40 732880 ----a-w- c:\windows\system32\NotificationUI.exe
2014-09-16 03:48 . 2014-08-20 17:05 694784 ----a-w- c:\windows\system32\WSShared.dll
2014-09-16 03:48 . 2014-08-20 17:02 567808 ----a-w- c:\windows\SysWow64\WSShared.dll
2014-09-16 03:48 . 2014-06-24 06:40 125952 ----a-w- c:\windows\system32\WinSetupUI.dll
2014-09-16 03:48 . 2014-08-20 17:05 198656 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.dll
2014-09-16 03:48 . 2014-08-20 17:02 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-16 03:48 . 2014-08-20 17:05 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-16 03:48 . 2014-06-24 06:39 2146304 ----a-w- c:\windows\system32\actxprxy.dll
2014-09-16 03:48 . 2014-06-24 04:06 754176 ----a-w- c:\windows\SysWow64\actxprxy.dll
2014-09-16 03:48 . 2014-07-31 23:40 1287680 ----a-w- c:\windows\system32\schedsvc.dll
2014-09-16 03:46 . 2014-07-26 02:19 26218496 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-09-16 03:46 . 2014-07-26 01:52 25479168 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-09-16 03:46 . 2014-09-04 22:36 755712 ----a-w- c:\windows\system32\aepdu.dll
2014-09-16 03:46 . 2014-09-03 01:49 556544 ----a-w- c:\windows\system32\aeinv.dll
2014-09-16 03:46 . 2014-07-24 03:33 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-09-16 03:46 . 2014-07-24 03:33 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-09-14 22:05 . 2014-09-14 22:05 -------- d-----w- c:\programdata\Skype
2014-09-14 19:55 . 2014-09-20 05:00 -------- d-----w- c:\users\lynda\AppData\Local\Facebook
2014-09-08 01:20 . 2014-09-08 01:20 -------- d-----w- c:\programdata\COMODO
2014-09-08 01:20 . 2014-09-08 01:20 -------- d-----w- c:\program files (x86)\COMODO
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-29 16:56 . 2013-09-08 19:19 74 ----a-w- c:\users\lynda\AppData\Roaming\sp_data.sys
2014-09-21 18:53 . 2013-09-20 04:07 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-02 19:32 . 2014-07-20 04:57 705480 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-02 19:32 . 2014-07-20 04:57 104904 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-29 16:03 . 2012-07-26 08:13 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 06:47 . 2014-08-27 20:02 4036096 ----a-w- c:\windows\system32\win32k.sys
2014-08-15 19:58 . 2013-10-10 21:30 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-15 19:57 . 2014-08-15 19:57 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-15 19:57 . 2014-02-12 03:52 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-08-15 19:57 . 2014-02-12 03:45 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-15 19:57 . 2014-02-12 03:45 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-15 19:57 . 2013-10-10 21:30 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-08-15 19:57 . 2013-10-10 21:30 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-15 19:57 . 2013-10-10 21:30 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-15 19:57 . 2013-10-10 21:30 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-15 19:57 . 2014-08-15 19:57 43152 ----a-w- c:\windows\avastSS.scr
2014-07-15 23:03 . 2014-08-19 19:08 1300992 ----a-w- c:\windows\system32\gdi32.dll
2014-07-15 22:51 . 2014-08-19 20:11 71168 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2014-07-12 02:36 . 2014-08-19 19:08 1023488 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-15 4085896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 XEWoZstEmS;XEWoZstEmS;c:\programdata\mvqCYXuaeL\XEWoZstEmS.exe;c:\programdata\mvqCYXuaeL\XEWoZstEmS.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S3 ATP;ASUS Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S3 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S3 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 22:45 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10 21:30]
.
2014-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10 21:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-15 19:57 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSShellExt64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://ca.yahoo.com...vast&type=iedef
mStart Page = https://ca.yahoo.com...vast&type=iedef
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://ca.search.ya...&p={searchTerms}
mSearch Bar = https://ca.yahoo.com...vast&type=iedef
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49424;https=127.0.0.1:49424
TCP: DhcpNameServer = 192.168.1.254 75.153.176.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{650598e1-b35a-45d3-b607-896d7acb64c3} - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
c:\users\lynda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk - c:\users\lynda\AppData\Local\Lollipop\Lollipop.exe lollipop
Toolbar-Locked - (no file)
WebBrowser-{650598E1-B35A-45D3-B607-896D7ACB64C3} - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-09-29  17:38:39
ComboFix-quarantined-files.txt  2014-09-30 00:38
.
Pre-Run: 242,734,247,936 bytes free
Post-Run: 245,780,017,152 bytes free
.
- - End Of File - - 9D8A54AE1B9EB09A65BDE10D1CCCD938
 


  • 0

Advertisements


#26
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

So, where are we from your perspective? Is the unicode file(s) now gone? Can you run CCCLean successfully? BTW, CCClean is not the gold standard of a properly working computer :), but can be a sort of "canary in the coal mine" to alert to deeper issues.

 

If the above is working, then I have some clean up from what I am seeing in the logs and will post based on your observations.


  • 0

#27
nadjaj

nadjaj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Well I removed every program you said to. I now only run Avast and Ccleaner. I reinstalled RevoPro. I cannot find the program you mentioned before that is all letters, maybe thats what you mean by unicode? I managed to get rid of one of the one of asian characters but they are sticky but will keep trying to get rid of second one. Did I mention how much I hate Windows 8? Thats part of the reason I am not replying as quick as I would like to. I will use it for normal stuff today to check it out. If you can recomment a program better that Ccleaner and anything else.....thanks will get back today. I am ready to do clean up.


  • 0

#28
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Well I removed every program you said to. I now only run Avast and Ccleaner. I reinstalled RevoPro. I cannot find the program you mentioned before that is all letters, maybe thats what you mean by unicode? I managed to get rid of one of the one of asian characters but they are sticky but will keep trying to get rid of second one.

 

Well, I don't think any of them are causing you issues. I think they are in your quarrentine folders.

 

 

Did I mention how much I hate Windows 8? Thats part of the reason I am not replying as quick as I would like to. I will use it for normal stuff today to check it out.

 

Ha :rofl:  You're in a very long line on that one! Everyone hates W8!!!

 

Part of the issue is the lack of a Start Button. You can add one and it helps a lot. Check out this article. I use Classic Shell and it works fine. The others do too.

 

 

If you can recomment a program better that Ccleaner and anything else.....thanks will get back today. I am ready to do clean up.

 

I don't my have my Registry Speech at the ready, so here the short version. Registry Cleaners (all of them) perform two functions. Nothing at all or they break pieces of the Registry. If you're lucky, you get the former. If you get the latter, you'll be visiting us. So, no Registry Cleaning, please. Next, Temp File cleaners. Use this one.  TFC by OldTimer  It works great and you won't be tempted to mess with your Registry. I can forward the Registry Speech with links and studies of what Registry Cleaners really do in my next post.

 

Yes, please use the computer and let me know if we've fixed you problems :)

 


  • 0

#29
nadjaj

nadjaj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

on to this now. didn't want you to think I disappeared


  • 0

#30
nadjaj

nadjaj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

well could not download the two programs you recommended. Got half way into install and it just sat there for hours. Now sadly I am back to the blue screen. Asks for sign and then its stuck on blue screen. I dont get it. Sadly everytime my granddaughter has used either of my laptops they end up messed up. She does not download just plays her Moviestar Planet. Sigh amy hope?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP