Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I think I have JS/Kryptik.ATB trojans and I need help to get rid of th

Started by bathquan , Jan 12 2015 09:05 PM

  • This topic is locked This topic is locked

#1
bathquan
Posted 12 January 2015 - 09:05 PM

bathquan

    New Member

  • Member
  • Pip
  • 6 posts

I stupidly got infected badly by malware earlier today by using clipconverter.cc and while overstressed from college work I blindly ran an .exe file disguised as an mp3 and now I'm paying for it. I spent most of the day running different software to get rid of the majority of the damage. The programs I've used are:

  • Malwarebytes

  • AdwCleaner

  • Farbar Recovery Scan Tool

  • Kaspersky TDSS rootkit removing tool

  • Junkware Removal Tool

  • ESET online scanner

  • SecurityCheck

I think I got rid of most of it (although I am in no way experienced with getting rid of malware).

My concern is that after scanning my laptop with ESET I got this result:

 


 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c9dca763a7bb61448b2408fe1ac4a4c8
# engine=21935
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-13 01:43:45
# local_time=2015-01-13 01:43:45 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.3.9600 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 2960257 17311710 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5100775 45994718 0 0
# scanned=457418
# found=4
# cleaned=0
# scan_time=10369
sh=FFC97664043ECC519215F6F6EA66231DA6AF417A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Beth\AppData\Roaming\Mozilla\Firefox\Profiles\j1dpxnyo.default-1401231934056\Extensions\[email protected]\content\bg.js.vir"
sh=2A83B0759C1B0DCB26FAC287B4DE95F23A6632F8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Beth\AppData\Roaming\Mozilla\Firefox\Profiles\j1dpxnyo.default-1401231934056\Extensions\[email protected]\content\bg.js.vir"
sh=243AC77DE5727FB75F47B87B2D1E34D7B08A7EED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\ProgramData\aoeaidngllmeeamehfmlefgalocndpji\C8G2c.js"
sh=243AC77DE5727FB75F47B87B2D1E34D7B08A7EED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\All Users\aoeaidngllmeeamehfmlefgalocndpji\C8G2c.js"

Which I think shows that I have a couple of trojans. I assumed the first two were quarantined by AdwCleaner and that that meant that they posed no threat, but I'm clueless about this sort of thing so I don't know! I tried to get rid of the threatening one by typing this into notepad:


 

Start

C:\ProgramData\aoeaidngllmeeamehfmlefgalocndpji\C8G2c.js
End

and saving it as "fixlist.txt" and using FRST to fix it. The FRST log showed that it was successfully "moved".

 

Anyways, I'm not sure if that's gotten rid of the threat and I won't feel comfortable until I have professional advice so I would be forever grateful if someone could offer me a bit of help! I've kept the results of the other scans I've done so I'll post those if needed! Thanks in advance!

 

OTL LOG

 

OTL logfile created on: 13/01/2015 02:41:04 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Beth\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17498)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.46 Gb Total Physical Memory | 5.45 Gb Available Physical Memory | 73.04% Memory free
8.65 Gb Paging File | 6.39 Gb Available in Paging File | 73.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 904.14 Gb Total Space | 621.83 Gb Free Space | 68.78% Space Free | Partition Type: NTFS
Drive D: | 26.16 Gb Total Space | 3.12 Gb Free Space | 11.94% Space Free | Partition Type: NTFS
 
Computer Name: BETHPC | User Name: Beth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/13 02:40:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Beth\Downloads\OTL.exe
PRC - [2015/01/13 02:21:35 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2015/01/13 02:20:56 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/12/06 01:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/07/25 08:42:26 | 000,311,616 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2014/01/16 13:09:38 | 001,103,712 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/08/29 00:23:38 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/02/07 08:20:20 | 001,641,768 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
PRC - [2013/02/07 08:20:08 | 003,695,912 | ---- | M] (AuthenTec Inc.) -- C:\Program Files (x86)\HP SimplePass\TouchControl.exe
PRC - [2013/02/07 08:19:54 | 004,073,768 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
PRC - [2013/01/31 17:31:42 | 001,626,872 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
PRC - [2013/01/10 12:23:30 | 000,379,904 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
PRC - [2012/11/05 15:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2012/10/12 13:16:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/09/07 16:33:08 | 000,581,024 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/09/07 16:33:08 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/07/13 14:50:00 | 000,093,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012/06/08 03:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/13 02:20:58 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/12/06 01:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/06 01:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/06 01:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/06 01:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/10/18 21:31:11 | 007,785,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\43edd630a9f8cd6ac38c527b106ec94f\System.Xml.ni.dll
MOD - [2014/10/18 21:31:03 | 012,856,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\70c6bf4a51d18b4a9a1805cd48d1caad\System.Windows.Forms.ni.dll
MOD - [2014/10/18 21:30:26 | 001,635,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8efdc7a3726640f79d9333da88accaf8\System.Drawing.ni.dll
MOD - [2014/10/18 21:29:42 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\483443985708dc5439abe7fd6350abe4\System.Core.ni.dll
MOD - [2014/10/18 21:29:36 | 010,030,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\1c5fe4cb68f67046baec4c3a854f722f\System.ni.dll
MOD - [2014/10/11 12:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/06/21 16:27:12 | 000,196,096 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\3028a8133b93784c0a419f1f6eecb9d7\CustomMarshalers.ni.dll
MOD - [2014/04/23 15:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/03/18 15:27:55 | 017,395,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll
MOD - [2013/12/20 12:14:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2013/12/20 12:14:46 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2013/08/29 00:25:02 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/08/29 00:23:38 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/02/07 08:19:54 | 004,073,768 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
MOD - [2013/01/31 16:04:00 | 000,070,904 | ---- | M] () -- C:\Windows\SysWOW64\BsProfileFunc.dll
MOD - [2013/01/10 11:59:24 | 000,019,456 | ---- | M] () -- C:\Windows\SysWOW64\BsTrace.dll
MOD - [2013/01/10 10:25:58 | 000,353,280 | ---- | M] () -- C:\Windows\SysWOW64\BsExtendFunc.dll
MOD - [2013/01/10 10:25:56 | 000,011,264 | ---- | M] () -- C:\Windows\SysWOW64\SCChangeMonitor.dll
MOD - [2012/06/08 10:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/08 03:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/01/13 02:20:56 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/11/12 00:06:52 | 002,449,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/10/31 04:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/07 01:54:27 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/09/22 03:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/09/22 03:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/08/16 03:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/08/16 00:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/08/16 00:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/07/24 07:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/06/20 18:36:10 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/06/20 18:36:10 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/06/20 18:31:23 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/06/20 18:25:00 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2014/06/09 23:52:30 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2014/03/18 15:27:40 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/03/18 15:27:40 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/03/18 15:27:35 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/03/18 15:27:33 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/03/18 15:27:32 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/03/18 15:27:30 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 11:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 11:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 11:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 11:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 11:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 10:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 10:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 09:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 09:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 09:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 09:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 09:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 09:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 09:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 09:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/08/16 05:21:10 | 000,339,456 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2013/01/23 01:27:10 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/01/07 22:31:42 | 000,401,856 | ---- | M] (AuthenTec, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\AuthenTec\TrueService.exe -- (TrueService)
SRV:64bit: - [2012/09/24 12:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2015/01/13 00:43:12 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/01/09 02:07:58 | 000,834,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/08/16 03:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/06/20 18:31:23 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/06/20 18:25:01 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2014/06/20 18:24:59 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2014/06/20 18:24:58 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/04 23:58:24 | 000,087,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe -- (VsEtwService120)
SRV - [2013/08/22 03:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 02:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/02/07 08:20:20 | 001,641,768 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe -- (FPLService)
SRV - [2013/01/31 17:31:42 | 001,626,872 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2013/01/10 12:35:28 | 000,138,752 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe -- (BsHelpCS)
SRV - [2012/11/27 11:56:40 | 000,037,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe -- (HPConnectedRemote)
SRV - [2012/09/07 16:33:08 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/13 02:21:30 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2015/01/13 02:21:02 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2015/01/13 02:21:02 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2015/01/13 02:21:02 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2015/01/13 02:21:02 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2015/01/13 02:21:02 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2015/01/13 02:21:02 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2015/01/13 02:21:01 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/10/13 02:43:17 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/10/13 02:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/10/13 02:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/10/10 01:58:57 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/09/22 03:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/09/22 03:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/09/22 02:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/08/15 00:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/07/24 15:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/07/24 15:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/07/24 11:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatformMp)
DRV:64bit: - [2014/07/24 11:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/06/20 18:37:30 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/06/20 18:36:11 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/06/20 18:36:10 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/06/20 18:36:10 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/06/20 18:31:23 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb22.sys -- (xusb22)
DRV:64bit: - [2014/06/16 06:01:38 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/06/16 06:01:38 | 000,110,336 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2014/06/09 23:52:30 | 013,209,088 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2014/06/09 23:52:30 | 000,626,688 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2014/06/09 23:52:18 | 000,036,096 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:64bit: - [2014/03/18 15:27:34 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/03/18 15:27:30 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/03/18 15:27:20 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/03/18 15:27:19 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2014/03/18 15:27:19 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/03/18 15:27:18 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/03/18 15:27:18 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/03/18 15:27:18 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/03/18 15:27:18 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/03/18 15:10:07 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/12/04 10:02:30 | 002,505,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/12/02 09:42:14 | 001,204,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtbth.sys -- (rtbth)
DRV:64bit: - [2013/08/28 23:31:58 | 000,495,856 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/08/28 23:31:56 | 000,029,424 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2013/08/22 13:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 13:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 12:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 12:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 12:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 12:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 12:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 12:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 12:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 12:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 12:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 12:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 12:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 12:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 12:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 12:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 12:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 12:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 12:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 12:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 12:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 12:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 12:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 12:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 12:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 12:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 12:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 12:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 12:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 11:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 11:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 11:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 11:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 11:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 11:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 11:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 11:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 11:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 11:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 11:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 11:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 11:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 11:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 11:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 11:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 11:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 11:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 11:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 11:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 11:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 08:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/16 05:21:10 | 000,551,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2013/08/12 23:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 00:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 18:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 19:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/05/19 02:02:52 | 000,039,168 | ---- | M] (Scarlet.Crush Productions) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScpVBus.sys -- (ScpVBus)
DRV:64bit: - [2013/02/26 09:36:46 | 000,049,200 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtUrbBtFlt.sys -- (btUrbFilterDrv)
DRV:64bit: - [2012/11/30 22:31:02 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/11/30 22:31:00 | 000,080,552 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/09/24 12:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/09/24 12:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/08/31 08:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/08/29 04:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/08/25 17:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/22 06:26:38 | 000,091,648 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/01 00:04:12 | 000,690,832 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/07/31 17:31:30 | 000,294,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012/07/19 16:47:40 | 000,056,904 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BtL2caScoIf.sys -- (BthL2caScoIfSrv)
DRV:64bit: - [2012/06/25 09:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/15 10:22:02 | 000,023,136 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BtAudioBus.sys -- (BtAudioBusSrv)
DRV:64bit: - [2012/04/09 08:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT13/2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{368CE243-927D-4100-B617-20B96A040D20}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{368CE243-927D-4100-B617-20B96A040D20}: "URL" = http://www.amazon.co...s={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {5CCBD22B-36BF-4C8A-8377-BBA929BD4D3F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{368CE243-927D-4100-B617-20B96A040D20}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{5CCBD22B-36BF-4C8A-8377-BBA929BD4D3F}: "URL" = https://uk.search.ya...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@authentec.com/ffwloplugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Beth\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/01/13 02:21:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/01/13 00:43:02 | 000,000,000 | ---D | M]
 
[2013/09/27 23:29:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beth\AppData\Roaming\mozilla\Extensions
[2015/01/12 21:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beth\AppData\Roaming\mozilla\Firefox\Profiles\j1dpxnyo.default-1401231934056\extensions
[2015/01/13 00:42:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/01/13 00:43:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: No name found = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: No name found = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: No name found = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.9_0\
CHR - Extension: No name found = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: No name found = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd\7.5.1_0\
CHR - Extension: No name found = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2021.112_0\
CHR - Extension: No name found = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.5.4_0\
CHR - Extension: No name found = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: No name found = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\5.6_0\
CHR - Extension: No name found = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2013/08/22 13:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Beth\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_7AA02041506F505FF9861A1007033B6B] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [Power2GoExpress8] C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{284DE553-E798-4893-A4D6-D35C50298BCB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F9E89E4-C414-42AC-81F1-B1053D4D25E8}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC4BED6B-CE68-459F-B51E-7DC418F8B09E}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/13 02:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/01/13 02:21:06 | 000,364,512 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe
[2015/01/13 02:20:59 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2015/01/13 00:42:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/01/12 22:49:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2015/01/12 22:25:52 | 004,187,592 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Beth\Desktop\tdsskiller.exe
[2015/01/12 22:14:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2015/01/12 21:58:52 | 000,000,000 | ---D | C] -- C:\FRST
[2015/01/12 21:57:12 | 002,124,288 | ---- | C] (Farbar) -- C:\Users\Beth\Desktop\FRST64.exe
[2015/01/12 21:07:01 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/12 21:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/01/12 21:02:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/01/12 21:02:11 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2015/01/12 21:02:11 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2015/01/12 21:02:11 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2015/01/12 21:02:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/01/12 21:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/01/12 20:38:01 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Local\Deployment
[2015/01/12 20:26:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enhance Browser
[2015/01/12 20:26:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\unisaLes
[2015/01/12 20:26:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\unnisalless
[2015/01/12 20:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\aoeaidngllmeeamehfmlefgalocndpji
[2015/01/11 17:55:11 | 000,224,768 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\HPToneCtrls64.dll
[2015/01/11 17:55:09 | 000,464,384 | ---- | C] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\slapoi64.dll
[2015/01/11 17:55:08 | 008,153,088 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\IDTNHP.dll
[2015/01/11 17:55:08 | 002,230,784 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\IDTNX.dll
[2015/01/11 17:55:08 | 000,253,952 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\IDTNJ.exe
[2015/01/11 17:55:07 | 008,078,848 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\IDTNGUI.exe
[2015/01/11 17:55:07 | 001,897,984 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\IDTNC64.cpl
[2015/01/11 17:55:07 | 001,703,424 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\sttray64.exe
[2015/01/11 17:55:06 | 006,101,504 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\stlang64.dll
[2015/01/10 18:33:06 | 000,000,000 | ---D | C] -- C:\Users\Beth\Documents\walk
[2014/12/29 01:04:13 | 000,551,936 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\drivers\stwrt64.sys
[2014/12/29 01:04:10 | 000,499,200 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\stcplx64.dll
[2014/12/29 01:04:09 | 002,213,376 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\stapo64.dll
[2014/12/29 01:04:09 | 000,256,000 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\st646491.dll
[2014/12/26 16:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DS4Windows
[2014/12/25 16:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
[2014/12/24 19:09:58 | 000,000,000 | ---D | C] -- C:\Users\Beth\Documents\Bully Scholarship Edition
[2014/12/24 02:34:17 | 000,000,000 | ---D | C] -- C:\Users\Beth\Documents\mem stick backup
[2014/12/23 17:38:34 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Roaming\java
[2014/12/23 16:39:21 | 000,000,000 | ---D | C] -- C:\Users\Beth\Documents\My Games
[2014/12/20 00:42:10 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Roaming\3909
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/13 02:39:03 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/13 02:39:01 | 000,002,203 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/01/13 02:39:00 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/13 02:34:05 | 000,000,983 | ---- | M] () -- C:\WINDOWS\SysWow64\bscs.ini
[2015/01/13 02:33:38 | 000,003,620 | ---- | M] () -- C:\WINDOWS\SysWow64\LOCALSERVICE.INI
[2015/01/13 02:32:31 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/01/13 02:31:03 | 000,000,043 | ---- | M] () -- C:\WINDOWS\SysWow64\LOCALDEVICE.INI
[2015/01/13 02:30:28 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/01/13 02:30:28 | 2115,821,567 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/13 02:21:41 | 000,001,980 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/01/13 02:21:30 | 001,050,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsnx.sys
[2015/01/13 02:21:02 | 000,436,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys
[2015/01/13 02:21:02 | 000,364,512 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe
[2015/01/13 02:21:02 | 000,267,632 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys
[2015/01/13 02:21:02 | 000,116,728 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswStm.sys
[2015/01/13 02:21:02 | 000,083,280 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys
[2015/01/13 02:21:02 | 000,065,776 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys
[2015/01/13 02:21:02 | 000,029,208 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswHwid.sys
[2015/01/13 02:21:01 | 000,093,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys
[2015/01/13 02:20:59 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2015/01/13 02:04:40 | 000,852,504 | ---- | M] () -- C:\Users\Beth\Desktop\SecurityCheck.exe
[2015/01/13 00:20:03 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1195360697-2828033514-3606766148-1002UA.job
[2015/01/12 22:26:06 | 004,187,592 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Beth\Desktop\tdsskiller.exe
[2015/01/12 22:15:10 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForBeth.job
[2015/01/12 21:57:16 | 002,124,288 | ---- | M] (Farbar) -- C:\Users\Beth\Desktop\FRST64.exe
[2015/01/12 21:20:01 | 000,000,916 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1195360697-2828033514-3606766148-1002Core.job
[2015/01/12 21:07:18 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/12 21:02:17 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/01/06 15:02:52 | 000,956,476 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015/01/06 15:02:52 | 000,800,408 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015/01/06 15:02:52 | 000,165,436 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/12/26 17:27:15 | 000,535,920 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/12/26 17:01:12 | 000,001,648 | ---- | M] () -- C:\Users\Beth\Desktop\DS4Windows.lnk
[2014/12/25 16:15:23 | 000,002,237 | ---- | M] () -- C:\Users\Beth\Desktop\HP Support Assistant.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/13 02:35:45 | 000,002,203 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/01/13 02:34:37 | 000,000,908 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/13 02:34:36 | 000,000,904 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/13 02:21:41 | 000,001,980 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/01/13 02:04:35 | 000,852,504 | ---- | C] () -- C:\Users\Beth\Desktop\SecurityCheck.exe
[2015/01/12 21:02:17 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/01/11 17:55:09 | 000,049,523 | ---- | C] () -- C:\WINDOWS\SysNative\ROADSTER.XML
[2014/12/26 17:01:12 | 000,001,648 | ---- | C] () -- C:\Users\Beth\Desktop\DS4Windows.lnk
[2014/12/25 16:15:23 | 000,002,237 | ---- | C] () -- C:\Users\Beth\Desktop\HP Support Assistant.lnk
[2014/10/28 16:04:42 | 000,003,584 | ---- | C] () -- C:\Users\Beth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/06/26 16:36:08 | 000,007,064 | ---- | C] () -- C:\Users\Beth\AppData\Local\recently-used.xbel
[2014/06/20 17:51:56 | 000,922,144 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014/06/20 17:46:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2014/06/09 23:52:38 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2014/06/09 23:52:38 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2014/06/09 23:52:34 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2014/06/09 23:52:24 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2014/06/09 23:52:24 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2014/06/09 23:52:18 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2014/03/18 15:27:42 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/03/18 15:27:21 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/01/23 17:31:12 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2014/01/23 17:31:08 | 000,974,848 | ---- | C] () -- C:\WINDOWS\SysWow64\cis-2.4.dll
[2014/01/23 17:31:08 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_bs-2.3.dll
[2014/01/23 17:31:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_pe-2.3.dll
[2014/01/23 17:31:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_se-2.3.dll
[2013/08/28 23:39:57 | 000,003,620 | ---- | C] () -- C:\WINDOWS\SysWow64\LOCALSERVICE.INI
[2013/08/28 23:39:57 | 000,000,043 | ---- | C] () -- C:\WINDOWS\SysWow64\LOCALDEVICE.INI
[2013/08/22 15:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 15:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 14:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 07:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 03:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 23:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 23:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/03/04 15:30:20 | 000,000,983 | ---- | C] () -- C:\WINDOWS\SysWow64\bscs.ini
[2013/01/31 16:04:00 | 000,070,904 | ---- | C] () -- C:\WINDOWS\SysWow64\BsProfileFunc.dll
 
========== ZeroAccess Check ==========
 
[2014/06/20 21:14:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/08/31 00:15:33 | 021,197,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/30 22:59:13 | 018,723,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 09:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 02:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 09:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015/01/01 00:12:50 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\.minecraft
[2014/12/20 00:42:10 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\3909
[2014/08/02 17:11:02 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\Autograph
[2014/08/01 20:31:44 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\AVAST Software
[2014/08/01 20:36:58 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\Dropbox
[2014/08/01 20:36:56 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\DropboxMaster
[2014/12/09 19:53:55 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\DS4Windows
[2014/12/26 16:55:34 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\DSDCS
[2013/08/28 14:12:52 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\fltk.org
[2013/08/27 20:00:13 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\IDT
[2014/12/23 17:38:34 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\java
[2014/03/18 21:21:00 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\Notepad++
[2014/01/08 23:17:51 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\NuGet
[2013/10/12 11:27:31 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\OpenOffice
[2014/10/28 16:00:13 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\Samsung
[2013/08/27 19:09:51 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\Synaptics
[2014/02/05 00:39:37 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\To the Moon - Freebird Games
[2015/01/12 21:41:05 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\uTorrent
[2014/08/28 16:20:39 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\WebApp
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\Beth\OneDrive:ms-properties
 
< End of report >
 

  • 0

Advertisements

#2
LiquidTension
Posted 13 January 2015 - 01:06 AM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hello bathquan, welcome to Geeks to Go Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.  :)
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 
     

======================================================
 

Anyways, I'm not sure if that's gotten rid of the threat and I won't feel comfortable until I have professional advice so I would be forever grateful if someone could offer me a bit of help!

This is definitely the best course of action. :) Tools such as FRST are powerful; used incorrectly, can render a machine unbootable. 
 
Please do the following. I would like to see a fresh set of FRST logs, so please ensure you run a new scan as instructed in Step 1.
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
mlEX1wH.png RogueKiller

  • Please download RogueKiller (x64) and save the file to your Desktop.
  • Close any running programmes.
  • Right-Click RogueKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
  • A browser window may open. Close the browser window.
  • Click jpgUwzp.png. Upon completion, click phPvmc6.png.
  • Close the programme. Do not fix anything!
  • A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • RKreport.txt

  • 0

#3
bathquan
Posted 13 January 2015 - 01:44 PM

bathquan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Thank you very much for your help Adam, it really is appreciated! You can call me Beth :) I'm sorry my reply is a little later than I'd have liked - I've been stuck in college all day and I've only just gotten home!

Here's FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by Beth (administrator) on BETHPC on 13-01-2015 19:20:39
Running from C:\Users\Beth\Desktop
Loaded Profile: Beth (Available profiles: Beth)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x64__8wekyb3d8bbwe\glcnd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-08-28] (Synaptics Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-01-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-13] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
HKU\S-1-5-21-1195360697-2828033514-3606766148-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942208 2015-01-09] (Valve Corporation)
HKU\S-1-5-21-1195360697-2828033514-3606766148-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-1195360697-2828033514-3606766148-1002\...\Run: [Facebook Update] => C:\Users\Beth\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-02] (Facebook Inc.)
HKU\S-1-5-21-1195360697-2828033514-3606766148-1002\...\Run: [GoogleChromeAutoLaunch_7AA02041506F505FF9861A1007033B6B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
Startup: C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT13/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
HKU\S-1-5-21-1195360697-2828033514-3606766148-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
SearchScopes: HKLM -> {368CE243-927D-4100-B617-20B96A040D20} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {368CE243-927D-4100-B617-20B96A040D20} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1195360697-2828033514-3606766148-1002 -> DefaultScope {5CCBD22B-36BF-4C8A-8377-BBA929BD4D3F} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-1195360697-2828033514-3606766148-1002 -> {368CE243-927D-4100-B617-20B96A040D20} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-1195360697-2828033514-3606766148-1002 -> {5CCBD22B-36BF-4C8A-8377-BBA929BD4D3F} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-1195360697-2828033514-3606766148-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...9550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-1195360697-2828033514-3606766148-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Beth\AppData\Roaming\Mozilla\Firefox\Profiles\j1dpxnyo.default-1401231934056
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-1195360697-2828033514-3606766148-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Beth\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected] [2015-01-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-01]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-31]
CHR Extension: (YouTube) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-27]
CHR Extension: (Adblock Plus) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-13]
CHR Extension: (Google Search) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-27]
CHR Extension: (XKit) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2013-12-03]
CHR Extension: (Hola Better Internet) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-01-13]
CHR Extension: (avast! Online Security) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-16]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-01-13]
CHR Extension: (Google Wallet) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (Hover Zoom) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2015-01-13]
CHR Extension: (Gmail) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-27]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-13]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-01-23] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-13] (AVAST Software)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1626872 2013-01-31] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [37760 2012-11-27] (Hewlett-Packard)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-06-20] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-06-09] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-13] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-22] (Advanced Micro Devices)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49200 2013-02-26] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-07-24] (Microsoft Corporation)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-08-28] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-06-20] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-13 19:20 - 2015-01-13 19:21 - 00025436 _____ () C:\Users\Beth\Desktop\FRST.txt
2015-01-13 02:57 - 2015-01-13 02:57 - 00154234 _____ () C:\Users\Beth\Downloads\OTL.Txt
2015-01-13 02:57 - 2015-01-13 02:57 - 00134422 _____ () C:\Users\Beth\Downloads\Extras.Txt
2015-01-13 02:40 - 2015-01-13 02:40 - 00602112 _____ (OldTimer Tools) C:\Users\Beth\Downloads\OTL.exe
2015-01-13 02:35 - 2015-01-13 02:39 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-13 02:35 - 2015-01-13 02:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-13 02:34 - 2015-01-13 02:39 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 02:34 - 2015-01-13 02:39 - 00000904 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 02:34 - 2015-01-13 02:34 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-13 02:34 - 2015-01-13 02:34 - 00003644 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-13 02:26 - 2014-12-31 11:14 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-01-13 02:21 - 2015-01-13 02:21 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-01-13 02:21 - 2015-01-13 02:21 - 00001980 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-13 02:20 - 2015-01-13 02:20 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-01-13 02:04 - 2015-01-13 02:04 - 00852504 _____ () C:\Users\Beth\Desktop\SecurityCheck.exe
2015-01-13 00:42 - 2015-01-13 00:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-12 22:49 - 2015-01-12 22:49 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-12 22:25 - 2015-01-12 22:26 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Beth\Desktop\tdsskiller.exe
2015-01-12 22:23 - 2015-01-12 22:23 - 00000613 _____ () C:\Users\Beth\Desktop\JRT.txt
2015-01-12 22:14 - 2015-01-12 22:14 - 01707939 _____ (Thisisu) C:\Users\Beth\Downloads\JRT.exe
2015-01-12 22:14 - 2015-01-12 22:14 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-12 22:00 - 2015-01-12 22:01 - 00050176 _____ () C:\Users\Beth\Downloads\Addition.txt
2015-01-12 21:58 - 2015-01-13 19:20 - 00000000 ____D () C:\FRST
2015-01-12 21:58 - 2015-01-12 22:01 - 00035954 _____ () C:\Users\Beth\Downloads\FRST.txt
2015-01-12 21:57 - 2015-01-12 21:57 - 02124288 _____ (Farbar) C:\Users\Beth\Desktop\FRST64.exe
2015-01-12 21:07 - 2015-01-12 21:07 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-12 21:02 - 2015-01-12 21:49 - 00000000 ____D () C:\AdwCleaner
2015-01-12 21:02 - 2015-01-12 21:02 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-12 21:02 - 2015-01-12 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-12 21:02 - 2015-01-12 21:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-12 21:02 - 2015-01-12 21:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-12 21:02 - 2014-11-21 06:54 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-12 21:02 - 2014-11-21 06:53 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-12 21:02 - 2014-11-21 06:53 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-12 21:01 - 2015-01-12 21:01 - 02191360 _____ () C:\Users\Beth\Downloads\AdwCleaner.exe
2015-01-12 21:01 - 2015-01-12 21:01 - 00305664 _____ (Secure By Design Inc.) C:\Users\Beth\Downloads\Ninite Malwarebytes Installer(1).exe
2015-01-12 21:00 - 2015-01-12 21:00 - 00305664 _____ (Secure By Design Inc.) C:\Users\Beth\Downloads\Ninite Malwarebytes Installer.exe
2015-01-12 20:38 - 2015-01-12 20:38 - 00000000 ____D () C:\Users\Beth\AppData\Local\Deployment
2015-01-12 20:26 - 2015-01-12 21:40 - 00000000 ____D () C:\Program Files (x86)\unnisalless
2015-01-12 20:26 - 2015-01-12 21:40 - 00000000 ____D () C:\Program Files (x86)\unisaLes
2015-01-12 20:26 - 2015-01-12 21:40 - 00000000 ____D () C:\Program Files (x86)\Enhance Browser
2015-01-12 20:25 - 2015-01-13 02:08 - 00000000 ____D () C:\ProgramData\aoeaidngllmeeamehfmlefgalocndpji
2015-01-11 21:13 - 2015-01-11 23:40 - 00011771 _____ () C:\Users\Beth\Desktop\Work schedule.xlsx
2015-01-11 17:55 - 2013-08-16 05:21 - 08153088 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNHP.dll
2015-01-11 17:55 - 2013-08-16 05:21 - 08078848 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNGUI.exe
2015-01-11 17:55 - 2013-08-16 05:21 - 06101504 _____ (IDT, Inc.) C:\WINDOWS\system32\stlang64.dll
2015-01-11 17:55 - 2013-08-16 05:21 - 02230784 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNX.dll
2015-01-11 17:55 - 2013-08-16 05:21 - 01897984 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNC64.cpl
2015-01-11 17:55 - 2013-08-16 05:21 - 01703424 _____ (IDT, Inc.) C:\WINDOWS\sttray64.exe
2015-01-11 17:55 - 2013-08-16 05:21 - 00253952 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNJ.exe
2015-01-11 17:55 - 2013-08-16 05:21 - 00224768 _____ (IDT, Inc.) C:\WINDOWS\system32\HPToneCtrls64.dll
2015-01-11 17:55 - 2012-06-28 08:47 - 00049523 _____ () C:\WINDOWS\system32\ROADSTER.XML
2015-01-11 17:55 - 2011-05-17 17:25 - 00464384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slapoi64.dll
2015-01-10 18:33 - 2015-01-10 18:33 - 00000000 ____D () C:\Users\Beth\Documents\walk
2015-01-10 18:31 - 2015-01-10 18:32 - 20198237 _____ () C:\Users\Beth\Downloads\attachments (1).zip
2015-01-10 18:31 - 2015-01-10 18:32 - 15599959 _____ () C:\Users\Beth\Downloads\attachments (2).zip
2015-01-05 19:36 - 2015-01-05 19:37 - 22481284 _____ () C:\Users\Beth\Downloads\Example1.zip
2015-01-02 17:41 - 2015-01-02 17:57 - 11171848 _____ () C:\Users\Beth\Downloads\I wouldn't mind [He is we cover] .m4a
2015-01-02 17:41 - 2015-01-02 17:42 - 05413480 _____ () C:\Users\Beth\Downloads\I wouldn't mind [He is we cover]  (1).m4a
2014-12-29 01:05 - 2014-12-29 01:05 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-12-29 01:04 - 2013-08-16 05:21 - 02213376 _____ (IDT, Inc.) C:\WINDOWS\system32\stapo64.dll
2014-12-29 01:04 - 2013-08-16 05:21 - 00551936 _____ (IDT, Inc.) C:\WINDOWS\system32\Drivers\stwrt64.sys
2014-12-29 01:04 - 2013-08-16 05:21 - 00499200 _____ (IDT, Inc.) C:\WINDOWS\system32\stcplx64.dll
2014-12-29 01:04 - 2013-08-16 05:21 - 00256000 _____ (IDT, Inc.) C:\WINDOWS\system32\st646491.dll
2014-12-29 01:01 - 2014-12-29 01:02 - 46079856 _____ (Hewlett-Packard ) C:\Users\Beth\Downloads\sp63555.exe
2014-12-26 17:22 - 2014-12-26 17:22 - 07878008 _____ (Microsoft Corporation) C:\Users\Beth\Downloads\Xbox360_64Eng (1).exe
2014-12-26 17:22 - 2014-12-26 17:22 - 00003136 _____ () C:\WINDOWS\System32\Tasks\{9520D0E3-877B-49F5-A9D0-E861B294A189}
2014-12-26 17:01 - 2014-12-26 17:01 - 00001648 _____ () C:\Users\Beth\Desktop\DS4Windows.lnk
2014-12-26 16:56 - 2014-12-26 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DS4Windows
2014-12-25 16:15 - 2014-12-25 16:15 - 00002237 _____ () C:\Users\Beth\Desktop\HP Support Assistant.lnk
2014-12-25 16:13 - 2014-12-25 16:13 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-12-24 19:09 - 2014-12-24 19:32 - 00000000 ____D () C:\Users\Beth\Documents\Bully Scholarship Edition
2014-12-24 02:52 - 2014-12-24 02:55 - 45721480 _____ (Hewlett-Packard ) C:\Users\Beth\Downloads\sp59861 (1).exe
2014-12-24 02:34 - 2014-12-24 02:38 - 00000000 ____D () C:\Users\Beth\Documents\mem stick backup
2014-12-23 17:38 - 2014-12-23 17:38 - 00000000 ____D () C:\Users\Beth\AppData\Roaming\java
2014-12-23 16:39 - 2014-12-23 16:39 - 00000000 ____D () C:\Users\Beth\Documents\My Games
2014-12-22 23:14 - 2014-12-22 23:14 - 00667648 _____ () C:\Users\Beth\Downloads\Detection (4).msi
2014-12-20 00:42 - 2014-12-20 00:42 - 00000000 ____D () C:\Users\Beth\AppData\Roaming\3909
2014-12-20 00:11 - 2014-12-20 00:11 - 00667648 _____ () C:\Users\Beth\Downloads\Detection (3).msi
2014-12-14 00:11 - 2014-12-14 00:11 - 05197824 _____ () C:\Users\Beth\Downloads\HPSupportSolutionsFramework-en-11.51.0048.msi
2014-12-14 00:06 - 2014-12-14 00:08 - 45375952 _____ (Hewlett-Packard ) C:\Users\Beth\Downloads\sp59154.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-13 19:19 - 2014-11-25 16:01 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DB7162D7-8762-47C4-A588-FF771743A215}
2015-01-13 19:19 - 2014-06-20 18:31 - 01572539 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-13 19:19 - 2013-03-04 15:30 - 00000983 _____ () C:\WINDOWS\SysWOW64\bscs.ini
2015-01-13 19:16 - 2013-08-28 23:39 - 00003620 _____ () C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2015-01-13 19:16 - 2013-08-28 23:39 - 00000043 _____ () C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2015-01-13 19:16 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-13 12:16 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-13 03:07 - 2013-08-27 19:19 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1195360697-2828033514-3606766148-1002
2015-01-13 02:34 - 2013-08-27 19:53 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-13 02:33 - 2014-06-20 18:40 - 00000000 ___DO () C:\Users\Beth\OneDrive
2015-01-13 02:30 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-13 02:28 - 2014-03-18 08:16 - 00036644 _____ () C:\WINDOWS\PFRO.log
2015-01-13 02:28 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-13 02:21 - 2014-08-01 20:30 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-01-13 02:21 - 2014-08-01 20:29 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-01-13 02:21 - 2014-08-01 20:29 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-01-13 02:21 - 2014-08-01 20:29 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-01-13 02:21 - 2014-08-01 20:29 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-01-13 02:21 - 2014-08-01 20:29 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-01-13 02:21 - 2014-08-01 20:29 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-01-13 02:21 - 2014-08-01 20:29 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-01-13 02:21 - 2014-08-01 20:29 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-01-13 02:13 - 2013-09-27 23:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-13 00:20 - 2013-09-02 20:15 - 00000938 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1195360697-2828033514-3606766148-1002UA.job
2015-01-12 22:15 - 2014-02-18 23:47 - 00003154 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForBeth
2015-01-12 22:15 - 2014-02-18 23:47 - 00000342 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForBeth.job
2015-01-12 21:41 - 2014-05-14 11:40 - 00000000 ____D () C:\Users\Beth\AppData\Roaming\uTorrent
2015-01-12 21:41 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\IME
2015-01-12 21:20 - 2013-09-02 20:15 - 00000916 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1195360697-2828033514-3606766148-1002Core.job
2015-01-11 17:55 - 2013-08-22 14:46 - 00322218 _____ () C:\WINDOWS\setupact.log
2015-01-09 19:51 - 2013-08-27 21:32 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-07 17:19 - 2013-08-28 13:20 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-01-07 17:19 - 2013-08-28 13:20 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-06 15:02 - 2014-03-18 15:26 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-06 01:05 - 2013-09-20 15:17 - 00000000 ____D () C:\Users\Beth\Documents\Thoughts
2015-01-05 19:34 - 2013-09-15 23:02 - 00000000 ____D () C:\Users\Beth\Documents\Visual Studio 2010
2015-01-02 17:56 - 2014-10-28 14:43 - 00000000 ____D () C:\Users\Beth\Documents\phone pictures 281014
2015-01-01 00:12 - 2014-06-28 16:46 - 00000000 ____D () C:\Users\Beth\AppData\Roaming\.minecraft
2014-12-29 01:05 - 2013-07-05 15:05 - 00000000 ____D () C:\Program Files\IDT
2014-12-29 01:03 - 2012-08-04 00:02 - 00000000 ____D () C:\SWSetup
2014-12-26 17:27 - 2013-08-22 14:44 - 00535920 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-26 16:55 - 2014-12-09 19:45 - 00000000 ____D () C:\Users\Beth\AppData\Roaming\DSDCS
2014-12-25 16:15 - 2013-04-01 18:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-25 16:15 - 2013-04-01 18:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-12-25 16:14 - 2013-04-01 18:15 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-12-25 16:12 - 2013-04-01 18:29 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-12-25 04:27 - 2014-11-02 22:54 - 00000000 ____D () C:\Users\Beth\AppData\Roaming\Skype
2014-12-24 19:12 - 2013-04-01 18:25 - 00209549 _____ () C:\WINDOWS\DirectX.log
2014-12-23 16:49 - 2014-02-25 19:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-23 16:46 - 2013-09-12 21:20 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-23 16:37 - 2014-01-08 21:33 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-21 16:52 - 2014-06-20 17:57 - 00000000 ____D () C:\Users\Beth
2014-12-17 18:24 - 2012-07-26 07:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-17 16:48 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-14 00:18 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2014-12-14 00:18 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-14 00:18 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-14 00:18 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-12-14 00:18 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-13 12:11
 
==================== End Of Log ============================

 

Here's addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by Beth at 2015-01-13 19:21:55
Running from C:\Users\Beth\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 (HKLM\...\UDK-5a7d20c3-b84c-4311-a2e3-4ac5a88cecc5) (Version:  - RuneStorm
 (HKLM\...\UDK-5b338baf-3766-4502-aa77-c27b1c57440e) (Version:  - RuneStorm
µTorrent (HKU\S-1-5-21-1195360697-2828033514-3606766148-1002\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{7545D28D-00EC-C15D-FE18-C3E3F5EC0BDD}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Amnesia: A Machine for Pigs (HKLM-x32\...\Steam App 239200) (Version:  - The Chinese Room)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Autograph 3.3 (HKLM-x32\...\{AD6A8057-680B-459E-84D6-13A880A3575C}) (Version: 3.30.10.0 - Eastmond Publishing Ltd.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bully: Scholarship Edition (HKLM-x32\...\Steam App 12200) (Version:  - Rockstar New England)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.6326 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2608 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
Dropbox (HKU\S-1-5-21-1195360697-2828033514-3606766148-1002\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
DS4Windows (HKLM-x32\...\{4006439B-D5ED-4048-BE9C-B5BEE669B312}) (Version: 1.5.16 - DSDCS)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote v. 5.1.1 (HKLM-x32\...\{19ABCFE2-7EED-11E3-B98A-00163E98E7D6}) (Version: 5.1.1.2334 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32 - WildTangent) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Gone Home (HKLM-x32\...\Steam App 232430) (Version:  - The Fullbright Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-1195360697-2828033514-3606766148-1002\...\HPConnectedMusic) (Version: 1.1 (build 126) hp - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.6.3 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{92E8BC5B-6023-4846-8151-415351A4FAFF}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Product Detection (HKLM-x32\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
I am Bread (HKLM-x32\...\Steam App 327890) (Version:  - Bossa Studios)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Just Cause 2 Demo (HKLM-x32\...\Steam App 35110) (Version:  - Avalanche)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1195360697-2828033514-3606766148-1002\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU (HKLM-x32\...\{bec3d87e-1d6d-4b15-8383-29068c86b888}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-GB)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
Octodad (HKLM-x32\...\Octodad) (Version:  - )
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{24B89186-2A56-4D28-B930-6F4FCF224E2F}) (Version: 4.01.9714 - Apache Software Foundation)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{7B83C685-3EA9-544F-9580-368394C67C3A}) (Version: 11.0.737.2 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27025 - Realtek Semiconductor Corp.)
Rocksmith 2014 (HKLM-x32\...\Steam App 221680) (Version:  - Ubisoft - San Francisco)
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - 5th Cell Media)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.104 - Skype Technologies S.A.)
Sleeping Dogs™ Demo (HKLM-x32\...\Steam App 215220) (Version:  - United Front Games)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version:  - Raven Software)
Star Wars: Knights of the Old Republic II (HKLM-x32\...\Steam App 208580) (Version:  - Obsidian Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Street Fighter IV (HKLM-x32\...\Steam App 21660) (Version:  - Capcom)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
System Requirements Lab Detection (HKLM-x32\...\{5835D73F-A07B-4232-A186-2CEA2017241B}) (Version: 2.2.3.0 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
To the Moon (HKLM-x32\...\Steam App 206440) (Version:  - Freebird Games)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Unreal Development Kit: 2012-07 (HKLM\...\UDK-942fb610-9f89-4d8f-adfb-14967a1f4b9e) (Version:  - Epic Games, Inc.)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Viscera Cleanup Detail (HKLM-x32\...\Steam App 246900) (Version:  - RuneStorm)
Viscera Cleanup Detail: Santas Rampage
Viscera Cleanup Detail: Santa's Rampage (HKLM-x32\...\Steam App 265210) (Version:  - RuneStorm)
Viscera Cleanup Detail: Shadow Warrior
Viscera Cleanup Detail: Shadow Warrior (HKLM-x32\...\Steam App 255520) (Version:  - RuneStorm)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1195360697-2828033514-3606766148-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Beth\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1195360697-2828033514-3606766148-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Beth\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1195360697-2828033514-3606766148-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Beth\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1195360697-2828033514-3606766148-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Beth\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1195360697-2828033514-3606766148-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Beth\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1195360697-2828033514-3606766148-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1195360697-2828033514-3606766148-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1195360697-2828033514-3606766148-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1195360697-2828033514-3606766148-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
28-12-2014 18:08:57 Windows Update
01-01-2015 01:18:14 Windows Update
08-01-2015 19:48:21 Windows Update
11-01-2015 23:11:29 Windows Update
13-01-2015 02:19:06 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {054DCE5C-FA05-463D-94E5-6F87388396DE} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {09825A92-B77C-48C7-9298-2A93A24B6EDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {0BD088BE-A639-4FD7-A968-AE143B46B34E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-13] (AVAST Software)
Task: {0CC076BD-D7E7-4E9E-A223-0D96D59D1891} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {13B3E442-F166-433F-AF2D-61507094C518} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {193F60A5-6DE6-4DD6-8401-0B2DE41A7154} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {199A7D30-1DE8-4490-9CE9-10BCEE383B9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-13] (Google Inc.)
Task: {1F91C8C9-5F5A-4EB0-8F08-495D8511C065} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1195360697-2828033514-3606766148-1002Core => C:\Users\Beth\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-02] (Facebook Inc.)
Task: {44071BA5-0D67-4CB0-AE14-C7AF78FDD30F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {5122D40D-AE4B-4DD4-86EB-7B11E6E8DA31} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {766975DE-7A6D-4601-ADE6-85C6EA2F21F0} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {91911DBA-7F1A-488B-AAD9-F5C9B3DACBBF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {ACB48B59-43A4-45E0-9D6A-0247A33516ED} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1195360697-2828033514-3606766148-1002UA => C:\Users\Beth\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-02] (Facebook Inc.)
Task: {C2AA7A86-606A-4134-8359-504565B46ADB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C61A5354-9436-4211-ABDA-3DDC56333FAD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {C7F38767-F4EC-4D9A-AFD7-C670E2F82F3D} - System32\Tasks\HPCeeScheduleForBeth => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {E72ED5D8-11C6-4181-96CB-75D5C8D4E6EE} - System32\Tasks\{9520D0E3-877B-49F5-A9D0-E861B294A189} => pcalua.exe -a "C:\Users\Beth\Downloads\Xbox360_64Eng (1).exe" -d C:\Users\Beth\Downloads
Task: {F23C6162-6AA0-44D6-BEA3-5DD3EF7A48EB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {F26CF091-E3C7-41E1-8275-6DD86C473A50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-13] (Google Inc.)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1195360697-2828033514-3606766148-1002Core.job => C:\Users\Beth\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1195360697-2828033514-3606766148-1002UA.job => C:\Users\Beth\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForBeth.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-01-23 01:27 - 2013-01-23 01:27 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-03-27 16:55 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-01-10 12:35 - 2013-01-10 12:35 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2014-11-19 14:45 - 2014-09-23 13:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-01-10 10:25 - 2013-01-10 10:25 - 00364544 _____ () C:\Windows\system32\BsExtendFunc.dll
2013-01-10 12:30 - 2013-01-10 12:30 - 00022528 _____ () C:\Windows\system32\BsTrace.dll
2013-01-10 12:35 - 2013-01-10 12:35 - 00055296 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2012-06-18 15:24 - 2012-06-18 15:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-02-07 08:19 - 2013-02-07 08:19 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2012-11-27 11:56 - 2012-11-27 11:56 - 00124288 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-11-27 11:56 - 2012-11-27 11:56 - 00051072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-11-27 11:56 - 2012-11-27 11:56 - 00018432 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\PowerDVD.dll
2013-04-01 18:29 - 2013-04-01 18:29 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\System.Data.SQLite.dll
2012-11-27 11:56 - 2012-11-27 11:56 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2013-08-29 00:23 - 2013-08-29 00:23 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-06-20 18:36 - 2014-06-20 18:36 - 00124288 _____ () C:\Users\Beth\AppData\Local\assembly\dl3\KV4YKHKC.HQD\19D8KX78.7C7\e69b1999\0085223f_96cccd01\HPItunesModule.DLL
2014-06-20 18:36 - 2014-06-20 18:36 - 00018432 _____ () C:\Users\Beth\AppData\Local\assembly\dl3\KV4YKHKC.HQD\19D8KX78.7C7\59b865bd\00df8441_96cccd01\PowerDVD.DLL
2015-01-12 20:27 - 2015-01-12 20:27 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011201\algo.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-10 12:30 - 2013-01-10 12:30 - 00022528 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2013-01-10 12:35 - 2013-01-10 12:35 - 00009728 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2013-01-10 12:35 - 2013-01-10 12:35 - 00055296 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2013-02-27 16:55 - 2013-02-27 16:55 - 00381027 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2011-07-05 09:53 - 2011-07-05 09:53 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2013-08-28 23:54 - 2012-06-08 03:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-12-20 12:14 - 2013-12-20 12:14 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2013-12-20 12:14 - 2013-12-20 12:14 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-01-31 16:04 - 2013-01-31 16:04 - 00080120 _____ () C:\WINDOWS\SYSTEM32\BsProfilefunc.dll
2013-01-10 10:25 - 2013-01-10 10:25 - 00364544 _____ () C:\WINDOWS\SYSTEM32\BsExtendFunc.dll
2013-08-29 00:25 - 2013-08-29 00:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-01-10 12:30 - 2013-01-10 12:30 - 00022528 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2015-01-13 02:20 - 2015-01-13 02:20 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-13 02:35 - 2014-12-06 01:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2015-01-13 02:35 - 2014-12-06 01:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2015-01-13 02:35 - 2014-12-06 01:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2015-01-13 02:35 - 2014-12-06 01:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Beth\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1195360697-2828033514-3606766148-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1195360697-2828033514-3606766148-1002\...\StartupApproved\Run: => "Power2GoExpress8"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1195360697-2828033514-3606766148-500 - Administrator - Disabled)
Beth (S-1-5-21-1195360697-2828033514-3606766148-1002 - Administrator - Enabled) => C:\Users\Beth
Guest (S-1-5-21-1195360697-2828033514-3606766148-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1195360697-2828033514-3606766148-1004 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/13/2015 02:34:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 3.5.0.0, time stamp: 0x4f8350e0
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebf2e
Exception code: 0xe0434352
Fault offset: 0x000000000000606c
Faulting process ID: 0x137c
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report ID: CCC.exe3
Faulting package full name: CCC.exe4
Faulting package-relative application ID: CCC.exe5
 
Error: (01/13/2015 02:34:15 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
   at System.Threading.TimerQueueTimer.Change(UInt32, UInt32)
   at ATI.ACE.CCC.Implementation.CCC_Main.CCCNewThreadBegin(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)
 
Error: (01/13/2015 02:33:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sttray64.exe, version: 1.0.6491.0, time stamp: 0x520e0160
Faulting module name: sttray64.exe, version: 1.0.6491.0, time stamp: 0x520e0160
Exception code: 0xc000041d
Fault offset: 0x000000000001162a
Faulting process ID: 0x1164
Faulting application start time: 0xsttray64.exe0
Faulting application path: sttray64.exe1
Faulting module path: sttray64.exe2
Report ID: sttray64.exe3
Faulting package full name: sttray64.exe4
Faulting package-relative application ID: sttray64.exe5
 
Error: (01/13/2015 02:33:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sttray64.exe, version: 1.0.6491.0, time stamp: 0x520e0160
Faulting module name: sttray64.exe, version: 1.0.6491.0, time stamp: 0x520e0160
Exception code: 0xc0000005
Fault offset: 0x000000000001162a
Faulting process ID: 0x1164
Faulting application start time: 0xsttray64.exe0
Faulting application path: sttray64.exe1
Faulting module path: sttray64.exe2
Report ID: sttray64.exe3
Faulting package full name: sttray64.exe4
Faulting package-relative application ID: sttray64.exe5
 
Error: (01/13/2015 02:30:37 AM) (Source: STacSV) (EventID: 32767) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed
 
Error: (01/13/2015 02:16:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 3.5.0.0, time stamp: 0x4f8350e0
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebf2e
Exception code: 0xe0434352
Fault offset: 0x000000000000606c
Faulting process ID: 0x146c
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report ID: CCC.exe3
Faulting package full name: CCC.exe4
Faulting package-relative application ID: CCC.exe5
 
Error: (01/13/2015 02:16:12 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
   at System.Threading.TimerQueueTimer.Change(UInt32, UInt32)
   at ATI.ACE.CCC.Implementation.CCC_Main.CCCNewThreadBegin(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)
 
Error: (01/13/2015 02:15:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sttray64.exe, version: 1.0.6491.0, time stamp: 0x520e0160
Faulting module name: sttray64.exe, version: 1.0.6491.0, time stamp: 0x520e0160
Exception code: 0xc000041d
Fault offset: 0x000000000001162a
Faulting process ID: 0x1330
Faulting application start time: 0xsttray64.exe0
Faulting application path: sttray64.exe1
Faulting module path: sttray64.exe2
Report ID: sttray64.exe3
Faulting package full name: sttray64.exe4
Faulting package-relative application ID: sttray64.exe5
 
Error: (01/13/2015 02:15:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sttray64.exe, version: 1.0.6491.0, time stamp: 0x520e0160
Faulting module name: sttray64.exe, version: 1.0.6491.0, time stamp: 0x520e0160
Exception code: 0xc0000005
Fault offset: 0x000000000001162a
Faulting process ID: 0x1330
Faulting application start time: 0xsttray64.exe0
Faulting application path: sttray64.exe1
Faulting module path: sttray64.exe2
Report ID: sttray64.exe3
Faulting package full name: sttray64.exe4
Faulting package-relative application ID: sttray64.exe5
 
Error: (01/13/2015 02:14:10 AM) (Source: STacSV) (EventID: 32767) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed
 
 
System errors:
=============
Error: (01/13/2015 02:26:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.191.2145.0).
 
Error: (01/13/2015 02:12:29 AM) (Source: DCOM) (EventID: 10010) (User: BETHPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/13/2015 02:11:08 AM) (Source: DCOM) (EventID: 10010) (User: BETHPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/13/2015 02:10:38 AM) (Source: DCOM) (EventID: 10010) (User: BETHPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/13/2015 02:10:08 AM) (Source: DCOM) (EventID: 10010) (User: BETHPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/13/2015 02:09:38 AM) (Source: DCOM) (EventID: 10010) (User: BETHPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/13/2015 02:09:08 AM) (Source: DCOM) (EventID: 10010) (User: BETHPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/13/2015 02:08:38 AM) (Source: DCOM) (EventID: 10010) (User: BETHPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/13/2015 02:08:08 AM) (Source: DCOM) (EventID: 10010) (User: BETHPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (01/13/2015 02:07:38 AM) (Source: DCOM) (EventID: 10010) (User: BETHPC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
 
Microsoft Office Sessions:
=========================
Error: (01/13/2015 02:34:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe3.5.0.04f8350e0KERNELBASE.dll6.3.9600.1727853eebf2ee0434352000000000000606c137c01d02ed9565de2b8C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\system32\KERNELBASE.dllaa1c476a-9acc-11e4-bed6-bc8556b1666e
 
Error: (01/13/2015 02:34:15 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
   at System.Threading.TimerQueueTimer.Change(UInt32, UInt32)
   at ATI.ACE.CCC.Implementation.CCC_Main.CCCNewThreadBegin(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)
 
Error: (01/13/2015 02:33:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: sttray64.exe1.0.6491.0520e0160sttray64.exe1.0.6491.0520e0160c000041d000000000001162a116401d02ed94c9b308aC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\IDT\WDM\sttray64.exe8d774a6d-9acc-11e4-bed6-bc8556b1666e
 
Error: (01/13/2015 02:33:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: sttray64.exe1.0.6491.0520e0160sttray64.exe1.0.6491.0520e0160c0000005000000000001162a116401d02ed94c9b308aC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\IDT\WDM\sttray64.exe8af82a86-9acc-11e4-bed6-bc8556b1666e
 
Error: (01/13/2015 02:30:37 AM) (Source: STacSV) (EventID: 32767) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed
 
Error: (01/13/2015 02:16:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe3.5.0.04f8350e0KERNELBASE.dll6.3.9600.1727853eebf2ee0434352000000000000606c146c01d02ed6c9140ee4C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\system32\KERNELBASE.dll24b02d5e-9aca-11e4-bed4-bc8556b1666e
 
Error: (01/13/2015 02:16:12 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
   at System.Threading.TimerQueueTimer.Change(UInt32, UInt32)
   at ATI.ACE.CCC.Implementation.CCC_Main.CCCNewThreadBegin(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)
 
Error: (01/13/2015 02:15:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: sttray64.exe1.0.6491.0520e0160sttray64.exe1.0.6491.0520e0160c000041d000000000001162a133001d02ed6bd383584C:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\IDT\WDM\sttray64.exefd85a743-9ac9-11e4-bed4-bc8556b1666e
 
Error: (01/13/2015 02:15:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: sttray64.exe1.0.6491.0520e0160sttray64.exe1.0.6491.0520e0160c0000005000000000001162a133001d02ed6bd383584C:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\IDT\WDM\sttray64.exefb48f91c-9ac9-11e4-bed4-bc8556b1666e
 
Error: (01/13/2015 02:14:10 AM) (Source: STacSV) (EventID: 32767) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-29 14:17:49.048
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2014-08-29 14:17:47.629
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2014-08-28 20:50:23.660
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2014-08-28 20:50:23.242
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2014-08-28 11:38:34.428
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A10-5750M APU with Radeon™ HD Graphics 
Percentage of memory in use: 29%
Total physical RAM: 7642.26 MB
Available physical RAM: 5363.79 MB
Total Pagefile: 8858.26 MB
Available Pagefile: 6145.57 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:904.14 GB) (Free:621.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:26.16 GB) (Free:3.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (KINGSTON) (Removable) (Total:7.2 GB) (Free:5.37 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EDDF4297)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 7.2 GB) (Disk ID: 4EFC471C)
Partition 1: (Active) - (Size=7.2 GB) - (Type=0B)
 

 

==================== End Of Log ============================
 
And here's RKreport.txt:
 
RogueKiller V10.1.2.0 (x64) [Jan  7 2015] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Beth [Administrator]
Mode : Scan -- Date : 01/13/2015  19:39:17
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 10 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BthAvrcpTg (\SystemRoot\System32\drivers\BthAvrcpTg.sys) -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BthHFEnum (\SystemRoot\System32\drivers\bthhfenum.sys) -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bthhfhid (\SystemRoot\System32\drivers\BthHFHid.sys) -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1195360697-2828033514-3606766148-1002\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1195360697-2828033514-3606766148-1002\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS541010A9E680 SATA Disk Device +++++
--- User ---
[MBR] 96bd96326a9a6aa24224581854f81f0a
[BSP] e1d56229466116be87ebea42773e7356 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
 

  • 0

#4
LiquidTension
Posted 13 January 2015 - 06:35 PM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hi Beth,
 
Please consider the following warning, and proceed with the instructions below. 
 

goGMWSt.gifP2P Warning
 
------------------------------
 
I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms, backdoor Trojans, IRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

Your P2P software can be removed by following the instructions below.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the aforementioned programme(s), right-click and click Uninstall.
If you choose not to, please refrain from using the programme(s) during this process.

 
I see avast! Free Antivirus is installed. However, Windows Defender is listed as your enabled Anti-Virus. What's the situation with avast!? Does the programme function correctly? Did you enable Windows Defender? 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1195360697-2828033514-3606766148-1002 -> DefaultScope {5CCBD22B-36BF-4C8A-8377-BBA929BD4D3F} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-1195360697-2828033514-3606766148-1002 -> {5CCBD22B-36BF-4C8A-8377-BBA929BD4D3F} URL = https://uk.search.ya...p={searchTerms}
Toolbar: HKU\S-1-5-21-1195360697-2828033514-3606766148-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
2015-01-12 20:26 - 2015-01-12 21:40 - 00000000 ____D () C:\Program Files (x86)\unnisalless
2015-01-12 20:26 - 2015-01-12 21:40 - 00000000 ____D () C:\Program Files (x86)\unisaLes
2015-01-12 20:26 - 2015-01-12 21:40 - 00000000 ____D () C:\Program Files (x86)\Enhance Browser
2015-01-12 20:25 - 2015-01-13 02:08 - 00000000 ____D () C:\ProgramData\aoeaidngllmeeamehfmlefgalocndpji
CMD: ipconfig /flushdns
EmptyTemp:
end
  • Click File, Save As and type fixlist.txt as the File Name.
  • Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 3
7D2ig3K.png Emsisoft Emergency Kit (Portable)

  • Please download Emsisoft Emergency Kit and save the file to a your Desktop.
  • Double-click EmsisoftEmergencyKit.exe.
  • Click Extract.
  • Upon completion, double-click the Emsisoft Emergency Kit shortcut on your Desktop to start the programme.
  • Click Yes to update the programme definitions.
  • Click Yes to detect Potentially Unwanted Programs (PUP's).
  • Click Scan now.
  • Select Full Scan and click Scan.
  • Close any High Risk notification screen that may appear.
  • When the scan is finished click Quarantine selected objects if malicious objects were found.
  • Click View Report, and open the most recent log. 
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • MBAM log
  • Emsisoft log

  • 0

#5
bathquan
Posted 14 January 2015 - 05:37 AM

bathquan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

I uninstalled uTorrent - it's not worth the risk! Yes right before my last reply Avast! stopped working, but I've updated it and it works fine now!

 

fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-01-2015 02
Ran by Beth at 2015-01-14 00:52:55 Run:4
Running from C:\Users\Beth\Desktop
Loaded Profile: Beth (Available profiles: Beth)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1195360697-2828033514-3606766148-1002 -> DefaultScope {5CCBD22B-36BF-4C8A-8377-BBA929BD4D3F} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-1195360697-2828033514-3606766148-1002 -> {5CCBD22B-36BF-4C8A-8377-BBA929BD4D3F} URL = https://uk.search.ya...p={searchTerms}
Toolbar: HKU\S-1-5-21-1195360697-2828033514-3606766148-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
2015-01-12 20:26 - 2015-01-12 21:40 - 00000000 ____D () C:\Program Files (x86)\unnisalless
2015-01-12 20:26 - 2015-01-12 21:40 - 00000000 ____D () C:\Program Files (x86)\unisaLes
2015-01-12 20:26 - 2015-01-12 21:40 - 00000000 ____D () C:\Program Files (x86)\Enhance Browser
2015-01-12 20:25 - 2015-01-13 02:08 - 00000000 ____D () C:\ProgramData\aoeaidngllmeeamehfmlefgalocndpji
CMD: ipconfig /flushdns
EmptyTemp:
end
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-1195360697-2828033514-3606766148-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1195360697-2828033514-3606766148-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5CCBD22B-36BF-4C8A-8377-BBA929BD4D3F}" => Key deleted successfully.
HKCR\CLSID\{5CCBD22B-36BF-4C8A-8377-BBA929BD4D3F} => Key not found. 
HKU\S-1-5-21-1195360697-2828033514-3606766148-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
BthAvrcpTg => Service deleted successfully.
BthHFEnum => Service deleted successfully.
bthhfhid => Service deleted successfully.
C:\Program Files (x86)\unnisalless => Moved successfully.
C:\Program Files (x86)\unisaLes => Moved successfully.
C:\Program Files (x86)\Enhance Browser => Moved successfully.
C:\ProgramData\aoeaidngllmeeamehfmlefgalocndpji => Moved successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 137.7 MB temporary data.
 
 
The system needed a reboot. 
 

 

==== End of Fixlog 00:53:58 ====
 
MBAM log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 14/01/2015
Scan Time: 00:58:41
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.13.19
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Beth
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 366759
Time Elapsed: 32 min, 29 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Emsisoft log:
 
While I was doing the Emsisoft scan for the first time, it seemed to freeze at 60% after discovering 2 potentially malicious objects, so I stopped the scan, quarantined the objects, and scanned again. It worked fine the second time, I think the first time it would have worked fine if I had left it but I was worried that something had gone wrong. But anyway that's why there are two logs.
 
Emsisoft Emergency Kit - Version 9.0
Last update: 14/01/2015 01:39:28
User account: BETHPC\Beth
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 14/01/2015 01:46:01
Value: HKEY_USERS\S-1-5-21-1195360697-2828033514-3606766148-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-1195360697-2828033514-3606766148-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
 
Scanned 58447
Found 2
 
Scan end: 14/01/2015 01:48:16
Scan time: 0:02:15
 
Value: HKEY_USERS\S-1-5-21-1195360697-2828033514-3606766148-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-1195360697-2828033514-3606766148-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
 
Quarantined 2
 
 
Emsisoft Emergency Kit - Version 9.0
Last update: 14/01/2015 01:39:28
User account: BETHPC\Beth
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 14/01/2015 01:51:24
C:\Users\Beth\Documents\Visual Studio 2013\Projects\Test\Test\bin\Debug\Test.exe detected: Gen:Variant.Kazy.472288 (B)
C:\Users\Beth\Documents\Visual Studio 2013\Projects\Test\Test\obj\Debug\Test.exe detected: Gen:Variant.Kazy.472288 (B)
 
Scanned 517706
Found 2
 
Scan end: 14/01/2015 05:06:37
Scan time: 3:15:13
 
C:\Users\Beth\Documents\Visual Studio 2013\Projects\Test\Test\obj\Debug\Test.exe Quarantined Gen:Variant.Kazy.472288 (B)
C:\Users\Beth\Documents\Visual Studio 2013\Projects\Test\Test\bin\Debug\Test.exe Quarantined Gen:Variant.Kazy.472288 (B)
 
Quarantined 2
 

Edited by bathquan, 14 January 2015 - 05:38 AM.

  • 0

#6
LiquidTension
Posted 14 January 2015 - 10:04 AM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hi Beth, 
 

Yes right before my last reply Avast! stopped working, but I've updated it and it works fine now!

Excellent. 
Lets confirm Windows Defender is disabled:

  • Press the Windows Key + s on your keyboard at the same time.
  • Type Windows Defender and click Windows Defender.
  • You should be notified the programme has been turned off. 
     

While I was doing the Emsisoft scan for the first time, it seemed to freeze at 60% after discovering 2 potentially malicious objects, so I stopped the scan, quarantined the objects, and scanned again.

That's OK.
 

C:\Users\Beth\Documents\Visual Studio 2013\Projects\Test\Test\obj\Debug\Test.exe Quarantined Gen:Variant.Kazy.472288 (B)
C:\Users\Beth\Documents\Visual Studio 2013\Projects\Test\Test\bin\Debug\Test.exe Quarantined Gen:Variant.Kazy.472288 (B)

Do you recognise these files?
 
----------
 
How is your computer performing? Are there any outstanding issues?


  • 0

#7
bathquan
Posted 14 January 2015 - 11:51 AM

bathquan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

I checked and Windows Defender has definitely been disabled. Yes those are just visual studio files from when I tried out visual studio 2013, I didn't need them though so I deleted them anyway!  

My computer is performing fine, there are no issues that I've noticed! Do you think everything is clear?


  • 0

#8
LiquidTension
Posted 14 January 2015 - 11:57 AM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hello Beth, 
 

My computer is performing fine, there are no issues that I've noticed!

Excellent. 
 

Do you think everything is clear?

Yes, your machine appears clean. :)
 
Lets update your vulnerable software to reduce the risk of reinfection. 
 
STEP 1
CXrghb6.png Update Outdated Software
Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 2
EtQetiM.png Remove Outdated Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
  • Note: The programmes below may not be present. If this is the case, please skip to the next step.
    • Adobe Shockwave Player 11.6
  • Follow the prompts, and reboot if necessary.
     

STEP 3
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

  • Press the Windows Key pdKOQKY.png on your keyboard at the same time. Type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the AVOiBNU.jpg Windows User Account Control (UAC) appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 4
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • checkup.txt
  • How is your computer performing? Are there any outstanding issues?

  • 0

#9
bathquan
Posted 14 January 2015 - 02:39 PM

bathquan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Okay I've done everything in that post apart from update flash - I'm using google Chrome which has flash built in so it didn't have an option to update it, and I never use any other browser. 

Here's checkup.txt

 

 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 25  
 Java version 32-bit out of Date! 
  Adobe Flash Player 13.0.0.214 Flash Player out of Date!  
 Mozilla Firefox (34.0.5) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast AvastUI.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
The computer is still working fine, no issues at all!

  • 0

#10
LiquidTension
Posted 14 January 2015 - 11:07 PM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hi Beth, 
 

I've done everything in that post apart from update flash

With this in mind, I would consider uninstalling Adobe Flash Player 13 Plugin.
 
EtQetiM.png Uninstall Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall.
    • Adobe Flash Player 13 Plugin.
  • Follow the prompts.
  • Reboot if necessary.
     

The computer is still working fine, no issues at all!

Great! :)
 
All Clean!
Congratulations, your computer appears clean!  :)
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
 
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key pdKOQKY.png + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware. 
  • x7D2ig3K.png.pagespeed.ic.x4TC1AK8OX.jpg Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you. 
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secunia PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xsHjS79L.png.pagespeed.ic.n4Sk8_GzZn.jpg Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs. 
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website. 
     

Need a second opinion on a file or website? Scan the file/URL before clicking by using one of the following free online scanner services.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using Geeks to Go.
 
Safe Surfing. thumbup.gif
Adam


  • 0

#11
bathquan
Posted 15 January 2015 - 11:32 AM

bathquan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

I can confirm that I am very happy with the state of my computer!  

Thank you very much for your help, I think the work you do on this website is fantastic and I'm very grateful!

I've made a donation, it's not much but just a little something to show my gratitude :)


  • 0

#12
LiquidTension
Posted 15 January 2015 - 01:15 PM

LiquidTension

    Expert

  • Expert
  • 1,151 posts
I'm very pleased to hear, Beth.

Thank you for your kind words and donation. I very much appreciate it. :)

I will mark your topic as solved.

All the best,
Adam
  • 0

#13
LiquidTension
Posted 15 January 2015 - 01:19 PM

LiquidTension

    Expert

  • Expert
  • 1,151 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)<br /><br />If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.<br /><br />Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP