Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple instances of Chrome (when closed) and MBAM BSOD. [Solved]

Started by andyk68 , Nov 19 2014 03:22 PM

  • This topic is locked This topic is locked

#1
andyk68
Posted 19 November 2014 - 03:22 PM

andyk68

    Member

  • Member
  • PipPip
  • 53 posts

I have noticed that there are multiple instances of Chrome running in task manager when Chrome is closed so I run MBAM. MBAM did a full scan but before it completes (on every run) I get the B.S.O.D. I notice before the crash that MBAM as found 12 infections but I cant find out what they are.

Windows 7 Pro. 32bit,

 

OTL Log:

 

OTL logfile created on: 19/11/2014 20:20:34 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\AndyK\Downloads
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.99 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 31.26% Memory free
3.98 Gb Paging File | 1.79 Gb Available in Paging File | 45.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.74 Gb Total Space | 47.46 Gb Free Space | 40.66% Space Free | Partition Type: NTFS
Drive D: | 116.05 Gb Total Space | 50.83 Gb Free Space | 43.80% Space Free | Partition Type: NTFS
 
Computer Name: ANDYK-PC | User Name: AndyK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/19 20:19:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\AndyK\Downloads\OTL.exe
PRC - [2014/11/14 21:15:26 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/11/10 13:44:48 | 000,382,000 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Runner.exe
PRC - [2014/11/04 00:20:13 | 000,042,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CompatTel\wicainventory.exe
PRC - [2014/10/29 16:18:30 | 004,826,904 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2014/10/29 11:03:36 | 001,217,032 | ---- | M] (TorchMedia Inc.) -- C:\Users\AndyK\AppData\Local\Torch\Update\TorchCrashHandler.exe
PRC - [2014/10/26 10:52:59 | 000,655,872 | ---- | M] (The Chromium Authors) -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\chrome.exe
PRC - [2014/10/21 19:54:40 | 000,161,280 | ---- | M] () -- C:\Program Files\116FC117-A4FD-4F86-9840-14C9CD63BFCE\zkurwblqyk.exe
PRC - [2014/10/20 17:52:12 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
PRC - [2014/10/17 15:24:20 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2014/10/17 15:24:04 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2014/10/11 13:05:40 | 000,060,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2014/09/13 00:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\AndyK\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/09/12 09:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/26 08:49:58 | 000,078,088 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
PRC - [2014/08/25 16:29:54 | 001,245,752 | ---- | M] (Spotify Ltd) -- C:\Users\AndyK\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/08/22 11:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/08/22 11:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/08/22 11:41:00 | 000,974,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/08/18 11:18:47 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/03/23 21:53:06 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/03/23 21:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
PRC - [2010/03/06 16:46:14 | 000,286,720 | ---- | M] (BlazeVideo Company) -- C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/03 01:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe
PRC - [2007/04/26 11:01:50 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxdacoms.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/19 18:02:46 | 000,043,008 | ---- | M] () -- c:\Users\AndyK\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqw3emr.dll
MOD - [2014/11/14 21:15:23 | 009,009,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.65\pdf.dll
MOD - [2014/11/14 21:15:16 | 001,677,128 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll
MOD - [2014/11/10 13:46:56 | 000,120,368 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\WdcMan.dll
MOD - [2014/11/10 13:46:50 | 000,054,320 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\WbSes.dll
MOD - [2014/11/10 13:46:40 | 000,122,416 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\WblSupp.dll
MOD - [2014/11/10 13:46:28 | 000,043,056 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\PrfIns.dll
MOD - [2014/11/10 13:46:10 | 000,093,232 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\ManXec.dll
MOD - [2014/11/10 13:45:56 | 000,101,936 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\CmnUtls.dll
MOD - [2014/11/10 13:45:38 | 000,070,704 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\CmdProc.dll
MOD - [2014/11/10 13:44:48 | 000,382,000 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Runner.exe
MOD - [2014/10/23 08:26:48 | 008,569,856 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\pdf.dll
MOD - [2014/10/23 08:23:07 | 000,880,128 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\ffmpegsumo.dll
MOD - [2014/10/23 08:20:35 | 000,324,608 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\ppGoogleNaClPluginChrome.dll
MOD - [2014/10/11 13:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/09/13 00:20:58 | 003,610,624 | ---- | M] () -- C:\Users\AndyK\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/07/31 11:16:44 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/10 12:44:24 | 004,592,128 | ---- | M] () -- C:\Users\AndyK\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libGLESv2.dll
MOD - [2014/02/10 12:44:24 | 000,112,128 | ---- | M] () -- C:\Users\AndyK\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libEGL.dll
MOD - [2013/08/23 19:01:44 | 025,100,288 | ---- | M] () -- C:\Users\AndyK\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/10/05 19:54:00 | 000,188,416 | RHS- | M] () -- C:\Windows\System32\winDCE32.dll
MOD - [2010/05/06 15:48:50 | 000,024,576 | ---- | M] () -- C:\Program Files\BlazeVideo\BlazeDTV 6.0\RemoteControl\AF9100EXRC.dll
MOD - [2008/12/30 11:40:30 | 000,073,728 | ---- | M] () -- C:\Program Files\BlazeVideo\BlazeDTV 6.0\VersionInfo.dll
MOD - [2008/12/30 11:40:26 | 000,106,496 | ---- | M] () -- C:\Program Files\BlazeVideo\BlazeDTV 6.0\mlutil.dll
MOD - [2008/12/30 11:40:26 | 000,032,768 | ---- | M] () -- C:\Program Files\BlazeVideo\BlazeDTV 6.0\MMKeyboardHook.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/10/29 11:03:36 | 001,217,032 | ---- | M] (TorchMedia Inc.) [Auto | Running] -- C:\Users\AndyK\AppData\Local\Torch\Update\TorchCrashHandler.exe -- (TorchCrashHandler)
SRV - [2014/10/21 19:54:40 | 000,161,280 | ---- | M] () [Auto | Running] -- C:\Program Files\116FC117-A4FD-4F86-9840-14C9CD63BFCE\zkurwblqyk.exe -- (CouponarificService)
SRV - [2014/09/12 09:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/26 08:49:58 | 000,078,088 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2014/08/22 11:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/08/22 11:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/12/18 23:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/23 21:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe -- (STacSV)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 01:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe -- (AESTFilters)
SRV - [2007/05/31 08:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 08:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/04/26 11:01:50 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdacoms.exe -- (lxda_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9510D086-CD02-4B8D-89C5-D98707CAC517}\MpKslcfa654ac.sys -- (MpKslcfa654ac)
DRV - [2014/10/21 19:54:40 | 000,031,744 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\System32\drivers\netfilter.sys -- (netfilter)
DRV - [2014/09/11 07:32:12 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\subvga.sys -- (subvgaproduct)
DRV - [2014/08/19 16:21:06 | 000,145,664 | ---- | M] (ITE                      ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IT9135BDA.sys -- (IT9135BDA)
DRV - [2014/07/17 17:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2014/06/16 06:01:38 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2014/06/16 06:01:38 | 000,089,856 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2010/12/11 23:08:40 | 000,234,800 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2010/12/02 18:29:00 | 000,056,760 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2010/11/29 10:47:00 | 000,070,448 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2010/11/11 09:26:00 | 000,042,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2010/08/30 09:48:00 | 000,080,064 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2010/08/10 12:00:02 | 000,629,760 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV - [2010/06/14 13:10:16 | 000,230,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2010/04/26 10:48:00 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2010/03/23 21:53:06 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/24 10:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/17 10:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 63 78 79 7E 15 BB CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {AA671EA0-085D-404A-9600-DF709CAF2039}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AA671EA0-085D-404A-9600-DF709CAF2039}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\TorchVLC: C:\Users\AndyK\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
 
 
[2014/08/24 17:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AndyK\AppData\Roaming\Mozilla\Extensions
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\AndyK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\AndyK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\AndyK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\AndyK\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.7_0\
CHR - Extension: No name found = C:\Users\AndyK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\AndyK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\AndyK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mbot_gb_208]  File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [BlazeServoTool] C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe (BlazeVideo Company)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [iCloudDrive] C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\AndyK\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\AndyK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\AndyK\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FE97E5C-0698-4B2A-941A-F30B0ABC95CF}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE876D6A-077D-4578-B45E-DFFE591C7A40}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (msoidssp) - C:\Windows\System32\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/16 09:47:07 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/11/16 09:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/11/16 09:45:02 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/11/16 09:45:02 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/11/16 09:45:01 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/11/16 09:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/11/16 09:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/11/14 19:02:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2014/11/14 19:02:50 | 000,000,000 | ---D | C] -- C:\Users\AndyK\Documents\SelfMV
[2014/11/14 19:02:42 | 000,000,000 | ---D | C] -- C:\Users\AndyK\Documents\samsung
[2014/11/14 19:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2014/11/14 19:00:39 | 000,184,192 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2014/11/14 19:00:38 | 000,089,856 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2014/11/14 18:54:33 | 000,000,000 | ---D | C] -- C:\Users\AndyK\AppData\Roaming\Samsung
[2014/11/14 18:54:30 | 000,144,664 | ---- | C] (MAPILab Ltd. & Add-in Express Ltd.) -- C:\Windows\System32\secman.dll
[2014/11/12 17:58:09 | 000,000,000 | ---D | C] -- C:\Users\AndyK\AppData\Roaming\deluge
[2014/11/12 17:51:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
[2014/11/12 17:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\Deluge
[2014/11/11 20:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\predm
[2014/11/11 20:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2014/11/11 20:41:32 | 000,000,000 | ---D | C] -- C:\Users\AndyK\AppData\Roaming\Store
[2014/11/11 20:38:03 | 000,000,000 | ---D | C] -- C:\Users\AndyK\AppData\Roaming\Nosibay
[2014/11/11 20:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Couponarific
[2014/11/11 20:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\116FC117-A4FD-4F86-9840-14C9CD63BFCE
[2014/11/11 20:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\ShopSave Toolbar
[2014/11/11 20:30:23 | 000,000,000 | ---D | C] -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100
[2014/11/11 19:07:32 | 000,000,000 | ---D | C] -- C:\Users\AndyK\Desktop\downloads
[2014/11/11 19:07:03 | 000,000,000 | ---D | C] -- C:\Users\AndyK\AppData\Roaming\tixati
[2014/11/11 19:06:14 | 000,000,000 | ---D | C] -- C:\Users\AndyK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
[2014/11/11 19:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\tixati
[2014/11/08 20:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2014/11/06 18:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2014/11/06 18:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/11/06 18:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2014/11/06 18:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/11/06 18:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/11/06 18:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/11/06 18:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
[2014/11/02 22:18:54 | 000,000,000 | ---D | C] -- C:\koboExtStorage
[2014/11/02 22:18:31 | 000,000,000 | ---D | C] -- C:\Users\AndyK\AppData\Local\Kobo
[2014/11/02 22:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo
[2014/11/02 22:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/11/02 22:13:56 | 000,000,000 | ---D | C] -- C:\Windows\tmp
[2014/11/02 22:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\Kobo
[2014/11/02 12:20:14 | 000,000,000 | ---D | C] -- C:\Users\AndyK\AppData\Local\MediaMonkey
[2014/11/02 12:19:56 | 000,000,000 | ---D | C] -- C:\Users\AndyK\AppData\Roaming\MediaMonkey
[2014/11/02 12:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
[2014/11/02 12:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMonkey
[2014/11/02 12:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\MediaMonkey
[2014/11/02 10:01:00 | 000,000,000 | ---D | C] -- C:\Users\AndyK\Documents\Calibre Import
[2014/11/02 09:38:34 | 000,000,000 | ---D | C] -- C:\Users\AndyK\Documents\My Kindle Content
[2014/11/02 09:37:31 | 000,000,000 | ---D | C] -- C:\Users\AndyK\AppData\Local\Amazon
[2014/10/26 20:35:22 | 000,000,000 | ---D | C] -- C:\Users\AndyK\Documents\Apps
[2014/10/26 18:32:38 | 000,764,416 | -HS- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2014/10/26 18:32:37 | 000,415,744 | -HS- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2014/10/26 18:32:35 | 000,070,656 | -HS- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2014/10/26 18:32:33 | 000,070,656 | -HS- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
[2014/10/26 18:29:04 | 000,000,000 | ---D | C] -- C:\Users\AndyK\Documents\eRightSoft
[2014/10/26 18:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
[2014/10/26 18:28:19 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2014/10/26 18:28:18 | 000,118,416 | RHS- | C] (FFmpeg Project) -- C:\Windows\System32\swscale-lav-2.dll
[2014/10/26 18:28:16 | 000,181,392 | RHS- | C] (FFmpeg Project) -- C:\Windows\System32\avutil-lav-52.dll
[2014/10/26 18:28:16 | 000,059,536 | RHS- | C] (FFmpeg Project) -- C:\Windows\System32\avresample-lav-1.dll
[2014/10/26 18:28:15 | 000,550,032 | RHS- | C] (FFmpeg Project) -- C:\Windows\System32\avformat-lav-55.dll
[2014/10/26 18:28:15 | 000,098,960 | RHS- | C] (FFmpeg Project) -- C:\Windows\System32\avfilter-lav-4.dll
[2014/10/26 18:28:11 | 003,109,520 | RHS- | C] (FFmpeg Project) -- C:\Windows\System32\avcodec-lav-55.dll
[2014/10/26 18:28:09 | 000,203,408 | RHS- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\System32\HLsplit.dll
[2014/10/26 18:28:09 | 000,122,512 | RHS- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\System32\HLaudio.dll
[2014/10/26 18:28:07 | 000,313,520 | RHS- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\System32\HLvideo.dll
[2014/10/26 18:28:05 | 000,017,408 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOFRDec.ax
[2014/10/26 18:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2014/10/26 17:42:05 | 000,000,000 | ---D | C] -- C:\Users\AndyK\AppData\Roaming\HandBrake
[2014/10/26 17:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2014/10/26 17:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\Free Codec Pack
[2014/10/26 17:07:24 | 000,000,000 | ---D | C] -- C:\Users\AndyK\AppData\Roaming\DVDVideoSoft
[2014/10/26 17:04:38 | 000,000,000 | ---D | C] -- C:\Users\AndyK\AppData\Roaming\ipadvideo_mate
[2014/10/26 16:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\VOWSoft
[2014/10/26 16:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABC 3GP Converter
[2014/10/26 16:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\ABC 3GP Converter
[2014/10/26 15:53:19 | 000,000,000 | ---D | C] -- C:\Users\AndyK\AppData\Roaming\WinAVI
[2014/10/26 15:53:19 | 000,000,000 | ---D | C] -- C:\Users\AndyK\AppData\Local\WinAVI
[2014/10/26 15:50:21 | 000,000,000 | ---D | C] -- C:\Users\AndyK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinAVI All-in-One Converter
[2014/10/26 15:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinAVI
[2014/10/24 20:19:42 | 000,000,000 | ---D | C] -- C:\Users\AndyK\Documents\SmartDraw
[2014/10/24 20:19:27 | 000,000,000 | ---D | C] -- C:\Users\AndyK\AppData\Roaming\SmartDraw
[2014/10/24 20:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw 2013
[2014/10/24 20:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\SmartDraw 2013
[2014/10/21 19:54:40 | 000,031,744 | ---- | C] (NetFilterSDK.com) -- C:\Windows\System32\drivers\netfilter.sys
[2014/10/21 17:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/10/21 17:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/19 20:09:42 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/11/19 19:52:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/19 19:14:36 | 000,002,265 | ---- | M] () -- C:\Users\AndyK\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/19 18:32:47 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/11/19 18:32:47 | 000,110,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/11/19 18:11:40 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/19 18:11:40 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/19 18:01:48 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2014/11/19 18:01:45 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/19 18:01:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/19 18:01:26 | 1601,093,632 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/18 07:23:29 | 000,000,218 | ---- | M] () -- C:\Users\AndyK\AppData\Local\recently-used.xbel
[2014/11/16 16:37:39 | 000,003,552 | ---- | M] () -- C:\bootsqm.dat
[2014/11/16 10:27:04 | 000,413,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/11/16 09:46:24 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/14 19:02:38 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies 3.lnk
[2014/11/14 19:02:33 | 000,001,979 | ---- | M] () -- C:\Users\AndyK\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies 3.lnk
[2014/11/12 17:51:40 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\Deluge.lnk
[2014/11/11 21:27:36 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/11 20:53:31 | 000,000,005 | ---- | M] () -- C:\end
[2014/11/11 20:47:58 | 000,001,678 | ---- | M] () -- C:\Windows\System32\${LOGFILE}
[2014/11/11 19:06:16 | 000,000,977 | ---- | M] () -- C:\Users\AndyK\Desktop\Tixati.lnk
[2014/11/08 20:11:03 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2014/11/06 18:33:17 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/11/06 18:24:28 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/11/02 22:48:56 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2014/11/02 22:14:59 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\Kobo.lnk
[2014/11/02 12:19:55 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2014/10/26 18:44:11 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2014/10/26 18:21:07 | 000,024,683 | ---- | M] () -- C:\S6Kg1.html
[2014/10/26 16:57:03 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\ABC 3GP Converter.lnk
[2014/10/26 15:50:21 | 000,001,346 | ---- | M] () -- C:\Users\AndyK\Desktop\WinAVI All-in-One Converter.lnk
[2014/10/24 20:19:34 | 000,001,018 | ---- | M] () -- C:\Users\AndyK\Desktop\SmartDraw 2013.lnk
[2014/10/24 20:19:20 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\SmartDraw 2013.lnk
[2014/10/23 19:56:19 | 000,007,605 | ---- | M] () -- C:\Users\AndyK\AppData\Local\Resmon.ResmonCfg
[2014/10/21 19:54:40 | 000,031,744 | ---- | M] (NetFilterSDK.com) -- C:\Windows\System32\drivers\netfilter.sys
 
========== Files Created - No Company Name ==========
 
[2014/11/18 07:23:29 | 000,000,218 | ---- | C] () -- C:\Users\AndyK\AppData\Local\recently-used.xbel
[2014/11/16 16:37:39 | 000,003,552 | ---- | C] () -- C:\bootsqm.dat
[2014/11/16 10:26:48 | 000,413,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/11/16 09:46:24 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/14 19:02:38 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies 3.lnk
[2014/11/14 19:02:33 | 000,001,979 | ---- | C] () -- C:\Users\AndyK\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies 3.lnk
[2014/11/12 17:51:40 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\Deluge.lnk
[2014/11/11 20:44:21 | 000,001,678 | ---- | C] () -- C:\Windows\System32\${LOGFILE}
[2014/11/11 20:37:05 | 000,000,005 | ---- | C] () -- C:\end
[2014/11/11 19:06:16 | 000,000,977 | ---- | C] () -- C:\Users\AndyK\Desktop\Tixati.lnk
[2014/11/08 20:11:03 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2014/11/06 18:33:17 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/11/06 18:24:28 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/11/02 22:48:56 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2014/11/02 22:14:59 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\Kobo.lnk
[2014/11/02 12:19:55 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2014/10/26 18:44:11 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2014/10/26 18:32:59 | 000,024,683 | ---- | C] () -- C:\S6Kg1.html
[2014/10/26 18:32:36 | 000,032,256 | -HS- | C] () -- C:\Windows\System32\AVSredirect.dll
[2014/10/26 18:28:17 | 000,109,712 | RHS- | C] () -- C:\Windows\System32\libbluray.dll
[2014/10/26 18:28:07 | 000,188,416 | RHS- | C] () -- C:\Windows\System32\winDCE32.dll
[2014/10/26 18:28:07 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2014/10/26 18:28:06 | 000,121,344 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.ax
[2014/10/26 18:28:05 | 000,112,128 | RHS- | C] () -- C:\Windows\System32\OptimFROG.dll
[2014/10/26 18:28:02 | 000,352,768 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
[2014/10/26 18:28:02 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
[2014/10/26 16:57:03 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\ABC 3GP Converter.lnk
[2014/10/26 15:50:21 | 000,001,346 | ---- | C] () -- C:\Users\AndyK\Desktop\WinAVI All-in-One Converter.lnk
[2014/10/24 20:19:34 | 000,001,048 | ---- | C] () -- C:\Users\AndyK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartDraw 2013.lnk
[2014/10/24 20:19:34 | 000,001,018 | ---- | C] () -- C:\Users\AndyK\Desktop\SmartDraw 2013.lnk
[2014/10/24 20:19:20 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\SmartDraw 2013.lnk
[2014/10/24 20:19:19 | 000,000,472 | ---- | C] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2014/10/23 19:56:19 | 000,007,605 | ---- | C] () -- C:\Users\AndyK\AppData\Local\Resmon.ResmonCfg
[2014/09/18 16:19:06 | 000,000,136 | ---- | C] () -- C:\Windows\Lexstat.ini
[2014/09/18 16:16:02 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdainpa.dll
[2014/09/18 16:16:02 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdaiesc.dll
[2014/09/18 16:16:02 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDAhcp.dll
[2014/09/18 16:16:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXDAinst.dll
[2014/09/18 16:16:01 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxdausb1.dll
[2014/09/18 16:16:01 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxdautil.dll
[2014/09/18 16:16:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxdaserv.dll
[2014/09/18 16:16:00 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdaprox.dll
[2014/09/18 16:15:59 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdapmui.dll
[2014/09/18 16:15:59 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdapplc.dll
[2014/09/18 16:15:58 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdalmpm.dll
[2014/09/18 16:15:57 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxdaih.exe
[2014/09/18 16:15:56 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxdahbn3.dll
[2014/09/18 16:15:54 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxdacoms.exe
[2014/09/18 16:15:53 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxdacomm.dll
[2014/09/18 16:15:52 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdacomc.dll
[2014/09/18 16:15:51 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxdacfg.exe
[2014/09/05 08:18:26 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/09/05 07:26:15 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2014/08/27 18:43:21 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/08/27 18:43:21 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2014/08/27 18:43:12 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2014/08/19 16:22:41 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo.dll
[2014/08/19 16:20:35 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 01:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/11/02 09:59:43 | 000,000,000 | ---D | M] -- C:\Users\AndyK\AppData\Roaming\calibre
[2014/11/13 20:26:11 | 000,000,000 | ---D | M] -- C:\Users\AndyK\AppData\Roaming\deluge
[2014/11/19 18:03:34 | 000,000,000 | ---D | M] -- C:\Users\AndyK\AppData\Roaming\Dropbox
[2014/11/08 19:53:18 | 000,000,000 | ---D | M] -- C:\Users\AndyK\AppData\Roaming\DVDVideoSoft
[2014/08/24 19:03:20 | 000,000,000 | ---D | M] -- C:\Users\AndyK\AppData\Roaming\Faasoft Audio Converter
[2014/10/26 17:44:54 | 000,000,000 | ---D | M] -- C:\Users\AndyK\AppData\Roaming\HandBrake
[2014/10/26 17:12:25 | 000,000,000 | ---D | M] -- C:\Users\AndyK\AppData\Roaming\ipadvideo_mate
[2014/11/15 21:34:23 | 000,000,000 | ---D | M] -- C:\Users\AndyK\AppData\Roaming\MediaMonkey
[2014/11/15 20:15:59 | 000,000,000 | ---D | M] -- C:\Users\AndyK\AppData\Roaming\Mp3tag
[2014/11/14 19:03:01 | 000,000,000 | ---D | M] -- C:\Users\AndyK\AppData\Roaming\Samsung
[2014/10/24 20:19:53 | 000,000,000 | ---D | M] -- C:\Users\AndyK\AppData\Roaming\SmartDraw
[2014/08/26 16:29:53 | 000,000,000 | ---D | M] -- C:\Users\AndyK\AppData\Roaming\Spotify
[2014/11/11 21:12:26 | 000,000,000 | ---D | M] -- C:\Users\AndyK\AppData\Roaming\Store
[2014/11/12 17:46:16 | 000,000,000 | ---D | M] -- C:\Users\AndyK\AppData\Roaming\tixati
[2014/11/11 20:29:34 | 000,000,000 | ---D | M] -- C:\Users\AndyK\AppData\Roaming\uTorrent
[2014/10/26 15:53:19 | 000,000,000 | ---D | M] -- C:\Users\AndyK\AppData\Roaming\WinAVI
[2014/10/05 19:05:44 | 000,000,000 | ---D | M] -- C:\Users\AndyK\AppData\Roaming\Windows Live Writer
[2014/11/19 18:13:39 | 000,000,000 | ---D | M] -- C:\Users\AndyK\AppData\Roaming\XBMC
[2014/09/21 20:17:16 | 000,000,000 | ---D | M] -- C:\Users\AndyK\AppData\Roaming\Xirrus
 
========== Purity Check ==========
 
 
 
< End of report >
 
 
OTL EXTRAS LOG:
 

OTL Extras logfile created on: 19/11/2014 20:20:34 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\AndyK\Downloads
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.99 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 31.26% Memory free
3.98 Gb Paging File | 1.79 Gb Available in Paging File | 45.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.74 Gb Total Space | 47.46 Gb Free Space | 40.66% Space Free | Partition Type: NTFS
Drive D: | 116.05 Gb Total Space | 50.83 Gb Free Space | 43.80% Space Free | Partition Type: NTFS
 
Computer Name: ANDYK-PC | User Name: AndyK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A1253C7-A1AB-4037-A996-AA3E5EF0E1C3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1C733021-4818-4725-ABE6-BBAD528CCA92}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1D8E8F68-C954-4303-AD11-BA7D7A96482F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{245E3A8F-8765-4E55-97A7-C25C428FDC88}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{349CAB98-67D5-4134-AC78-957B7444862A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{37829005-6083-4B5C-B698-CB5090D57202}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4315A9A5-8858-4BCD-BBA1-3F730C63F0BA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{489C76F7-592D-4395-AC5A-12272DA1EA64}" = lport=139 | protocol=6 | dir=in | app=system | 
"{53098E7A-0C86-4E83-9806-A446378F2B7C}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"{5E2F23CB-1C92-4588-B64F-ACD21AFD051F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5EAAFE81-7390-407E-A130-D50206B57123}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6893CEC1-E077-43A4-8446-AA00DB40358C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{71AD322F-AEE6-4F0F-9EAB-AFC5002D51EE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7BC1210F-828B-477D-A1F5-1641019D19C8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7BCF1D89-66F6-4B3D-8B7B-432E0D7BDDCF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8F98D363-9816-4A82-B706-D6CE3C2E598A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9221FB93-FEB3-494C-8E29-480807E495A5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{965EB0D5-5E02-4DC2-9F05-50F64F661E33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{994C048E-988E-4451-881D-3AB40146D428}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A1A5F6ED-C44A-4A4E-B3CC-0DB57F9A2B3B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C48EF945-9457-48EF-B291-77E66B09E09C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C7D95A00-FE1C-43ED-899F-7353A85A5E6F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{D7253EF7-CEF3-47E4-BDF0-C3D4E73BA112}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E197913E-1D75-4BF3-AB5A-355A00B69B94}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F1724CFD-6381-4A7F-94A8-AEBC85E0E0D1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F75D3639-AC06-4639-A6DE-F30F54A302CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E78F2E-B4CE-4EC7-AFA0-B1CCA9B506EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{16B1AB26-F01E-4226-A6BC-DD04AD90592A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{172EED49-D7E7-4412-ACA0-B8247F3A4EB4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{29D57C43-2F40-4D1D-BE7B-2D976921807B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2D8BA15F-8D1B-4A11-80BB-3D899AD01A00}" = dir=in | app=c:\users\andyk\appdata\local\microsoft\skydrive\skydrive.exe | 
"{302385B0-46EA-422C-BDB6-493683CBB909}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{352D839A-C1B9-4019-91CF-C18773B045F3}" = protocol=58 | dir=in | [email protected],-28545 | 
"{355B065C-AA39-445F-BA55-89DDDBFD476A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{3A79C04E-E671-42D6-AB78-6CCED358E0C4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{443398A2-5910-4B85-9907-350C98EFEB33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4523827A-08CB-47EB-BD67-776F0BA14BEB}" = protocol=17 | dir=in | app=c:\windows\system32\lxdacoms.exe | 
"{502B1E6A-6453-490B-9678-ED8EB834EF49}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{57EE90F4-ED97-4B41-B908-74A3E1FFDBAC}" = protocol=6 | dir=in | app=c:\windows\system32\lxdacoms.exe | 
"{58AB4F42-0CA4-4524-B865-4DC2BB0A9056}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{65A75074-2B09-43BA-9E73-4C521584EBA6}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{6A1F89B7-2A84-4AD6-9671-320F89EEC958}" = protocol=1 | dir=in | [email protected],-28543 | 
"{6FD4D822-CAC8-4FE5-8A21-5F61AC8B0E6A}" = protocol=1 | dir=out | [email protected],-28544 | 
"{7FCF8242-7F2C-4365-B9EE-5E41983ACEFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7FD5F47E-9747-4803-93B0-6EE666280B82}" = protocol=58 | dir=out | [email protected],-28546 | 
"{853C690E-3858-4B73-A4C6-BE14D4086D0F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{875675F1-DE85-4669-9B35-90FCF254926F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{88C42AA4-EA4C-45E4-AA3F-6CF2D1C88E67}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8D75931A-D2B3-47FB-B650-4E803F515A37}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{9B19B8B0-226B-4DC7-B759-B2860DE8A5DC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9D4D3E55-FF62-42AF-8595-F2D0E3B649A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9FD701C4-2AAD-4B7F-9873-7577C68857A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AC8B5F72-27CF-4666-ABE7-4BF1DBB5BECE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B0DBE09E-D53B-4F9B-91C6-3E44E53A1B2A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{C4837C1F-5C10-4156-948A-AE87C620CA99}" = protocol=6 | dir=in | app=c:\users\andyk\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C57A3404-6321-4584-944E-35D6FAC27C03}" = dir=in | app=c:\users\andyk\appdata\local\torch\application\torch.exe | 
"{C7F623ED-D1A7-4DDA-93AC-6460DE9BD492}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C8F6274F-C338-4838-A085-F15D19D71A26}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CCA0391F-E610-4265-B65D-3D22EB1AB439}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D217AEFB-F333-4AE7-8803-74F109CBC023}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D25E4DEC-E5DD-4F4D-9599-BEBAC610A256}" = dir=in | app=c:\users\andyk\appdata\local\torch\plugins\hola\hola_plugin.exe | 
"{EA89D619-0840-42CE-9467-80AAA07F61AD}" = protocol=17 | dir=in | app=c:\users\andyk\appdata\roaming\dropbox\bin\dropbox.exe | 
"{EB9FE5AB-14D8-415A-BC7A-0CD3522B2FC3}" = protocol=6 | dir=out | app=system | 
"TCP Query User{30AAB884-E29C-4B93-A583-22F796104BAA}C:\program files\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files\xbmc\xbmc.exe | 
"TCP Query User{9AA79857-29F7-4EC1-BAED-0A9B705BA6FB}C:\program files\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files\tixati\tixati.exe | 
"TCP Query User{9E8D03E6-D989-426C-80D1-8D538AD33811}C:\program files\java\jre7\bin\jp2launcher.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\jp2launcher.exe | 
"TCP Query User{A07F1560-4B71-4539-812E-370E5649D17A}C:\users\andyk\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\andyk\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{B7CAF445-0A6E-42E2-8B14-CDFFBB5BC6A7}C:\program files\deluge\deluge.exe" = protocol=6 | dir=in | app=c:\program files\deluge\deluge.exe | 
"TCP Query User{E20D2C5F-13E8-4B18-B9D5-132B83AA5EDC}C:\program files\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files\mediamonkey\mediamonkey.exe | 
"TCP Query User{F38F72B1-30E6-492C-BBF1-8E27C4C2D78C}C:\users\andyk\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\andyk\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{0C2776E2-A886-4BA7-AC7A-761CC2CEBA65}C:\program files\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files\xbmc\xbmc.exe | 
"UDP Query User{3F9158DD-8BE3-41E8-B38E-54E767DBED6B}C:\program files\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files\tixati\tixati.exe | 
"UDP Query User{6AEDD44B-85D1-439E-AFDA-3893F38718E9}C:\program files\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files\mediamonkey\mediamonkey.exe | 
"UDP Query User{A31A3C79-CD8F-464C-92E5-18B3E3509B59}C:\program files\java\jre7\bin\jp2launcher.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\jp2launcher.exe | 
"UDP Query User{A7761DCD-112B-491E-B530-A31E3B55FCED}C:\program files\deluge\deluge.exe" = protocol=17 | dir=in | app=c:\program files\deluge\deluge.exe | 
"UDP Query User{BD48B892-4397-45F5-8639-71513B17E6D5}C:\users\andyk\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\andyk\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{E39A2263-4A02-44BD-95A1-81D6CCF41718}C:\users\andyk\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\andyk\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
"{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources
"{107F27B7-8EE4-4B3A-9CE5-497B120369DC}" = Microsoft Security Client
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{235EBB33-3DA1-46DF-AADE-9955123409CB}" = Apple Mobile Device Support
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{277DE249-EA23-43F1-888B-19CE25D708C3}" = Windows Live Family Safety
"{286DDBD0-6355-428F-8BD5-822CF08606EC}" = Windows Live MIME IFilter
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{348A1F5B-07B3-4436-9A47-FFE44EFE856E}" = HP Support Solutions Framework
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{48781AC2-0939-4D66-98F2-235328E46790}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BAB923C-1ACA-4697-ACA5-C1B5037091BF}" = Windows Live Mail
"{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}" = iTunes
"{6152DEA9-EA0C-4013-9DBF-4A8881A7F722}" = Windows Live Family Safety
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{7171E82A-E90A-4155-9040-6006CEE64DDC}" = Windows Live Writer Resources
"{74CECDD9-4B8E-4AE3-9571-8070A17F3C34}" = EZCast
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C79A0FB-4C96-4538-B443-D99BDBA34995}" = calibre
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E2A18E2-96AF-8649-4DE7-5C06C90719A4}_is1" = SUPER © v2014.build.62+Recorder (2014/09/21) version v2014.buil
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Office Subscription (English) 2010
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91140000-011D-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus Subscription 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C33D2E-8892-40CC-B8FB-E8CC68530D8B}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0332229-4EF7-4A36-AED8-E5876EB2DF86}" = Windows Live UX Platform Language Pack
"{A2DC527D-FA79-46E9-973F-920897CA55E9}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6EE263-E4DD-4150-9014-689B1D4A3315}" = iCloud
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B1D0122C-6BE2-47A2-82AE-0BB3F6C91C49}" = Photo Common
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B6A96E8C-FC88-46F5-800E-6845B4ACA459}" = Photo Gallery
"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
"{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}" = Windows Live Mail
"{BAD984EE-790E-4513-A428-3BE2D426DCA7}" = Windows Live Messenger
"{BBB21AB1-2C45-435D-A05A-B563072E7B9B}" = Xirrus Wi-Fi Inspector
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C74DCAC0-DDB3-4135-A70C-0553BF9490BC}" = Windows Live Family Safety
"{C89AD07D-CAA0-4BF2-A2E8-A851B71FD698}" = Microsoft Online Services Sign-in Assistant
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F8F630A7-6789-44D5-8653-3B27969CF337}" = Windows Live Essentials
"ABC 3GP/MP4 Converter" = ABC 3GP/MP4 Converter 3.00
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"BlazeDTV 6.0_is1" = BlazeDTV 6.0
"CCleaner" = CCleaner
"Deluge" = Deluge 1.3.10
"FAC95C88-898B-A73A-BC32-000000B100" = Idle Crawler
"Freemake Audio Converter_is1" = Freemake Audio Converter version 1.1.0
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"Kobo" = Kobo
"Lexmark 640 Series" = Lexmark 640 Series
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025
"MediaMonkey_is1" = MediaMonkey 4.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mp3tag" = Mp3tag v2.63
"MyDriveConnect" = MyDriveConnect 3.3.0.1756
"Office14.PROPLUSSUB" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"SmartDraw 2013" = SmartDraw 2013
"tixati" = Tixati
"VLC media player" = VLC media player
"WinAVI All-in-One Converter" = WinAVI All-in-One Converter
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.11 (32-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"OneDriveSetup.exe" = Microsoft OneDrive
"Spotify" = Spotify
"Torch" = Torch
"XBMC" = XBMC
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16/11/2014 15:05:39 | Computer Name = AndyK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16/11/2014 15:05:39 | Computer Name = AndyK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1186
 
Error - 16/11/2014 15:05:39 | Computer Name = AndyK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1186
 
Error - 16/11/2014 15:05:40 | Computer Name = AndyK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16/11/2014 15:05:40 | Computer Name = AndyK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2449
 
Error - 16/11/2014 15:05:40 | Computer Name = AndyK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2449
 
Error - 16/11/2014 15:05:42 | Computer Name = AndyK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16/11/2014 15:05:42 | Computer Name = AndyK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3760
 
Error - 16/11/2014 15:05:42 | Computer Name = AndyK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3760
 
[ System Events ]
Error - 19/11/2014 15:37:56 | Computer Name = AndyK-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 19/11/2014 15:50:32 | Computer Name = AndyK-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 19/11/2014 16:03:22 | Computer Name = AndyK-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 19/11/2014 16:14:54 | Computer Name = AndyK-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 19/11/2014 16:22:15 | Computer Name = AndyK-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 19/11/2014 16:31:37 | Computer Name = AndyK-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 19/11/2014 16:40:53 | Computer Name = AndyK-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 19/11/2014 16:52:29 | Computer Name = AndyK-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 19/11/2014 17:02:58 | Computer Name = AndyK-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 19/11/2014 17:12:34 | Computer Name = AndyK-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
 

 


  • 0

Advertisements

#2
Teima
Posted 19 November 2014 - 04:00 PM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello andyk68, 
 
My name is Teima and I'll be happy to assist you with this issue. Before we commence I'd like to ask that you take into careful thought of the points which I've listed below as they will beneficial to the guidance as to which I'll present yourself with here on Geekstogo. :)
 
Notes before we commence:
  • It's important that you reply within four days. If you haven't replied within that time, the thread will be closed.
  • As the process of malware removal is often challenging at times I'd like you to take into consideration that it may take multiple replies in order to resolve the issue/issues present.
  • If you are uncertain about any of the steps as to which I present yourself with. Please feel free to ask myself for further clarification.
  • It's important that you don't use tools which have been recommended for other users of the forum, failure to follow these guidelines will most likely result in an unbootable machine.
  • These steps only apply for the user "andyk68". If you're reading this thread and you're requiring assistance, then read this thread and follow the listed steps carefully.
  • The absence of symptoms does not necessarily mean that your system is clean. Please stick with me until I state that your system is clean.
  • If It's been a total of three days and you've yet to receive a response from myself. Please send myself a reminder by clicking here and attaching the appropriate thread link where I can respond.
Extra
 
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have two people examining your issue. Thanks for your consideration. :thumbsup:
  • 0

#3
andyk68
Posted 20 November 2014 - 01:00 AM

andyk68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

Thank You Teima.


  • 0

#4
Teima
Posted 20 November 2014 - 05:31 AM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts

Thank You Teima.

You're most welcome! :)
  • P2P Warning
    **IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
    • Tixati 
    I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

    My recommendation is that you uninstall the programs listed above. If you choose not to remove them, please do not use them until this computer is clean.
Step One
  • Fix with OTL
    • Re-run OTL by right clicking and choosing Run as administrator;
    • Under the Custom Scans/Fixes Box copy and paste the following contents:
      :commands
[createrestorepoint]

:OTL
MOD - [2014/11/10 13:46:56 | 000,120,368 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\WdcMan.dll
MOD - [2014/11/10 13:46:50 | 000,054,320 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\WbSes.dll
MOD - [2014/11/10 13:46:40 | 000,122,416 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\WblSupp.dll
MOD - [2014/11/10 13:46:28 | 000,043,056 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\PrfIns.dll
MOD - [2014/11/10 13:46:10 | 000,093,232 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\ManXec.dll
MOD - [2014/11/10 13:45:56 | 000,101,936 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\CmnUtls.dll
MOD - [2014/11/10 13:45:38 | 000,070,704 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\CmdProc.dll
MOD - [2014/11/10 13:44:48 | 000,382,000 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Runner.exe
MOD - [2014/10/23 08:26:48 | 008,569,856 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\pdf.dll
MOD - [2014/10/23 08:23:07 | 000,880,128 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\ffmpegsumo.dll
MOD - [2014/10/23 08:20:35 | 000,324,608 | ---- | M] () -- C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\ppGoogleNaClPluginChrome.dll
SRV - [2014/10/21 19:54:40 | 000,161,280 | ---- | M] () [Auto | Running] -- C:\Program Files\116FC117-A4FD-4F86-9840-14C9CD63BFCE\zkurwblqyk.exe -- (CouponarificService)
O4 - HKLM..\Run: [mbot_gb_208] File not found

:Files
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:commands
[EMPTYTEMP]
[RESETHOSTS]
    • Click on "Run Fix" and let the program run unhindered;
    • Your PC will reboot automatically and a log will be opened;
    • Please post it in your next reply.
Step Two
  • Scan with Farbar Recovery Scan Tool
    • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
      Download link for 32 bit system
      Download link for 64 bit system
    • Right-click on the program and choose Run as administrator;
    • Put tick-mark on all boxes under Whitelist and Optional Scan;
    • Click on Scan;
    • After the scan two notepad files will be opened --
      • FRST.txt;
      • Addition.txt
    • Copy and Paste the contents of the logs in your next reply.
Step Three
Create a MBAM-Check Log:
  • Download mbam-check.exe from here and save it to your desktop
  • Right-click on mbam-check.exe and select Run as Administrator to launch the application, it should then open a log file upon completion
  • Please post the CheckResults.txt file which should now be located on your desktop to your next response.

  • 0

#5
andyk68
Posted 20 November 2014 - 01:00 PM

andyk68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

OTL FIX LOG:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service CouponarificService stopped successfully!
Service CouponarificService deleted successfully!
C:\Program Files\116FC117-A4FD-4F86-9840-14C9CD63BFCE\zkurwblqyk.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mbot_gb_208 deleted successfully.
========== FILES ==========
< netsh advfirewall reset /c >
Ok.
C:\Users\AndyK\Downloads\cmd.bat deleted successfully.
C:\Users\AndyK\Downloads\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\AndyK\Downloads\cmd.bat deleted successfully.
C:\Users\AndyK\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: administrator
->Temp folder emptied: 725792113 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: AndyK
->Temp folder emptied: 99456613 bytes
->Temporary Internet Files folder emptied: 720154 bytes
->Java cache emptied: 50648 bytes
->FireFox cache emptied: 2066332 bytes
->Google Chrome cache emptied: 351503526 bytes
->Flash cache emptied: 1587 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: kinsea
->Temp folder emptied: 4754206 bytes
->Temporary Internet Files folder emptied: 13343549 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 598 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 47707 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,143.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11202014_183715
 
Files\Folders moved on Reboot...
C:\Windows\temp\CompatTelemetryLogs\diagerr.xml moved successfully.
C:\Windows\temp\CompatTelemetryLogs\diagwrn.xml moved successfully.
C:\Windows\temp\CompatTelemetryLogs\setupact.log moved successfully.
C:\Windows\temp\CompatTelemetryLogs\setuperr.log moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

  • 0

#6
andyk68
Posted 20 November 2014 - 01:15 PM

andyk68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

First.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2014
Ran by AndyK (administrator) on ANDYK-PC on 20-11-2014 19:02:54
Running from C:\Users\AndyK\Downloads
Loaded Profile: AndyK (Available profiles: AndyK)
Platform: Microsoft Windows 7 Professional  (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ITE Tech. Inc.) C:\Windows\System32\IRMonitor.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
( ) C:\Windows\System32\lxdacoms.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE14\osa.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(TorchMedia Inc.) C:\Users\AndyK\AppData\Local\Torch\Update\TorchCrashHandler.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Runner.exe
(The Chromium Authors) C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE14\osaui.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(BlazeVideo Company) C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
(Spotify Ltd) C:\Users\AndyK\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Dropbox, Inc.) C:\Users\AndyK\AppData\Roaming\Dropbox\bin\Dropbox.exe
(The Chromium Authors) C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(The Chromium Authors) C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [OfficeSubscriptionAgent] => C:\Program Files\Common Files\Microsoft Shared\OFFICE14\osaui.exe [932160 2011-11-16] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKU\S-1-5-21-3605640944-2500114542-2589134957-1001\...\Run: [BlazeServoTool] => C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe [286720 2010-03-06] (BlazeVideo Company)
HKU\S-1-5-21-3605640944-2500114542-2589134957-1001\...\Run: [Spotify Web Helper] => C:\Users\AndyK\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-25] (Spotify Ltd)
HKU\S-1-5-21-3605640944-2500114542-2589134957-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-3605640944-2500114542-2589134957-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3605640944-2500114542-2589134957-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3605640944-2500114542-2589134957-1001\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-08-20] (Microsoft Corporation)
Startup: C:\Users\AndyK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\AndyK\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58623;https=127.0.0.1:58623
HKU\S-1-5-21-3605640944-2500114542-2589134957-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKU\S-1-5-21-3605640944-2500114542-2589134957-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-3605640944-2500114542-2589134957-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6378797E15BBCF01
HKU\S-1-5-21-3605640944-2500114542-2589134957-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
SearchScopes: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001 -> DefaultScope {AA671EA0-085D-404A-9600-DF709CAF2039} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001 -> {AA671EA0-085D-404A-9600-DF709CAF2039} URL = https://www.google.c...q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF ProfilePath: C:\Users\AndyK\AppData\Roaming\Mozilla\Firefox\Profiles\k728zu8d.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: TorchVLC -> C:\Users\AndyK\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\AndyK\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\AndyK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\AndyK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\AndyK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-18]
CHR Extension: (Adblock Plus) - C:\Users\AndyK\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-18]
CHR Extension: (Google Search) - C:\Users\AndyK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-18]
CHR Extension: (Google Wallet) - C:\Users\AndyK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18]
CHR Extension: (Gmail) - C:\Users\AndyK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-18]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
R2 lxda_device; C:\Windows\system32\lxdacoms.exe [537520 2007-04-26] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1590560 2012-05-17] (Microsoft Corp.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 osubsvc; C:\Program Files\Common Files\Microsoft Shared\OFFICE14\osa.exe [493384 2011-11-16] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
R2 TorchCrashHandler; C:\Users\AndyK\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2014-10-29] (TorchMedia Inc.) <==== ATTENTION
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [145664 2014-08-19] (ITE                      )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [31744 2014-10-21] (NetFilterSDK.com) [File not signed]
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [230944 2010-06-14] (Realtek Semiconductor Corp.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [629760 2010-08-10] (Realtek Semiconductor Corporation                           )
R3 subvgaproduct; C:\Windows\System32\DRIVERS\subvga.sys [4608 2014-09-11] (Windows ® Win 7 DDK provider)
S3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [53760 2010-04-26] (TOSHIBA Corporation) [File not signed]
S1 MpKslcfa654ac; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9510D086-CD02-4B8D-89C5-D98707CAC517}\MpKslcfa654ac.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\DRIVERS\1394ohci.sys 6D2ACA41739BFE8CB86EE8E85F29697D
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys DDC040FDB01EF1712A6B13E52AFB104C
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsata.sys 2101A86C25C154F8314B24EF49D7FBC2
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdxata.sys B81C2B5616F6420A9941EA093A92B150
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys FCAFAEF6798D7B51FF029F99A9898961
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BTHport.sys 4A34888E13224678DD062466AFEC4240
C:\Windows\System32\Drivers\BTHUSB.sys FA04C63916FA221DBB91FCE153D07A55
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 8E09E52EE2E3CEB199EF3DD99CF9E3FB
C:\Windows\System32\DRIVERS\ssudbus.sys 7A5FB3E4E0D77740D56E516EE6B2DC2B
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys C94B6C3CC628179CB9B9061C19888B99
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 2262614848962DDB38FFB7C883E6FB55
C:\Windows\system32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iaStorV.sys 934AF4D7C5F457B9F0743F4299B77B67
C:\Windows\System32\DRIVERS\igdkmd32.sys BA41E1BBA410212CE6D30E0DAC47972B
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\IT9135BDA.sys D6B1C1D0875062D452906002C2C79007
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 6460D4A5C981567E74A7AC1349DE10F5
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys F4A054BE78AF7F410129C4B64B07DC9B
C:\Windows\System32\DRIVERS\mrxsmb10.sys DEFFA295BD1895C6ED8E3078412AC60B
C:\Windows\System32\DRIVERS\mrxsmb20.sys 24D76ABE5DCAD22F19D105F76FDF0CE1
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\drivers\netfilter.sys 1886A12A5610EF95C2958A2A35DCAB4C
C:\Windows\System32\DRIVERS\netr28.sys 652881F65B35564575255A0E05E23C55
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 6A83B8AF342E61DEE353BAA81F67B7DA
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys 3795DCD21F740EE799FB7223234215AF
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nvraid.sys 3F3D04B1D08D43C16EA7963954EC768D
C:\Windows\system32\DRIVERS\nvstor.sys C99F251A5DE63C6F129CF71933ACED0F
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys C858CB77C577780ECC456A892E7E7D0F
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 835D7E81BF517A3B72384BDCC85E1CE6
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys 1E016846895B15A99F9A176A05029075
C:\Windows\System32\drivers\rdpdr.sys C5FF95883FFEF704D50C40D21CFB3AB5
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\system32\Drivers\RDPWD.sys 801371BA9782282892D00AADB08EE367
C:\Windows\System32\drivers\rdyboost.sys 4EA225BF1CF05E158853F30A99CA29A7
C:\Windows\System32\DRIVERS\rfcomm.sys CB928D9E6DAF51879DD6BA8D02F01321
C:\Windows\System32\DRIVERS\RtsPStor.sys 2AD7B2B3D7A10AE3D534877D543EED74
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt86win7.sys 0516998076AD894AE7E362C3110AA071
C:\Windows\System32\DRIVERS\RTL8192cu.sys 2D4705361D73E83BD55FC7D9CACBF7BA
C:\Windows\system32\DRIVERS\vms3cap.sys 5423D8437051E89DD34749F242C98648
C:\Windows\system32\DRIVERS\sbp2port.sys 34EE0C44B724E3E4CE2EFF29126DE5B5
C:\Windows\System32\DRIVERS\scfilter.sys A95C54B2AC3CC9C73FCDF9E51A1D6B51
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys 4F1E5B0FE7C8050668DBFADE8999AEFB
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 2BA4EBC7DFBA845A1EDBE1F75913BE33
C:\Windows\System32\DRIVERS\srv2.sys DCE7E10FEAABD4CAE95948B3DE5340BB
C:\Windows\System32\DRIVERS\srvnet.sys B5665BAA2120B8A54E22E9CD07C05106
C:\Windows\System32\DRIVERS\ssudmdm.sys 5EE6503C932CB79B493E4B4D8E23D219
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt.sys DADB74BF26766757DBBA9C5912969EBF
C:\Windows\System32\DRIVERS\vmstorfl.sys 957E346CA948668F2496A6CCF6FF82CC
C:\Windows\system32\DRIVERS\storvsc.sys D5751969DC3E4B88BF482AC8EC9FE019
C:\Windows\System32\DRIVERS\subvga.sys C1C96A38048C6404C48DAE5B9653134C
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 63170B9EE1D0EF0032F0408605671D1A
C:\Windows\System32\DRIVERS\tcpip.sys 63170B9EE1D0EF0032F0408605671D1A
C:\Windows\System32\drivers\tcpipreg.sys E64444523ADD154F86567C469BC0B17F
C:\Windows\System32\drivers\tdpipe.sys 1875C1490D99E70E449E3AFAE9FCBADF
C:\Windows\System32\drivers\tdtcp.sys 7551E91EA999EE9A8E9C331D5A9C31F3
C:\Windows\System32\DRIVERS\tdx.sys CB39E896A2A83702D1737BFD402B3542
C:\Windows\System32\DRIVERS\termdd.sys C36F41EE20E6999DBF4B0425963268A5
C:\Windows\System32\DRIVERS\tosporte.sys 90AFA1A4451BBBEE87C9F18A665D8121
C:\Windows\System32\DRIVERS\tosrfbd.sys EB38D3D0EEF0588A4C0AEAF2825C066A
C:\Windows\System32\Drivers\tosrfbnp.sys 75CD3C238A0FFC66C4581C3870C09314
C:\Windows\System32\Drivers\tosrfcom.sys B551D3F266DDA311256F963E8CFD1E9B
C:\Windows\System32\DRIVERS\Tosrfhid.sys F3E8762163EE87F3AC95537584CF5B4F
C:\Windows\System32\DRIVERS\tosrfnds.sys B2A1A6538245FD69578224BBF2FD4677
C:\Windows\System32\drivers\tosrfsnd.sys 3DE5CBB4F8EB64563CE08E8EC7458D03
C:\Windows\System32\DRIVERS\tosrfusb.sys 60380640BAF7700A19E9BF8C939EA958
C:\Windows\System32\DRIVERS\tssecsrv.sys 98AE6FA07D12CB4EC5CF4A9BFA5F4242
C:\Windows\System32\DRIVERS\tunnel.sys 3E461D890A97F9D4C168F5FDA36E1D00
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys 09CC3E16F8E5EE7168E01CF8FCBE061A
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 049B3A50B3D646BAEEEE9EEC9B0668DC
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl.sys EC1C23779BB41A8B2AB2AA6FCE308BDE
C:\Windows\System32\DRIVERS\usbccgp.sys 8455C4ED038EFD09E99327F9D2D48FFA
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 1C333BFD60F2FED2C7AD5DAF533CB742
C:\Windows\System32\DRIVERS\usbhub.sys EE6EF93CCFA94FAE8C6AB298273D8AE2
C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS D8889D56E0D27E57ED4591837FE71D27
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys F642A7E4BF78CFA359CCA0A3557C28D7
C:\Windows\System32\DRIVERS\usb8023x.sys D82F43D15FDAA666856C0190CB73E7C9
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys 3BE6E1F3A4F1AFEC8CEE0D7883F93583
C:\Windows\system32\DRIVERS\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vmbus.sys 379B349F65F453D2A6E75EA6B7448E49
C:\Windows\system32\DRIVERS\VMBusHID.sys EC2BBAB4B84D0738C6C83D2234DC36FE
C:\Windows\System32\DRIVERS\volmgr.sys 384E5A2AA49934295171E499F86BA6F3
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volsnap.sys 58DF9D2481A56EDDE167E51B334D44FD
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\System32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys 30FC6E5448D0CBAAA95280EEEF7FEDAE
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 6F9B6C0C93232CFF47D0F72D6DB1D21E
C:\Windows\System32\DRIVERS\WUDFRd.sys F91FF1E51FCA30B3C3981DB7D5924252
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-20 19:02 - 2014-11-20 19:04 - 00032529 _____ () C:\Users\AndyK\Downloads\FRST.txt
2014-11-20 19:02 - 2014-11-20 19:03 - 00000000 ____D () C:\FRST
2014-11-20 19:00 - 2014-11-20 19:01 - 01108992 _____ (Farbar) C:\Users\AndyK\Downloads\FRST.exe
2014-11-20 18:37 - 2014-11-20 18:37 - 00000000 ____D () C:\_OTL
2014-11-20 18:24 - 2014-11-20 18:50 - 00000112 _____ () C:\Windows\setupact.log
2014-11-20 18:24 - 2014-11-20 18:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-19 21:16 - 2014-11-19 21:16 - 00052774 _____ () C:\Users\AndyK\Downloads\Extras.Txt
2014-11-19 21:15 - 2014-11-19 21:15 - 00093052 _____ () C:\Users\AndyK\Downloads\OTL.Txt
2014-11-19 20:19 - 2014-11-19 20:19 - 00602112 _____ (OldTimer Tools) C:\Users\AndyK\Downloads\OTL.exe
2014-11-18 19:08 - 2014-11-18 19:28 - 227223309 _____ () C:\Users\AndyK\Downloads\cm11.0_golden.nova.20141115.zip
2014-11-18 07:23 - 2014-11-18 07:23 - 00000218 _____ () C:\Users\AndyK\AppData\Local\recently-used.xbel
2014-11-18 06:49 - 2014-11-18 06:52 - 00000000 ____D () C:\Users\AndyK\Downloads\Gotham.S01E09.HDTV.x264-LOL[rarbg]
2014-11-16 16:37 - 2014-11-16 16:37 - 00003552 ____N () C:\bootsqm.dat
2014-11-16 10:26 - 2014-11-16 10:27 - 00413880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-16 09:47 - 2014-11-19 20:09 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-16 09:46 - 2014-11-16 09:46 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-16 09:46 - 2014-11-16 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-16 09:45 - 2014-11-16 09:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-16 09:45 - 2014-11-16 09:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-16 09:45 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-16 09:45 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-16 09:45 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-16 09:32 - 2014-11-16 09:32 - 00109952 _____ () C:\Users\AndyK\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-14 20:55 - 2014-11-14 21:06 - 93071628 _____ () C:\Users\AndyK\Downloads\pa_gapps-modular-micro-4.4.4-20140629-signed.zip
2014-11-14 20:55 - 2014-11-14 20:59 - 20439283 _____ () C:\Users\AndyK\Downloads\HighOnAndroid.comOnePlusOneConvert-V1.2.zip
2014-11-14 20:45 - 2014-11-14 20:45 - 04693298 _____ () C:\Users\AndyK\Downloads\gapps-gb-20110114-signed.zip
2014-11-14 20:00 - 2014-11-14 20:00 - 00000000 ____D () C:\Users\AndyK\Downloads\ViPER4Android_FX_v2330
2014-11-14 19:57 - 2014-11-14 19:58 - 07823621 _____ () C:\Users\AndyK\Downloads\ViPER4Android_FX_v2330.zip
2014-11-14 19:53 - 2014-11-14 20:16 - 261181295 _____ () C:\Users\AndyK\Downloads\pa_gapps-modular-full-4.4.4-20141025-signed.zip
2014-11-14 19:02 - 2014-11-14 19:02 - 00001955 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-11-14 19:02 - 2014-11-14 19:02 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-11-14 19:02 - 2014-11-14 19:02 - 00000000 ____D () C:\Users\AndyK\Documents\SelfMV
2014-11-14 19:02 - 2014-11-14 19:02 - 00000000 ____D () C:\Users\AndyK\Documents\samsung
2014-11-14 19:02 - 2014-11-14 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-11-14 19:00 - 2014-06-16 06:01 - 00184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-11-14 19:00 - 2014-06-16 06:01 - 00089856 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-11-14 18:54 - 2014-11-14 19:03 - 00000000 ____D () C:\Users\AndyK\AppData\Roaming\Samsung
2014-11-14 18:54 - 2014-09-24 18:54 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll
2014-11-14 18:43 - 2014-11-14 18:45 - 41860496 _____ (Samsung Electronics Co., Ltd.) C:\Users\AndyK\Downloads\Kies3Setup.exe
2014-11-14 17:45 - 2014-11-14 17:57 - 331056413 _____ () C:\Users\AndyK\Downloads\pa_gapps-stock-4.4.4-20141110-signed.zip
2014-11-14 17:41 - 2014-11-14 17:41 - 08413964 _____ () C:\Users\AndyK\Downloads\twrp2.8_golden.nova.20140911.zip
2014-11-14 17:37 - 2014-11-14 17:47 - 226610081 _____ () C:\Users\AndyK\Downloads\cm11.0_golden.nova.20141101.zip
2014-11-13 20:16 - 2014-11-18 07:12 - 00000000 ____D () C:\Users\AndyK\Downloads\Paul McCartney - Wingspan-Hits And History [2001][320 KBPS]
2014-11-12 17:59 - 2014-11-13 20:16 - 00000000 ____D () C:\Users\AndyK\Downloads\Christmas Vacation (1989)
2014-11-12 17:58 - 2014-11-13 20:26 - 00000000 ____D () C:\Users\AndyK\AppData\Roaming\deluge
2014-11-12 17:58 - 2014-11-13 20:18 - 00000000 ____D () C:\Users\AndyK\Downloads\Gladiator EXTENDED REMASTERED (2000)
2014-11-12 17:51 - 2014-11-12 17:51 - 00000977 _____ () C:\Users\Public\Desktop\Deluge.lnk
2014-11-12 17:51 - 2014-11-12 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2014-11-12 17:50 - 2014-11-12 17:51 - 00000000 ____D () C:\Program Files\Deluge
2014-11-12 17:47 - 2014-11-12 17:49 - 13590531 _____ () C:\Users\AndyK\Downloads\deluge-1.3.10-win32-setup.exe
2014-11-12 17:44 - 2014-11-05 02:33 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 17:44 - 2014-11-05 02:33 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 17:44 - 2014-11-05 02:29 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 21:23 - 2014-11-11 21:26 - 04977216 _____ (Piriform Ltd) C:\Users\AndyK\Downloads\ccsetup419.exe
2014-11-11 20:52 - 2014-11-11 20:52 - 00000000 ____D () C:\Program Files\predm
2014-11-11 20:46 - 2014-11-16 17:58 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-11-11 20:44 - 2014-11-11 20:47 - 00001678 _____ () C:\Windows\system32\${LOGFILE}
2014-11-11 20:41 - 2014-11-11 21:12 - 00000000 ____D () C:\Users\AndyK\AppData\Roaming\Store
2014-11-11 20:41 - 2014-11-11 20:41 - 00000374 _____ () C:\Users\AndyK\AppData\Roaming\WindApp.installation.log
2014-11-11 20:38 - 2014-11-11 20:47 - 00000000 ____D () C:\Users\AndyK\AppData\Roaming\Nosibay
2014-11-11 20:37 - 2014-11-20 18:38 - 00000000 ____D () C:\Program Files\116FC117-A4FD-4F86-9840-14C9CD63BFCE
2014-11-11 20:37 - 2014-11-20 06:47 - 00000000 ____D () C:\Program Files\Couponarific
2014-11-11 20:37 - 2014-11-11 20:53 - 00000005 _____ () C:\end
2014-11-11 20:37 - 2014-11-11 20:41 - 00005772 _____ () C:\Users\AndyK\AppData\Roaming\Bubble Dock.installation.log
2014-11-11 20:31 - 2014-11-11 20:48 - 00000000 ____D () C:\Program Files\ShopSave Toolbar
2014-11-11 20:30 - 2014-11-11 20:46 - 00000000 ____D () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100
2014-11-11 20:25 - 2014-11-11 20:25 - 00000097 _____ () C:\Users\AndyK\AppData\Roaming\WindApp.boostrap.log
2014-11-11 20:24 - 2014-11-11 20:25 - 00001226 _____ () C:\Users\AndyK\AppData\Roaming\Bubble Dock.boostrap.log
2014-11-11 19:04 - 2014-11-11 19:05 - 10103072 _____ () C:\Users\AndyK\Downloads\tixati-1.99-1.win32-install.exe
2014-11-09 21:37 - 2014-11-09 21:37 - 00128969 _____ () C:\Users\AndyK\Downloads\django
2014-11-08 20:11 - 2014-11-08 20:11 - 00001104 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-11-08 20:00 - 2014-11-08 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-11-08 19:48 - 2014-11-08 19:52 - 17385800 _____ (Google Inc.) C:\Users\AndyK\Downloads\picasa39-setup.exe
2014-11-06 21:13 - 2014-11-06 21:31 - 164677435 ____R () C:\Users\AndyK\Downloads\American.Horror.Story.S04E05.720p.HDTV.2CH.x265.HEVC-PSA.mkv
2014-11-06 18:38 - 2014-11-06 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-11-06 18:33 - 2014-11-06 18:33 - 00001851 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-06 18:33 - 2014-11-06 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-06 18:31 - 2014-11-06 18:33 - 00000000 ____D () C:\Program Files\QuickTime
2014-11-06 18:24 - 2014-11-06 18:24 - 00001789 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-06 18:24 - 2014-11-06 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-06 18:20 - 2014-11-06 18:24 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-06 18:20 - 2014-11-06 18:24 - 00000000 ____D () C:\Program Files\iTunes
2014-11-06 18:20 - 2014-11-06 18:20 - 00000000 ____D () C:\Program Files\iPod
2014-11-06 18:09 - 2014-11-06 18:52 - 00000000 ____D () C:\Users\AndyK\Downloads\Liverpool
2014-11-02 22:48 - 2014-11-02 22:48 - 00000966 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-11-02 22:39 - 2014-11-02 22:45 - 62312448 _____ () C:\Users\AndyK\Downloads\calibre-2.8.0.msi
2014-11-02 22:18 - 2014-11-02 22:18 - 00000000 ____D () C:\Users\AndyK\AppData\Local\Kobo
2014-11-02 22:18 - 2014-11-02 22:18 - 00000000 ____D () C:\koboExtStorage
2014-11-02 22:14 - 2014-11-02 22:14 - 00000961 _____ () C:\Users\Public\Desktop\Kobo.lnk
2014-11-02 22:14 - 2014-11-02 22:14 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-02 22:14 - 2014-11-02 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo
2014-11-02 22:13 - 2014-11-02 22:14 - 00000000 ____D () C:\Windows\tmp
2014-11-02 22:13 - 2014-11-02 22:14 - 00000000 ____D () C:\Program Files\Kobo
2014-11-02 22:05 - 2014-11-02 22:11 - 56556080 _____ () C:\Users\AndyK\Downloads\kobosetup.exe
2014-11-02 17:27 - 2014-11-02 17:29 - 00000000 ____D () C:\Users\AndyK\Downloads\[ www.Torrentday.com ] - Dawn.of.the.Planet.of.the.Apes.2014.DVDRip.x264-ALLiANCE
2014-11-02 12:20 - 2014-11-02 12:20 - 00000000 ____D () C:\Users\AndyK\AppData\Local\MediaMonkey
2014-11-02 12:19 - 2014-11-15 21:34 - 00000000 ____D () C:\Users\AndyK\AppData\Roaming\MediaMonkey
2014-11-02 12:19 - 2014-11-02 12:19 - 00001041 _____ () C:\Users\Public\Desktop\MediaMonkey.lnk
2014-11-02 12:19 - 2014-11-02 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2014-11-02 12:19 - 2014-11-02 12:19 - 00000000 ____D () C:\ProgramData\MediaMonkey
2014-11-02 12:18 - 2014-11-02 12:19 - 00000000 ____D () C:\Program Files\MediaMonkey
2014-11-02 12:16 - 2014-11-02 12:18 - 15204184 _____ (Ventis Media Inc. ) C:\Users\AndyK\Downloads\MediaMonkey_4.1.5.1719.exe
2014-11-02 12:07 - 2014-11-02 12:07 - 01931111 _____ (Sergey Serkov ) C:\Users\AndyK\Downloads\tagscan5.1.655setup.exe
2014-11-02 10:01 - 2014-11-02 10:03 - 00000000 ____D () C:\Users\AndyK\Documents\Calibre Import
2014-11-02 09:59 - 2014-11-02 09:59 - 00000000 ____D () C:\Users\AndyK\Downloads\tools_v6.0.9
2014-11-02 09:58 - 2014-11-02 09:58 - 01816358 _____ () C:\Users\AndyK\Downloads\tools_v6.0.9.zip
2014-11-02 09:38 - 2014-11-02 10:00 - 00000000 ____D () C:\Users\AndyK\Documents\My Kindle Content
2014-11-02 09:37 - 2014-11-02 09:38 - 00000000 ____D () C:\Users\AndyK\AppData\Local\Amazon
2014-11-02 09:35 - 2014-11-02 09:37 - 38157960 _____ (Amazon.com) C:\Users\AndyK\Downloads\KindleForPC-installer.exe
2014-11-01 19:29 - 2014-11-01 19:29 - 00000000 ____D () C:\Users\AndyK\Downloads\3ptechies
2014-11-01 19:27 - 2014-11-01 19:27 - 00971881 _____ () C:\Users\AndyK\Downloads\3ptechies.zip
2014-11-01 17:58 - 2014-11-01 17:58 - 00000000 ____D () C:\Users\AndyK\Downloads\New folder
2014-11-01 17:27 - 2014-11-01 17:27 - 00000000 _____ () C:\Users\AndyK\Desktop\New Text Document.txt
2014-10-26 18:44 - 2014-10-26 18:44 - 00002560 _____ () C:\Windows\_MSRSTRT.EXE
2014-10-26 18:32 - 2014-10-26 18:21 - 00024683 _____ () C:\S6Kg1.html
2014-10-26 18:32 - 2009-09-27 09:39 - 00415744 ___SH (The Public) C:\Windows\system32\avisynth.dll
2014-10-26 18:32 - 2005-07-14 12:31 - 00032256 ___SH () C:\Windows\system32\AVSredirect.dll
2014-10-26 18:32 - 2004-02-22 10:11 - 00764416 ___SH (Abysmal Software) C:\Windows\system32\devil.dll
2014-10-26 18:32 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\system32\yv12vfw.dll
2014-10-26 18:32 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\system32\i420vfw.dll
2014-10-26 18:29 - 2014-10-26 18:29 - 00000000 ____D () C:\Users\AndyK\Documents\eRightSoft
2014-10-26 18:28 - 2014-10-26 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
2014-10-26 18:28 - 2014-03-07 11:03 - 03109520 __RSH (FFmpeg Project) C:\Windows\system32\avcodec-lav-55.dll
2014-10-26 18:28 - 2014-03-07 11:03 - 00550032 __RSH (FFmpeg Project) C:\Windows\system32\avformat-lav-55.dll
2014-10-26 18:28 - 2014-03-07 11:03 - 00313520 __RSH (1f0.de - Hendrik Leppkes) C:\Windows\system32\HLvideo.dll
2014-10-26 18:28 - 2014-03-07 11:03 - 00203408 __RSH (1f0.de - Hendrik Leppkes) C:\Windows\system32\HLsplit.dll
2014-10-26 18:28 - 2014-03-07 11:03 - 00181392 __RSH (FFmpeg Project) C:\Windows\system32\avutil-lav-52.dll
2014-10-26 18:28 - 2014-03-07 11:03 - 00166544 __RSH (Intel Corp.) C:\Windows\system32\IntelQuickSyncDecoder.dll
2014-10-26 18:28 - 2014-03-07 11:03 - 00122512 __RSH (1f0.de - Hendrik Leppkes) C:\Windows\system32\HLaudio.dll
2014-10-26 18:28 - 2014-03-07 11:03 - 00118416 __RSH (FFmpeg Project) C:\Windows\system32\swscale-lav-2.dll
2014-10-26 18:28 - 2014-03-07 11:03 - 00109712 __RSH () C:\Windows\system32\libbluray.dll
2014-10-26 18:28 - 2014-03-07 11:03 - 00098960 __RSH (FFmpeg Project) C:\Windows\system32\avfilter-lav-4.dll
2014-10-26 18:28 - 2014-03-07 11:03 - 00059536 __RSH (FFmpeg Project) C:\Windows\system32\avresample-lav-1.dll
2014-10-26 18:28 - 2014-01-31 16:20 - 00000493 __RSH () C:\Windows\system32\LAVFilters.Dependencies.manifest
2014-10-26 18:28 - 2012-10-05 19:54 - 00188416 __RSH () C:\Windows\system32\winDCE32.dll
2014-10-26 18:28 - 2012-07-11 23:00 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Olepau32.ax
2014-10-26 18:28 - 2011-06-14 20:05 - 00121344 __RSH () C:\Windows\system32\TAKDSDecoder.ax
2014-10-26 18:28 - 2011-02-11 10:26 - 00112128 __RSH () C:\Windows\system32\OptimFROG.dll
2014-10-26 18:28 - 2010-01-07 00:00 - 00107520 __RSH () C:\Windows\system32\TAKDSDecoder.dll
2014-10-26 18:28 - 2009-08-10 23:00 - 00352768 __RSH () C:\Windows\system32\ac3DX.ax
2014-10-26 18:28 - 2005-02-22 17:55 - 00081920 __RSH () C:\Windows\system32\aac_parser.ax
2014-10-26 18:28 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\Windows\system32\pncrt.dll
2014-10-26 18:28 - 2004-07-02 17:33 - 00327749 _____ (RealNetworks, Inc.) C:\Windows\system32\drvc.dll
2014-10-26 18:28 - 2004-04-27 16:03 - 00017408 __RSH (RadLight) C:\Windows\system32\RLOFRDec.ax
2014-10-26 18:28 - 2004-04-05 10:31 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\msvcp71.dll
2014-10-26 18:28 - 2004-04-05 10:31 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2014-10-26 18:25 - 2014-10-26 18:25 - 00000000 ____D () C:\Program Files\eRightSoft
2014-10-26 17:42 - 2014-10-26 17:44 - 00000000 ____D () C:\Users\AndyK\AppData\Roaming\HandBrake
2014-10-26 17:13 - 2014-11-11 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2014-10-26 17:13 - 2014-10-26 17:13 - 00000000 ____D () C:\Program Files\Free Codec Pack
2014-10-26 17:07 - 2014-11-08 19:53 - 00000000 ____D () C:\Users\AndyK\AppData\Roaming\DVDVideoSoft
2014-10-26 17:04 - 2014-10-26 17:12 - 00000000 ____D () C:\Users\AndyK\AppData\Roaming\ipadvideo_mate
2014-10-26 16:57 - 2014-10-26 16:57 - 00001052 _____ () C:\Users\Public\Desktop\ABC 3GP Converter.lnk
2014-10-26 16:57 - 2014-10-26 16:57 - 00000000 ____D () C:\ProgramData\VOWSoft
2014-10-26 16:57 - 2014-10-26 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABC 3GP Converter
2014-10-26 16:56 - 2014-10-26 16:57 - 00000000 ____D () C:\Program Files\ABC 3GP Converter
2014-10-26 15:53 - 2014-10-26 15:53 - 00000000 ____D () C:\Users\AndyK\AppData\Roaming\WinAVI
2014-10-26 15:53 - 2014-10-26 15:53 - 00000000 ____D () C:\Users\AndyK\AppData\Local\WinAVI
2014-10-26 15:50 - 2014-10-26 15:50 - 00001346 _____ () C:\Users\AndyK\Desktop\WinAVI All-in-One Converter.lnk
2014-10-26 15:50 - 2014-10-26 15:50 - 00000000 ____D () C:\Users\AndyK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinAVI All-in-One Converter
2014-10-26 15:49 - 2014-10-26 15:49 - 00000000 ____D () C:\Program Files\WinAVI
2014-10-26 15:44 - 2014-10-26 17:33 - 00000000 ____D () C:\Users\AndyK\Downloads\Tinker Bell (2008)
2014-10-26 15:34 - 2014-10-26 15:35 - 00000000 ____D () C:\Users\AndyK\Downloads\Despicable.Me[2010]BRRip-x264-AAC[Eng]-MKVGuy
2014-10-26 15:32 - 2014-10-26 21:00 - 506598379 _____ () C:\Users\AndyK\Downloads\High School Musical Movie.mpeg
2014-10-26 15:30 - 2014-10-26 15:54 - 00000000 ____D () C:\Users\AndyK\Downloads\Coraline (2009)
2014-10-26 15:18 - 2014-10-26 15:48 - 273514805 _____ () C:\Users\AndyK\Downloads\The Pirate Fairy.mkv
2014-10-24 20:19 - 2014-11-20 18:50 - 00000472 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job
2014-10-24 20:19 - 2014-10-24 20:19 - 00001048 _____ () C:\Users\AndyK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartDraw 2013.lnk
2014-10-24 20:19 - 2014-10-24 20:19 - 00001018 _____ () C:\Users\AndyK\Desktop\SmartDraw 2013.lnk
2014-10-24 20:19 - 2014-10-24 20:19 - 00000988 _____ () C:\Users\Public\Desktop\SmartDraw 2013.lnk
2014-10-24 20:19 - 2014-10-24 20:19 - 00000000 ____D () C:\Users\AndyK\Documents\SmartDraw
2014-10-24 20:19 - 2014-10-24 20:19 - 00000000 ____D () C:\Users\AndyK\AppData\System
2014-10-24 20:19 - 2014-10-24 20:19 - 00000000 ____D () C:\Users\AndyK\AppData\Roaming\SmartDraw
2014-10-24 20:19 - 2014-10-24 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw 2013
2014-10-24 20:15 - 2014-10-24 20:23 - 00000000 ____D () C:\Program Files\SmartDraw 2013
2014-10-23 19:56 - 2014-10-23 19:56 - 00007605 _____ () C:\Users\AndyK\AppData\Local\Resmon.ResmonCfg
2014-10-21 19:54 - 2014-10-21 19:54 - 00031744 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter.sys
2014-10-21 17:03 - 2014-10-21 17:03 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-21 17:01 - 2014-10-21 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-21 17:01 - 2014-10-21 17:00 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-21 17:01 - 2014-10-21 16:59 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-21 17:01 - 2014-10-21 16:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-21 17:01 - 2014-10-21 16:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-20 18:59 - 2009-07-14 04:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-20 18:59 - 2009-07-14 04:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-20 18:56 - 2014-08-18 18:26 - 01122708 _____ () C:\Windows\WindowsUpdate.log
2014-11-20 18:53 - 2014-08-18 19:24 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-20 18:52 - 2014-08-24 14:17 - 00000000 ___RD () C:\Users\AndyK\Dropbox
2014-11-20 18:51 - 2014-10-14 16:58 - 00000000 ___RD () C:\Users\AndyK\iCloudDrive
2014-11-20 18:51 - 2014-08-24 14:09 - 00000000 ____D () C:\Users\AndyK\AppData\Roaming\Dropbox
2014-11-20 18:50 - 2014-08-29 17:29 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
2014-11-20 18:50 - 2014-08-19 16:21 - 00000098 _____ () C:\monitor.log
2014-11-20 18:50 - 2014-08-18 19:24 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-20 18:50 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-20 07:21 - 2014-08-20 19:27 - 00000000 ____D () C:\Users\AndyK\AppData\Roaming\vlc
2014-11-20 06:50 - 2014-08-18 18:36 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-19 18:13 - 2014-08-19 19:03 - 00000000 ____D () C:\Users\AndyK\AppData\Roaming\XBMC
2014-11-16 19:00 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-11-16 11:34 - 2014-08-27 17:03 - 00000000 ____D () C:\Windows\Minidump
2014-11-16 11:10 - 2009-07-14 04:53 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-15 20:15 - 2014-08-28 06:12 - 00000000 ____D () C:\Users\AndyK\AppData\Roaming\Mp3tag
2014-11-14 18:54 - 2014-08-20 19:32 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-14 18:49 - 2014-08-26 21:38 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-11-12 22:34 - 2014-09-05 08:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 22:28 - 2014-08-18 19:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 22:23 - 2014-08-18 19:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 22:04 - 2014-08-18 19:07 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 19:57 - 2014-08-26 21:58 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-12 19:57 - 2014-08-26 21:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-11 21:27 - 2014-08-25 16:18 - 00001005 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-11 21:27 - 2014-08-25 16:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-11 20:29 - 2014-08-28 21:55 - 00000000 ____D () C:\Users\AndyK\AppData\Roaming\uTorrent
2014-11-08 20:12 - 2014-08-18 19:24 - 00000000 ____D () C:\Users\AndyK\AppData\Local\Google
2014-11-08 19:57 - 2014-08-18 19:24 - 00000000 ____D () C:\Program Files\Google
2014-11-06 21:51 - 2014-08-19 19:28 - 00001462 _____ () C:\Users\AndyK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2014-11-06 18:20 - 2014-09-28 19:39 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-11-06 18:20 - 2014-08-19 18:33 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-06 17:40 - 2014-08-19 19:23 - 00000000 ____D () C:\Users\AndyK\AppData\Local\Torch
2014-11-02 22:50 - 2014-08-27 19:24 - 00000000 ____D () C:\Users\AndyK\Documents\Calibre Library
2014-11-02 22:48 - 2014-08-27 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-11-02 22:48 - 2014-08-27 19:22 - 00000000 ____D () C:\Program Files\Calibre2
2014-11-02 09:59 - 2014-08-27 19:24 - 00000000 ____D () C:\Users\AndyK\AppData\Roaming\calibre
2014-11-02 09:53 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-30 11:24 - 2014-08-18 19:05 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 22:24 - 2014-10-07 20:53 - 00000000 ____D () C:\Program Files\ThriXXX
2014-10-24 18:48 - 2014-09-04 20:20 - 00000000 ____D () C:\Users\AndyK\AppData\Local\Adobe
2014-10-21 17:03 - 2014-08-18 20:11 - 00000000 ____D () C:\ProgramData\Oracle
 
Some content of TEMP:
====================
C:\Users\AndyK\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplpssr3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {fd2e38c4-274f-11e4-9d04-f17689f8d42c}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {fd2e38c6-274f-11e4-9d04-f17689f8d42c}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {fd2e38c4-274f-11e4-9d04-f17689f8d42c}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {fd2e38c6-274f-11e4-9d04-f17689f8d42c}
device                  ramdisk=[C:]\Recovery\fd2e38c6-274f-11e4-9d04-f17689f8d42c\Winre.wim,{fd2e38c7-274f-11e4-9d04-f17689f8d42c}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\fd2e38c6-274f-11e4-9d04-f17689f8d42c\Winre.wim,{fd2e38c7-274f-11e4-9d04-f17689f8d42c}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {fd2e38c4-274f-11e4-9d04-f17689f8d42c}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {fd2e38c7-274f-11e4-9d04-f17689f8d42c}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\fd2e38c6-274f-11e4-9d04-f17689f8d42c\boot.sdi
 
 
 
LastRegBack: 2014-10-06 20:44
 
==================== End Of Log ============================

  • 0

#7
andyk68
Posted 20 November 2014 - 01:17 PM

andyk68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

Addition.txt

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-11-2014
Ran by AndyK at 2014-11-20 19:08:16
Running from C:\Users\AndyK\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABC 3GP/MP4 Converter 3.00 (HKLM\...\ABC 3GP/MP4 Converter) (Version: 3.00 - ABCMedia Studio@VOWSoft,Ltd.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BlazeDTV 6.0 (HKLM\...\BlazeDTV 6.0_is1) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM\...\{7C79A0FB-4C96-4538-B443-D99BDBA34995}) (Version: 2.8.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Deluge 1.3.10 (HKLM\...\Deluge) (Version:  - )
Dropbox (HKU\S-1-5-21-3605640944-2500114542-2589134957-1001\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EZCast (HKLM\...\{74CECDD9-4B8E-4AE3-9571-8070A17F3C34}) (Version: 1.1.0.91 - Actions-Micro)
Freemake Audio Converter version 1.1.0 (HKLM\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
iCloud (HKLM\...\{AC6EE263-E4DD-4150-9014-689B1D4A3315}) (Version: 4.0.5.20 - Apple Inc.)
Idle Crawler (HKLM\...\FAC95C88-898B-A73A-BC32-000000B100) (Version: 104.0.0.451 - MILE 27 LTD) <==== ATTENTION
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6276.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kobo (HKLM\...\Kobo) (Version: 3.11.0 - Rakuten Kobo Inc.)
Lexmark 640 Series (HKLM\...\Lexmark 640 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSSUB) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3605640944-2500114542-2589134957-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{C89AD07D-CAA0-4BF2-A2E8-A851B71FD698}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mp3tag v2.63 (HKLM\...\Mp3tag) (Version: v2.63 - Florian Heidenreich)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MyDriveConnect 3.3.0.1756 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1756 - TomTom)
Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek PCIE Card Reader (HKLM\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.00048 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-011D-0000-0000-0000000FF1CE}_Office14.PROPLUSSUB_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SmartDraw 2013 (HKLM\...\SmartDraw 2013) (Version:  - SmartDraw.com)
Spotify (HKU\S-1-5-21-3605640944-2500114542-2589134957-1001\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
SUPER © v2014.build.62+Recorder (2014/09/21) version v2014.buil (HKLM\...\{8E2A18E2-96AF-8649-4DE7-5C06C90719A4}_is1) (Version: v2014.build.62+Recorder - eRightSoft)
Torch (HKU\S-1-5-21-3605640944-2500114542-2589134957-1001\...\Torch) (Version: 36.0.0.8226 - Torch) <==== ATTENTION
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinAVI All-in-One Converter (HKLM\...\WinAVI All-in-One Converter) (Version: 1.7.0.4734 - ZJMedia Digital Technology Ltd.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
XBMC (HKU\S-1-5-21-3605640944-2500114542-2589134957-1001\...\XBMC) (Version:  - Team XBMC)
Xirrus Wi-Fi Inspector (HKLM\...\{BBB21AB1-2C45-435D-A05A-B563072E7B9B}) (Version: 1.2.1.4 - Xirrus)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\AndyK\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> %SystemDrive%\Users\AndyK\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\AndyK\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> %SystemDrive%\Users\AndyK\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\AndyK\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\AndyK\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\AndyK\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\AndyK\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\AndyK\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\AndyK\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\AndyK\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\AndyK\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\AndyK\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\AndyK\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\AndyK\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\AndyK\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\AndyK\AppData\Local\Torch\Application\36.0.0.8226\delegate_execute.exe (The Chromium Authors)
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\AndyK\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\AndyK\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\AndyK\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\AndyK\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\AndyK\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AndyK\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AndyK\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AndyK\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AndyK\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AndyK\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AndyK\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AndyK\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AndyK\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
12-11-2014 22:03:02 Windows Update
14-11-2014 18:47:42 Installed Samsung Kies3
17-11-2014 22:12:27 Windows Update
20-11-2014 18:37:44 OTL Restore Point - 20/11/2014 18:37:39
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:04 - 2014-11-20 18:43 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1576E321-0DE7-451C-B38D-17F1F9D9C357} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {255676E3-A630-4158-B642-2DD653B8A4BB} - System32\Tasks\Runner IC => %LOCALAPPDATA%\FAC95C88-898B-A73A-BC32-000000B100\Runner.exe
Task: {3462428A-CE33-4D90-A012-1C5995AA9B0B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4BE53C2E-9754-411A-A530-C8DC29C96822} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {746816CD-75C0-4C9D-8828-B589B7FEEDDD} - System32\Tasks\Microsoft\Windows\Maintenance\Update IC => %LOCALAPPDATA%\FAC95C88-898B-A73A-BC32-000000B100\Runner.exe
Task: {8454C095-C515-4FD2-A839-4FBAD261C696} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-18] (Google Inc.)
Task: {98BD25E6-4D54-44C0-B0C9-D73FAC4D2E66} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B4910CF9-B929-4735-8CF0-A22F61A989D7} - System32\Tasks\irMonitor => C:\Windows\system32\IRMonitor.exe [2014-08-19] (ITE Tech. Inc.)
Task: {D1DB4140-CF4D-4BAC-9654-76EA71CF6E69} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-18] (Google Inc.)
Task: {D7AC21DE-D63F-4F0D-950E-11E4798593A2} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files\SmartDraw 2013\Messages\SDNotify.exe [2012-08-13] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-10 13:44 - 2014-11-10 13:44 - 00382000 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Runner.exe
2014-11-10 13:46 - 2014-11-10 13:46 - 00093232 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\ManXec.dll
2014-11-10 13:45 - 2014-11-10 13:45 - 00070704 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\CmdProc.dll
2014-11-10 13:46 - 2014-11-10 13:46 - 00043056 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\PrfIns.dll
2014-11-10 13:46 - 2014-11-10 13:46 - 00054320 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\WbSes.dll
2014-11-10 13:46 - 2014-11-10 13:46 - 00120368 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\WdcMan.dll
2014-11-10 13:46 - 2014-11-10 13:46 - 00122416 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\WblSupp.dll
2014-11-10 13:46 - 2014-11-10 13:46 - 00038960 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\InSes.dll
2014-08-19 16:22 - 2008-12-30 11:40 - 00032768 _____ () C:\Program Files\BlazeVideo\BlazeDTV 6.0\MMKeyboardHook.dll
2014-08-19 16:22 - 2008-12-30 11:40 - 00073728 _____ () C:\Program Files\BlazeVideo\BlazeDTV 6.0\VersionInfo.dll
2014-08-19 16:22 - 2008-12-30 11:40 - 00106496 _____ () C:\Program Files\BlazeVideo\BlazeDTV 6.0\mlutil.dll
2014-08-19 16:22 - 2010-05-06 15:48 - 00024576 _____ () C:\Program Files\BlazeVideo\BlazeDTV 6.0\RemoteControl\AF9100EXRC.dll
2014-11-20 18:51 - 2014-11-20 18:51 - 00043008 _____ () c:\users\andyk\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplpssr3.dll
2013-08-23 19:01 - 2013-08-23 19:01 - 25100288 _____ () C:\Users\AndyK\AppData\Roaming\Dropbox\bin\libcef.dll
2014-11-11 20:46 - 2014-10-23 08:26 - 08569856 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\pdf.dll
2014-11-11 20:46 - 2014-10-23 08:20 - 00324608 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\ppGoogleNaClPluginChrome.dll
2014-11-11 20:46 - 2014-10-23 08:23 - 00880128 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\ffmpegsumo.dll
2014-10-26 18:28 - 2012-10-05 19:54 - 00188416 __RSH () C:\Windows\system32\winDCE32.dll
2014-11-19 19:14 - 2014-11-14 21:15 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.65\pdf.dll
2014-11-19 19:14 - 2014-11-14 21:15 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll
2014-08-18 20:18 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\AndyK\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-08-18 20:18 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\AndyK\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3605640944-2500114542-2589134957-500 - Administrator - Disabled)
AndyK (S-1-5-21-3605640944-2500114542-2589134957-1001 - Administrator - Enabled) => C:\Users\AndyK
Guest (S-1-5-21-3605640944-2500114542-2589134957-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: MpKslcfa654ac
Description: MpKslcfa654ac
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKslcfa654ac
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/19/2014 09:35:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14757
 
Error: (11/19/2014 09:35:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14757
 
Error: (11/19/2014 09:35:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/19/2014 09:35:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13603
 
Error: (11/19/2014 09:35:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13603
 
Error: (11/19/2014 09:35:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/19/2014 09:35:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12605
 
Error: (11/19/2014 09:35:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12605
 
Error: (11/19/2014 09:35:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/19/2014 09:35:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11591
 
 
System errors:
=============
Error: (11/20/2014 06:59:07 PM) (Source: DCOM) (EventID: 10016) (User: AndyK-PC)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}AndyK-PCAndyKS-1-5-21-3605640944-2500114542-2589134957-1001LocalHost (Using LRPC)
 
Error: (11/20/2014 06:44:26 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (11/20/2014 07:15:09 AM) (Source: DCOM) (EventID: 10016) (User: AndyK-PC)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}AndyK-PCAndyKS-1-5-21-3605640944-2500114542-2589134957-1001LocalHost (Using LRPC)
 
Error: (11/20/2014 07:05:12 AM) (Source: DCOM) (EventID: 10016) (User: AndyK-PC)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}AndyK-PCAndyKS-1-5-21-3605640944-2500114542-2589134957-1001LocalHost (Using LRPC)
 
Error: (11/20/2014 06:54:38 AM) (Source: DCOM) (EventID: 10016) (User: AndyK-PC)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}AndyK-PCAndyKS-1-5-21-3605640944-2500114542-2589134957-1001LocalHost (Using LRPC)
 
Error: (11/19/2014 09:30:55 PM) (Source: DCOM) (EventID: 10016) (User: AndyK-PC)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}AndyK-PCAndyKS-1-5-21-3605640944-2500114542-2589134957-1001LocalHost (Using LRPC)
 
Error: (11/19/2014 09:22:44 PM) (Source: DCOM) (EventID: 10016) (User: AndyK-PC)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}AndyK-PCAndyKS-1-5-21-3605640944-2500114542-2589134957-1001LocalHost (Using LRPC)
 
Error: (11/19/2014 09:12:34 PM) (Source: DCOM) (EventID: 10016) (User: AndyK-PC)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}AndyK-PCAndyKS-1-5-21-3605640944-2500114542-2589134957-1001LocalHost (Using LRPC)
 
Error: (11/19/2014 09:02:58 PM) (Source: DCOM) (EventID: 10016) (User: AndyK-PC)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}AndyK-PCAndyKS-1-5-21-3605640944-2500114542-2589134957-1001LocalHost (Using LRPC)
 
Error: (11/19/2014 08:52:29 PM) (Source: DCOM) (EventID: 10016) (User: AndyK-PC)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}AndyK-PCAndyKS-1-5-21-3605640944-2500114542-2589134957-1001LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (11/19/2014 09:35:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14757
 
Error: (11/19/2014 09:35:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14757
 
Error: (11/19/2014 09:35:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/19/2014 09:35:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13603
 
Error: (11/19/2014 09:35:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13603
 
Error: (11/19/2014 09:35:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/19/2014 09:35:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12605
 
Error: (11/19/2014 09:35:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12605
 
Error: (11/19/2014 09:35:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/19/2014 09:35:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11591
 
 
==================== Memory info =========================== 
 
Processor: Intel® Atom™ CPU N450 @ 1.66GHz
Percentage of memory in use: 71%
Total physical RAM: 2035.9 MB
Available physical RAM: 588.54 MB
Total Pagefile: 4071.8 MB
Available Pagefile: 2308.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1872.75 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:116.74 GB) (Free:49.27 GB) NTFS
Drive d: (Data) (Fixed) (Total:116.05 GB) (Free:50.83 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=116.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=116.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#8
andyk68
Posted 20 November 2014 - 01:20 PM

andyk68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

MBAM Check.

 

mbam-check result log version:     2.1.1.1001
========================================
 
User Account type:                 Administrator
OS:                                Windows 7  32 bit Operating System
Current Version and Build:         6.1.7600.0 
Malwarebytes Anti-Malware:         2.0.3.1025
Installed On:                      2014/11/16
Malware Database:                  0000.00.00.00
Rootkit Database:                  0000.00.00.00
Remediation Database:              0000.00.00.00
IP Database:                       0000.00.00.00
Domain Database:                   0000.00.00.00
License:                           Free
Malware Protection:                0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
Malicious Website Protection:      0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMWebAccessControl
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2014/11/20 19:17:32
Compatibility Flag Settings:
=================================
 
 
 
 
 
Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:
 
MBAM Startup Entries: 
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
NCPluginUpdater               REG_SZ "C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
 
Malwarebytes Anti-Malware Service and Driver Status:
=======================================================
 
--------------Driver File Info:--------------
C:\Windows\system32\drivers\mbam.sys
File Size: 23256     BYTES FileVersion: 0.1.15.0 MD5: [d2ded3c333a5d9cb3f4c244b0f0dd877]
C:\Windows\system32\drivers\mwac.sys
File Size: 51928     BYTES FileVersion: 1.0.6.0 MD5: [7a6526c8bd114db7ca8930ab22d52a0b]
C:\Windows\system32\drivers\mbamswissarmy.sys
File Size: 114904    BYTES FileVersion: 0.2.13.0 MD5: [8e2e9ccd873abf180f48bcaeeebe347d]
C:\Windows\system32\drivers\mbamchameleon.sys
File Size: 75480     BYTES FileVersion: 1.1.4.0 MD5: [e89b115e1dd297dcb694b22cfa90bf61]
 
--------------MBAMProtector:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMService:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMScheduler:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMWebAccessControl:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
Required Dependencies:
======================
 
--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
DisplayName                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1001
Group                         REG_SZ NetworkProvider
ImagePath                     REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Description                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1002
ObjectName                    REG_SZ NT AUTHORITY\LocalService
ErrorControl                  REG_DWORD 1
Start                         REG_DWORD 2
Type                          REG_DWORD 32
DependOnService               REG_MULTI_SZ RpcSs
 
ServiceSidType                REG_DWORD 3
RequiredPrivileges            REG_MULTI_SZ SeAuditPrivilege
 
FailureActions                REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
ServiceDll                    REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
ServiceDllUnloadOnStop        REG_DWORD 1
ServiceMain                   REG_SZ BfeServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data
 
{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data
 
{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data
 
{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data
 
{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data
 
{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data
 
{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data
 
{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data
 
{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data
 
{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data
 
{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data
 
{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data
 
{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data
 
{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
{22001ee0-8e87-4f75-ba58-248f5918a63a}REG_BINARY Binary Data
 
{79f2a265-b693-4cc9-b480-cbcd87bd4747}REG_BINARY Binary Data
 
{c4b50f21-503e-4d7a-abd4-ed0a823a2453}REG_BINARY Binary Data
 
{91e902db-2cef-4040-b8e2-02fe4fd49c25}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data
 
{f444c576-6e60-4ea2-9faa-80d57ed12cd2}REG_BINARY Binary Data
 
{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data
 
{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data
 
{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data
 
{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data
 
{4d9581d2-aef8-4993-84cd-b986ced80d42}REG_BINARY Binary Data
 
{be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}REG_BINARY Binary Data
 
{716b48eb-0a35-4a76-92ab-1d987230d288}REG_BINARY Binary Data
 
{1165065e-4996-4338-abaf-4b8556b4d431}REG_BINARY Binary Data
 
{07a24961-a760-4e80-b263-6d275e1b09cb}REG_BINARY Binary Data
 
{5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}REG_BINARY Binary Data
 
{b6b2ca61-fb98-4422-adc2-e7cf56b3680c}REG_BINARY Binary Data
 
{0aa7fff8-919f-453c-928c-28a12122ba38}REG_BINARY Binary Data
 
{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data
 
{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data
 
{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data
 
{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data
 
{91ffecf0-0a9e-4572-95f1-a7111af86967}REG_BINARY Binary Data
 
{64e55933-15a5-495d-a928-ccca43d44875}REG_BINARY Binary Data
 
{13bfd422-6f75-4408-8924-9400ec0cb19c}REG_BINARY Binary Data
 
{cbfb56db-3c85-4543-9bc2-76ea28cdd74e}REG_BINARY Binary Data
 
{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data
 
{375fb39b-08c6-40f2-bdf2-08fa63f970a2}REG_BINARY Binary Data
 
{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data
 
{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data
 
{b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY Binary Data
 
{3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY Binary Data
 
{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data
 
{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data
 
{b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data
 
{d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data
 
{8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data
 
{4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data
 
{3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data
 
{17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data
 
{567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data
 
{4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data
 
{3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary Data
 
{56b4fdc4-bb4e-4c42-a9d8-f627ee15ac21}REG_BINARY Binary Data
 
{1ba41ed8-151d-4577-9272-317856bc637c}REG_BINARY Binary Data
 
{9248d57e-f843-4159-807d-3813173e2096}REG_BINARY Binary Data
 
{4658cd86-525d-44ed-98a5-791a7b8655f1}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data
 
{4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data
 
{1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data
 
{38b977e7-40a1-446a-bd7f-6ab5980c5d16}REG_BINARY Binary Data
 
{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data
 
{839cd73f-1907-49ea-9aa5-0e6be9048087}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
{b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data
 
{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data
 
{9367171b-3264-4f09-a0e8-81b38c162f17}REG_BINARY Binary Data
 
{8c36b346-4e0c-4049-8b55-5295ac35567c}REG_BINARY Binary Data
 
--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
AttachWhenLoaded              REG_DWORD 1
DisplayName                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
Group                         REG_SZ FSFilter Infrastructure
ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
Description                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
ErrorControl                  REG_DWORD 3
Start                         REG_DWORD 0
Tag                           REG_DWORD 1
Type                          REG_DWORD 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
0                             REG_SZ Root\LEGACY_FLTMGR\0000
Count                         REG_DWORD 1
NextInstance                  REG_DWORD 1
 
 
C:\Windows\system32\drivers\fltmgr.sys
File Size: 198208    BYTES FileVersion: 6.1.7600.16385 MD5: [7520ec808e0c35e0ee6f841294316653]
C:\Windows\system32\mscomctl.ocx
File Size: 1070232   BYTES FileVersion: 6.1.98.39 MD5: [766f501b61c22723536af696a74133d4]
C:\Windows\system32\olepro32.dll
File Size: 90112     BYTES FileVersion: 6.1.7600.16385 MD5: [c10459dbdc2099c5a8428cb7d87db85f]
 
 
MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced: 
    AutomaticQuarantine:                                       true 
    AutostartProtection:                                       true 
    LimitedMode:                                               false 
    StartSilentMode:                                           false 
    StartupDelay:                                              0 
ApplicationState: 
    First-Run-After-Installation:                              false 
General: 
    DaysUntilNotifyExpiration:                                 5 
    Language:                                                  en 
    RightClickAccess:                                          false 
    SilentErrors:                                              false 
Logging: 
    ExportLog:                                                 true 
Notification: 
ProtectionTray: 
    DisplayMilliseconds:                                       7000 
ScanHistory: 
    Duration_Driver:                                           0 
    Duration_Filesystem:                                       4107 
    Duration_Heuristics:                                       1091887 
    Duration_Loading:                                          0 
    Duration_MasterBootRecord:                                 0 
    Duration_Memory:                                           40000 
    Duration_PreScan:                                          97432 
    Duration_Registry:                                         49420 
    Duration_Sector:                                           0 
    Duration_Startup:                                          129254 
    ItemCount_Driver:                                          0 
    ItemCount_Filesystem:                                      38858 
    ItemCount_Heuristics:                                      49140 
    ItemCount_Loading:                                         0 
    ItemCount_MasterBootRecord:                                0 
    ItemCount_Memory:                                          2797 
    ItemCount_PreScan:                                         97250 
    ItemCount_Registry:                                        595 
    ItemCount_Sector:                                          0 
    ItemCount_Startup:                                         4333 
    LastScanDateEpoch:                                         1416427785055 
    LastScanType:                                              1 (Threat Scan)
Update: 
    LastUpdate:                                                2014-11-19T20:09:41 
    NotifyInstallReady:                                        true 
    NotifyOutdatedDatabase:                                    7 
    ProxyPassword:                                              
    ProxyPort:                                                 0 
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false 
    UseProxyAuthentication:                                    false 
--------------Account:--------------
  Account Status:                                              Free 
  Expiration Time:                                              
  Activation Time:                                              
  Trial Used:                                                  false 
--------------Access Policies:--------------
 
Scheduler Queue:
================
 
 
Pending File Rename Operations: 
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
 
MBAMProtector Registry Values:
==============================
 
 
 
MBAMService Registry Values:
============================
 
 
 
MBAMScheduler Registry Values:
==============================
 
 
 
Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================
 
--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
TermService Start is set to: 3 (Manual Startup)
 
Proxy Status: No proxy is Set
 
Proxy Override: 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
ProxyOverride REG_SZ *.local
 
LAN Settings:
=============
 
only 'Automatically detect settings' is selected
 
SystemPartition:
================
 
HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume1
 
Balloon Tips Status:
====================
 
Enabled
 
Time Format Settings:
=====================
 
Should be:
h:mm:ss tt
AM 
PM 
:
 
Currently:
REG_SZ HH:mm:ss
REG_SZ AM
REG_SZ PM
REG_SZ :
 
Language and Regional Settings:
===============================
 
ACP: Language is English (United States)
MACCP: Language is English (United States)
OEMCP: 850 Please refer to this link for details: Here 
 
Startup Folders for Error_Expanding_Variables Check:
====================================================
 
All Users Startup Folder Exists.
Current User's Startup Folder Exists.
 
 
Context Menu Entries:
=====================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
List of MBAM Related Directories:
=================================
 
C:\Program Files\Malwarebytes Anti-Malware\
7z.dll                                   File Size: 920888    BYTES FileVersion:  9.20.0.0       MD5: [ce5bab535bfa98530ddac4661a751dfe]
changes.txt                             File Size: 3104      BYTES FileVersion:  N/A            MD5: [3ac874d1e1bfd50e4ceb220f5dd73f67]
license.rtf                             File Size: 39478     BYTES FileVersion:  N/A            MD5: [8627b31943a534aad30d154c2b2c1aaf]
master.conf                             File Size: 1258      BYTES FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                 File Size: 579896    BYTES FileVersion:  1.0.16.0       MD5: [59569d4be0d79a2b8c3241c6dcea0034]
mbam.exe                                 File Size: 7229752   BYTES FileVersion:  1.0.1.711      MD5: [f89773dfa9b8c95a3ac2af1e7d99e483]
mbamcore.dll                             File Size: 1829176   BYTES FileVersion:  1.1.20.0       MD5: [a8d4b1d04a5fcd862321ce106da7ce4e]
mbamdor.exe                             File Size: 54072     BYTES FileVersion:  1.0.1.0        MD5: [842c198bb5fb3a051c34d493f3a7dff4]
mbamext.dll                             File Size: 261432    BYTES FileVersion:  3.0.6.0        MD5: [cd55601f51e1c698164590a7c7b4d3c0]
mbampt.exe                               File Size: 39736     BYTES FileVersion:  1.0.0.0        MD5: [03cfd2a07ddf755aafac6e459d2d855a]
mbamscheduler.exe                       File Size: 1871160   BYTES FileVersion:  3.1.1.0        MD5: [6d8a2ee4244630b290a837e79c0f37a1]
mbamservice.exe                         File Size: 968504    BYTES FileVersion:  3.0.8.0        MD5: [09d4503cbb6adb3a54e7c7a75090b728]
mbamsrv.dll                             File Size: 4463928   BYTES FileVersion:  1.2.0.0        MD5: [a422816a15cfac50567fd0f6582fd2cf]
msvcp100.dll                             File Size: 421688    BYTES FileVersion:  10.0.40219.325 MD5: [ca55500e2e0515fcc888c4a5e01e64b7]
msvcr100.dll                             File Size: 774456    BYTES FileVersion:  10.0.40219.325 MD5: [4c539e592e50633b21ab1e1fda40a32a]
QtCore4.dll                             File Size: 2732856   BYTES FileVersion:  4.8.4.0        MD5: [61af7614418ba5b9e8b4eb82e459be53]
QtGui4.dll                               File Size: 8575288   BYTES FileVersion:  4.8.4.0        MD5: [2954dc080087cf73818f959cb3ed9c13]
QtNetwork4.dll                           File Size: 909112    BYTES FileVersion:  4.8.4.0        MD5: [d36b759179ddd214743dcfb8ed791fa2]
unins000.dat                             File Size: 25527     BYTES FileVersion:  N/A            MD5: [08c5fcf06e05f170e334d2ead39369b2]
unins000.exe                             File Size: 718037    BYTES FileVersion:  51.52.0.0      MD5: [d2796ecf50731e696f0c065d24c0827a]
 
C:\Program Files\Malwarebytes Anti-Malware\\accessible
qtaccessiblewidgets4.dll                 File Size: 198968    BYTES FileVersion:  4.8.4.0        MD5: [ac1481e30e75034928f50923c42a530d]
 
C:\Program Files\Malwarebytes Anti-Malware\\Chameleon
 
C:\Program Files\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                           File Size: 235882    BYTES FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
firefox.exe                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
firefox.pif                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
firefox.scr                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
iexplore.exe                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
mbam-chameleon.com                       File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
mbam-chameleon.exe                       File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
mbam-chameleon.pif                       File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
mbam-chameleon.scr                       File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
mbam-killer.exe                         File Size: 1188664   BYTES FileVersion:  3.0.2.0        MD5: [311251e69b0db0562be1a2d6b556e552]
rundll32.exe                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
svchost.exe                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
windows.exe                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
winlogon.exe                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
 
C:\Program Files\Malwarebytes Anti-Malware\\imageformats
qgif4.dll                               File Size: 32568     BYTES FileVersion:  4.8.4.0        MD5: [ff014ac49ac32e5f1c7d6e271b320893]
 
C:\Program Files\Malwarebytes Anti-Malware\\Languages
lang_ar.qm                               File Size: 139423    BYTES FileVersion:  N/A            MD5: [9771d098e918204a99fa0068f431e6ba]
lang_bg.qm                               File Size: 147865    BYTES FileVersion:  N/A            MD5: [d250b37179f313e58267f7946e0522d4]
lang_ca.qm                               File Size: 149256    BYTES FileVersion:  N/A            MD5: [0cc2735ee2f231ea5d964c323ca73e08]
lang_cs.qm                               File Size: 142601    BYTES FileVersion:  N/A            MD5: [8426f7126d2851a1e6ca1f1f7e45d2ec]
lang_da.qm                               File Size: 143131    BYTES FileVersion:  N/A            MD5: [6fe13d4a5a44a3390bf9940404eeb6c7]
lang_de.qm                               File Size: 151959    BYTES FileVersion:  N/A            MD5: [9517c7c9865b5641c5c250c84b51a6d1]
lang_el.qm                               File Size: 152327    BYTES FileVersion:  N/A            MD5: [4cd483236d99cf40e9d8cf534bac05e7]
lang_en.qm                               File Size: 137689    BYTES FileVersion:  N/A            MD5: [d34a8afc30bb472c443f7f088513ff04]
lang_es.qm                               File Size: 149211    BYTES FileVersion:  N/A            MD5: [1ee5f6535d02c94812e54e3ed65de6ac]
lang_et.qm                               File Size: 141939    BYTES FileVersion:  N/A            MD5: [f6faee4a33654bb27dcf2f9d4cf955ef]
lang_fi.qm                               File Size: 145730    BYTES FileVersion:  N/A            MD5: [9f4ff431ec70747591ef0e0eaf3ed2cb]
lang_fr.qm                               File Size: 153965    BYTES FileVersion:  N/A            MD5: [8dd69dd62ee617dc3ca4f25ab2c70af8]
lang_he.qm                               File Size: 134117    BYTES FileVersion:  N/A            MD5: [3ad149f1778e6e8f8f89ecfe67a1e62e]
lang_hu.qm                               File Size: 147806    BYTES FileVersion:  N/A            MD5: [7c3ae4dde80fa8759968b218a03a7a73]
lang_id.qm                               File Size: 145710    BYTES FileVersion:  N/A            MD5: [c2a0325d9dfb5c5fce7a4832837896e7]
lang_it.qm                               File Size: 148249    BYTES FileVersion:  N/A            MD5: [4766a519a653d8e6f6ad32094a2a059b]
lang_ja.qm                               File Size: 122782    BYTES FileVersion:  N/A            MD5: [339134f906b770b833653682264bdc23]
lang_ko.qm                               File Size: 119240    BYTES FileVersion:  N/A            MD5: [5042df441910dfe9f6a55d3c005b00c7]
lang_lt.qm                               File Size: 146950    BYTES FileVersion:  N/A            MD5: [5c0fca31ff0a6d2b3f6d1722940a2dc6]
lang_lv.qm                               File Size: 146072    BYTES FileVersion:  N/A            MD5: [8623ed6977cd81c0d520f5fd84788d93]
lang_nl.qm                               File Size: 147725    BYTES FileVersion:  N/A            MD5: [1b391d5599be4724018624a27014eb75]
lang_no.qm                               File Size: 144153    BYTES FileVersion:  N/A            MD5: [2d53348f8e74f26f065e0c83e8fff7fe]
lang_pl.qm                               File Size: 147483    BYTES FileVersion:  N/A            MD5: [ce39bae20f8a2b42f93f2f5a5c6dd63e]
lang_pt_BR.qm                           File Size: 146906    BYTES FileVersion:  N/A            MD5: [b337c75fa23ba36176719d54c0269560]
lang_pt_PT.qm                           File Size: 144956    BYTES FileVersion:  N/A            MD5: [b41016907930a96a11aadb348fd9a1b6]
lang_ro.qm                               File Size: 146821    BYTES FileVersion:  N/A            MD5: [69c447559268a873808d5ae48b425ad9]
lang_ru.qm                               File Size: 148179    BYTES FileVersion:  N/A            MD5: [51d4d0c155de54f24b09be7040a7ff15]
lang_sk.qm                               File Size: 144330    BYTES FileVersion:  N/A            MD5: [3a00a97315c24e6820f8939920ef14b4]
lang_sl.qm                               File Size: 144582    BYTES FileVersion:  N/A            MD5: [47db99ccdd98936e6a38957321c71317]
lang_sv.qm                               File Size: 145435    BYTES FileVersion:  N/A            MD5: [a2b33c0364aad3e9d7daafdd4f286ee1]
lang_th.qm                               File Size: 137957    BYTES FileVersion:  N/A            MD5: [6a24ece552172d805cd428853255d294]
lang_tr.qm                               File Size: 144262    BYTES FileVersion:  N/A            MD5: [18b7fec7611c038780ee77044e523f70]
lang_vi.qm                               File Size: 144480    BYTES FileVersion:  N/A            MD5: [708062759498e791186bbe64b7246d0c]
 
C:\Program Files\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                           File Size: 821560    BYTES FileVersion:  1.1.0.1010     MD5: [0d7dd0e7f98a4f414fed44af0b50128b]
 
C:\Users\AndyK\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                             File Size: 314       BYTES FileVersion:  N/A            MD5: [b26a36c0696e299fdfebe180c09c2737]
domains.ref                             File Size: 38        BYTES FileVersion:  N/A            MD5: [8c30b536b67543eb68e68b9640d4d498]
exclusions.dat                           File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                 File Size: 33        BYTES FileVersion:  N/A            MD5: [8a1c580788ea8de3f32862c2c1cf373c]
rules.ref                               File Size: 10218982  BYTES FileVersion:  N/A            MD5: [5c857d11795d2af7d4c4eccac846d379]
swissarmy.ref                           File Size: 23910     BYTES FileVersion:  N/A            MD5: [06bd87cad3f90a9b124b22684cc0c04b]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                               File Size: 4565      BYTES FileVersion:  N/A            MD5: [9c44230e7c46dd1ac7ca2071e82477ff]
database.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 23        BYTES FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                           File Size: 1709      BYTES FileVersion:  N/A            MD5: [894017ae6ff7bed5fb9f2a99a03b9488]
marketing.conf                           File Size: 1434      BYTES FileVersion:  N/A            MD5: [19533c40d9c9778b2ab423dbcf063d80]
net.conf                                 File Size: 6065      BYTES FileVersion:  N/A            MD5: [d518939cd90de1d81890d66d9309e72d]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                           File Size: 1944      BYTES FileVersion:  N/A            MD5: [7e23ac2d13ff332161e1dde0d6555425]
statistics.conf                         File Size: 513       BYTES FileVersion:  N/A            MD5: [c2ec32d30a954b76816340f913abb0c8]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore
build.conf                               File Size: 4155      BYTES FileVersion:  N/A            MD5: [287475cbeda24d01fe8d34660bc35e1c]
database.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 23        BYTES FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                           File Size: 1566      BYTES FileVersion:  N/A            MD5: [29b928c33aec22293649d003ea4ef224]
marketing.conf                           File Size: 1434      BYTES FileVersion:  N/A            MD5: [19533c40d9c9778b2ab423dbcf063d80]
net.conf                                 File Size: 5344      BYTES FileVersion:  N/A            MD5: [973e9c5714cc0c56a7b9c83d876754dd]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                           File Size: 1725      BYTES FileVersion:  N/A            MD5: [06c52d7137dac16e1661f7cf004f2e4d]
statistics.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2014-11-16 (17-29-21).xml       File Size: 4144      BYTES FileVersion:  N/A            MD5: [ec3ce707539f0356ad7dceb02ebab62d]
protection-log-2014-11-16.xml           File Size: 1342      BYTES FileVersion:  N/A            MD5: [23b7b22c58c39d20848771825913d687]
protection-log-2014-11-19.xml           File Size: 672       BYTES FileVersion:  N/A            MD5: [57ca8797fa49c74d4f95ac985c45e67d]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
0966743034.data                         File Size: 716       BYTES FileVersion:  N/A            MD5: [e5eae71b058b9212c4b99d7fbe59079e]
0966743034.quar                         File Size: 422992    BYTES FileVersion:  N/A            MD5: [2395a2b847ae74d001db0d696dc71d30]
9400028347.data                         File Size: 719       BYTES FileVersion:  N/A            MD5: [bda799d3a1871eb8bb539a8b8353d7a1]
9400028347.quar                         File Size: 1922      BYTES FileVersion:  N/A            MD5: [b085661d9b9d2362f226ee7067e36c23]
9950096091.data                         File Size: 738       BYTES FileVersion:  N/A            MD5: [08c993dc5c449836efb653787ed16998]
9950096091.quar                         File Size: 483328    BYTES FileVersion:  N/A            MD5: [60f8ab26ea4e68d5ea3708289c879910]
 
Malware Exclusions:
===================
Unable to access exclusion information: Error code 20001Web Exclusions:
================
Unable to access exclusion information: Error code 20001Quarantined Items:
===================
Unable to access quarantine information: Error code 20001===============================================================
END OF FILE

  • 0

#9
Teima
Posted 22 November 2014 - 05:02 PM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Step One
  • Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Runner.exe
(The Chromium Authors) C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\chrome.exe
R2 TorchCrashHandler; C:\Users\AndyK\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2014-10-29] (TorchMedia Inc.) <==== ATTENTION
FF Plugin: TorchVLC -> C:\Users\AndyK\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
2014-11-11 20:46 - 2014-11-16 17:58 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-11-11 20:37 - 2014-11-20 06:47 - 00000000 ____D () C:\Program Files\Couponarific
2014-11-11 20:31 - 2014-11-11 20:48 - 00000000 ____D () C:\Program Files\ShopSave Toolbar
2014-11-20 18:50 - 2014-08-29 17:29 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
2014-11-06 21:51 - 2014-08-19 19:28 - 00001462 _____ () C:\Users\AndyK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2014-11-06 17:40 - 2014-08-19 19:23 - 00000000 ____D () C:\Users\AndyK\AppData\Local\Torch
Idle Crawler (HKLM\...\FAC95C88-898B-A73A-BC32-000000B100) (Version: 104.0.0.451 - MILE 27 LTD) <==== ATTENTION
Torch (HKU\S-1-5-21-3605640944-2500114542-2589134957-1001\...\Torch) (Version: 36.0.0.8226 - Torch) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\AndyK\AppData\Local\Torch\Application\36.0.0.8226\delegate_execute.exe (The Chromium Authors)
Task: {255676E3-A630-4158-B642-2DD653B8A4BB} - System32\Tasks\Runner IC => %LOCALAPPDATA%\FAC95C88-898B-A73A-BC32-000000B100\Runner.exe
Task: {746816CD-75C0-4C9D-8828-B589B7FEEDDD} - System32\Tasks\Microsoft\Windows\Maintenance\Update IC => %LOCALAPPDATA%\FAC95C88-898B-A73A-BC32-000000B100\Runner.exe
2014-11-10 13:46 - 2014-11-10 13:46 - 00093232 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\ManXec.dll
2014-11-10 13:45 - 2014-11-10 13:45 - 00070704 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\CmdProc.dll
2014-11-10 13:46 - 2014-11-10 13:46 - 00043056 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\PrfIns.dll
2014-11-10 13:46 - 2014-11-10 13:46 - 00054320 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\WbSes.dll
2014-11-10 13:46 - 2014-11-10 13:46 - 00120368 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\WdcMan.dll
2014-11-10 13:46 - 2014-11-10 13:46 - 00122416 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\WblSupp.dll
2014-11-10 13:46 - 2014-11-10 13:46 - 00038960 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\InSes.dll
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58623;https=127.0.0.1:58623 
End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
Step Two
  • Fix with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart;
    • Copy and Paste the contents of this log in your reply.
  • Step Three
  • Right-click on aswMBR.exe and select Run as Administrator to launch the application.
  • If a prompt stating: The computer supports "Virtualization Technology" appears >> select Yes
  • When prompted with: The application can use the Avast! Free Antivirus for scanning >> select Yes
  • The Avast! virus definitions database will automatically be downloaded. Be patient this make take some time depending on the speed of your Internet Connection.
  • Once it has downloaded >> ensure the option next to AV scan: >> QuickScan is selected only. It should be by default.
  • Now click on the Scan button to start the scan.
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
  • Click on Exit.

  • Note: There will also be a file on your desktop named MBR.dat(or similar) do not delete this for now it is a actual backup of the MBR(master boot record).

  • 0

#10
andyk68
Posted 22 November 2014 - 05:19 PM

andyk68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

FRST Log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-11-2014 01
Ran by AndyK at 2014-11-22 23:16:58 Run:1
Running from C:\Users\AndyK\Desktop
Loaded Profile: AndyK (Available profiles: AndyK)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Runner.exe
(The Chromium Authors) C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\chrome.exe
R2 TorchCrashHandler; C:\Users\AndyK\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2014-10-29] (TorchMedia Inc.) <==== ATTENTION
FF Plugin: TorchVLC -> C:\Users\AndyK\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
2014-11-11 20:46 - 2014-11-16 17:58 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-11-11 20:37 - 2014-11-20 06:47 - 00000000 ____D () C:\Program Files\Couponarific
2014-11-11 20:31 - 2014-11-11 20:48 - 00000000 ____D () C:\Program Files\ShopSave Toolbar
2014-11-20 18:50 - 2014-08-29 17:29 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
2014-11-06 21:51 - 2014-08-19 19:28 - 00001462 _____ () C:\Users\AndyK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2014-11-06 17:40 - 2014-08-19 19:23 - 00000000 ____D () C:\Users\AndyK\AppData\Local\Torch
Idle Crawler (HKLM\...\FAC95C88-898B-A73A-BC32-000000B100) (Version: 104.0.0.451 - MILE 27 LTD) <==== ATTENTION
Torch (HKU\S-1-5-21-3605640944-2500114542-2589134957-1001\...\Torch) (Version: 36.0.0.8226 - Torch) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\AndyK\AppData\Local\Torch\Application\36.0.0.8226\delegate_execute.exe (The Chromium Authors)
Task: {255676E3-A630-4158-B642-2DD653B8A4BB} - System32\Tasks\Runner IC => %LOCALAPPDATA%\FAC95C88-898B-A73A-BC32-000000B100\Runner.exe
Task: {746816CD-75C0-4C9D-8828-B589B7FEEDDD} - System32\Tasks\Microsoft\Windows\Maintenance\Update IC => %LOCALAPPDATA%\FAC95C88-898B-A73A-BC32-000000B100\Runner.exe
2014-11-10 13:46 - 2014-11-10 13:46 - 00093232 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\ManXec.dll
2014-11-10 13:45 - 2014-11-10 13:45 - 00070704 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\CmdProc.dll
2014-11-10 13:46 - 2014-11-10 13:46 - 00043056 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\PrfIns.dll
2014-11-10 13:46 - 2014-11-10 13:46 - 00054320 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\WbSes.dll
2014-11-10 13:46 - 2014-11-10 13:46 - 00120368 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\WdcMan.dll
2014-11-10 13:46 - 2014-11-10 13:46 - 00122416 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\WblSupp.dll
2014-11-10 13:46 - 2014-11-10 13:46 - 00038960 _____ () C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\InSes.dll
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58623;https=127.0.0.1:58623 
End
*****************
 
"C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Runner.exe" => File/Directory not found.
C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Chrome-bin\chrome.exe => No running process found
TorchCrashHandler => Service stopped successfully.
TorchCrashHandler => Service deleted successfully.
"HKLM\Software\MozillaPlugins\TorchVLC" => Key deleted successfully.
C:\Users\AndyK\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll => Moved successfully.
C:\Program Files\Optimizer Pro => Moved successfully.
"C:\Program Files\Couponarific" => File/Directory not found.
"C:\Program Files\ShopSave Toolbar" => File/Directory not found.
C:\ProgramData\TorchCrashHandler => Moved successfully.
C:\Users\AndyK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk => Moved successfully.
C:\Users\AndyK\AppData\Local\Torch => Moved successfully.
Idle Crawler (HKLM\...\FAC95C88-898B-A73A-BC32-000000B100) (Version: 104.0.0.451 - MILE 27 LTD) <==== ATTENTION => Error: No automatic fix found for this entry.
Torch (HKU\S-1-5-21-3605640944-2500114542-2589134957-1001\...\Torch) (Version: 36.0.0.8226 - Torch) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-3605640944-2500114542-2589134957-1001_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{255676E3-A630-4158-B642-2DD653B8A4BB}" => Key not found.
C:\Windows\System32\Tasks\Runner IC not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Runner IC" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{746816CD-75C0-4C9D-8828-B589B7FEEDDD}" => Key not found.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\Update IC not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Update IC" => Key not found.
"C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\ManXec.dll" => File/Directory not found.
"C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\CmdProc.dll" => File/Directory not found.
"C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\PrfIns.dll" => File/Directory not found.
"C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\WbSes.dll" => File/Directory not found.
"C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\WdcMan.dll" => File/Directory not found.
"C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\WblSupp.dll" => File/Directory not found.
"C:\Users\AndyK\AppData\Local\FAC95C88-898B-A73A-BC32-000000B100\Modules\InSes.dll" => File/Directory not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
 
==== End of Fixlog ====

  • 0

Advertisements

#11
andyk68
Posted 22 November 2014 - 05:33 PM

andyk68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

ADW Log:

 

# AdwCleaner v4.101 - Report created 22/11/2014 at 23:26:33
# Updated 09/11/2014 by Xplode
# Database : 2014-11-22.1 [Live]
# Operating System : Windows 7 Professional  (32 bits)
# Username : AndyK - ANDYK-PC
# Running from : C:\Users\AndyK\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : netfilter
[#] Service Deleted : torchcrashhandler
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\AndyK\AppData\Local\webplayer
Folder Deleted : C:\Users\AndyK\AppData\Roaming\Nosibay
Folder Deleted : C:\Users\AndyK\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\AndyK\AppData\Roaming\Store
File Deleted : C:\END
File Deleted : C:\Windows\system32\drivers\netfilter.sys
File Deleted : C:\Users\AndyK\AppData\Roaming\WindApp.boostrap.log
File Deleted : C:\Users\AndyK\AppData\Roaming\Bubble Dock.installation.log
File Deleted : C:\Users\AndyK\AppData\Roaming\WindApp.installation.log
File Deleted : C:\Users\AndyK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
File Deleted : C:\Users\AndyK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Torch.lnk
File Deleted : C:\Users\AndyK\Desktop\Torch.lnk
File Deleted : C:\Users\AndyK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : LaunchSignup
Task Deleted : Optimizer Pro Schedule
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[#] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Nosibay
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Store
Key Deleted : HKCU\Software\torch
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16561
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v39.0.2171.65
 
[C:\Users\kinsea\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [3255 octets] - [22/11/2014 23:21:21]
AdwCleaner[S0].txt - [3264 octets] - [22/11/2014 23:26:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3324 octets] ##########

  • 0

#12
andyk68
Posted 23 November 2014 - 04:25 AM

andyk68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

aswMBR:

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-11-23 09:21:44
-----------------------------
09:21:44.219    OS Version: Windows 6.1.7600 
09:21:44.219    Number of processors: 2 586 0x1C0A
09:21:44.219    ComputerName: ANDYK-PC  UserName: AndyK
09:21:46.450    Initialize success
09:21:46.590    VM: initialized successfully
09:21:46.590    VM: Intel CPU virtualization not supported 
09:23:48.504    AVAST engine defs: 14112200
09:23:51.952    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:23:51.968    Disk 0 Vendor: TOSHIBA_MK2565GSXN GH101M Size: 238475MB BusType: 11
09:23:52.124    Disk 0 MBR read successfully
09:23:52.139    Disk 0 MBR scan
09:23:52.389    Disk 0 Windows 7 default MBR code
09:23:52.404    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
09:23:52.420    Disk 0 default boot code
09:23:52.623    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       119537 MB offset 206848
09:23:52.826    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       118836 MB offset 245018624
09:23:53.013    Disk 0 scanning sectors +488395120
09:23:53.496    Disk 0 scanning C:\Windows\system32\drivers
09:24:43.006    Service scanning
09:25:33.224    Service MpKsl63ce6949 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10AB1769-CEA1-46ED-B10B-73CB4787FFD4}\MpKsl63ce6949.sys **LOCKED** 32
09:26:36.112    Modules scanning
09:26:36.143    Disk 0 trace - called modules:
09:26:36.236    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys 
09:26:36.252    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84653158]
09:26:36.268    3 CLASSPNP.SYS[881bd59e] -> nt!IofCallDriver -> [0x84175918]
09:26:36.299    5 ACPI.sys[87c973b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8418e030]
09:26:37.063    AVAST engine scan C:\Windows
09:26:43.459    AVAST engine scan C:\Windows\system32
09:38:41.357    AVAST engine scan C:\Windows\system32\drivers
09:39:26.722    AVAST engine scan C:\Users\AndyK
10:10:45.003    AVAST engine scan C:\ProgramData
10:14:21.646    Disk 0 statistics 3503712/0/0 @ 1.72 MB/s
10:14:21.677    Scan finished successfully
10:19:11.994    Disk 0 MBR has been saved successfully to "C:\Users\AndyK\Desktop\MBR.dat"
10:19:12.181    The log file has been saved successfully to "C:\Users\AndyK\Desktop\aswMBR.txt"

  • 0

#13
Teima
Posted 25 November 2014 - 05:17 PM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
How does the machine appear to be running at the moment? Are you noticing any further issues? 

Step One

We will be reinstalling Malwarebytes shortly. Since you have been having trouble with it I would like to do the following first.
1. Please download the Malwarebytes removal tool from here and save to your desktop.
2. Right-click on the file and choose Run as administrator.
3. Let the program run and reboot if prompted.

Step Two
  • Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
  • Step Three
    • ESET Online Scanner
      Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
      • Go here from Internet Explorer and click on Run ESET Online Scanner.
        • Note: If you use any browser other than Internet Explorer, you will have to download and install esetsmartinstaller_enu.exe when prompt to run the scan.
      • Accept their terms and condition and proceed.
      • Install Add-On/Active X if prompted.
      • From the Computer Scan Setting --
        • Uncheck the box beside Remove Found Threats;
        • Check the box beside Scan archives
      • Click on Advanced Setting and check the following boxes--
        • Scan for potentially unwanted applications
        • Scan for potentially unsafe applications
        • Enable Anti-Stealth Technology
      • Click on Start and wait for the virus signature database to update.
      • The online scan will begin automatically and can take several hours.
        • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
      • After the Scan finishes --
        • If no threats were found:
          • Put a checkmark in Uninstall application on close.
          • Close the program and report that nothing was found
        • If threats were found:
          • Click on list of threats found.
          • Click on Export to text file and save it to the Desktop as ESET SCAN.txt.
          • Copy and Paste contents of the log file in your next reply.
      Note: Enable your security programs afterwards.
Step Four
  • Scan with OTL
    • Re-run OTL.exe.
    • Copy and Paste the following code inside the Custom Scans/Fixes box;
      netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
dir "%systemdrive%\*" /S /A:L /C
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
    • Click the Quick Scan button;
    • After the scan a log will be produced;
    • Copy and paste the content of the log in your next response.

  • 0

#14
andyk68
Posted 27 November 2014 - 04:51 PM

andyk68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

Ok run MBAM and got as far as the heuristic scan and got the BSOD again so couldnt post a log. The BSOD cause is KERNEL_DATA_INPAGE_ERROR 0x0000007a. Looks like a common error after doing a google search.


  • 0

#15
Dakeyras
Posted 29 November 2014 - 09:17 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Teima is currently unavailable and my apologies for the delay. For the time being I will be assisting your good self.

Ok run MBAM and got as far as the heuristic scan and got the BSOD again so couldnt post a log.

Acknowledged, lets proceed as follows shall we...

Random Access Memory Advice:

1.99 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 31.26% Memory free

Though Microsoft claims the 32 Bit version of Windows 7 will run with a mere 1 gigabyte (GB) installed in my humble opinion a minimum of 3 - 4 GB is far better.

If you wish to upgrade the installed memory, Crucial have a small scanner(CrucialScan.exe) which is perfectly safe to download and run. Which will advise if your system can support any upgraded memory modules.

Service Pack Advise:

It appears your machine does not have Service Pack One 1 for Windows 7 installed. If not aware support was withdrawn by Microsoft on April 9th, 2013, so basically your machine has not received any critical Windows Updates for well over a year and apart from the obvious security risk your machine could very well be compromised and my friendly advise would be to consider a reformat and reinstallation of the Windows Operating System. Then afterwards reinstall all relevant updates and Service Pack 1 etc.

However if you would prefer for a continued malware removal process please proceed to the below and do not attempt to install Windows 7 Service Pack 1 for the time being until I advise otherwise.

Scan with WVCheck:

Please download WVCheck and save it to the desktop.
  • Right-click on WVCheck.exe and select Run as Administrator >> follow the prompts.
  • The scan may take some time depending on the Hard-Drive size.
  • Please post the contents of the notepad file WVCheck_1439_dd-mm-yyyy that can be located on the desktop.
Check Hard Disk For Errors:

Download the attached hddcheck.bat below and save to your Desktop:-

[attachment=74032:hddcheck.bat]

Now right-click on hddcheck.bat and select Run as Administrator to run the batch file. A blank command window will open on your desktop, then close in a few minutes. This is normal and the batch file itself will self-delete when completed.

A notepad file named checkhd.txt should appear on your desktop. Please post the contents of this file in your next reply.

Scan with VEW:

Please download Vino's Event Viewer from here and save to your desktop.
  • Right-click on Vew.exe and select Run as Administrator
  • Referring to the screen-shot below:-
vew.gif
  • Select all as per denoted and enter the number 20 into the Number of events 1 -20 box
  • Then click on the Run tab >> upon completion of the scan a notepad file named VEW.txt will open.
  • Post the contents of the aforementioned in your next reply please.
Next:

When completed the above, please post back the following in the order asked for:
  • How is your computer performing now, any further symptoms and or problems encountered ?
  • WVCheck Log.
  • Check Hard Disk For Errors Log.
  • Vino's Event Viewer Log.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP