[JstG]

Hello, I've had a problem for a few weeks. My computer, with Windows 7 x64 will start up and run fine. However, soon after the CPU usage will jump from around 15%ish to 100% and stay there, bringing the computer to a virtual halt. Powershell was originally not running correctly, due to the permissions being wrong, which have been fixed. We did not believe it is Poweliks, as nothing indicated it was that.

 

The CSLID registry key was completely empty for some reason. also, after running MBAM a trojan (Trojan.clicker - conhost.exe) and some PUPs, which were removed. After a restart to clear everything, the process stopped coming back for a few minutes, and then reappeared. 

 

One of the process descriptions includes "Systray .exe Stub" so it may be a RAT. The processes have since been suspended until it can be dealt with.

OTL logfile created on: 12/20/2014 10:28:21 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bobby\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17501)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

5.89 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 25.16% Memory free

11.78 Gb Paging File | 6.52 Gb Available in Paging File | 55.33% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 914.58 Gb Total Space | 813.39 Gb Free Space | 88.94% Space Free | Partition Type: NTFS

Drive D: | 16.71 Gb Total Space | 16.62 Gb Free Space | 99.46% Space Free | Partition Type: NTFS

 

Computer Name: OWNER-HP | User Name: Bobby | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/12/20 22:28:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bobby\Downloads\OTL.exe

PRC - [2014/12/15 06:29:58 | 005,426,448 | ---- | M] (TeamViewer GmbH) -- c:\Users\Bobby\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe

PRC - [2014/12/10 20:33:18 | 000,770,728 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe

PRC - [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2014/11/26 20:43:02 | 000,813,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

PRC - [2014/11/15 13:03:58 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

PRC - [2014/10/21 17:52:24 | 022,869,088 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe

PRC - [2013/10/30 19:09:08 | 002,990,304 | ---- | M] (Nota Inc.) -- C:\Program Files (x86)\Gyazo\GyStation.exe

PRC - [2011/12/16 15:37:30 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011/12/16 15:37:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2011/12/16 15:37:18 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

PRC - [2011/12/16 15:37:10 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

PRC - [2011/08/16 16:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

PRC - [2011/08/16 16:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

PRC - [2011/08/12 11:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe

PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/12/20 21:27:56 | 001,160,704 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\_ssl.pyd

MOD - [2014/12/20 21:27:56 | 000,811,008 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\wx._windows_.pyd

MOD - [2014/12/20 21:27:56 | 000,805,888 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\wx._gdi_.pyd

MOD - [2014/12/20 21:27:56 | 000,713,216 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\_hashlib.pyd

MOD - [2014/12/20 21:27:56 | 000,110,080 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\PyWinTypes27.dll

MOD - [2014/12/20 21:27:56 | 000,070,656 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\wx._html2.pyd

MOD - [2014/12/20 21:27:56 | 000,027,136 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\_multiprocessing.pyd

MOD - [2014/12/20 21:27:56 | 000,025,600 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\win32pdh.pyd

MOD - [2014/12/20 21:27:56 | 000,024,064 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\win32pipe.pyd

MOD - [2014/12/20 21:27:56 | 000,007,168 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\hashobjs_ext.pyd

MOD - [2014/12/20 21:27:55 | 001,175,040 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\wx._core_.pyd

MOD - [2014/12/20 21:27:55 | 001,062,400 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\wx._controls_.pyd

MOD - [2014/12/20 21:27:55 | 000,735,232 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\wx._misc_.pyd

MOD - [2014/12/20 21:27:55 | 000,686,080 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\unicodedata.pyd

MOD - [2014/12/20 21:27:55 | 000,557,056 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\pysqlite2._sqlite.pyd

MOD - [2014/12/20 21:27:55 | 000,525,640 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\windows._lib_cacheinvalidation.pyd

MOD - [2014/12/20 21:27:55 | 000,364,544 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\pythoncom27.dll

MOD - [2014/12/20 21:27:55 | 000,320,512 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\win32com.shell.shell.pyd

MOD - [2014/12/20 21:27:55 | 000,167,936 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\win32gui.pyd

MOD - [2014/12/20 21:27:55 | 000,128,512 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\_elementtree.pyd

MOD - [2014/12/20 21:27:55 | 000,127,488 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\pyexpat.pyd

MOD - [2014/12/20 21:27:55 | 000,122,368 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\wx._wizard.pyd

MOD - [2014/12/20 21:27:55 | 000,119,808 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\win32file.pyd

MOD - [2014/12/20 21:27:55 | 000,108,544 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\win32security.pyd

MOD - [2014/12/20 21:27:55 | 000,098,816 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\win32api.pyd

MOD - [2014/12/20 21:27:55 | 000,087,552 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\_ctypes.pyd

MOD - [2014/12/20 21:27:55 | 000,078,336 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\wx._animate.pyd

MOD - [2014/12/20 21:27:55 | 000,045,568 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\_socket.pyd

MOD - [2014/12/20 21:27:55 | 000,038,912 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\win32inet.pyd

MOD - [2014/12/20 21:27:55 | 000,035,840 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\win32process.pyd

MOD - [2014/12/20 21:27:55 | 000,022,528 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\win32ts.pyd

MOD - [2014/12/20 21:27:55 | 000,018,432 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\win32event.pyd

MOD - [2014/12/20 21:27:55 | 000,017,408 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\win32profile.pyd

MOD - [2014/12/20 21:27:55 | 000,011,264 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\win32crypt.pyd

MOD - [2014/12/20 21:27:55 | 000,010,240 | ---- | M] () -- C:\Users\Bobby\AppData\Local\Temp\_MEI12562\select.pyd

MOD - [2014/12/05 20:50:51 | 014,913,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

MOD - [2014/12/05 20:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

MOD - [2014/12/05 20:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

MOD - [2014/12/05 20:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

MOD - [2014/12/05 20:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

MOD - [2014/10/16 02:12:28 | 002,997,248 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\92a3b88ac6300af062edd6503bc5903c\System.IdentityModel.ni.dll

MOD - [2014/10/16 02:12:26 | 019,696,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll

MOD - [2014/10/16 02:11:51 | 002,868,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\b8e72b75a31229c5ae9d34289305c52b\ReachFramework.ni.dll

MOD - [2014/10/16 02:09:28 | 011,025,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll

MOD - [2014/10/16 02:09:22 | 003,950,080 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll

MOD - [2014/10/16 02:09:14 | 012,894,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll

MOD - [2014/10/16 02:09:14 | 006,990,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll

MOD - [2014/10/16 02:09:08 | 007,668,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll

MOD - [2014/10/16 02:09:08 | 001,644,544 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll

MOD - [2014/10/16 02:09:07 | 002,822,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll

MOD - [2014/10/16 02:09:07 | 000,794,112 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll

MOD - [2014/10/16 02:09:07 | 000,122,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll

MOD - [2014/10/16 02:09:05 | 000,976,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll

MOD - [2014/10/16 02:09:04 | 010,100,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll

MOD - [2014/02/27 03:02:57 | 016,953,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2014/12/10 20:33:18 | 000,770,728 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)

SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2012/04/24 19:38:30 | 000,318,464 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2011/12/08 18:38:24 | 000,607,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)

SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2014/12/15 06:29:58 | 005,426,448 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- c:\Users\Bobby\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)

SRV - [2014/12/09 15:38:11 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2014/11/18 15:23:34 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2013/11/04 17:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2012/03/19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2011/12/16 15:37:30 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011/12/16 15:37:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2011/12/16 15:37:18 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®

SRV - [2011/12/16 15:37:10 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)

SRV - [2011/08/16 16:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)

SRV - [2011/08/12 11:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2014/12/20 21:27:49 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV:64bit: - [2014/12/10 20:33:20 | 000,114,176 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WRkrn.sys -- (WRkrn)

DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)

DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/08/29 10:42:31 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2012/08/29 10:42:31 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/04/24 19:38:30 | 000,536,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2012/03/19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/16 04:42:00 | 000,676,968 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2012/01/03 03:48:10 | 000,410,944 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)

DRV:64bit: - [2012/01/03 03:48:08 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)

DRV:64bit: - [2011/12/15 20:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2011/11/29 22:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/11/10 04:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2009/09/21 01:43:52 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm)

DRV:64bit: - [2009/09/21 01:43:52 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus)

DRV:64bit: - [2009/09/21 01:43:52 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{39904947-61B9-40D2-9A3A-7EBC90CB4F58}: "URL" = http://www.amazon.co...s={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\..\SearchScopes\{39904947-61B9-40D2-9A3A-7EBC90CB4F58}: "URL" = http://www.amazon.co...s={searchTerms}

IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}

IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF

IE - HKCU\..\SearchScopes\{39904947-61B9-40D2-9A3A-7EBC90CB4F58}: "URL" = http://www.amazon.co...s={searchTerms}

IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF

IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}

IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013/01/28 22:39:08 | 000,000,000 | ---D | M]

 

 

========== Chrome  ==========

 

CHR - default_search_provider:  (Enabled)

CHR - default_search_provider: search_url = 

CHR - default_search_provider: suggest_url = 

CHR - plugin: Error reading preferences file

CHR - Extension: No name found = C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: No name found = C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\

CHR - Extension: No name found = C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.8_0\

CHR - Extension: No name found = C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma\4.6.0_1\

CHR - Extension: No name found = C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp\6.0.12_0\

CHR - Extension: No name found = C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfgikokimgonhlpfonodcmamoagidja\2.13.11_0\

CHR - Extension: No name found = C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: No name found = C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnijkabgdodbjffhlmbnhlccpkfappil\1.0.1_0\

 

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll (Webroot)

O2:64bit: - BHO: (Webroot Filtering Extension) - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)

O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll (Webroot)

O2 - BHO: (Webroot Filtering Extension) - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

O3:64bit: - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll (Webroot)

O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll (Webroot)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)

O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)

O4 - HKCU..\Run: [Clownfish]  File not found

O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)

O4 - HKCU..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe (Nota Inc.)

O4 - HKCU..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" File not found

O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar64.dll (Webroot)

O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar64.dll (Webroot)

O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)

O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar.dll (Webroot)

O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar.dll (Webroot)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://remote.lifes...SetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14B1DCB8-B1F5-4A2A-B244-E5F09C8C9D52}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) -  File not found

O29:64bit: - HKLM SecurityProviders - (digest.dll) -  File not found

O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) -  File not found

O29 - HKLM SecurityProviders - (msapsspc.dll) -  File not found

O29 - HKLM SecurityProviders - (digest.dll) -  File not found

O29 - HKLM SecurityProviders - (msnsspc.dll) -  File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/12/20 20:42:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools

[2014/12/20 20:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\smartmontools

[2014/12/20 20:38:16 | 004,187,592 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bobby\Desktop\tdsskiller.exe

[2014/12/20 20:37:59 | 002,480,312 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Bobby\Desktop\procexp.exe

[2014/12/20 20:37:49 | 000,593,080 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Bobby\Desktop\autoruns.exe

[2014/12/20 19:03:23 | 000,000,000 | ---D | C] -- C:\windows\SysNative\appraiser

[2014/12/18 15:57:47 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Roaming\Process Hacker 2

[2014/11/29 22:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2

[2014/11/29 22:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2

[2014/11/28 18:10:04 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/11/28 17:45:22 | 000,000,000 | ---D | C] -- C:\windows\ERUNT

[2014/11/28 17:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2014/11/28 16:32:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2014/11/28 16:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

[2014/11/26 18:37:32 | 000,000,000 | -HSD | C] -- C:\found.000

[2014/11/22 22:12:34 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/11/22 22:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2014/11/22 22:11:22 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys

[2014/11/22 22:11:22 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys

[2014/11/22 22:11:22 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2014/11/22 22:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2012/11/03 07:27:49 | 010,395,072 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe

[12 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/12/20 22:14:33 | 000,000,024 | ---- | M] () -- C:\Users\Bobby\random.dat

[2014/12/20 22:14:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2626690921-3182424600-2669169856-1005UA.job

[2014/12/20 22:09:01 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/12/20 22:03:45 | 000,000,044 | ---- | M] () -- C:\Users\Bobby\jagex_cl_runescape_LIVE.dat

[2014/12/20 21:38:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2014/12/20 21:34:53 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/12/20 21:34:53 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/12/20 21:28:04 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/12/20 21:27:49 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/12/20 21:27:41 | 447,225,855 | -HS- | M] () -- C:\hiberfil.sys

[2014/12/20 20:38:24 | 004,187,592 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bobby\Desktop\tdsskiller.exe

[2014/12/20 20:38:00 | 002,480,312 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Bobby\Desktop\procexp.exe

[2014/12/20 20:37:52 | 000,593,080 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Bobby\Desktop\autoruns.exe

[2014/12/20 19:07:14 | 000,001,232 | RHS- | M] () -- C:\Users\Bobby\ntuser.pol

[2014/12/20 13:14:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2626690921-3182424600-2669169856-1005Core.job

[2014/12/18 14:35:03 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/12/10 20:33:20 | 000,153,256 | ---- | M] (Webroot) -- C:\windows\SysWow64\WRusr.dll

[2014/12/10 20:33:20 | 000,114,176 | ---- | M] (Webroot) -- C:\windows\SysNative\drivers\WRkrn.sys

[2014/12/10 20:33:20 | 000,103,816 | ---- | M] (Webroot) -- C:\windows\SysNative\WRusr.dll

[2014/11/29 20:16:15 | 000,782,470 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2014/11/29 20:16:15 | 000,662,384 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2014/11/29 20:16:15 | 000,122,252 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2014/11/28 17:06:24 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2014/11/27 20:34:15 | 000,000,024 | ---- | M] () -- C:\Users\Bobby\jagexappletviewer.preferences

[2014/11/27 20:15:58 | 000,000,044 | ---- | M] () -- C:\Users\Bobby\jagex_cl_oldschool_LIVE.dat

[2014/11/25 14:01:12 | 000,130,064 | ---- | M] () -- C:\Users\Bobby\Documents\IMG_2088.JPG

[2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys

[2014/11/21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys

[2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[12 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/11/27 20:14:42 | 000,000,044 | ---- | C] () -- C:\Users\Bobby\jagex_cl_oldschool_LIVE.dat

[2014/11/27 20:14:25 | 000,000,024 | ---- | C] () -- C:\Users\Bobby\jagexappletviewer.preferences

[2014/11/27 16:58:06 | 000,000,024 | ---- | C] () -- C:\Users\Bobby\random.dat

[2014/11/27 16:58:05 | 000,000,044 | ---- | C] () -- C:\Users\Bobby\jagex_cl_runescape_LIVE.dat

[2014/11/25 13:57:52 | 000,130,064 | ---- | C] () -- C:\Users\Bobby\Documents\IMG_2088.JPG

[2014/11/22 22:12:04 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/08/10 20:56:26 | 000,005,120 | ---- | C] () -- C:\Users\Bobby\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/04/08 20:23:52 | 000,004,509 | ---- | C] () -- C:\Users\Bobby\AppData\Roaming\CamStudio.cfg

[2013/01/28 22:36:36 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2013/01/11 03:22:16 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin

[2013/01/11 03:22:16 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin

[2012/10/16 19:30:34 | 000,001,232 | RHS- | C] () -- C:\Users\Bobby\ntuser.pol

 

========== ZeroAccess Check ==========

 

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2014/06/20 15:27:17 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\.minecraft

[2013/06/28 14:53:07 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\.soulsplit

[2012/11/03 21:31:47 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Chewbaka

[2012/11/10 16:55:47 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\CoffeeCup Software

[2014/01/07 16:39:30 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Gyazo

[2014/04/13 10:20:35 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Local

[2014/01/03 21:23:31 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Notepad++

[2014/12/18 15:57:47 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Process Hacker 2

[2013/05/26 11:11:02 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\RSBot

[2013/01/05 01:19:33 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\SystemRequirementsLab

[2014/12/20 19:46:42 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\TeamViewer

 

========== Purity Check ==========

 

 

 

< End of report >

 

 

 

 

[Advertisements]

Hi JstG,



My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

• Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
• Please do not install any new software while we are working on this system as it may hinder our process.
• Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
• Please do not try to fix anything without being ask.
• Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
• Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
• Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
• If you are confused about any instruction, stop and ask. Do not keep on going.
• Do not repeat the steps if you face any problems.
• I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
• Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
• The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

 

What step(s) and fix(es) have you taken prior asking for assistance here?

We did not believe it is Poweliks, as nothing indicated it was that.

We? If you have been provided assistance elsewhere, please, stick to one helper and this thread can be closed.


 

• Step #1 Run ComboFix
  Download ComboFix by sUBs from one of the suitable locations listed below and save it to your Desktop.
  Download Link #1
  Download Link #2
  Donwload Link #3
  
  

  Warning

  Please acknowledged yourself this warning beforehand. The tool, ComboFix, is an extremely powerful malware removal tool if not one of the most powerful tools ever created. In the hands of an inept person or a simple mistake can render your machine un-bootable. Peruse every step I listed below unless you want a dreadful occurrence.
  

  ***

  • Disable your security software. For more information, peruse this thread;
  • Right-click and choose Run as administrator to run the program.
  • As a buit-in process, ComboFix will check if you system has Microsoft Windows Recovery Console installed. Let Combofix download and install Microsoft Windows Recovery Console.
    • It requires an active internet connection.
    • If your system already has Microsoft Windows Recovery Console installed, this step will be skipped
  • ComboFix will now scan your system for malwares and will attempt to remove them.
    • Note: ComboFix performs fifty steps during this fix. Please be patient.
  • After the scan your system will reboot and a log will be produced. The log is automatically saved in C:\ComboFix.txt.
  • Post the contents of the log in your next reply.
  Crucial Notes:
  • Do not mouse-click when ComboFix is running as it may stall.
  • Do not re-run ComboFix if you face a problem. Ask for my instruction here.
  • ComboFix will make Internet Explorer your default browser and will change number of different Internet Explorer settings.
  • ComboFix prevents autorun functions of all CD and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you, please tell me.
  • It is possible that ComboFix, even on its first run, may have fixed the problems you are having. We strongly suggest that you still post your log into the topic that you are receiving help as you most likely will have infections left over that your helper will need to analyze further.
  • ComboFix will disconnect your system from internet for security measures. The connection is automatically restored after the scan but if it does not, it can be restored by rebooting the PC.

 

• Step #2 Scan with Farbar Recovery Scan Tool
  • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
    Download link for 32 bit system
    Download link for 64 bit system
  • Right-click on the program and choose Run as administrator;
  • Put tick-mark on all boxes under Whitelist and Optional Scan;
  • Click on Scan;
  • After the scan two notepad files will be opened --
    • FRST.txt;
    • Addition.txt
  • Copy and Paste the contents of the logs in your next reply.

 

• Required Log(s):
  • ComboFix Log
  • Farbar Tool Log(s)--
    • FRST.txt
    • Addition.txt

Regards,
Valinorum

[Valinorum]

Hi JstG,



My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

• Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
• Please do not install any new software while we are working on this system as it may hinder our process.
• Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
• Please do not try to fix anything without being ask.
• Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
• Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
• Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
• If you are confused about any instruction, stop and ask. Do not keep on going.
• Do not repeat the steps if you face any problems.
• I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
• Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
• The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

 

What step(s) and fix(es) have you taken prior asking for assistance here?

We did not believe it is Poweliks, as nothing indicated it was that.

We? If you have been provided assistance elsewhere, please, stick to one helper and this thread can be closed.


 

• Step #1 Run ComboFix
  Download ComboFix by sUBs from one of the suitable locations listed below and save it to your Desktop.
  Download Link #1
  Download Link #2
  Donwload Link #3
  
  

  Warning

  Please acknowledged yourself this warning beforehand. The tool, ComboFix, is an extremely powerful malware removal tool if not one of the most powerful tools ever created. In the hands of an inept person or a simple mistake can render your machine un-bootable. Peruse every step I listed below unless you want a dreadful occurrence.
  

  ***

  • Disable your security software. For more information, peruse this thread;
  • Right-click and choose Run as administrator to run the program.
  • As a buit-in process, ComboFix will check if you system has Microsoft Windows Recovery Console installed. Let Combofix download and install Microsoft Windows Recovery Console.
    • It requires an active internet connection.
    • If your system already has Microsoft Windows Recovery Console installed, this step will be skipped
  • ComboFix will now scan your system for malwares and will attempt to remove them.
    • Note: ComboFix performs fifty steps during this fix. Please be patient.
  • After the scan your system will reboot and a log will be produced. The log is automatically saved in C:\ComboFix.txt.
  • Post the contents of the log in your next reply.
  Crucial Notes:
  • Do not mouse-click when ComboFix is running as it may stall.
  • Do not re-run ComboFix if you face a problem. Ask for my instruction here.
  • ComboFix will make Internet Explorer your default browser and will change number of different Internet Explorer settings.
  • ComboFix prevents autorun functions of all CD and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you, please tell me.
  • It is possible that ComboFix, even on its first run, may have fixed the problems you are having. We strongly suggest that you still post your log into the topic that you are receiving help as you most likely will have infections left over that your helper will need to analyze further.
  • ComboFix will disconnect your system from internet for security measures. The connection is automatically restored after the scan but if it does not, it can be restored by rebooting the PC.

 

• Step #2 Scan with Farbar Recovery Scan Tool
  • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
    Download link for 32 bit system
    Download link for 64 bit system
  • Right-click on the program and choose Run as administrator;
  • Put tick-mark on all boxes under Whitelist and Optional Scan;
  • Click on Scan;
  • After the scan two notepad files will be opened --
    • FRST.txt;
    • Addition.txt
  • Copy and Paste the contents of the logs in your next reply.

 

• Required Log(s):
  • ComboFix Log
  • Farbar Tool Log(s)--
    • FRST.txt
    • Addition.txt

Regards,
Valinorum

[JstG]

 

ComboFix 14-12-14.01 - Bobby 12/21/2014  14:10:30.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6030.2855 [GMT -5:00]

Running from: c:\users\Bobby\Downloads\ComboFix.exe

AV: Webroot SecureAnywhere *Disabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}

SP: Webroot SecureAnywhere *Disabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Bobby\AppData\Local\Temp\_MEI12562\_ctypes.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\_elementtree.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\_hashlib.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\_multiprocessing.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\_socket.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\_ssl.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\hashobjs_ext.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\pyexpat.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\pysqlite2._sqlite.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\python27.dll

c:\users\Bobby\AppData\Local\Temp\_MEI12562\pythoncom27.dll

c:\users\Bobby\AppData\Local\Temp\_MEI12562\PyWinTypes27.dll

c:\users\Bobby\AppData\Local\Temp\_MEI12562\select.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\unicodedata.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\win32api.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\win32com.shell.shell.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\win32crypt.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\win32event.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\win32file.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\win32gui.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\win32inet.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\win32pdh.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\win32pipe.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\win32process.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\win32profile.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\win32security.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\win32ts.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\windows._lib_cacheinvalidation.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\wx._animate.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\wx._controls_.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\wx._core_.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\wx._gdi_.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\wx._html2.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\wx._misc_.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\wx._windows_.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\wx._wizard.pyd

c:\users\Bobby\AppData\Local\Temp\_MEI12562\wxbase294u_net_vc90.dll

c:\users\Bobby\AppData\Local\Temp\_MEI12562\wxbase294u_vc90.dll

c:\users\Bobby\AppData\Local\Temp\_MEI12562\wxmsw294u_adv_vc90.dll

c:\users\Bobby\AppData\Local\Temp\_MEI12562\wxmsw294u_core_vc90.dll

c:\users\Bobby\AppData\Local\Temp\_MEI12562\wxmsw294u_html_vc90.dll

c:\users\Bobby\AppData\Local\Temp\_MEI12562\wxmsw294u_webview_vc90.dll

c:\users\Bobby\AppData\Local\Temp\TeamViewer\tv_w32.dll

c:\users\Bobby\AppData\Roaming\Local

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\af_ZA\af_ZA.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\af_ZA\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ar_EG\ar_EG.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ar_EG\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ar_SA\ar_SA.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ar_SA\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\az_AZ\az_AZ.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\az_AZ\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\be_BY\be_BY.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\be_BY\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\bg_BG\bg_BG.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\bg_BG\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\bn_BD\bn_BD.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\bn_BD\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\bs_BA\bs_BA.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\bs_BA\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ca_ES\ca_ES.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ca_ES\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\cs_CZ\cs_CZ.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\cs_CZ\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\da_DK\da_DK.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\da_DK\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\de_DE\de_DE.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\de_DE\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\de_DE\messages.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\de_DE\wxstd.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\el_GR\el_GR.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\el_GR\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\en_AU\en_AU.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\en_AU\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\en_GB\en_GB.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\en_GB\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\en_US\en_US.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\en_US\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\eo_US\eo_US.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\eo_US\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\es_ES\es_ES.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\es_ES\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\es_MX\es_MX.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\es_MX\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\et_EE\et_EE.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\et_EE\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\fa_IR\fa_IR.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\fa_IR\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\fa_IR\messages.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\fi_FI\fi_FI.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\fi_FI\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\fr_CA\fr_CA.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\fr_CA\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\fr_FR\fr_FR.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\fr_FR\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\fr_FR\messages.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ga_IE\ga_IE.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ga_IE\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\gl_ES\gl_ES.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\gl_ES\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\gu_IN\gu_IN.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\gu_IN\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\he_IL\he_IL.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\he_IL\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\he_IL\messages.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\hi_IN\hi_IN.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\hi_IN\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\hr_HR\hr_HR.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\hr_HR\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\hu_HU\hu_HU.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\hu_HU\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\id_ID\id_ID.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\id_ID\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\is_IS\is_IS.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\is_IS\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\it_IT\it_IT.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\it_IT\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ja_JP\ja_JP.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ja_JP\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ka_GE\ka_GE.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ka_GE\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\kn_IN\kn_IN.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\kn_IN\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ko_KR\ko_KR.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ko_KR\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\lt_LT\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\lt_LT\lt_LT.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\lv_LV\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\lv_LV\lv_LV.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\mg_MG\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\mg_MG\mg_MG.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\mk_MK\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\mk_MK\mk_MK.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ml_IN\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ml_IN\ml_IN.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\mr_IN\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\mr_IN\mr_IN.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ms_MY\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ms_MY\ms_MY.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\nb_NO\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\nb_NO\nb_NO.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\nl_NL\junk.html

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\nl_NL\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\nl_NL\messages.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\nl_NL\nl_NL.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\nn_NO\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\nn_NO\nn_NO.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\pa_IN\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\pa_IN\pa_IN.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\pl_PL\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\pl_PL\pl_PL.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\pt_BR\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\pt_BR\pt_BR.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\pt_PT\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\pt_PT\pt_PT.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ro_RO\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ro_RO\ro_RO.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ru_RU\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ru_RU\ru_RU.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\si_LK\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\si_LK\si_LK.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\sk_SK\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\sk_SK\sk_SK.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\sl_SI\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\sl_SI\sl_SI.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\sq_AL\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\sq_AL\sq_AL.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\sr_RS\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\sr_RS\sr_RS.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\sv_SE\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\sv_SE\messages.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\sv_SE\sv_SE.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ta_IN\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ta_IN\ta_IN.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\th_TH\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\th_TH\th_TH.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\tl_PH\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\tl_PH\tl_PH.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\tr_TR\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\tr_TR\tr_TR.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\uk_UA\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\uk_UA\uk_UA.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ur_PK\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\ur_PK\ur_PK.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\vi_VN\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\vi_VN\vi_VN.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\zh_CN\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\zh_CN\zh_CN.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\zh_TW\lastpass.mo

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\languages\zh_TW\zh_TW.xpm

c:\users\Bobby\AppData\Roaming\Local\Temp\lptmp1951557372\lp_languages.zip

c:\users\girls\AppData\Roaming\Local

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\af_ZA\af_ZA.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\ar_EG\ar_EG.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\ar_SA\ar_SA.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\az_AZ\az_AZ.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\be_BY\be_BY.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\bg_BG\bg_BG.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\bn_BD\bn_BD.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\bs_BA\bs_BA.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\ca_ES\ca_ES.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\cs_CZ\cs_CZ.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\da_DK\da_DK.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\de_DE\de_DE.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\de_DE\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\de_DE\wxstd.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\el_GR\el_GR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\en_AU\en_AU.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\en_GB\en_GB.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\en_US\en_US.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\eo_US\eo_US.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\es_ES\es_ES.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\es_MX\es_MX.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\et_EE\et_EE.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\fa_IR\fa_IR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\fa_IR\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\fi_FI\fi_FI.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\fr_CA\fr_CA.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\fr_FR\fr_FR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\fr_FR\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\ga_IE\ga_IE.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\gl_ES\gl_ES.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\gu_IN\gu_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\he_IL\he_IL.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\he_IL\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\hi_IN\hi_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\hr_HR\hr_HR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\hu_HU\hu_HU.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\id_ID\id_ID.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\is_IS\is_IS.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\it_IT\it_IT.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\ja_JP\ja_JP.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\ka_GE\ka_GE.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\kn_IN\kn_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\ko_KR\ko_KR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\lt_LT\lt_LT.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\lv_LV\lv_LV.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\mg_MG\mg_MG.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\mk_MK\mk_MK.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\ml_IN\ml_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\mr_IN\mr_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\ms_MY\ms_MY.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\nb_NO\nb_NO.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\nl_NL\junk.html

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\nl_NL\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\nl_NL\nl_NL.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\nn_NO\nn_NO.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\pa_IN\pa_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\pl_PL\pl_PL.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\pt_BR\pt_BR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\pt_PT\pt_PT.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\ro_RO\ro_RO.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\ru_RU\ru_RU.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\si_LK\si_LK.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\sk_SK\sk_SK.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\sl_SI\sl_SI.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\sq_AL\sq_AL.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\sr_RS\sr_RS.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\sv_SE\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\sv_SE\sv_SE.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\ta_IN\ta_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\th_TH\th_TH.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\tl_PH\tl_PH.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\tr_TR\tr_TR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\uk_UA\uk_UA.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\ur_PK\ur_PK.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\vi_VN\vi_VN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\zh_CN\zh_CN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\languages\zh_TW\zh_TW.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp1913821376\lp_languages.zip

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\af_ZA\af_ZA.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\af_ZA\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ar_EG\ar_EG.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ar_EG\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ar_SA\ar_SA.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ar_SA\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\az_AZ\az_AZ.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\az_AZ\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\be_BY\be_BY.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\be_BY\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\bg_BG\bg_BG.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\bg_BG\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\bn_BD\bn_BD.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\bn_BD\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\bs_BA\bs_BA.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\bs_BA\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ca_ES\ca_ES.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ca_ES\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\cs_CZ\cs_CZ.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\cs_CZ\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\da_DK\da_DK.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\da_DK\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\de_DE\de_DE.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\de_DE\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\de_DE\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\de_DE\wxstd.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\el_GR\el_GR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\el_GR\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\en_AU\en_AU.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\en_AU\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\en_GB\en_GB.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\en_GB\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\en_US\en_US.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\en_US\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\eo_US\eo_US.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\eo_US\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\es_ES\es_ES.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\es_ES\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\es_MX\es_MX.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\es_MX\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\et_EE\et_EE.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\et_EE\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\fa_IR\fa_IR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\fa_IR\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\fa_IR\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\fi_FI\fi_FI.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\fi_FI\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\fr_CA\fr_CA.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\fr_CA\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\fr_FR\fr_FR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\fr_FR\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\fr_FR\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ga_IE\ga_IE.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ga_IE\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\gl_ES\gl_ES.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\gl_ES\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\gu_IN\gu_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\gu_IN\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\he_IL\he_IL.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\he_IL\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\he_IL\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\hi_IN\hi_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\hi_IN\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\hr_HR\hr_HR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\hr_HR\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\hu_HU\hu_HU.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\hu_HU\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\id_ID\id_ID.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\id_ID\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\is_IS\is_IS.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\is_IS\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\it_IT\it_IT.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\it_IT\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ja_JP\ja_JP.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ja_JP\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ka_GE\ka_GE.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ka_GE\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\kn_IN\kn_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\kn_IN\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ko_KR\ko_KR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ko_KR\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\lt_LT\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\lt_LT\lt_LT.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\lv_LV\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\lv_LV\lv_LV.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\mg_MG\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\mg_MG\mg_MG.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\mk_MK\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\mk_MK\mk_MK.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ml_IN\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ml_IN\ml_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\mr_IN\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\mr_IN\mr_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ms_MY\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ms_MY\ms_MY.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\nb_NO\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\nb_NO\nb_NO.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\nl_NL\junk.html

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\nl_NL\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\nl_NL\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\nl_NL\nl_NL.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\nn_NO\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\nn_NO\nn_NO.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\pa_IN\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\pa_IN\pa_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\pl_PL\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\pl_PL\pl_PL.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\pt_BR\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\pt_BR\pt_BR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\pt_PT\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\pt_PT\pt_PT.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ro_RO\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ro_RO\ro_RO.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ru_RU\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ru_RU\ru_RU.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\si_LK\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\si_LK\si_LK.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\sk_SK\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\sk_SK\sk_SK.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\sl_SI\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\sl_SI\sl_SI.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\sq_AL\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\sq_AL\sq_AL.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\sr_RS\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\sr_RS\sr_RS.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\sv_SE\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\sv_SE\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\sv_SE\sv_SE.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ta_IN\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ta_IN\ta_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\th_TH\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\th_TH\th_TH.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\tl_PH\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\tl_PH\tl_PH.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\tr_TR\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\tr_TR\tr_TR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\uk_UA\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\uk_UA\uk_UA.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ur_PK\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\ur_PK\ur_PK.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\vi_VN\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\vi_VN\vi_VN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\zh_CN\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\zh_CN\zh_CN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\zh_TW\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\languages\zh_TW\zh_TW.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp252655593\lp_languages.zip

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\af_ZA\af_ZA.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\ar_EG\ar_EG.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\ar_SA\ar_SA.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\az_AZ\az_AZ.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\be_BY\be_BY.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\bg_BG\bg_BG.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\bn_BD\bn_BD.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\bs_BA\bs_BA.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\ca_ES\ca_ES.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\cs_CZ\cs_CZ.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\da_DK\da_DK.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\de_DE\de_DE.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\de_DE\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\de_DE\wxstd.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\el_GR\el_GR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\en_AU\en_AU.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\en_GB\en_GB.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\en_US\en_US.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\eo_US\eo_US.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\es_ES\es_ES.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\es_MX\es_MX.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\et_EE\et_EE.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\fa_IR\fa_IR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\fa_IR\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\fi_FI\fi_FI.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\fr_CA\fr_CA.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\fr_FR\fr_FR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\fr_FR\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\ga_IE\ga_IE.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\gl_ES\gl_ES.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\gu_IN\gu_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\he_IL\he_IL.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\he_IL\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\hi_IN\hi_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\hr_HR\hr_HR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\hu_HU\hu_HU.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\id_ID\id_ID.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\is_IS\is_IS.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\it_IT\it_IT.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\ja_JP\ja_JP.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\ka_GE\ka_GE.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\kn_IN\kn_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\ko_KR\ko_KR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\lt_LT\lt_LT.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\lv_LV\lv_LV.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\mg_MG\mg_MG.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\mk_MK\mk_MK.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\ml_IN\ml_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\mr_IN\mr_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\ms_MY\ms_MY.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\nb_NO\nb_NO.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\nl_NL\junk.html

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\nl_NL\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\nl_NL\nl_NL.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\nn_NO\nn_NO.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\pa_IN\pa_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\pl_PL\pl_PL.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\pt_BR\pt_BR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\pt_PT\pt_PT.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\ro_RO\ro_RO.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\ru_RU\ru_RU.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\si_LK\si_LK.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\sk_SK\sk_SK.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\sl_SI\sl_SI.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\sq_AL\sq_AL.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\sr_RS\sr_RS.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\sv_SE\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\sv_SE\sv_SE.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\ta_IN\ta_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\th_TH\th_TH.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\tl_PH\tl_PH.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\tr_TR\tr_TR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\uk_UA\uk_UA.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\ur_PK\ur_PK.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\vi_VN\vi_VN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\zh_CN\zh_CN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\languages\zh_TW\zh_TW.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp519705708\lp_languages.zip

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\af_ZA\af_ZA.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\af_ZA\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ar_EG\ar_EG.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ar_EG\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ar_SA\ar_SA.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ar_SA\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\az_AZ\az_AZ.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\az_AZ\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\be_BY\be_BY.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\be_BY\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\bg_BG\bg_BG.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\bg_BG\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\bn_BD\bn_BD.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\bn_BD\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\bs_BA\bs_BA.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\bs_BA\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ca_ES\ca_ES.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ca_ES\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\cs_CZ\cs_CZ.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\cs_CZ\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\da_DK\da_DK.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\da_DK\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\de_DE\de_DE.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\de_DE\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\de_DE\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\de_DE\wxstd.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\el_GR\el_GR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\el_GR\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\en_AU\en_AU.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\en_AU\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\en_GB\en_GB.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\en_GB\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\en_US\en_US.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\en_US\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\eo_US\eo_US.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\eo_US\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\es_ES\es_ES.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\es_ES\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\es_MX\es_MX.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\es_MX\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\et_EE\et_EE.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\et_EE\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\fa_IR\fa_IR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\fa_IR\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\fa_IR\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\fi_FI\fi_FI.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\fi_FI\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\fr_CA\fr_CA.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\fr_CA\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\fr_FR\fr_FR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\fr_FR\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\fr_FR\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ga_IE\ga_IE.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ga_IE\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\gl_ES\gl_ES.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\gl_ES\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\gu_IN\gu_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\gu_IN\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\he_IL\he_IL.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\he_IL\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\he_IL\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\hi_IN\hi_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\hi_IN\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\hr_HR\hr_HR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\hr_HR\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\hu_HU\hu_HU.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\hu_HU\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\id_ID\id_ID.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\id_ID\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\is_IS\is_IS.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\is_IS\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\it_IT\it_IT.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\it_IT\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ja_JP\ja_JP.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ja_JP\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ka_GE\ka_GE.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ka_GE\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\kn_IN\kn_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\kn_IN\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ko_KR\ko_KR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ko_KR\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\lt_LT\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\lt_LT\lt_LT.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\lv_LV\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\lv_LV\lv_LV.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\mg_MG\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\mg_MG\mg_MG.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\mk_MK\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\mk_MK\mk_MK.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ml_IN\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ml_IN\ml_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\mr_IN\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\mr_IN\mr_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ms_MY\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ms_MY\ms_MY.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\nb_NO\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\nb_NO\nb_NO.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\nl_NL\junk.html

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\nl_NL\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\nl_NL\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\nl_NL\nl_NL.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\nn_NO\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\nn_NO\nn_NO.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\pa_IN\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\pa_IN\pa_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\pl_PL\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\pl_PL\pl_PL.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\pt_BR\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\pt_BR\pt_BR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\pt_PT\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\pt_PT\pt_PT.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ro_RO\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ro_RO\ro_RO.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ru_RU\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ru_RU\ru_RU.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\si_LK\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\si_LK\si_LK.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\sk_SK\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\sk_SK\sk_SK.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\sl_SI\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\sl_SI\sl_SI.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\sq_AL\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\sq_AL\sq_AL.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\sr_RS\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\sr_RS\sr_RS.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\sv_SE\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\sv_SE\messages.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\sv_SE\sv_SE.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ta_IN\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ta_IN\ta_IN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\th_TH\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\th_TH\th_TH.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\tl_PH\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\tl_PH\tl_PH.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\tr_TR\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\tr_TR\tr_TR.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\uk_UA\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\uk_UA\uk_UA.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ur_PK\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\ur_PK\ur_PK.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\vi_VN\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\vi_VN\vi_VN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\zh_CN\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\zh_CN\zh_CN.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\zh_TW\lastpass.mo

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\languages\zh_TW\zh_TW.xpm

c:\users\girls\AppData\Roaming\Local\Temp\lptmp541790666\lp_languages.zip

.

.

CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.

You should verify if current CLSID data is correct: 

.

HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}

    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server

    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}

.

HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32

    (Default)    REG_EXPAND_SZ    %SYSTEMROOT%\system32\thumbcache.dll

    ThreadingModel    REG_SZ    Apartment

.

.

(((((((((((((((((((((((((   Files Created from 2014-11-21 to 2014-12-21  )))))))))))))))))))))))))))))))

.

.

2014-12-21 20:42 . 2014-12-21 20:42 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D910483-33BC-450D-9FE2-AFC1F759C6A9}\offreg.dll

2014-12-21 20:31 . 2014-12-21 20:31 -------- d-----w- c:\users\girls\AppData\Local\temp

2014-12-21 20:31 . 2014-12-21 20:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-12-21 20:30 . 2014-12-21 20:30 -------- d-----w- c:\users\superman\AppData\Local\temp

2014-12-21 20:30 . 2014-12-21 20:30 -------- d-----w- c:\users\superman.Owner-HP\AppData\Local\temp

2014-12-21 20:30 . 2014-12-21 20:30 -------- d-----w- c:\users\Owner\AppData\Local\temp

2014-12-21 01:42 . 2014-12-21 01:42 -------- d-----w- c:\program files (x86)\smartmontools

2014-12-21 00:03 . 2014-12-21 00:03 -------- d-----w- c:\windows\system32\appraiser

2014-12-19 10:45 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D910483-33BC-450D-9FE2-AFC1F759C6A9}\mpengine.dll

2014-12-18 20:57 . 2014-12-18 20:57 -------- d-----w- c:\users\Bobby\AppData\Roaming\Process Hacker 2

2014-12-18 01:20 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe

2014-12-18 01:20 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2014-12-10 08:01 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe

2014-12-10 08:01 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll

2014-12-10 08:01 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll

2014-12-10 08:01 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll

2014-12-10 08:01 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll

2014-12-10 08:01 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll

2014-12-10 08:01 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe

2014-12-10 08:01 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll

2014-12-10 08:01 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe

2014-12-10 08:01 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe

2014-12-10 05:23 . 2014-11-27 01:43 813744 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2014-11-30 13:04 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll

2014-11-30 13:04 . 2014-05-08 09:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll

2014-11-30 13:04 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll

2014-11-30 13:04 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll

2014-11-30 06:19 . 2014-11-30 06:19 -------- d-----w- c:\users\Owner\AppData\Roaming\Process Hacker 2

2014-11-30 04:58 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys

2014-11-30 04:58 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll

2014-11-30 04:58 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll

2014-11-30 04:58 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll

2014-11-30 03:56 . 2014-11-30 03:56 -------- d-----w- c:\program files\Process Hacker 2

2014-11-28 23:10 . 2014-11-28 23:34 -------- d-----w- C:\AdwCleaner

2014-11-28 22:45 . 2014-11-28 22:45 -------- d-----w- c:\windows\ERUNT

2014-11-28 22:06 . 2014-11-28 23:16 -------- d-----w- c:\program files\Google

2014-11-28 21:32 . 2014-11-28 21:32 -------- d-----w- c:\program files (x86)\Common Files\Java

2014-11-28 21:32 . 2014-11-28 21:32 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-11-26 23:37 . 2014-11-26 23:37 -------- d-----w- C:\found.000

2014-11-26 12:58 . 2014-12-21 01:53 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin

2014-11-25 23:58 . 2014-11-25 23:58 -------- d-sh--w- c:\users\superman.Owner-HP\AppData\Local\EmieBrowserModeList

2014-11-23 03:12 . 2014-12-21 20:55 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-11-23 03:11 . 2014-11-21 11:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-11-23 03:11 . 2014-11-21 11:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-11-23 03:11 . 2014-11-21 11:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-11-23 03:11 . 2014-12-18 19:35 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-12-11 01:33 . 2012-10-14 19:23 153256 ----a-w- c:\windows\SysWow64\WRusr.dll

2014-12-11 01:33 . 2012-10-14 19:23 114176 ----a-w- c:\windows\system32\drivers\WRkrn.sys

2014-12-11 01:33 . 2012-10-14 19:23 103816 ----a-w- c:\windows\system32\WRusr.dll

2014-12-10 08:03 . 2012-10-14 19:11 112710672 ----a-w- c:\windows\system32\MRT.exe

2014-12-09 20:38 . 2012-10-14 19:28 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-12-09 20:38 . 2012-10-14 19:28 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-11-24 19:04 . 2014-11-14 21:33 275080 ------w- c:\windows\system32\MpSigStub.exe

2014-11-11 03:08 . 2014-11-18 22:15 241152 ----a-w- c:\windows\system32\pku2u.dll

2014-11-11 03:08 . 2014-11-18 22:15 728064 ----a-w- c:\windows\system32\kerberos.dll

2014-11-11 02:44 . 2014-11-18 22:15 186880 ----a-w- c:\windows\SysWow64\pku2u.dll

2014-11-11 02:44 . 2014-11-18 22:15 550912 ----a-w- c:\windows\SysWow64\kerberos.dll

2014-10-25 01:57 . 2014-11-12 12:24 77824 ----a-w- c:\windows\system32\packager.dll

2014-10-25 01:32 . 2014-11-12 12:24 67584 ----a-w- c:\windows\SysWow64\packager.dll

2014-10-18 02:05 . 2014-11-12 12:24 861696 ----a-w- c:\windows\system32\oleaut32.dll

2014-10-18 01:33 . 2014-11-12 12:24 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2014-10-14 02:16 . 2014-11-12 12:24 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2014-10-14 02:13 . 2014-11-12 12:24 683520 ----a-w- c:\windows\system32\termsrv.dll

2014-10-14 02:13 . 2014-11-12 12:24 3241984 ----a-w- c:\windows\system32\msi.dll

2014-10-14 02:12 . 2014-11-12 12:24 1460736 ----a-w- c:\windows\system32\lsasrv.dll

2014-10-14 02:09 . 2014-11-12 12:24 146432 ----a-w- c:\windows\system32\msaudite.dll

2014-10-14 02:07 . 2014-11-12 12:24 681984 ----a-w- c:\windows\system32\adtschema.dll

2014-10-14 01:50 . 2014-11-12 12:24 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2014-10-14 01:50 . 2014-11-12 12:24 2363904 ----a-w- c:\windows\SysWow64\msi.dll

2014-10-14 01:49 . 2014-11-12 12:24 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2014-10-14 01:47 . 2014-11-12 12:24 146432 ----a-w- c:\windows\SysWow64\msaudite.dll

2014-10-14 01:46 . 2014-11-12 12:24 681984 ----a-w- c:\windows\SysWow64\adtschema.dll

2014-10-10 00:57 . 2014-11-12 12:24 3198976 ----a-w- c:\windows\system32\win32k.sys

2014-10-03 02:12 . 2014-11-12 12:24 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll

2014-10-03 02:11 . 2014-11-12 12:24 284672 ----a-w- c:\windows\system32\EncDump.dll

2014-10-03 02:11 . 2014-11-12 12:24 680960 ----a-w- c:\windows\system32\audiosrv.dll

2014-10-03 02:11 . 2014-11-12 12:24 440832 ----a-w- c:\windows\system32\AudioEng.dll

2014-10-03 02:11 . 2014-11-12 12:24 296448 ----a-w- c:\windows\system32\AudioSes.dll

2014-10-03 01:44 . 2014-11-12 12:24 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll

2014-10-03 01:44 . 2014-11-12 12:24 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll

2014-10-03 01:44 . 2014-11-12 12:24 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll

2014-09-25 02:08 . 2014-09-30 22:02 371712 ----a-w- c:\windows\system32\qdvd.dll

2014-09-25 01:40 . 2014-09-30 22:02 519680 ----a-w- c:\windows\SysWow64\qdvd.dll

2013-12-11 14:54 . 2012-11-03 12:27 10395072 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-11-18 1940160]

"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2013-10-31 2990304]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-10-21 22869088]

"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]

"WRSVC"="c:\program files\Webroot\WRSA.exe" [2014-12-11 770728]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -q -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2012-11-3 10395072]

Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -p -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2012-11-3 10395072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

"NoDFSTab"= 0 (0x0)

"NoEncryptOnMove"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoStartMenuSubFolders"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

"NoDFSTab"= 0 (0x0)

"NoEncryptOnMove"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoStartMenuSubFolders"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"DisableLocalMachineRun"= 0 (0x0)

"DisableLocalMachineRunOnce"= 0 (0x0)

"DisableCurrentUserRun"= 0 (0x0)

"DisableCurrentUserRunOnce"= 0 (0x0)

"NoFile"= 0 (0x0)

"HideClock"= 0 (0x0)

"NoDevMgrUpdate"= 0 (0x0)

"NoDFSTab"= 0 (0x0)

"NoEncryptOnMove"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoStartMenuSubFolders"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SymSilent]

2011-05-09 03:06 762296 ----a-w- c:\program files (x86)\SymSilent\SymSilent.exe

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys;c:\windows\SYSNATIVE\drivers\WRkrn.sys [x]

S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe;c:\program files\Webroot\WRSA.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys;c:\windows\SYSNATIVE\drivers\tihub3.sys [x]

S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys;c:\windows\SYSNATIVE\drivers\tixhci.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSWISSARMY

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-12-11 22:38 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-14 20:38]

.

2014-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14 07:57]

.

2014-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14 07:57]

.

2014-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2626690921-3182424600-2669169856-1005Core.job

- c:\users\girls\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-25 01:51]

.

2014-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2626690921-3182424600-2669169856-1005UA.job

- c:\users\girls\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-25 01:51]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-26 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-26 398104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-26 440600]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-04-25 1425408]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.1

.

.

------- File Associations -------

.

inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*

txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-SandboxieControl - c:\program files\Sandboxie\SbieCtrl.exe

Wow6432Node-HKCU-Run-Clownfish - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec

AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.15"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe

.

**************************************************************************

.

Completion time: 2014-12-21  15:58:36 - machine was rebooted

ComboFix-quarantined-files.txt  2014-12-21 20:58

.

Pre-Run: 872,710,492,160 bytes free

Post-Run: 892,792,729,600 bytes free

.

- - End Of File - - E33ACC8954BFC72BF63BE927E7FCBC71

[JstG]

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014 01

Ran by Bobby (administrator) on OWNER-HP on 21-12-2014 16:01:26

Running from C:\Users\Bobby\Downloads

Loaded Profile: Bobby (Available profiles: Owner & Bobby & superman & girls)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Webroot) C:\Program Files\Webroot\WRSA.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Webroot) C:\Program Files\Webroot\WRSA.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)

HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)

HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [770728 2014-12-10] (Webroot)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKLM\...\Policies\Explorer: [NoSetTaskbar] 0

HKLM\...\Policies\Explorer: [NoDeletePrinter] 0

HKLM\...\Policies\Explorer: [NoDFSTab] 0

HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0

HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0

HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKLM\...\Policies\Explorer: [NoResolveSearch] 0

HKLM\...\Policies\Explorer: [NoHardwareTab] 0

HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0

HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0

HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0

HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0

HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0

HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0

HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0

HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0

HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0

HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0

HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0

HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0

HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2990304 2013-10-30] (Nota Inc.)

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\...\Policies\Explorer: [NoDeletePrinter] 0

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\...\Policies\Explorer: [NoDFSTab] 0

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\...\Policies\Explorer: [NoEncryptOnMove] 0

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\...\Policies\Explorer: [NoResolveSearch] 0

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\...\Policies\Explorer: [NoHardwareTab] 0

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\...\Policies\Explorer: [NoStartMenuSubFolders] 0

HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0

HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0

HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk

ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk

ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)

GroupPolicyUsers\S-1-5-21-2626690921-3182424600-2669169856-1005\User: Group Policy restriction detected <======= ATTENTION

GroupPolicyUsers\S-1-5-21-2626690921-3182424600-2669169856-1003\User: Group Policy restriction detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox

SearchScopes: HKLM -> {39904947-61B9-40D2-9A3A-7EBC90CB4F58} URL = http://www.amazon.co...s={searchTerms}

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = 

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox

SearchScopes: HKLM-x32 -> {39904947-61B9-40D2-9A3A-7EBC90CB4F58} URL = http://www.amazon.co...s={searchTerms}

SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}

SearchScopes: HKU\S-1-5-21-2626690921-3182424600-2669169856-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox

SearchScopes: HKU\S-1-5-21-2626690921-3182424600-2669169856-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox

SearchScopes: HKU\S-1-5-21-2626690921-3182424600-2669169856-1003 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF

SearchScopes: HKU\S-1-5-21-2626690921-3182424600-2669169856-1003 -> {39904947-61B9-40D2-9A3A-7EBC90CB4F58} URL = http://www.amazon.co...s={searchTerms}

SearchScopes: HKU\S-1-5-21-2626690921-3182424600-2669169856-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF

SearchScopes: HKU\S-1-5-21-2626690921-3182424600-2669169856-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}

SearchScopes: HKU\S-1-5-21-2626690921-3182424600-2669169856-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)

BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)

BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)

Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)

DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://remote.lifes...SetupClient.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension

FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-01-28]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-28]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]

CHR Extension: (Adblock Plus) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-28]

CHR Extension: (Better Battlelog (BBLog)) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma [2014-07-19]

CHR Extension: (Lightshot (screenshot tool)) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2014-12-15]

CHR Extension: (AdBlock Plus) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfgikokimgonhlpfonodcmamoagidja [2014-07-19]

CHR Extension: (Google Wallet) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (DriveConverter) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnijkabgdodbjffhlmbnhlccpkfappil [2014-07-09]

CHR HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.26.crx [2014-01-30]

CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2012-11-15]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)

R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [770728 2014-12-10] (Webroot)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-21] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2014-12-10] (Webroot)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

U0 SR; No ImagePath

U2 srservice; No ImagePath

 

========================== Drivers MD5 =======================

 

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit

C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit

C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit

C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit

C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9

C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit

C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49

C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit

C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048

C:\Windows\system32\drivers\appid.sys ==> MD5 is legit

C:\Windows\system32\drivers\arc.sys ==> MD5 is legit

C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit

C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit

C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit

C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit

C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit

C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B

C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit

C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit

C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit

C:\Windows\System32\CLFS.sys ==> MD5 is legit

C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit

C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706

C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit

C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit

C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit

C:\Windows\System32\drivers\discache.sys ==> MD5 is legit

C:\Windows\System32\drivers\disk.sys ==> MD5 is legit

C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit

C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868

C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit

C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit

C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit

C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit

C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit

C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit

C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit

C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit

C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit

C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B

C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0

C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F

C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit

C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A

C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit

C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit

C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit

C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit

C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit

C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit

C:\Windows\System32\drivers\iaStor.sys C224331A54571C8C9162F7714400BBBD

C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366

C:\Windows\System32\DRIVERS\igdkmd64.sys 371D7F91C0D2314EB984A4A6CBEABC92

C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit

C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit

C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit

C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit

C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6

C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC

C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1

C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit

C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit

C:\windows\system32\drivers\mbam.sys CA43F8904E24BBE49982E4C0B29E6579

C:\windows\system32\drivers\MBAMSwissArmy.sys 26C43960C99EE861A5D0EDC4DCF3B1C3

C:\windows\system32\drivers\mwac.sys A646C2DDB8C46E9B20A326FAF566646C

C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit

C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit

C:\Windows\system32\drivers\HECIx64.sys 6B01B7414A105B9E51652089A03027CF

C:\Windows\System32\drivers\modem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit

C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit

C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404

C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC

C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163

C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C

C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit

C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit

C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit

C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit

C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit

C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit

C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88

C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit

C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit

C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2

C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit

C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD

C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A

C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit

C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit

C:\Windows\system32\drivers\parport.sys ==> MD5 is legit

C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C

C:\Windows\System32\drivers\pci.sys ==> MD5 is legit

C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit

C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit

C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit

C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit

C:\Windows\system32\drivers\processr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit

C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit

C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit

C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34

C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41

C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\Rt64win7.sys 39A719875F572241C585A629EE62EB14

C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit

C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\serial.sys ==> MD5 is legit

C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit

C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit

C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit

C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit

C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B

C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28

C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3

C:\Windows\System32\DRIVERS\ss_bus.sys D21FF3592DAEE244EE8376830A672B52

C:\Windows\System32\DRIVERS\ss_mdfl.sys 451DB3D10E6112E06B4506D4A7BECEC1

C:\Windows\System32\DRIVERS\ss_mdm.sys EF40C8A268A5263A0EF48FED8E57CBED

C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\stwrt64.sys 5709F6AEECC9C43AD9D550FB1D882209

C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\tap0901.sys F9BE29D5E097F03F81D3CD12B794CB66

C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E

C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E

C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC

C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit

C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8

C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65

C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit

C:\Windows\system32\drivers\tihub3.sys BDFC55C2389D23C7E36A627BD580EE98

C:\Windows\system32\drivers\tixhci.sys EBEDBC08C2E5EB4EC8E3DA4BF3D827B1

C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1

C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426

C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8

C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit

C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit

C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit

C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit

C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240

C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2

C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A

C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31

C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965

C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA

C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC

C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit

C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24

C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6

C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3

C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7

C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit

C:\Windows\System32\drivers\vga.sys ==> MD5 is legit

C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit

C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit

C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B

C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit

C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit

C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\system32\drivers\wd.sys ==> MD5 is legit

C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8

C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit

C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D

C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit

C:\Windows\System32\drivers\WRkrn.sys D8C23FA7D61468252F256EF01DEFB4A5

C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit

C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F

C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-21 16:01 - 2014-12-21 16:01 - 00040185 _____ () C:\Users\Bobby\Downloads\FRST.txt

2014-12-21 16:00 - 2014-12-21 16:01 - 00000000 ____D () C:\FRST

2014-12-21 16:00 - 2014-12-21 16:00 - 02122240 _____ (Farbar) C:\Users\Bobby\Downloads\FRST64.exe

2014-12-21 15:58 - 2014-12-21 15:58 - 00079627 _____ () C:\ComboFix.txt

2014-12-21 14:07 - 2014-12-21 15:58 - 00000000 ____D () C:\Qoobox

2014-12-21 14:07 - 2014-12-21 15:57 - 00000000 ____D () C:\windows\erdnt

2014-12-21 14:07 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe

2014-12-21 14:07 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe

2014-12-21 14:07 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe

2014-12-21 14:07 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe

2014-12-21 14:07 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe

2014-12-21 14:07 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe

2014-12-21 14:07 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe

2014-12-21 14:07 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe

2014-12-21 14:00 - 2014-12-21 14:00 - 05601641 ____R (Swearware) C:\Users\Bobby\Downloads\ComboFix.exe

2014-12-20 22:45 - 2014-12-20 22:45 - 00108842 _____ () C:\Users\Bobby\Downloads\OTL.Txt

2014-12-20 22:45 - 2014-12-20 22:45 - 00079900 _____ () C:\Users\Bobby\Downloads\Extras.Txt

2014-12-20 22:28 - 2014-12-20 22:28 - 00602112 _____ (OldTimer Tools) C:\Users\Bobby\Downloads\OTL.exe

2014-12-20 20:42 - 2014-12-20 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools

2014-12-20 20:42 - 2014-12-20 20:42 - 00000000 ____D () C:\Program Files (x86)\smartmontools

2014-12-20 20:41 - 2014-12-20 20:41 - 00841909 _____ () C:\Users\Bobby\Downloads\smartmontools-6.3-1.win32-setup.exe

2014-12-20 20:38 - 2014-12-20 20:38 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Bobby\Desktop\tdsskiller.exe

2014-12-20 20:37 - 2014-12-20 20:38 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Bobby\Desktop\procexp.exe

2014-12-20 20:37 - 2014-12-20 20:37 - 00593080 _____ (Sysinternals - www.sysinternals.com) C:\Users\Bobby\Desktop\autoruns.exe

2014-12-20 19:42 - 2014-12-20 19:43 - 07677632 _____ (TeamViewer GmbH) C:\Users\Bobby\Downloads\TeamViewer_Setup_en.exe

2014-12-20 19:03 - 2014-12-20 19:03 - 00000000 ____D () C:\windows\system32\appraiser

2014-12-20 18:08 - 2014-12-20 18:08 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Downloads\TFC (1).exe

2014-12-18 15:57 - 2014-12-18 15:57 - 00000000 ____D () C:\Users\Bobby\AppData\Roaming\Process Hacker 2

2014-12-17 20:20 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2014-12-17 20:20 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2014-12-10 03:01 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll

2014-12-10 03:01 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll

2014-12-10 03:01 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll

2014-12-10 03:01 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe

2014-12-10 03:01 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe

2014-12-10 03:01 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll

2014-12-10 03:01 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll

2014-12-10 03:01 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe

2014-12-10 03:01 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe

2014-12-10 03:01 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll

2014-12-10 00:24 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll

2014-12-10 00:24 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll

2014-12-10 00:24 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll

2014-12-10 00:24 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll

2014-12-10 00:24 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll

2014-12-10 00:24 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll

2014-12-10 00:24 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

2014-12-10 00:24 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe

2014-12-10 00:24 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2014-12-10 00:24 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2014-12-10 00:24 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-12-10 00:24 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2014-12-10 00:24 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2014-12-10 00:24 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2014-12-10 00:24 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2014-12-10 00:24 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2014-12-10 00:24 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2014-12-10 00:24 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2014-12-10 00:24 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2014-12-10 00:24 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2014-12-10 00:24 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll

2014-12-10 00:24 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2014-12-10 00:24 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2014-12-10 00:24 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2014-12-10 00:24 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2014-12-10 00:24 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2014-12-10 00:24 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2014-12-10 00:24 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2014-12-10 00:24 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2014-12-10 00:24 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2014-12-10 00:24 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-10 00:24 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2014-12-10 00:24 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2014-12-10 00:24 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2014-12-10 00:24 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2014-12-10 00:24 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2014-12-10 00:24 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2014-12-10 00:24 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2014-12-10 00:24 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2014-12-10 00:24 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll

2014-12-10 00:24 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll

2014-12-10 00:24 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys

2014-12-10 00:23 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-12-10 00:23 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2014-12-10 00:23 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2014-12-10 00:23 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2014-12-10 00:23 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll

2014-12-10 00:23 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2014-12-10 00:23 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2014-12-10 00:23 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2014-12-10 00:23 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2014-12-10 00:23 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2014-12-10 00:23 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2014-12-10 00:23 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2014-12-10 00:23 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2014-12-10 00:23 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll

2014-12-10 00:23 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2014-12-10 00:23 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2014-12-10 00:23 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2014-12-10 00:23 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2014-12-10 00:23 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2014-12-10 00:23 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2014-12-10 00:23 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll

2014-12-10 00:23 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2014-12-10 00:23 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2014-12-10 00:23 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll

2014-12-10 00:23 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll

2014-12-10 00:23 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe

2014-12-10 00:23 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe

2014-12-10 00:23 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll

2014-12-10 00:23 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll

2014-12-10 00:23 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll

2014-12-10 00:23 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll

2014-12-10 00:23 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe

2014-12-10 00:23 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll

2014-12-10 00:23 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-10 00:23 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll

2014-12-10 00:23 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll

2014-12-10 00:23 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe

2014-11-30 08:04 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll

2014-11-30 08:04 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll

2014-11-30 08:04 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll

2014-11-30 08:04 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll

2014-11-30 01:19 - 2014-11-30 01:19 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Process Hacker 2

2014-11-29 23:59 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys

2014-11-29 23:59 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2014-11-29 23:59 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2014-11-29 23:59 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll

2014-11-29 23:59 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll

2014-11-29 23:59 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll

2014-11-29 23:59 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll

2014-11-29 23:59 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll

2014-11-29 23:59 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll

2014-11-29 23:59 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll

2014-11-29 23:59 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe

2014-11-29 23:59 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe

2014-11-29 23:59 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll

2014-11-29 23:59 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe

2014-11-29 23:59 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll

2014-11-29 23:59 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe

2014-11-29 23:58 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll

2014-11-29 23:58 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys

2014-11-29 23:58 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll

2014-11-29 23:58 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll

2014-11-29 22:56 - 2014-11-29 22:56 - 00001843 _____ () C:\Users\Owner\Desktop\Process Hacker 2.lnk

2014-11-29 22:56 - 2014-11-29 22:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2

2014-11-29 22:56 - 2014-11-29 22:56 - 00000000 ____D () C:\Program Files\Process Hacker 2

2014-11-28 18:44 - 2014-11-28 18:44 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Downloads\TFC.exe

2014-11-28 18:10 - 2014-11-28 18:34 - 00000000 ____D () C:\AdwCleaner

2014-11-28 17:45 - 2014-11-28 17:45 - 00000000 ____D () C:\windows\ERUNT

2014-11-28 17:06 - 2014-11-28 18:16 - 00000000 ____D () C:\Program Files\Google

2014-11-28 16:32 - 2014-11-28 16:32 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll

2014-11-28 16:32 - 2014-11-28 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-11-27 20:14 - 2014-11-27 20:34 - 00000024 _____ () C:\Users\Bobby\jagexappletviewer.preferences

2014-11-27 20:14 - 2014-11-27 20:15 - 00000044 _____ () C:\Users\Bobby\jagex_cl_oldschool_LIVE.dat

2014-11-27 16:58 - 2014-12-21 00:25 - 00000024 _____ () C:\Users\Bobby\random.dat

2014-11-27 16:58 - 2014-12-21 00:23 - 00000044 _____ () C:\Users\Bobby\jagex_cl_runescape_LIVE.dat

2014-11-26 18:37 - 2014-11-26 18:37 - 00000000 ____D () C:\found.000

2014-11-25 18:58 - 2014-11-25 18:58 - 00000000 __SHD () C:\Users\superman.Owner-HP\AppData\Local\EmieBrowserModeList

2014-11-23 14:25 - 2014-11-23 14:25 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\girls\Downloads\tdsskiller (1).exe

2014-11-23 14:18 - 2014-11-23 14:18 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\girls\Downloads\tdsskiller.exe

2014-11-22 22:12 - 2014-12-21 15:55 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2014-11-22 22:12 - 2014-12-18 14:35 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-11-22 22:12 - 2014-12-18 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-11-22 22:11 - 2014-12-18 14:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-11-22 22:11 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

2014-11-22 22:11 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys

2014-11-22 22:11 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-21 16:01 - 2012-10-14 14:18 - 00000000 ____D () C:\ProgramData\WRData

2014-12-21 15:58 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default

2014-12-21 15:55 - 2014-11-15 13:04 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-21 15:55 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini

2014-12-21 15:40 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-21 15:40 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-21 15:38 - 2014-11-12 10:38 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-12-21 15:36 - 2014-11-11 21:19 - 01971566 _____ () C:\windows\WindowsUpdate.log

2014-12-21 15:32 - 2013-07-01 14:24 - 01097310 _____ () C:\windows\PFRO.log

2014-12-21 15:32 - 2013-07-01 14:24 - 00011192 _____ () C:\windows\setupact.log

2014-12-21 15:32 - 2012-08-29 11:07 - 00000000 ____D () C:\ProgramData\PDFC

2014-12-21 15:32 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-12-21 14:07 - 2012-10-17 16:59 - 00000000 ____D () C:\Users\Bobby\AppData\Roaming\Skype

2014-12-21 14:07 - 2009-07-14 00:08 - 00032584 _____ () C:\windows\Tasks\SCHEDLGU.TXT

2014-12-21 13:14 - 2014-11-15 13:09 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2626690921-3182424600-2669169856-1005UA.job

2014-12-21 13:14 - 2014-11-15 13:09 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2626690921-3182424600-2669169856-1005Core.job

2014-12-21 13:09 - 2014-11-15 13:04 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-21 02:28 - 2014-02-25 01:00 - 47277068 _____ () C:\Users\Bobby\Downloads\Boom Hotel Database.sql

2014-12-21 02:00 - 2013-09-05 16:49 - 00000572 _____ () C:\Users\Bobby\Documents\habbo sec ques.txt

2014-12-20 21:28 - 2014-07-05 15:06 - 00000000 ___RD () C:\Users\Bobby\Google Drive

2014-12-20 21:28 - 2013-05-25 14:42 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-12-20 19:46 - 2012-10-19 16:11 - 00000000 ____D () C:\Users\Bobby\AppData\Roaming\TeamViewer

2014-12-20 19:12 - 2012-10-16 19:31 - 00000000 ____D () C:\Users\Bobby\AppData\Roaming\Hewlett-Packard

2014-12-20 19:07 - 2013-07-01 01:24 - 00002772 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC

2014-12-20 19:07 - 2012-10-16 19:30 - 00001232 __RSH () C:\Users\Bobby\ntuser.pol

2014-12-20 19:07 - 2012-10-16 19:30 - 00000000 ____D () C:\Users\Bobby

2014-12-20 19:03 - 2014-05-07 02:00 - 00000000 ___SD () C:\windows\system32\CompatTel

2014-12-20 18:06 - 2012-10-14 12:34 - 00000000 ____D () C:\Users\Owner

2014-12-13 10:07 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache

2014-12-10 20:33 - 2012-10-14 14:23 - 00153256 _____ (Webroot) C:\windows\SysWOW64\WRusr.dll

2014-12-10 20:33 - 2012-10-14 14:23 - 00114176 _____ (Webroot) C:\windows\system32\Drivers\WRkrn.sys

2014-12-10 20:33 - 2012-10-14 14:23 - 00103816 _____ (Webroot) C:\windows\system32\WRusr.dll

2014-12-10 03:22 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions

2014-12-10 03:22 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat

2014-12-10 03:06 - 2013-08-14 02:01 - 00000000 ____D () C:\windows\system32\MRT

2014-12-10 03:03 - 2012-10-14 14:11 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-12-09 15:38 - 2012-10-14 14:28 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-12-09 15:38 - 2012-10-14 14:28 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-09 15:38 - 2012-10-14 14:28 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

2014-12-06 19:47 - 2012-10-14 14:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype

2014-12-04 16:59 - 2013-07-22 22:02 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps

2014-12-03 05:06 - 2013-02-21 23:22 - 00000000 ____D () C:\Users\Bobby\AppData\Local\CrashDumps

2014-11-30 01:21 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-11-29 20:16 - 2009-07-14 00:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI

2014-11-28 17:25 - 2012-10-14 14:29 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google

2014-11-28 17:25 - 2012-10-14 14:29 - 00000000 ____D () C:\Program Files (x86)\Google

2014-11-28 17:06 - 2013-07-01 01:24 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-11-28 17:06 - 2013-07-01 01:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2014-11-28 17:06 - 2013-07-01 01:24 - 00000000 ____D () C:\Program Files\CCleaner

2014-11-28 16:39 - 2013-02-02 00:07 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-11-28 16:39 - 2012-08-29 10:58 - 00000000 ____D () C:\ProgramData\Skype

2014-11-28 16:32 - 2014-01-19 13:21 - 00000000 ____D () C:\ProgramData\Oracle

2014-11-28 16:32 - 2013-06-19 22:50 - 00000000 ____D () C:\Program Files (x86)\Java

2014-11-27 20:48 - 2013-03-05 21:54 - 00001992 _____ () C:\Users\Bobby\Documents\fsdfdsfds.txt

2014-11-27 20:41 - 2013-06-27 16:45 - 00011025 _____ () C:\Users\Bobby\Documents\CHECK DIS [bleep].txt

2014-11-25 20:46 - 2013-01-08 09:05 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{BE9778AE-6600-4587-96C7-0A98722FE572}

2014-11-24 14:04 - 2014-11-14 16:33 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

2014-11-23 22:41 - 2013-07-10 15:12 - 00000276 _____ () C:\Users\Bobby\Documents\lawl accs.txt

2014-11-23 14:30 - 2012-10-20 15:06 - 00000000 ____D () C:\Users\girls\AppData\Local\CrashDumps

2014-11-23 14:09 - 2013-04-10 15:58 - 00000000 ____D () C:\Users\girls\AppData\Roaming\Apple Computer

2014-11-22 22:11 - 2013-10-17 14:33 - 00000000 ____D () C:\ProgramData\Malwarebytes

 

Files to move or delete:

====================

C:\Users\Bobby\jagex_cl_oldschool_LIVE.dat

C:\Users\Bobby\jagex_cl_runescape_LIVE.dat

C:\Users\Bobby\random.dat

C:\Users\Owner\jagex_cl_runescape_LIVE.dat

C:\Users\Owner\random.dat

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

==================== BCD ================================

 

Firmware Boot Manager

---------------------

identifier              {fwbootmgr}

displayorder            {bootmgr}

                        {88005825-f1f0-11e1-836b-24be0525eaad}

                        {88005826-f1f0-11e1-836b-24be0525eaad}

                        {88005828-f1f0-11e1-836b-24be0525eaad}

                        {88005829-f1f0-11e1-836b-24be0525eaad}

                        {8800582a-f1f0-11e1-836b-24be0525eaad}

                        {8800582b-f1f0-11e1-836b-24be0525eaad}

                        {8800582c-f1f0-11e1-836b-24be0525eaad}

timeout                 0

 

Windows Boot Manager

--------------------

identifier              {bootmgr}

device                  partition=\Device\HarddiskVolume1

path                    \EFI\Microsoft\Boot\bootmgfw.efi

description             Windows Boot Manager

locale                  en-US

inherit                 {globalsettings}

extendedinput           Yes

default                 {current}

resumeobject            {8800582d-f1f0-11e1-836b-24be0525eaad}

displayorder            {current}

toolsdisplayorder       {memdiag}

timeout                 30

customactions           0x1000085000001

                        0x5400000f

custom:5400000f         {f7016f76-1623-11e2-955e-b4b52fcbc31b}

 

Firmware Application (101fffff)

-------------------------------

identifier              {88005825-f1f0-11e1-836b-24be0525eaad}

description             USB Floppy/CD

 

Firmware Application (101fffff)

-------------------------------

identifier              {88005826-f1f0-11e1-836b-24be0525eaad}

description             USB Hard Drive

 

Firmware Application (101fffff)

-------------------------------

identifier              {88005828-f1f0-11e1-836b-24be0525eaad}

description             ATAPI CD-ROM Drive

 

Firmware Application (101fffff)

-------------------------------

identifier              {88005829-f1f0-11e1-836b-24be0525eaad}

description             CD/DVD Drive 

 

Firmware Application (101fffff)

-------------------------------

identifier              {8800582a-f1f0-11e1-836b-24be0525eaad}

description             USB Floppy/CD

 

Firmware Application (101fffff)

-------------------------------

identifier              {8800582b-f1f0-11e1-836b-24be0525eaad}

description             Hard Drive

 

Firmware Application (101fffff)

-------------------------------

identifier              {8800582c-f1f0-11e1-836b-24be0525eaad}

description             Realtek PXE B03 D00

 

Windows Boot Loader

-------------------

identifier              {current}

device                  partition=C:

path                    \windows\system32\winload.efi

description             Windows 7

locale                  en-US

inherit                 {bootloadersettings}

recoverysequence        {f7016f76-1623-11e2-955e-b4b52fcbc31b}

recoveryenabled         Yes

osdevice                partition=C:

systemroot              \windows

resumeobject            {8800582d-f1f0-11e1-836b-24be0525eaad}

nx                      OptIn

 

Windows Boot Loader

-------------------

identifier              {f7016f76-1623-11e2-955e-b4b52fcbc31b}

device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{f7016f77-1623-11e2-955e-b4b52fcbc31b}

path                    \windows\system32\winload.efi

description             Windows Recovery Environment

inherit                 {bootloadersettings}

osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{f7016f77-1623-11e2-955e-b4b52fcbc31b}

systemroot              \windows

nx                      OptIn

winpe                   Yes

 

Resume from Hibernate

---------------------

identifier              {8800582d-f1f0-11e1-836b-24be0525eaad}

device                  partition=C:

path                    \windows\system32\winresume.efi

description             Windows Resume Application

locale                  en-US

inherit                 {resumeloadersettings}

filedevice              partition=C:

filepath                \hiberfil.sys

debugoptionenabled      No

 

Windows Memory Tester

---------------------

identifier              {memdiag}

device                  partition=\Device\HarddiskVolume1

path                    \EFI\Microsoft\Boot\memtest.efi

description             Windows Memory Diagnostic

locale                  en-US

inherit                 {globalsettings}

badmemoryaccess         Yes

 

EMS Settings

------------

identifier              {emssettings}

bootems                 Yes

 

Debugger Settings

-----------------

identifier              {dbgsettings}

debugtype               Serial

debugport               1

baudrate                115200

 

RAM Defects

-----------

identifier              {badmemory}

 

Global Settings

---------------

identifier              {globalsettings}

inherit                 {dbgsettings}

                        {emssettings}

                        {badmemory}

 

Boot Loader Settings

--------------------

identifier              {bootloadersettings}

inherit                 {globalsettings}

                        {hypervisorsettings}

 

Hypervisor Settings

-------------------

identifier              {hypervisorsettings}

hypervisordebugtype     Serial

hypervisordebugport     1

hypervisorbaudrate      115200

 

Resume Loader Settings

----------------------

identifier              {resumeloadersettings}

inherit                 {globalsettings}

 

Device options

--------------

identifier              {f7016f77-1623-11e2-955e-b4b52fcbc31b}

description             Ramdisk Options

ramdisksdidevice        partition=D:

ramdisksdipath          \Recovery\WindowsRE\boot.sdi

 

 

 

LastRegBack: 2014-12-15 22:29

 

==================== End Of Log ============================

 

Addition Log: 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2014 01

Ran by Bobby at 2014-12-21 16:03:31

Running from C:\Users\Bobby\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}

AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden

Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)

Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Gtk# for .Net 2.12.10 (HKLM-x32\...\{550B72C4-F404-4812-971F-947E835A877E}) (Version: 2.12.10 - Novell, Inc.)

Gyazo 2.0.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)

HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)

HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)

HP Deskjet 2510 series Basic Device Software (HKLM\...\{C8B7EFDF-28EA-4A17-B89A-C03317E3B5CF}) (Version: 27.0.847.0 - Hewlett-Packard Co.)

HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)

HP Deskjet 2510 series Product Improvement Study (HKLM\...\{B784E572-44B3-49AA-B959-A7D74D9B2793}) (Version: 27.0.847.0 - Hewlett-Packard Co.)

HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)

HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)

HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)

HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)

HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)

HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)

HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)

HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)

HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)

HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)

HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)

HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)

HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)

HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)

HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)

HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden

iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)

Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2598 - Intel Corporation)

Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)

iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Kepard (HKLM-x32\...\Kepard) (Version:  - Kepard) <==== ATTENTION!

Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)

opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden

PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)

Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden

Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)

Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)

smartmontools (HKLM-x32\...\smartmontools) (Version: 6.3 2014-07-26 r3976 (sf-6.3-1) - smartmontools.org)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{355FBD67-5A4F-44DA-86A1-56EEC4C20EC0}) (Version: 1.12.18.0 - Texas Instruments Inc.)

TI USB3 Host Driver (x32 Version: 1.12.18.0 - Texas Instruments Inc.) Hidden

TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden

Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.6.28 - Webroot)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

10-12-2014 03:00:22 Windows Update

13-12-2014 03:00:58 Windows Update

16-12-2014 17:59:54 Windows Update

18-12-2014 03:00:58 Windows Update

20-12-2014 17:56:07 Windows Modules Installer

20-12-2014 18:46:36 Windows Update

20-12-2014 19:39:39 Removed RuneScape Launcher 1.2.2

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:34 - 2014-12-21 15:55 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {09322C30-9388-439D-95DA-D3C89C2153AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: {171E6464-A7D8-4700-8865-5833F6980690} - \User_Feed_Synchronization-{8BF53033-7064-41CE-A1B5-A72CE9D6279A} No Task File <==== ATTENTION

Task: {2A9ED14A-238C-4054-B017-13F4D4BE7CA3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)

Task: {2CD7B25D-5E52-4FF2-889F-E138580FCBF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)

Task: {30E6CA2A-2B9C-4DA2-813B-0BAA0CCB36CC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2626690921-3182424600-2669169856-1005Core => C:\Users\girls\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-21] (Google Inc.)

Task: {3158307A-B267-40F4-A9CE-36E9CB43F661} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2011-10-11] ()

Task: {44E9F5BF-03DA-4D09-B320-E26A5CC9DCFA} - \User_Feed_Synchronization-{888F7AFA-451F-4C45-AC79-4307A50CFEEE} No Task File <==== ATTENTION

Task: {51EB4B27-22F9-482E-AA2C-D5E12F5A3C55} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)

Task: {6F3DB31E-9AD0-466E-8C55-A7B23B57D7B8} - System32\Tasks\hpUtility.exe_{6398D749-4234-43E7-907D-1AAC5D52082E} => C:\Program Files\HP\HP Deskjet 2510 series\Bin\utils\hpUtility.exe [2012-01-31] (Hewlett-Packard Co.)

Task: {84BF9274-D7AC-4E88-A84B-BDA800199033} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2626690921-3182424600-2669169856-1005UA => C:\Users\girls\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-21] (Google Inc.)

Task: {8A88B91B-6205-42B9-A39E-E57701183C74} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)

Task: {A29E9451-2717-4DD8-92CC-FC00299071B0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {AC741305-7D52-4BFD-BCC0-B69A6323D88A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN2AH3HK7X05QX => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)

Task: {D0DACCB0-63F9-4486-AD63-4672BF8EFDFD} - \User_Feed_Synchronization-{78D55426-36A8-4457-B3E4-74D94CD157D1} No Task File <==== ATTENTION

Task: {DC04864F-A109-4519-BA5D-0762B897E64B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {DCA9479B-02ED-4B97-88C3-436C0C868CEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)

Task: {DEB76A88-5759-4D07-9E12-1448DF60ECC5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {E41DD6BD-F59B-4F43-949E-4F062B9F904F} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-01-31] (Hewlett-Packard Co.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2626690921-3182424600-2669169856-1005Core.job => C:\Users\girls\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2626690921-3182424600-2669169856-1005UA.job => C:\Users\girls\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-08-29 10:53 - 2011-12-16 15:37 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

2012-06-18 10:24 - 2012-06-18 10:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll

2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2012-08-29 10:53 - 2011-12-16 13:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2014-12-11 17:39 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

2014-12-11 17:39 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

2014-12-11 17:39 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-11 17:39 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!

HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!

HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!

HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!

HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!

HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\Software\Classes\exefile: "%1" %* <===== ATTENTION!

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: BeatsOSDApp => C:\Program Files\IDT\WDM\beats64.exe

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-2626690921-3182424600-2669169856-500 - Administrator - Disabled)

Bobby (S-1-5-21-2626690921-3182424600-2669169856-1003 - Administrator - Enabled) => C:\Users\Bobby

girls (S-1-5-21-2626690921-3182424600-2669169856-1005 - Limited - Enabled) => C:\Users\girls

Guest (S-1-5-21-2626690921-3182424600-2669169856-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2626690921-3182424600-2669169856-1002 - Limited - Enabled)

Owner (S-1-5-21-2626690921-3182424600-2669169856-1000 - Administrator - Enabled) => C:\Users\Owner

superman (S-1-5-21-2626690921-3182424600-2669169856-1004 - Limited - Enabled) => C:\Users\superman.Owner-HP

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/21/2014 03:00:07 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )

Description: 80004005

 

Error: (12/21/2014 02:07:23 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: TeamViewer_Service.exe, version: 10.0.36897.0, time stamp: 0x548ec3a6

Faulting module name: TeamViewer_Service.exe, version: 10.0.36897.0, time stamp: 0x548ec3a6

Exception code: 0xc0000005

Fault offset: 0x0029c1c0

Faulting process id: 0x2b38

Faulting application start time: 0xTeamViewer_Service.exe0

Faulting application path: TeamViewer_Service.exe1

Faulting module path: TeamViewer_Service.exe2

Report Id: TeamViewer_Service.exe3

 

Error: (12/20/2014 03:04:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 31200

 

Error: (12/20/2014 03:04:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 31200

 

Error: (12/20/2014 03:04:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/20/2014 03:04:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15600

 

Error: (12/20/2014 03:04:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 15600

 

Error: (12/20/2014 03:04:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/20/2014 02:22:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 31356

 

Error: (12/20/2014 02:22:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 31356

 

 

System errors:

=============

Error: (12/21/2014 03:31:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (12/21/2014 03:28:56 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (12/21/2014 03:04:44 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (12/21/2014 02:07:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The TeamViewer 10 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.

 

Error: (12/20/2014 09:39:16 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (12/20/2014 08:16:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: The following fatal alert was generated: 40. The internal error state is 252.

 

Error: (12/20/2014 08:16:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: The following fatal alert was generated: 40. The internal error state is 252.

 

Error: (12/20/2014 07:42:30 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (12/20/2014 06:26:31 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (12/20/2014 06:17:10 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: 

%%1190

 

 

Microsoft Office Sessions:

=========================

Error: (12/21/2014 03:00:07 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )

Description: 80004005

 

Error: (12/21/2014 02:07:23 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: TeamViewer_Service.exe10.0.36897.0548ec3a6TeamViewer_Service.exe10.0.36897.0548ec3a6c00000050029c1c02b3801d01d5157e5aa5fc:\users\bobby\appdata\local\temp\teamviewer\TeamViewer_Service.exec:\users\bobby\appdata\local\temp\teamviewer\TeamViewer_Service.exe97a63892-8944-11e4-949d-b4b52fcbc31b

 

Error: (12/20/2014 03:04:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 31200

 

Error: (12/20/2014 03:04:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 31200

 

Error: (12/20/2014 03:04:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/20/2014 03:04:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15600

 

Error: (12/20/2014 03:04:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 15600

 

Error: (12/20/2014 03:04:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/20/2014 02:22:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 31356

 

Error: (12/20/2014 02:22:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 31356

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-12-21 15:28:56.916

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-12-21 15:28:56.831

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Pentium® CPU G640 @ 2.80GHz

Percentage of memory in use: 31%

Total physical RAM: 6030.01 MB

Available physical RAM: 4105.26 MB

Total Pagefile: 12058.2 MB

Available Pagefile: 9922.61 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:914.58 GB) (Free:831.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (HP_RECOVERY) (Fixed) (Total:16.71 GB) (Free:16.62 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 0E29C100)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

[Valinorum]

Uninstall Kepard. Inform me about your PC's condition after the fix along with answers to my previous question.


 

• Step #1 Fix with FRST
  Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
  • Open Notepad.exe. Do not use any other text editor software;
  • Copy and Paste the contents inside the code-box to your Notepad --
    

    Start
    CreateRestorePoint:
    Closeprocesses:
    Emptytemp:
    GroupPolicyUsers\S-1-5-21-2626690921-3182424600-2669169856-1005\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-2626690921-3182424600-2669169856-1003\User: Group Policy restriction detected <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    C:\Users\Bobby\jagex_cl_oldschool_LIVE.dat
    C:\Users\Bobby\jagex_cl_runescape_LIVE.dat
    C:\Users\Bobby\random.dat
    C:\Users\Owner\jagex_cl_runescape_LIVE.dat
    C:\Users\Owner\random.dat
    Task: {171E6464-A7D8-4700-8865-5833F6980690} - \User_Feed_Synchronization-{8BF53033-7064-41CE-A1B5-A72CE9D6279A} No Task File <==== ATTENTION
    Task: {44E9F5BF-03DA-4D09-B320-E26A5CC9DCFA} - \User_Feed_Synchronization-{888F7AFA-451F-4C45-AC79-4307A50CFEEE} No Task File <==== ATTENTION
    Task: {D0DACCB0-63F9-4486-AD63-4672BF8EFDFD} - \User_Feed_Synchronization-{78D55426-36A8-4457-B3E4-74D94CD157D1} No Task File <==== ATTENTION
    HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
    HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
    HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
    HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
    HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
    HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
    HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\Software\Classes\exefile: "%1" %* <===== ATTENTION!
    CMD: ipconfig /flushdns
    End

  • Click on File > Save as...
    • Inside the File Name box type fixlist.txt;
    • From the Save as type drop down list, choose All Files
  • Save the file to your Desktop;
  • Re-run FRST.exe and click Fix;
    • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
  • After the completion, a log will be produced;
  • Copy and Paste the contents of the log in your next reply.

 

• Required Log(s):
  • FRST Fix Log

Regards,
Valinorum

[JstG]

Was given this error as FRST64 was fixing.

[Valinorum]

Developer of the tool has been notified of the error. Please post the fixlog.txt located in the same location of FRST64.exe.

[JstG]

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-12-2014 01

Ran by Bobby at 2014-12-22 00:30:21 Run:1

Running from C:\Users\Bobby\Desktop

Loaded Profile: Bobby (Available profiles: Owner & Bobby & superman & girls)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

CreateRestorePoint:

Closeprocesses:

Emptytemp:

GroupPolicyUsers\S-1-5-21-2626690921-3182424600-2669169856-1005\User: Group Policy restriction detected <======= ATTENTION

GroupPolicyUsers\S-1-5-21-2626690921-3182424600-2669169856-1003\User: Group Policy restriction detected <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

C:\Users\Bobby\jagex_cl_oldschool_LIVE.dat

C:\Users\Bobby\jagex_cl_runescape_LIVE.dat

C:\Users\Bobby\random.dat

C:\Users\Owner\jagex_cl_runescape_LIVE.dat

C:\Users\Owner\random.dat

Task: {171E6464-A7D8-4700-8865-5833F6980690} - \User_Feed_Synchronization-{8BF53033-7064-41CE-A1B5-A72CE9D6279A} No Task File <==== ATTENTION

Task: {44E9F5BF-03DA-4D09-B320-E26A5CC9DCFA} - \User_Feed_Synchronization-{888F7AFA-451F-4C45-AC79-4307A50CFEEE} No Task File <==== ATTENTION

Task: {D0DACCB0-63F9-4486-AD63-4672BF8EFDFD} - \User_Feed_Synchronization-{78D55426-36A8-4457-B3E4-74D94CD157D1} No Task File <==== ATTENTION

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!

HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!

HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!

HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!

HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!

HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!

HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\Software\Classes\exefile: "%1" %* <===== ATTENTION!

CMD: ipconfig /flushdns

End

*****************

 

Restore point was successfully created.

Processes closed successfully.

C:\windows\system32\GroupPolicyUsers\S-1-5-21-2626690921-3182424600-2669169856-1005\User => Moved successfully.

C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.

C:\windows\system32\GroupPolicyUsers\S-1-5-21-2626690921-3182424600-2669169856-1003\User => Moved successfully.

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

"HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

C:\Users\Bobby\jagex_cl_oldschool_LIVE.dat => Moved successfully.

C:\Users\Bobby\jagex_cl_runescape_LIVE.dat => Moved successfully.

C:\Users\Bobby\random.dat => Moved successfully.

C:\Users\Owner\jagex_cl_runescape_LIVE.dat => Moved successfully.

C:\Users\Owner\random.dat => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{171E6464-A7D8-4700-8865-5833F6980690}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{171E6464-A7D8-4700-8865-5833F6980690}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{8BF53033-7064-41CE-A1B5-A72CE9D6279A}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44E9F5BF-03DA-4D09-B320-E26A5CC9DCFA}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44E9F5BF-03DA-4D09-B320-E26A5CC9DCFA}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{888F7AFA-451F-4C45-AC79-4307A50CFEEE}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0DACCB0-63F9-4486-AD63-4672BF8EFDFD}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0DACCB0-63F9-4486-AD63-4672BF8EFDFD}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{78D55426-36A8-4457-B3E4-74D94CD157D1}" => Key deleted successfully.

"HKU\.DEFAULT\Software\Classes\exefile" => Key deleted successfully.

"HKU\.DEFAULT\Software\Classes\.exe" => Key deleted successfully.

HKU\.DEFAULT\Software\Classes\exefile => Key not found. 

"HKU\S-1-5-19\Software\Classes\exefile" => Key deleted successfully.

"HKU\S-1-5-19\Software\Classes\.exe" => Key deleted successfully.

HKU\S-1-5-19\Software\Classes\exefile => Key not found. 

"HKU\S-1-5-20\Software\Classes\exefile" => Key deleted successfully.

"HKU\S-1-5-20\Software\Classes\.exe" => Key deleted successfully.

HKU\S-1-5-20\Software\Classes\exefile => Key not found. 

"HKU\S-1-5-21-2626690921-3182424600-2669169856-1003\Software\Classes\exefile" => Key deleted successfully.

 

=========  ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

EmptyTemp: => Removed 1.4 GB temporary data.

[Valinorum]

How is your PC?

[JstG]

How is your PC?

I've Suspended the process - I'll try turning allowing the process back and see if what has been done does anything.

[Valinorum]

I await your reply.

[JstG]

Allowed it and the system seems to be running smoothly, and the CPU is no longer spiking to 100%, it's resting around a 25% mark, which is fine. Thanks for your help!

[Valinorum]

Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.

 
 

♣ Removal of Tools and Quarantined Files ♣

 

Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.

It is time to uninstall Combofix. Please follow the instructions:

• Click on the Start button () and then in the Search field enter combofix /uninstall, as shown in the image below with the blue arrow. Please note that there is a space between combofix and /uninstall.
  
• Once you have typed this in, press Enter on your keyboard.
• A Open File security warning will appear asking if you are sure you want to run ComboFix. Please click on the Run button to start the program.
• ComboFix will now uninstall itself from your computer and remove any backups and quarantined files. When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled. You can now delete the ComboFix.exe program from your computer. ComboFix has now been uninstalled from your Windows Vista or Windows 7 computer.
  • Cleanup with Delfix
    Please download DelFix by Xplode to your Desktop.
    Download Link
    • Double-click to run the program;
      • Note: Windows Vista/7/8 users right-click and choose Run as administrator
    • Make sure that all the boxes are checked;
    • Click Run;
    • A log will be opened after the operation is finished;
    • Copy and Paste it in your next reply
   
   
  

  ♣ Prevention and Future Guidelines ♣

  
   
  
  Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.
  • Keep Windows up-to-date.
    It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.
  • Run antivirus software and keep it up-to-date, too.
    Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!
  • Keep your web browser plugins and other programs updated also.
    This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.
    
    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.
    
    No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.
    
    Download NoSript by Giorgio Maone.
    
    Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.
  • Watch out for new threat named CryptoLocker
    CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.
    How to prevent your computer from becoming infected by CryptoLocker.
  • And last of all, surf smart.
    It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article, How Did I Get Infected in the First Place?
    
    
  Regards,
  Valinorum

[JstG]

# DelFix v10.8 - Logfile created 23/12/2014 at 15:39:55

# Updated 29/07/2014 by Xplode

# Username : Bobby - OWNER-HP

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

 

~ Activating UAC ... OK

 

~ Removing disinfection tools ...

 

Deleted : C:\Qoobox

Deleted : C:\FRST

Deleted : C:\AdwCleaner

Deleted : C:\ComboFix.txt

Deleted : C:\TDSSKiller.3.0.0.41_23.11.2014_14.25.18_log.txt

Deleted : C:\TDSSKiller.3.0.0.42_20.12.2014_20.38.54_log.txt

Deleted : C:\Users\Bobby\Desktop\Fixlog.txt

Deleted : C:\Users\Bobby\Desktop\FRST64.exe

Deleted : C:\Users\Bobby\Desktop\tdsskiller.exe

Deleted : C:\windows\grep.exe

Deleted : C:\windows\PEV.exe

Deleted : C:\windows\NIRCMD.exe

Deleted : C:\windows\MBR.exe

Deleted : C:\windows\SED.exe

Deleted : C:\windows\SWREG.exe

Deleted : C:\windows\SWSC.exe

Deleted : C:\windows\SWXCACLS.exe

Deleted : C:\windows\Zip.exe

Deleted : HKLM\SOFTWARE\OldTimer Tools

Deleted : HKLM\SOFTWARE\AdwCleaner

Deleted : HKLM\SOFTWARE\Swearware

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

 

~ Creating registry backup ... OK

 

~ Cleaning system restore ...

 

Deleted : RP #292 [Windows Update | 12/18/2014 08:00:58]

Deleted : RP #293 [Windows Modules Installer | 12/20/2014 22:56:07]

Deleted : RP #294 [Windows Update | 12/20/2014 23:46:36]

Deleted : RP #295 [Removed RuneScape Launcher 1.2.2 | 12/21/2014 00:39:39]

Deleted : RP #297 [Restore Point Created by FRST | 12/22/2014 05:30:53]

 

New restore point created !

 

~ Resetting system settings ... OK

 

########## - EOF - ##########

[Valinorum]

For future reference: Peruse everything carefully before executing. You were asked to uninstall Combofix first and then move on to DelFix part. Safe surfing.