Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help to remove TR/Crypt.xpack.gen3 on Win7 please.


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Clear the Java Cache by following the instructions on
 
You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 37
 
Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
 
 
Copy the text in the code box by highlighting and Ctrl + c
 
:OTL
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
[2015/01/02 21:44:54 | 011,485,184 | ---- | M] ()(C:\windows\SysWow64\????????????????????????????????) -- C:\windows\SysWow64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
[2014/02/11 23:35:45 | 011,485,184 | ---- | C] ()(C:\windows\SysWow64\????????????????????????????????) -- C:\windows\SysWow64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
 
:Commands
[EMPTYTEMP]
[purity]
[Reboot]
 
 
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. 
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\03142015-some number.log so look there if you don't see it.
 
 
Run OTL again, quickscan and post the log.
 
Are you still seeing TR/Crypt.xpack.gen3?  Does it say where?
 
  • 0

Advertisements


#17
IBGrizzly

IBGrizzly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Rebooted in normal mode and was able to clear Java Cache.  Also removed history files in IE and Chrome.  Deleted Java 6..., only file you listed that I found.

OLT log below.  Running quick scan now.  Will post in a few minutes.

 

Only saw report of TR/Crypt.Xpack.gen3 the first time I scanned with Avira.  Went to web page for information and when I tried to rescan, the trojan was not found but the computer was acting worse.

 

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37\ deleted successfully.
C:\windows\SysWOW64\npdeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ not found.
File C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found.
C:\Windows\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤 moved successfully.
File C:\windows\SysWow64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤 not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 21753021 bytes
->Flash cache emptied: 1375 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Ronald
->Temp folder emptied: 265557581 bytes
->Temporary Internet Files folder emptied: 6232936 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 44631680 bytes
->Flash cache emptied: 528 bytes
 
User: Tommie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1496257443 bytes
->Java cache emptied: 289651 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 45322 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1526784 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 805331 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,752.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03152015_162152
 
Files\Folders moved on Reboot...
C:\Users\Ronald\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Ronald\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File\Folder C:\windows\temp\fb_1644.lck not found!
File\Folder C:\windows\temp\TMP0000002E6002CCFDCB19D415 not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

  • 0

#18
IBGrizzly

IBGrizzly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Quick Scan results below.

 

Should I delete and re-install Kaspersky?  Guessing it may have been compromised since it missed the Trojan the first time.

 

I appreciate you patience through all of this.

 

Ron

 

 

 

OTL logfile created on: 3/15/2015 4:50:37 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ronald\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 61.70% Memory free
7.49 Gb Paging File | 5.56 Gb Available in Paging File | 74.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.42 Gb Total Space | 338.80 Gb Free Space | 74.72% Space Free | Partition Type: NTFS
 
Computer Name: TOMMIETOSHIBA | User Name: Ronald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/03/14 21:20:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ronald\Desktop\OTL.exe
PRC - [2015/03/07 01:13:08 | 000,809,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/12/02 16:36:00 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2014/08/13 03:06:26 | 005,386,320 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe
PRC - [2014/08/13 00:39:54 | 004,700,872 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2014/07/22 15:15:46 | 005,562,736 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2014/06/02 10:36:12 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2011/11/29 04:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2010/02/24 03:54:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/12/25 17:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/03/07 01:13:04 | 009,279,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
MOD - [2015/03/07 01:12:59 | 001,174,856 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
MOD - [2015/03/07 01:12:57 | 000,080,200 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
MOD - [2015/01/30 23:55:02 | 010,069,504 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\d18e2115a3270f89663fce831547f534\System.ni.dll
MOD - [2015/01/29 21:49:39 | 002,855,424 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\187177229c00aec6dec613ea4b9ff209\System.Runtime.Serialization.ni.dll
MOD - [2015/01/29 21:49:03 | 007,793,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6ee4ffbd9a86ac1e7b01800b6fe9c7\System.Xml.ni.dll
MOD - [2015/01/29 21:48:59 | 000,972,288 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5a977e1f055b4f8f41da5d9142a1913c\System.Configuration.ni.dll
MOD - [2015/01/29 21:47:52 | 017,207,296 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/04/06 16:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/03/15 11:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/23 19:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 00:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2015/02/08 15:25:34 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/02 16:36:00 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2014/08/13 00:39:54 | 004,700,872 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2014/06/02 10:36:12 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2014/04/12 00:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/11/16 23:11:22 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [On_Demand | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (avp)
SRV - [2013/03/20 16:35:40 | 000,186,200 | ---- | M] (Garmin Ltd or its subsidiaries) [Disabled | Stopped] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/11/29 04:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/13 00:38:24 | 000,032,912 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\rawdsk3.sys -- (RawDisk3)
DRV:64bit: - [2014/08/13 00:35:10 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV:64bit: - [2014/03/20 18:20:14 | 000,625,248 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2014/03/20 18:20:14 | 000,115,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)
DRV:64bit: - [2014/02/17 21:46:21 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2014/01/06 23:23:25 | 000,178,272 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/11/16 23:11:18 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2013/11/16 23:11:18 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2013/11/16 23:11:18 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/05/14 18:34:44 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/05/02 06:52:40 | 001,514,568 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/04/12 16:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:64bit: - [2012/12/03 08:12:12 | 000,159,232 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 08:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010/11/20 06:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/11 02:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/11/11 02:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 02:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/11 02:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/04/28 13:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/03/15 12:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/15 11:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/10 17:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/02/10 12:46:22 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/01/12 16:37:34 | 000,325,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/07 11:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/02 17:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/10/07 20:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 20:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/30 23:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {8261F3EE-9763-4189-8E88-EE9A7FCB938B}
IE:64bit: - HKLM\..\SearchScopes\{8261F3EE-9763-4189-8E88-EE9A7FCB938B}: "URL" = http://www.google.co...ng}&rlz=1I7TSND
IE - HKLM\..\SearchScopes,DefaultScope = {F51AD3D8-3482-4D34-9D19-88ACA5A22E93}
IE - HKLM\..\SearchScopes\{F51AD3D8-3482-4D34-9D19-88ACA5A22E93}: "URL" = http://www.google.co...ng}&rlz=1I7TSND
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2389371520-701570842-419298567-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2389371520-701570842-419298567-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/?cid=C001B2Y
IE - HKU\S-1-5-21-2389371520-701570842-419298567-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2389371520-701570842-419298567-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKU\S-1-5-21-2389371520-701570842-419298567-1002\..\SearchScopes\{D743C8D5-BA23-4D6D-AE2A-7D89D0F5EEF1}: "URL" = http://www.google.co...ng}&rlz=1I7TSND
IE - HKU\S-1-5-21-2389371520-701570842-419298567-1002\..\SearchScopes\{F51AD3D8-3482-4D34-9D19-88ACA5A22E93}: "URL" = http://www.google.co...ng}&rlz=1I7TSND
IE - HKU\S-1-5-21-2389371520-701570842-419298567-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2389371520-701570842-419298567-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/12/16 07:54:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/12/16 07:54:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/12/16 07:54:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/12/16 07:54:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/12/16 07:54:43 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: No name found = C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\14.0.0.4651_0\
CHR - Extension: No name found = C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\14.0.0.4651_0\
CHR - Extension: No name found = C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\14.0.0.4651_0\
CHR - Extension: No name found = C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\14.0.0.4917_0\
CHR - Extension: No name found = C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\
CHR - Extension: No name found = C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\
CHR - Extension: No name found = C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.151_0\
CHR - Extension: No name found = C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\14.0.0.4651_0\
 
O1 HOSTS File: ([2015/03/14 21:02:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2389371520-701570842-419298567-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2389371520-701570842-419298567-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-2389371520-701570842-419298567-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.50.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89237EC8-FBA9-4F96-BEFD-4E5A9CAE1003}: DhcpNameServer = 192.168.50.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B76D741E-8680-4547-8C08-8A81FCE6E0CA}: DhcpNameServer = 65.106.1.196 65.106.7.196 68.94.156.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/03/15 16:21:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2015/03/15 16:02:03 | 000,000,000 | ---D | C] -- C:\windows\SysNative\appmgmt
[2015/03/14 21:54:35 | 005,200,384 | ---- | C] (AVAST Software) -- C:\Users\Ronald\Desktop\aswmbr.exe
[2015/03/14 21:27:06 | 000,000,000 | ---D | C] -- C:\FRST
[2015/03/14 21:20:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ronald\Desktop\OTL.exe
[2015/03/14 21:18:55 | 002,095,616 | ---- | C] (Farbar) -- C:\Users\Ronald\Desktop\FRST64.exe
[2015/03/14 21:04:40 | 000,000,000 | -HSD | C] -- C:\Users\Ronald\AppData\Local\EmieBrowserModeList
[2015/03/14 21:04:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015/03/14 20:53:32 | 000,000,000 | ---D | C] -- C:\ComboFix
[2015/02/22 15:51:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2015/02/22 15:51:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2015/02/22 15:51:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2015/02/22 15:35:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2015/02/22 15:35:27 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2015/02/22 15:22:31 | 005,611,903 | R--- | C] (Swearware) -- C:\Users\Ronald\Desktop\ComboFix.exe
[2015/02/19 06:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2015/02/19 06:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2015/02/19 05:59:25 | 000,000,000 | ---D | C] -- C:\OETemp
[2015/02/19 05:53:35 | 000,000,000 | ---D | C] -- C:\Users\Ronald\AppData\Roaming\QuickScan
[2015/02/19 05:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
 
========== Files - Modified Within 30 Days ==========
 
[2015/03/15 16:39:21 | 000,032,048 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/03/15 16:39:21 | 000,032,048 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/03/15 16:38:47 | 000,795,874 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2015/03/15 16:38:47 | 000,673,038 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2015/03/15 16:38:47 | 000,127,122 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2015/03/15 16:35:30 | 000,008,192 | ---- | M] () -- C:\windows\SysWow64\WDPABKP.dat
[2015/03/15 16:32:13 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/03/15 16:31:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2015/03/15 16:31:26 | 3016,503,296 | -HS- | M] () -- C:\hiberfil.sys
[2015/03/15 16:25:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2015/03/15 16:16:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/03/14 22:44:23 | 000,000,512 | ---- | M] () -- C:\Users\Ronald\Desktop\MBR.dat
[2015/03/14 21:54:14 | 005,200,384 | ---- | M] (AVAST Software) -- C:\Users\Ronald\Desktop\aswmbr.exe
[2015/03/14 21:20:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ronald\Desktop\OTL.exe
[2015/03/14 21:18:13 | 002,095,616 | ---- | M] (Farbar) -- C:\Users\Ronald\Desktop\FRST64.exe
[2015/03/14 21:02:13 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2015/02/22 16:01:43 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20150222-202408.backup
[2015/02/22 15:22:48 | 005,611,903 | R--- | M] (Swearware) -- C:\Users\Ronald\Desktop\ComboFix.exe
[2015/02/19 06:13:25 | 000,400,236 | ---- | M] () -- C:\Users\Ronald\AppData\Local\census.cache
[2015/02/19 06:13:13 | 000,196,147 | ---- | M] () -- C:\Users\Ronald\AppData\Local\ars.cache
[2015/02/19 06:10:31 | 000,000,010 | ---- | M] () -- C:\Users\Ronald\AppData\Local\sponge.last.runtime.cache
[2015/02/19 06:02:38 | 000,000,036 | ---- | M] () -- C:\Users\Ronald\AppData\Local\housecall.guid.cache
[2015/02/18 19:33:58 | 000,000,000 | ---- | M] () -- C:\windows\ToDisc.INI
[2015/02/18 08:56:00 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat
 
========== Files Created - No Company Name ==========
 
[2015/03/14 22:44:23 | 000,000,512 | ---- | C] () -- C:\Users\Ronald\Desktop\MBR.dat
[2015/02/22 22:16:17 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\WDPABKP.dat
[2015/02/22 15:51:40 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2015/02/22 15:51:40 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2015/02/22 15:51:40 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2015/02/22 15:51:40 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2015/02/22 15:51:40 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2015/02/19 06:13:25 | 000,400,236 | ---- | C] () -- C:\Users\Ronald\AppData\Local\census.cache
[2015/02/19 06:13:13 | 000,196,147 | ---- | C] () -- C:\Users\Ronald\AppData\Local\ars.cache
[2015/02/19 06:10:31 | 000,000,010 | ---- | C] () -- C:\Users\Ronald\AppData\Local\sponge.last.runtime.cache
[2015/02/19 06:02:38 | 000,000,036 | ---- | C] () -- C:\Users\Ronald\AppData\Local\housecall.guid.cache
[2015/02/18 19:33:58 | 000,000,000 | ---- | C] () -- C:\windows\ToDisc.INI
[2015/02/18 08:56:00 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat
[2015/01/30 22:03:51 | 000,074,703 | ---- | C] () -- C:\windows\SysWow64\mfc45.dat
[2014/10/21 06:10:59 | 000,007,634 | ---- | C] () -- C:\Users\Ronald\AppData\Local\Resmon.ResmonCfg
[2013/02/24 19:13:28 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/05/04 21:05:04 | 000,017,408 | ---- | C] () -- C:\Users\Ronald\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/03/12 09:17:49 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Toshiba
[2010/11/12 10:29:41 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Western Digital
[2010/10/31 12:40:12 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WinBatch
[2013/03/03 09:15:54 | 000,000,000 | ---D | M] -- C:\Users\Ronald\AppData\Roaming\Garmin
[2015/01/31 00:45:07 | 000,000,000 | ---D | M] -- C:\Users\Ronald\AppData\Roaming\iolo
[2015/01/30 22:08:13 | 000,000,000 | ---D | M] -- C:\Users\Ronald\AppData\Roaming\ioloGovernor
[2015/02/19 05:53:35 | 000,000,000 | ---D | M] -- C:\Users\Ronald\AppData\Roaming\QuickScan
[2011/01/31 21:59:55 | 000,000,000 | ---D | M] -- C:\Users\Ronald\AppData\Roaming\Toshiba
[2012/11/28 08:31:32 | 000,000,000 | ---D | M] -- C:\Users\Ronald\AppData\Roaming\WinBatch
[2015/02/16 14:21:11 | 000,000,000 | ---D | M] -- C:\Users\Tommie\AppData\Roaming\iolo
[2015/01/31 15:10:35 | 000,000,000 | ---D | M] -- C:\Users\Tommie\AppData\Roaming\ioloGovernor
[2015/01/31 18:18:02 | 000,000,000 | ---D | M] -- C:\Users\Tommie\AppData\Roaming\Motorola
[2012/08/13 20:50:17 | 000,000,000 | ---D | M] -- C:\Users\Tommie\AppData\Roaming\SanDisk SecureAccess
[2010/11/20 08:18:21 | 000,000,000 | ---D | M] -- C:\Users\Tommie\AppData\Roaming\Toshiba
[2012/07/22 13:20:33 | 000,000,000 | ---D | M] -- C:\Users\Tommie\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
< End of report >

  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Probably wouldn't hurt to reinstall Kaspersky.  It's not like them to miss a virus.

 

Let's see if anything got broken

 

 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
 
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy  (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  
 
Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
 
 
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 

 


  • 0

#20
IBGrizzly

IBGrizzly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

SFC ran and found no problems.

 

 

VEW System log

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 17/03/2015 8:48:05 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/03/2015 11:33:50 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  ESProtectionDriver
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/03/2015 11:32:16 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
VEW App log
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 17/03/2015 8:49:46 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Process Explorer log
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 92.74 0 K 24 K 0
procexp64.exe 3.46 28,796 K 50,028 K 1312 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
Interrupts 0.55 0 K 0 K n/a Hardware Interrupts and DPCs
avp.exe 0.52 288,200 K 53,404 K 1524 Kaspersky Anti-Virus Kaspersky Lab ZAO (Verified) Kaspersky Lab
dwm.exe 0.52 35,888 K 36,080 K 2292 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
sidebar.exe 0.47 55,124 K 47,860 K 4248 Windows Desktop Gadgets Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.34 12,472 K 23,900 K 584 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.32 2,988 K 7,516 K 612 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
System 0.29 324 K 1,284 K 4
svchost.exe 0.21 8,072 K 18,460 K 2480 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.18 38,952 K 85,552 K 4072 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
ioloGovernor64.exe 0.09 3,304 K 8,152 K 1180 iolo Process Governor iolo technologies, LLC (Verified) iolo technologies
avpui.exe 0.05 57,564 K 4,868 K 4012 Kaspersky Anti-Virus Kaspersky Lab ZAO (Verified) Kaspersky Lab
TecoService.exe 0.04 2,508 K 8,800 K 2068 TOSHIBA eco Utility Service TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
WDDriveService.exe 0.04 9,220 K 15,888 K 2100 WD Drive Service Western Digital Technologies, Inc. (Verified) Western Digital Technologies
WDDMStatus.exe 0.03 13,304 K 17,244 K 4608 WD Quick View Western Digital Technologies, Inc. (Verified) Western Digital Technologies
svchost.exe 0.02 159,076 K 156,096 K 516 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 4,416 K 12,336 K 828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 0.02 5,260 K 15,108 K 660 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
MOM.exe 0.02 38,160 K 13,392 K 4488 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc. (No signature was present in the subject) Advanced Micro Devices Inc.
svchost.exe 0.01 6,308 K 12,240 K 916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.01 2,488 K 5,300 K 504 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
LiveBoost.exe 0.01 18,964 K 18,300 K 1272 iolo LiveBoost iolo technologies, LLC (Verified) iolo technologies
SmartFaceVWatcher.exe 0.01 5,544 K 9,988 K 4116 SmartFaceVWatcher TOSHIBA Corporation (No signature was present in the subject) TOSHIBA Corporation
svchost.exe 0.01 15,784 K 21,500 K 1192 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 43,176 K 33,348 K 2140 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsm.exe < 0.01 3,160 K 4,212 K 672 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 12,612 K 15,560 K 1384 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe < 0.01 12,708 K 14,836 K 2004 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 41,088 K 26,708 K 2232 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
TMachInfo.exe < 0.01 33,572 K 19,252 K 5744 TSS TMachInfo Service TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
WDBackupEngine.exe < 0.01 32,100 K 28,656 K 2564 WD Backup Engine Western Digital Technologies, Inc. (Verified) Western Digital Technologies
svchost.exe < 0.01 34,012 K 58,788 K 844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SynTPEnh.exe < 0.01 8,140 K 11,624 K 4020 Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
ToshibaServiceStation.exe < 0.01 44,240 K 20,072 K 4588 TOSHIBA Service Station TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
WLIDSVC.EXE < 0.01 6,788 K 15,460 K 2172 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
CCC.exe < 0.01 54,548 K 26,120 K 4788 Catalyst Control Centre: Host application ATI Technologies Inc. (No signature was present in the subject) ATI Technologies Inc.
WmiPrvSE.exe < 0.01 19,704 K 30,944 K 6128 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
TeamViewer_Service.exe < 0.01 4,076 K 11,776 K 1628 TeamViewer Remote Control Application TeamViewer GmbH (Verified) TeamViewer
TosReelTimeMonitor.exe < 0.01 22,924 K 21,912 K 4192 Monitor of TOSHIBA ReelTime TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
spoolsv.exe < 0.01 11,552 K 18,720 K 1348 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
TODDSrv.exe < 0.01 1,540 K 5,556 K 1760 TDCSrv Application TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
wuauclt.exe 1,968 K 7,844 K 4924 Windows Update Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 1,224 K 4,092 K 2324 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
WINWORD.EXE 20,440 K 49,944 K 908 Microsoft Word Microsoft Corporation (Verified) Microsoft Corporation
winlogon.exe 2,752 K 6,936 K 732 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,600 K 4,932 K 568 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
TWebCamera.exe 15,340 K 13,968 K 4596 TOSHIBA CORPORATION. (Verified) TOSHIBA CORPORATION
TPwrMain.exe 3,836 K 8,792 K 2920 TOSHIBA Power Saver TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TPCHWMsg.exe 2,076 K 5,920 K 4952 TOSHIBA PC Health Monitor TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TPCHSrv.exe 7,528 K 10,936 K 3004 TOSHIBA PC Health Monitor TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TosSmartSrv.exe 2,524 K 8,908 K 2816 TosSmartSrv.exe TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TosSENotify.exe 3,680 K 9,540 K 5732 TosSENotify.exe.mui TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TosNcCore.exe 2,476 K 7,172 K 4180 Message Center TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TosCoSrv.exe 2,548 K 5,820 K 1496 TOSHIBA Power Saver TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
Teco.exe 2,404 K 7,208 K 2960 TOSHIBA eco Utility TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TCrdMain.exe 9,076 K 20,656 K 2468 TOSHIBA Flash Cards TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
taskeng.exe 1,920 K 5,252 K 5852 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 2,132 K 7,280 K 1996 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 1,200 K 3,916 K 4404 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 12,648 K 15,596 K 4212 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 18,480 K 25,444 K 324 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,180 K 9,316 K 1088 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,152 K 4,548 K 2028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,172 K 4,532 K 1948 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,612 K 5,948 K 2156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,548 K 8,448 K 3164 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
splwow64.exe 4,504 K 8,780 K 4716 Print driver host for 32bit applications Microsoft Corporation (Verified) Microsoft Windows
smss.exe 452 K 760 K 344 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
SmoothView.exe 1,176 K 4,032 K 1124 SmoothView TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
services.exe 6,160 K 10,640 K 644 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
RAVCpl64.exe 8,960 K 10,584 K 3108 Realtek HD Audio Manager Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
RAVBg64.exe 8,608 K 9,868 K 3364 HD Audio Background Process Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
procexp.exe 2,448 K 7,572 K 5420 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
OSPPSVC.EXE 3,944 K 13,432 K 5592 Microsoft Office Software Protection Platform Service Microsoft Corporation (Verified) Microsoft Corporation
mDNSResponder.exe 2,264 K 7,572 K 1544 Bonjour Service Apple Inc. (Verified) Apple Inc.
KeNotify.exe 1,612 K 5,020 K 4580 KeNotify MFC Application TOSHIBA CORPORATION (Verified) Compal Electronics
ioloServiceManager.exe 37,128 K 19,696 K 1592 iolo System component iolo technologies, LLC (Verified) iolo technologies
ForwardDaemon.exe 1,596 K 4,928 K 616 ForwardDemon Motorola (No signature was present in the subject) Motorola
dllhost.exe 2,420 K 8,608 K 5268 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe 14,448 K 15,324 K 5552 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
atiesrxx.exe 1,436 K 5,796 K 964 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,068 K 6,996 K 1784 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
armsvc.exe 1,180 K 4,748 K 1456 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
 
Speccy log in next reply.

 


  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Log: 'System' Date/Time: 17/03/2015 11:33:50 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  ESProtectionDriver

 

 

This is part of Malware Bytes so you probably need to uninstall it and reinstall a fresh copy.


  • 0

#22
IBGrizzly

IBGrizzly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Speccy log attached

 

Kaspersky identified a Java version that I could not figure out how to uninstall.  It has a complete(?) file structure under JAVA folder.

It is located at:

           16.03.2015 05.20.01;Object (file) detected.;C:\Program Files (x86)\Common Files\i4j_jres\1.6.0_14\bin\java.exe;C:\Program Files (x86)\Common Files\i4j_jres\1.6.0_14\bin\java.exe;4762638

 

Also noticed a suspicious unknown icon on desktop.  Could not find any info about it.  Details from the properties screen.

 

Shortcut icon design, labeled pc app
Type of File: ClickOnce Application Reference (.appref-ms)
Description: pc app
Size: 398 bytes
Size on Disk: 4.00 KB
Created: Monday, November 08, 2010, 8:30:51 AM
Modified: Monday, November 08, 2010, 8:30:51 AM
Accessed: Monday, November 08, 2010, 8:30:51 AM
Attributes: A

 

  

Attached Files


  • 0

#23
IBGrizzly

IBGrizzly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

 

Log: 'System' Date/Time: 17/03/2015 11:33:50 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  ESProtectionDriver

 

 

This is part of Malware Bytes so you probably need to uninstall it and reinstall a fresh copy.

 

Already uninstalled MBAM and have not reinstalled, Not showing any way to uninstall, any way to manually delete?  Could it just be a left over on the start up list or in the registry that the uninstall program missed?


  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

We can remove the MBAM driver and the old Java with FRST.

 

 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 

 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
 
I've got to go to bed now.  It's almost 1 AM
 
Not sure about your icon.  If it's a shortcut then it should have the path that it goes to if you right click and select properties.

  • 0

#25
IBGrizzly

IBGrizzly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Apparently pc app was installed by vendor (Best Buy) and points to \AppData\Local\

Another forum stated:
 "
The difference between those "Application Reference" files and shortcuts (.lnk) is that the application reference points to the original application Url and not the location of the exe on disk, when you run the appref-ms file the system knows how to find the copy of the program on the local disk and run it from there without accessing the Url (this is not accurate and depends on settings in the ClickOnce manifest, but its a close approximation)."

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Ronald at 2015-03-18 19:34:03 Run:1
Running from C:\Users\Ronald\Desktop
Loaded Profiles: Ronald (Available profiles: owner & Tommie & Ronald)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
C:\Program Files (x86)\Common Files\i4j_jres
 
 
 
 
 
*****************
 
ESProtectionDriver => Service deleted successfully.
C:\Program Files (x86)\Common Files\i4j_jres => Moved successfully.
 
==== End of Fixlog 19:34:06 ====
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Ronald (administrator) on TOMMIETOSHIBA on 18-03-2015 20:44:13
Running from C:\Users\Ronald\Desktop
Loaded Profiles: Ronald (Available profiles: owner & Tommie & Ronald)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\plugin-nm-server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
HKU\S-1-5-21-2389371520-701570842-419298567-1002\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2389371520-701570842-419298567-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Tommie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2389371520-701570842-419298567-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2389371520-701570842-419298567-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2389371520-701570842-419298567-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/?cid=C001B2Y
SearchScopes: HKLM -> DefaultScope {8261F3EE-9763-4189-8E88-EE9A7FCB938B} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {8261F3EE-9763-4189-8E88-EE9A7FCB938B} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKLM-x32 -> DefaultScope {F51AD3D8-3482-4D34-9D19-88ACA5A22E93} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {F51AD3D8-3482-4D34-9D19-88ACA5A22E93} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKU\S-1-5-21-2389371520-701570842-419298567-1002 -> {8261F3EE-9763-4189-8E88-EE9A7FCB938B} URL = 
SearchScopes: HKU\S-1-5-21-2389371520-701570842-419298567-1002 -> {D743C8D5-BA23-4D6D-AE2A-7D89D0F5EEF1} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKU\S-1-5-21-2389371520-701570842-419298567-1002 -> {F51AD3D8-3482-4D34-9D19-88ACA5A22E93} URL = http://www.google.co...ng}&rlz=1I7TSND
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.50.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2010-10-31] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\c[email protected] [2015-03-15] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-03-15] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-03-15] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2010-10-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-03-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-03-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-03-15]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java™ Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-02-19]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
S4 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [186200 2013-03-20] (Garmin Ltd or its subsidiaries)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-13] (iolo technologies, LLC)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-04-07] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-04-07] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [47112 2014-08-19] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [843448 2014-12-13] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)
R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-08-13] (EldoS Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-18 20:44 - 2015-03-18 20:45 - 00025209 _____ () C:\Users\Ronald\Desktop\FRST.txt
2015-03-17 20:59 - 2015-03-17 20:59 - 00000807 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-03-17 20:59 - 2015-03-17 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-03-17 20:59 - 2015-03-17 20:59 - 00000000 ____D () C:\Program Files\Speccy
2015-03-17 06:24 - 2015-03-17 20:49 - 00000467 _____ () C:\VEW.txt
2015-03-17 06:21 - 2015-03-17 06:19 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ronald\Desktop\procexp.exe
2015-03-17 06:21 - 2015-03-17 06:16 - 05127432 _____ (Piriform Ltd) C:\Users\Ronald\Desktop\spsetup128.exe
2015-03-17 06:20 - 2015-03-17 06:13 - 00061440 _____ ( ) C:\Users\Ronald\Desktop\VEW.exe
2015-03-17 06:19 - 2015-03-17 06:19 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ronald\Downloads\procexp.exe
2015-03-17 06:16 - 2015-03-17 06:16 - 05127432 _____ (Piriform Ltd) C:\Users\Ronald\Downloads\spsetup128.exe
2015-03-17 06:13 - 2015-03-17 06:13 - 00061440 _____ ( ) C:\Users\Ronald\Downloads\VEW.exe
2015-03-16 17:06 - 2015-03-16 17:06 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Apple Computer
2015-03-16 06:37 - 2015-01-08 18:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-03-16 06:37 - 2015-01-08 18:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-03-16 05:51 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-16 05:51 - 2015-02-13 00:22 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-16 05:50 - 2015-03-06 00:56 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-16 05:50 - 2015-03-06 00:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-16 05:50 - 2015-03-06 00:42 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-16 05:50 - 2015-03-06 00:41 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-16 05:50 - 2015-03-06 00:41 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-16 05:50 - 2015-03-06 00:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-16 05:50 - 2015-03-06 00:38 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-16 05:50 - 2015-03-06 00:36 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-03-16 05:50 - 2015-03-06 00:09 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-03-16 05:50 - 2015-03-06 00:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-03-16 05:50 - 2015-03-06 00:07 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-16 05:50 - 2015-03-06 00:07 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-03-16 05:50 - 2015-03-06 00:06 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-16 05:50 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-16 05:50 - 2015-01-30 22:48 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-03-16 05:50 - 2015-01-30 22:48 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-16 05:50 - 2015-01-30 18:56 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-16 05:50 - 2015-01-30 18:56 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-03-16 05:49 - 2015-02-19 23:41 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-16 05:49 - 2015-02-19 23:40 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-16 05:49 - 2015-02-19 23:40 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-16 05:49 - 2015-02-19 23:40 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-16 05:49 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-16 05:49 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-16 05:49 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-16 05:49 - 2015-02-19 23:12 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-16 05:49 - 2015-02-19 22:29 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-16 05:49 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-16 05:49 - 2015-02-02 22:34 - 05554104 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-16 05:49 - 2015-02-02 22:34 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-16 05:49 - 2015-02-02 22:34 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-16 05:49 - 2015-02-02 22:33 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-16 05:49 - 2015-02-02 22:31 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-16 05:49 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-16 05:49 - 2015-02-02 22:30 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-16 05:49 - 2015-02-02 22:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-16 05:49 - 2015-02-02 22:28 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-16 05:49 - 2015-02-02 22:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-16 05:49 - 2015-02-02 22:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-16 05:49 - 2015-02-02 22:16 - 03973048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-03-16 05:49 - 2015-02-02 22:16 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-03-16 05:49 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-16 05:49 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-16 05:49 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-16 05:49 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-16 05:49 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-16 05:49 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-16 05:49 - 2015-02-02 22:08 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-03-16 05:49 - 2015-02-02 21:32 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-16 05:49 - 2014-10-31 17:24 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-16 05:49 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-03-16 05:49 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-03-16 05:48 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-16 05:48 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-16 05:48 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-16 05:48 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-16 05:47 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-16 05:47 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-16 05:32 - 2015-02-23 22:15 - 00389800 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-16 05:32 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-03-16 05:32 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-16 05:32 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-16 05:32 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-16 05:32 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-16 05:32 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-16 05:32 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-16 05:32 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-16 05:32 - 2015-02-19 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-16 05:32 - 2015-02-19 22:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-16 05:32 - 2015-02-19 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-16 05:32 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-16 05:32 - 2015-02-19 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-16 05:32 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-16 05:32 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-16 05:32 - 2015-02-19 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-16 05:32 - 2015-02-19 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-16 05:32 - 2015-02-19 21:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-16 05:32 - 2015-02-19 21:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-16 05:32 - 2015-02-19 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-16 05:32 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-16 05:32 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-16 05:32 - 2015-02-19 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-16 05:32 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-16 05:32 - 2015-02-19 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-16 05:32 - 2015-02-19 21:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-16 05:32 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-16 05:32 - 2015-02-19 21:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-16 05:32 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-03-16 05:32 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-03-16 05:32 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-03-16 05:32 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-16 05:32 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-16 05:32 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-16 05:32 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-03-16 05:32 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-03-16 05:32 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-03-16 05:32 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-03-16 05:32 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-16 05:32 - 2015-02-19 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-16 05:32 - 2015-02-19 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-16 05:32 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-16 05:32 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-16 05:32 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-16 05:32 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-03-16 05:32 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-16 05:32 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-16 05:32 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-16 05:32 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-16 05:32 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-03-16 05:32 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-16 05:32 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-16 05:32 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-16 05:32 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-16 05:32 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-03-16 05:31 - 2015-03-18 19:32 - 00000000 ____D () C:\Users\Ronald\Desktop\Repair Tools
2015-03-16 05:30 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-16 05:30 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-15 20:15 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-03-15 20:15 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-03-15 20:14 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-03-15 20:14 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-03-15 20:14 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-03-15 20:14 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-03-15 20:14 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-03-15 20:14 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-03-15 20:14 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-03-15 20:14 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-03-15 20:14 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-03-15 20:14 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-03-15 19:31 - 2015-03-15 19:31 - 00002341 _____ () C:\Users\Ronald\Desktop\Safe Money.lnk
2015-03-15 19:29 - 2015-03-15 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-03-15 19:29 - 2015-03-15 19:28 - 00002143 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-03-15 19:28 - 2015-03-15 19:28 - 00000000 ____D () C:\windows\ELAMBKUP
2015-03-15 19:28 - 2015-03-15 19:28 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-03-15 19:28 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2015-03-15 19:27 - 2014-12-13 18:21 - 00843448 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2015-03-15 19:27 - 2014-11-28 18:19 - 00151240 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2015-03-15 19:27 - 2014-10-22 21:13 - 00245960 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klhk.sys
2015-03-15 18:30 - 2015-03-15 18:30 - 01762704 _____ (Kaspersky Lab) C:\Users\Ronald\Downloads\setup.exe
2015-03-15 16:21 - 2015-03-15 16:21 - 00000000 ____D () C:\_OTL
2015-03-15 16:02 - 2015-03-16 17:09 - 00000000 ____D () C:\windows\system32\appmgmt
2015-03-14 21:54 - 2015-03-14 21:54 - 05200384 _____ (AVAST Software) C:\Users\Ronald\Downloads\aswmbr.exe
2015-03-14 21:27 - 2015-03-18 20:44 - 00000000 ____D () C:\FRST
2015-03-14 21:20 - 2015-03-14 21:20 - 00602112 _____ (OldTimer Tools) C:\Users\Ronald\Downloads\OTL.exe
2015-03-14 21:18 - 2015-03-14 21:18 - 02095616 _____ (Farbar) C:\Users\Ronald\Downloads\FRST64.exe
2015-03-14 21:18 - 2015-03-14 21:18 - 02095616 _____ (Farbar) C:\Users\Ronald\Desktop\FRST64.exe
2015-03-14 21:04 - 2015-03-15 15:08 - 00000000 __SHD () C:\Users\Ronald\AppData\Local\EmieBrowserModeList
2015-03-14 21:04 - 2015-03-14 21:04 - 00067573 _____ () C:\ComboFix.txt
2015-03-14 20:53 - 2015-03-14 21:04 - 00000000 ____D () C:\ComboFix
2015-02-22 22:16 - 2015-03-18 19:18 - 00008192 _____ () C:\windows\SysWOW64\WDPABKP.dat
2015-02-22 21:24 - 2015-02-22 16:01 - 00000027 _____ () C:\windows\system32\Drivers\etc\hosts.20150222-202408.backup
2015-02-22 15:51 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe
2015-02-22 15:51 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe
2015-02-22 15:51 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-02-22 15:51 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-02-22 15:51 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-02-22 15:51 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe
2015-02-22 15:51 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe
2015-02-22 15:51 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe
2015-02-22 15:35 - 2015-03-14 21:04 - 00000000 ____D () C:\Qoobox
2015-02-22 15:35 - 2015-02-22 22:06 - 00000000 ____D () C:\windows\erdnt
2015-02-19 06:30 - 2015-02-22 21:37 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-19 06:28 - 2015-02-19 06:28 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ronald\Downloads\spybot-2.4.exe
2015-02-19 06:20 - 2015-02-22 17:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-19 06:17 - 2015-02-19 06:17 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Ronald\Downloads\avira_en_av_5860338012__ws.exe
2015-02-19 06:13 - 2015-02-19 06:13 - 00400236 _____ () C:\Users\Ronald\AppData\Local\census.cache
2015-02-19 06:13 - 2015-02-19 06:13 - 00196147 _____ () C:\Users\Ronald\AppData\Local\ars.cache
2015-02-19 06:10 - 2015-02-19 06:10 - 00000010 _____ () C:\Users\Ronald\AppData\Local\sponge.last.runtime.cache
2015-02-19 06:02 - 2015-02-19 06:02 - 02494944 _____ (Trend Micro Inc.) C:\Users\Ronald\Downloads\HousecallLauncher64.exe
2015-02-19 06:02 - 2015-02-19 06:02 - 00000036 _____ () C:\Users\Ronald\AppData\Local\housecall.guid.cache
2015-02-19 05:59 - 2015-02-19 06:17 - 00000000 ____D () C:\OETemp
2015-02-19 05:59 - 2015-02-19 05:59 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Ronald\Downloads\avira_en_av___ws.exe
2015-02-19 05:53 - 2015-02-19 05:53 - 00184192 _____ () C:\Users\Ronald\Downloads\qsinstaller.exe
2015-02-19 05:53 - 2015-02-19 05:53 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\QuickScan
2015-02-19 05:06 - 2015-02-19 05:25 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-18 21:37 - 2015-02-18 21:38 - 10995632 _____ (SurfRight B.V.) C:\Users\Ronald\Downloads\HitmanPro_x64.exe
2015-02-18 19:33 - 2015-02-18 19:33 - 00000000 _____ () C:\windows\ToDisc.INI
2015-02-17 15:26 - 2015-02-17 15:26 - 01217184 _____ (Microsoft Corporation) C:\windows\SysWOW64\FM20.DLL
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-18 20:25 - 2014-10-11 12:27 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-18 20:16 - 2010-07-22 19:58 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-18 19:36 - 2011-05-02 19:36 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-18 19:26 - 2009-07-13 23:45 - 00032048 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-18 19:26 - 2009-07-13 23:45 - 00032048 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-18 19:24 - 2010-08-24 01:21 - 01398817 _____ () C:\windows\WindowsUpdate.log
2015-03-18 19:18 - 2014-02-18 21:59 - 00011924 _____ () C:\windows\setupact.log
2015-03-18 19:18 - 2010-07-22 19:58 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-18 19:18 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-16 20:13 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2015-03-16 19:44 - 2010-11-08 09:30 - 00000000 ___RD () C:\Users\Ronald\Virtual Machines
2015-03-16 18:46 - 2014-02-18 21:58 - 09703950 _____ () C:\windows\PFRO.log
2015-03-16 18:46 - 2010-07-22 19:58 - 00000000 ____D () C:\Program Files\Google
2015-03-16 18:46 - 2010-07-22 19:58 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-16 18:46 - 2009-07-13 23:45 - 01277928 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-16 18:42 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-03-16 18:42 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\Dism
2015-03-16 17:10 - 2011-03-16 18:33 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Google
2015-03-16 17:09 - 2011-03-27 16:06 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-16 17:06 - 2011-04-09 23:04 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\Apple Computer
2015-03-16 06:42 - 2011-01-31 23:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-16 06:19 - 2013-08-17 17:11 - 00000000 ____D () C:\windows\system32\MRT
2015-03-16 06:11 - 2010-10-31 13:17 - 122905848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-15 22:19 - 2014-12-20 16:36 - 00000000 ____D () C:\windows\system32\appraiser
2015-03-15 22:19 - 2014-05-04 21:25 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-03-15 22:19 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-03-15 18:50 - 2009-07-14 00:13 - 00795874 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-14 21:04 - 2010-11-08 09:30 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Apps\2.0
2015-03-14 21:02 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini
2015-02-24 04:17 - 2010-10-31 13:19 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-02-23 22:17 - 2012-02-26 15:21 - 00000000 ____D () C:\Users\Tommie\Desktop\Tommie
2015-02-22 22:37 - 2015-02-01 11:29 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-02-22 22:07 - 2009-07-13 21:34 - 90439680 _____ () C:\windows\system32\config\SOFTWARE.bak
2015-02-22 22:07 - 2009-07-13 21:34 - 25690112 _____ () C:\windows\system32\config\SYSTEM.bak
2015-02-22 22:07 - 2009-07-13 21:34 - 00524288 _____ () C:\windows\system32\config\DEFAULT.bak
2015-02-22 22:07 - 2009-07-13 21:34 - 00135168 _____ () C:\windows\system32\config\SAM.bak
2015-02-22 22:07 - 2009-07-13 21:34 - 00024576 _____ () C:\windows\system32\config\SECURITY.bak
2015-02-22 16:04 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-02-19 06:17 - 2013-03-03 09:14 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-17 19:00 - 2010-11-08 09:30 - 00000000 ____D () C:\Users\Ronald
2015-02-16 14:21 - 2015-01-31 15:16 - 00000000 ____D () C:\Users\Tommie\AppData\Roaming\iolo
 
==================== Files in the root of some directories =======
 
2015-02-19 06:13 - 2015-02-19 06:13 - 0196147 _____ () C:\Users\Ronald\AppData\Local\ars.cache
2015-02-19 06:13 - 2015-02-19 06:13 - 0400236 _____ () C:\Users\Ronald\AppData\Local\census.cache
2015-02-19 06:02 - 2015-02-19 06:02 - 0000036 _____ () C:\Users\Ronald\AppData\Local\housecall.guid.cache
2014-10-21 06:10 - 2014-10-21 06:10 - 0007634 _____ () C:\Users\Ronald\AppData\Local\Resmon.ResmonCfg
2015-02-19 06:10 - 2015-02-19 06:10 - 0000010 _____ () C:\Users\Ronald\AppData\Local\sponge.last.runtime.cache
2012-05-04 21:05 - 2012-05-04 21:05 - 0017408 _____ () C:\Users\Ronald\AppData\Local\WebpageIcons.db
2013-02-24 19:13 - 2013-03-24 19:56 - 0000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-15 19:04
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Ronald at 2015-03-18 20:46:01
Running from C:\Users\Ronald\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.7 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{BE3DFCA2-6F42-509D-555C-68A923314062}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Best Buy pc app (HKU\S-1-5-21-2389371520-701570842-419298567-1002\...\48e4cff94f039634) (Version: 3.1.2.0 - Best Buy)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Elevated Installer (x32 Version: 2.1.12 - Garmin Ltd or its subsidiaries) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Garmin Express (HKLM-x32\...\{6c14a7ec-7ed6-47f1-bb64-afc001a60a24}) (Version: 2.1.12 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.1.12 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.1.12 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.1.12 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 14.0.1 - iolo technologies, LLC)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden
[email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version:  - )
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PrintMaster 2.0 Gold (HKLM-x32\...\6485-4051-8654-1628) (Version:  - Encore Software Inc.)
PSW v2.00 A (HKLM-x32\...\{C121466D-3ABD-445A-9EEB-13479378A9AE}) (Version:  - )
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.13.112.2010 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM-x32\...\{9F153AD3-3523-4542-818E-AE2F92249667}) (Version: 1.3.550.0 - SAMSUNG Electronics CO., LTD.)
Secure Online Account Numbers (x32 Version: 2.0.2.0 - Discover) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12142 - TeamViewer)
The Print Shop 23.1 (HKLM-x32\...\{0C8C6F56-41FA-44F6-8107-DCFAA7EFD601}) (Version: 23.1.11 - Broderbund Software)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}) (Version: 2.0.3977.0 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.22C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
Verizon V CAST Media Manager (HKLM-x32\...\Verizon V CAST Media Manager) (Version:  - Verizon Wireless)
Verizon Wireless Software Upgrade Assistant - Samsung (HKLM-x32\...\{742CC73C-EB96-44B2-BD9C-1A52E086035D}) (Version: 1.11.0808 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) (HKLM-x32\...\{016E6B1B-45FC-44FB-9F83-28E6B1FF6A42}) (Version: 1.11.0203 - SAMSUNG)
WD Quick View (HKLM-x32\...\{79966948-BECF-4CB1-A79F-E76C830A17D2}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{7AE43D6C-B3F1-448D-AD84-1CDC7AC6EBC7}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
XL-5000 Conversion Tool (HKLM-x32\...\{CEAD1D78-2B7C-4F23-911F-CA7DED1E5EC1}) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
01-02-2015 11:05:24 Installed Motorola Device Manager
01-02-2015 11:16:21 Installed Motorola Device Manager
07-02-2015 13:12:02 Windows Update
16-02-2015 15:34:30 Scheduled Checkpoint
15-03-2015 16:01:09 Removed Java™ 6 Update 37
15-03-2015 17:19:17 Windows Update
15-03-2015 20:22:58 Windows Update
16-03-2015 05:54:11 Windows Update
16-03-2015 17:04:12 Removed iTunes
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-03-14 21:02 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {016C88F3-E949-4659-8B3B-95EA8BB008F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {08365BA4-4989-40D8-B6B2-D15669468B31} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08] (Adobe Systems Incorporated)
Task: {1CBB3CF5-5BFB-4B0E-8325-31873E1431F9} - System32\Tasks\{BD8D463D-5E2E-4998-9AAE-033EC9CBD910} => D:\Setup.exe
Task: {1FFE31D0-E353-4F32-8B76-CB9CD73A87B3} - \SUPERAntiSpyware Scheduled Task 9817112c-7f5f-4544-83c8-eea7411e4a8b No Task File <==== ATTENTION
Task: {2EE36459-BDBA-4E52-BD6F-4089FC867CC7} - \SUPERAntiSpyware Scheduled Task 7d455af6-aba3-49d1-8fb3-e41261552a0f No Task File <==== ATTENTION
Task: {3218F756-0E31-4D2D-BBB2-B0AFB34B4053} - \SUPERAntiSpyware Scheduled Task 3b41acea-803c-4887-901a-aa2128d958c5 No Task File <==== ATTENTION
Task: {371C46D6-BB61-4A7C-A0C3-03B25C8DFA65} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3A01E189-87CF-4009-8E21-5532BBA6422E} - System32\Tasks\{E263EF1F-65B1-44B0-94C4-3B3729F63FA6} => pcalua.exe -a "C:\ProgramData\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.1.400\english\setup.exe" -d "C:\ProgramData\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.1.400\english"
Task: {5135DD42-B31F-49EB-A3F4-EF72D1E5A999} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {52DDCE8F-CBB1-4EBC-90C3-5E70C6CAFF1E} - System32\Tasks\{0EF4B630-1D94-4753-A61C-7CA604207567} => pcalua.exe -a C:\windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe"
Task: {54A89E75-9646-407B-9560-FA95ED3E6CE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {54A8DE83-2965-4F1E-9B58-5FBC49B17523} - System32\Tasks\{153D02C4-ECDE-4DD8-9308-65456BC92AA9} => D:\Setup.exe
Task: {5B765C21-23CB-49A1-9A27-5BF74178302F} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe [2014-08-13] (iolo technologies, LLC)
Task: {652897E9-158F-4F34-B1B0-1A93F20D2C7F} - System32\Tasks\{BE33B433-7249-4FC6-A459-722A4E91E7B1} => pcalua.exe -a C:\windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe"
Task: {8BFE712F-F1A0-4C4E-B6F4-B48B4BC69CA0} - System32\Tasks\{FDB1350E-9E4A-4CA7-AE76-C7EE2EA1F5E9} => C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe
Task: {B388549F-0611-4C0B-A9FA-AE8093CCB946} - System32\Tasks\{713B9A1C-C5AD-43EB-8644-16783A7D6A04} => pcalua.exe -a C:\windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
Task: {BFBA967B-5CEE-4DFF-8574-3B7505E686EA} - System32\Tasks\{DF2F8AC1-9B1F-48BB-BE4E-215657B6794D} => pcalua.exe -a "C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe"
Task: {CB5EEFD3-F8D1-463F-96C7-1C23955F8B07} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {CC50B580-5A91-4D21-85C0-5FB06853F35B} - System32\Tasks\{26D80C85-EC6A-443F-8F0F-F94BF005E1C3} => pcalua.exe -a "C:\ProgramData\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.1.400\english\setup.exe" -d "C:\ProgramData\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.1.400\english"
Task: {DAC0B2F7-0CC0-46B5-A2DD-7A2A06B5BB2F} - \SUPERAntiSpyware Scheduled Task 7776d1a6-5432-464c-8373-06202368eea0 No Task File <==== ATTENTION
Task: {E9F48EC0-D075-4C7F-93F0-70DA27C3E923} - System32\Tasks\{E26C4A03-CC25-4A90-85E9-03320E96591F} => D:\Setup.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2010-03-03 16:15 - 2010-03-03 16:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 15:26 - 2009-11-03 15:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-07-22 19:50 - 2009-06-22 17:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 21:08 - 2009-03-12 21:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 19:38 - 2009-07-25 19:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-01-30 20:11 - 2009-01-30 20:11 - 01091072 _____ () C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCtrl.dll
2009-01-30 20:10 - 2009-01-30 20:10 - 01043456 _____ () C:\Program Files\TOSHIBA\SmartFaceV\FaceRec.dll
2009-01-30 20:11 - 2009-01-30 20:11 - 07861248 _____ () C:\Program Files\TOSHIBA\SmartFaceV\FaceHI.dll
2009-10-13 12:00 - 2009-10-13 12:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-24 01:22 - 2010-08-24 01:22 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-02-05 19:44 - 2010-02-05 19:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\kpcengine.2.3.dll
2015-03-15 15:57 - 2015-03-07 01:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-15 15:57 - 2015-03-07 01:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-15 15:57 - 2015-03-07 01:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2389371520-701570842-419298567-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Ronald\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.50.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Garmin Core Update Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Reminder.lnk => C:\windows\pss\Event Reminder.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: FlashPlayerUpdate => 
MSCONFIG\startupreg: FromDocToPDF Home Page Guard 64 bit => 
MSCONFIG\startupreg: HLBackupScheduler => C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2389371520-701570842-419298567-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2389371520-701570842-419298567-1006 - Limited - Enabled)
Guest (S-1-5-21-2389371520-701570842-419298567-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2389371520-701570842-419298567-1004 - Limited - Enabled)
owner (S-1-5-21-2389371520-701570842-419298567-1000 - Administrator - Enabled) => C:\Users\owner
Ronald (S-1-5-21-2389371520-701570842-419298567-1002 - Administrator - Enabled) => C:\Users\Ronald
Tommie (S-1-5-21-2389371520-701570842-419298567-1001 - Administrator - Enabled) => C:\Users\Tommie
 
==================== Faulty Device Manager Devices =============
 
Name: Malwarebytes Anti-Exploit
Description: Malwarebytes Anti-Exploit
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ESProtectionDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-14 21:01:45.691
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-14 21:01:45.286
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-14 21:01:44.896
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-14 21:01:44.490
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-22 21:05:41.949
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-22 21:05:41.544
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-22 21:05:41.138
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-22 21:05:40.733
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-22 15:01:18.403
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-22 15:01:18.013
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II N640 Dual-Core Processor
Percentage of memory in use: 48%
Total physical RAM: 3835.68 MB
Available physical RAM: 1976.8 MB
Total Pagefile: 7669.55 MB
Available Pagefile: 5149.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (TI105955W0C) (Fixed) (Total:453.42 GB) (Free:333 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: FF592F49)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.9 GB) - (Type=17)
 
==================== End Of Log ============================

 

 

 

(And if you read this when posted, it's bed time, you stayed up way too late working on this last night)


  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

That got rid of the last MBAM service but I see one more and it looks like SuperAntiSpyware left some tasks when you uninstalled it so we need to run another fix just like we did.


  • 0

#27
IBGrizzly

IBGrizzly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Ronald at 2015-03-22 11:24:09 Run:2
Running from C:\Users\Ronald\Desktop
Loaded Profiles: Ronald (Available profiles: owner & Tommie & Ronald)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
BootExecute: autocheck autochk * sdnclean64.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2389371520-701570842-419298567-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2389371520-701570842-419298567-1002 -> {8261F3EE-9763-4189-8E88-EE9A7FCB938B} URL = 
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
Task: {1FFE31D0-E353-4F32-8B76-CB9CD73A87B3} - \SUPERAntiSpyware Scheduled Task 9817112c-7f5f-4544-83c8-eea7411e4a8b No Task File <==== ATTENTION
Task: {2EE36459-BDBA-4E52-BD6F-4089FC867CC7} - \SUPERAntiSpyware Scheduled Task 7d455af6-aba3-49d1-8fb3-e41261552a0f No Task File <==== ATTENTION
Task: {3218F756-0E31-4D2D-BBB2-B0AFB34B4053} - \SUPERAntiSpyware Scheduled Task 3b41acea-803c-4887-901a-aa2128d958c5 No Task File <==== ATTENTION
Task: {DAC0B2F7-0CC0-46B5-A2DD-7A2A06B5BB2F} - \SUPERAntiSpyware Scheduled Task 7776d1a6-5432-464c-8373-06202368eea0 No Task File <==== ATTENTION
Task: {1CBB3CF5-5BFB-4B0E-8325-31873E1431F9} - System32\Tasks\{BD8D463D-5E2E-4998-9AAE-033EC9CBD910} => D:\Setup.exe
Task: {54A8DE83-2965-4F1E-9B58-5FBC49B17523} - System32\Tasks\{153D02C4-ECDE-4DD8-9308-65456BC92AA9} => D:\Setup.exe
 
 
 
 
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Exploit => value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2389371520-701570842-419298567-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKU\S-1-5-21-2389371520-701570842-419298567-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8261F3EE-9763-4189-8E88-EE9A7FCB938B}" => Key deleted successfully.
HKCR\CLSID\{8261F3EE-9763-4189-8E88-EE9A7FCB938B} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. 
catchme => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FFE31D0-E353-4F32-8B76-CB9CD73A87B3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FFE31D0-E353-4F32-8B76-CB9CD73A87B3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 9817112c-7f5f-4544-83c8-eea7411e4a8b" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2EE36459-BDBA-4E52-BD6F-4089FC867CC7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EE36459-BDBA-4E52-BD6F-4089FC867CC7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 7d455af6-aba3-49d1-8fb3-e41261552a0f" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3218F756-0E31-4D2D-BBB2-B0AFB34B4053}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3218F756-0E31-4D2D-BBB2-B0AFB34B4053}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 3b41acea-803c-4887-901a-aa2128d958c5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DAC0B2F7-0CC0-46B5-A2DD-7A2A06B5BB2F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAC0B2F7-0CC0-46B5-A2DD-7A2A06B5BB2F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 7776d1a6-5432-464c-8373-06202368eea0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CBB3CF5-5BFB-4B0E-8325-31873E1431F9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CBB3CF5-5BFB-4B0E-8325-31873E1431F9}" => Key deleted successfully.
C:\Windows\System32\Tasks\{BD8D463D-5E2E-4998-9AAE-033EC9CBD910} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BD8D463D-5E2E-4998-9AAE-033EC9CBD910}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54A8DE83-2965-4F1E-9B58-5FBC49B17523}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54A8DE83-2965-4F1E-9B58-5FBC49B17523}" => Key deleted successfully.
C:\Windows\System32\Tasks\{153D02C4-ECDE-4DD8-9308-65456BC92AA9} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{153D02C4-ECDE-4DD8-9308-65456BC92AA9}" => Key deleted successfully.
 
==== End of Fixlog 11:24:12 ====
 
 
 
 
**********************************************************************************************************************************************************************************
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Ronald (administrator) on TOMMIETOSHIBA on 22-03-2015 11:27:28
Running from C:\Users\Ronald\Desktop
Loaded Profiles: Ronald (Available profiles: owner & Tommie & Ronald)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
() C:\Program Files (x86)\Google\Update\Install\{4CA7D7CE-D6A0-4885-831E-CA2CA0920392}\41.0.2272.101_41.0.2272.89_chrome_updater.exe
(Google Inc.) C:\Windows\Temp\CR_87860.tmp\setup.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\plugin-nm-server.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKU\S-1-5-21-2389371520-701570842-419298567-1002\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2389371520-701570842-419298567-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Tommie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2389371520-701570842-419298567-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2389371520-701570842-419298567-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/?cid=C001B2Y
SearchScopes: HKLM -> DefaultScope {8261F3EE-9763-4189-8E88-EE9A7FCB938B} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKLM -> {8261F3EE-9763-4189-8E88-EE9A7FCB938B} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKLM-x32 -> DefaultScope {F51AD3D8-3482-4D34-9D19-88ACA5A22E93} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKLM-x32 -> {F51AD3D8-3482-4D34-9D19-88ACA5A22E93} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKU\S-1-5-21-2389371520-701570842-419298567-1002 -> {D743C8D5-BA23-4D6D-AE2A-7D89D0F5EEF1} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKU\S-1-5-21-2389371520-701570842-419298567-1002 -> {F51AD3D8-3482-4D34-9D19-88ACA5A22E93} URL = http://www.google.co...ng}&rlz=1I7TSND
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.50.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2010-10-31] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-03-15] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-03-15] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-03-15] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2010-10-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-03-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-03-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-03-15]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java™ Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-02-19]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
S4 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [186200 2013-03-20] (Garmin Ltd or its subsidiaries)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-13] (iolo technologies, LLC)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-04-07] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-04-07] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [47112 2014-08-19] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [843448 2014-12-13] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)
R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-08-13] (EldoS Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-22 11:27 - 2015-03-22 11:31 - 00024474 _____ () C:\Users\Ronald\Desktop\FRST.txt
2015-03-22 11:13 - 2015-03-22 11:25 - 00008192 _____ () C:\windows\SysWOW64\WDPABKP.dat
2015-03-18 22:20 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-03-18 22:20 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-03-18 22:20 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-03-18 22:20 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-03-18 20:46 - 2015-03-18 20:46 - 00030099 _____ () C:\Users\Ronald\Desktop\Addition.txt
2015-03-17 20:59 - 2015-03-17 20:59 - 00000807 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-03-17 20:59 - 2015-03-17 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-03-17 20:59 - 2015-03-17 20:59 - 00000000 ____D () C:\Program Files\Speccy
2015-03-17 06:24 - 2015-03-17 20:49 - 00000467 _____ () C:\VEW.txt
2015-03-17 06:21 - 2015-03-17 06:19 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ronald\Desktop\procexp.exe
2015-03-17 06:21 - 2015-03-17 06:16 - 05127432 _____ (Piriform Ltd) C:\Users\Ronald\Desktop\spsetup128.exe
2015-03-17 06:20 - 2015-03-17 06:13 - 00061440 _____ ( ) C:\Users\Ronald\Desktop\VEW.exe
2015-03-17 06:19 - 2015-03-17 06:19 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ronald\Downloads\procexp.exe
2015-03-17 06:16 - 2015-03-17 06:16 - 05127432 _____ (Piriform Ltd) C:\Users\Ronald\Downloads\spsetup128.exe
2015-03-17 06:13 - 2015-03-17 06:13 - 00061440 _____ ( ) C:\Users\Ronald\Downloads\VEW.exe
2015-03-16 17:06 - 2015-03-16 17:06 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Apple Computer
2015-03-16 06:37 - 2015-01-08 18:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-03-16 06:37 - 2015-01-08 18:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-03-16 05:51 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-16 05:51 - 2015-02-13 00:22 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-16 05:50 - 2015-03-06 00:56 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-16 05:50 - 2015-03-06 00:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-16 05:50 - 2015-03-06 00:42 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-16 05:50 - 2015-03-06 00:41 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-16 05:50 - 2015-03-06 00:41 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-16 05:50 - 2015-03-06 00:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-16 05:50 - 2015-03-06 00:38 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-16 05:50 - 2015-03-06 00:36 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-03-16 05:50 - 2015-03-06 00:09 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-03-16 05:50 - 2015-03-06 00:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-03-16 05:50 - 2015-03-06 00:07 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-16 05:50 - 2015-03-06 00:07 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-03-16 05:50 - 2015-03-06 00:06 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-16 05:50 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-16 05:50 - 2015-01-30 22:48 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-03-16 05:50 - 2015-01-30 22:48 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-16 05:50 - 2015-01-30 18:56 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-16 05:50 - 2015-01-30 18:56 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-03-16 05:49 - 2015-02-19 23:41 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-16 05:49 - 2015-02-19 23:40 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-16 05:49 - 2015-02-19 23:40 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-16 05:49 - 2015-02-19 23:40 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-16 05:49 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-16 05:49 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-16 05:49 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-16 05:49 - 2015-02-19 23:12 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-16 05:49 - 2015-02-19 22:29 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-16 05:49 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-16 05:49 - 2015-02-02 22:34 - 05554104 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-16 05:49 - 2015-02-02 22:34 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-16 05:49 - 2015-02-02 22:34 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-16 05:49 - 2015-02-02 22:33 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-16 05:49 - 2015-02-02 22:31 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-16 05:49 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-16 05:49 - 2015-02-02 22:30 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-16 05:49 - 2015-02-02 22:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-16 05:49 - 2015-02-02 22:28 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-16 05:49 - 2015-02-02 22:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-16 05:49 - 2015-02-02 22:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-16 05:49 - 2015-02-02 22:16 - 03973048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-03-16 05:49 - 2015-02-02 22:16 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-03-16 05:49 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-16 05:49 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-16 05:49 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-16 05:49 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-16 05:49 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-16 05:49 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-16 05:49 - 2015-02-02 22:08 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-03-16 05:49 - 2015-02-02 21:32 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-16 05:49 - 2014-10-31 17:24 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-16 05:49 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-03-16 05:49 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-03-16 05:48 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-16 05:48 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-16 05:48 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-16 05:48 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-16 05:47 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-16 05:47 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-16 05:32 - 2015-02-23 22:15 - 00389800 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-16 05:32 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-03-16 05:32 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-16 05:32 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-16 05:32 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-16 05:32 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-16 05:32 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-16 05:32 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-16 05:32 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-16 05:32 - 2015-02-19 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-16 05:32 - 2015-02-19 22:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-16 05:32 - 2015-02-19 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-16 05:32 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-16 05:32 - 2015-02-19 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-16 05:32 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-16 05:32 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-16 05:32 - 2015-02-19 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-16 05:32 - 2015-02-19 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-16 05:32 - 2015-02-19 21:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-16 05:32 - 2015-02-19 21:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-16 05:32 - 2015-02-19 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-16 05:32 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-16 05:32 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-16 05:32 - 2015-02-19 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-16 05:32 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-16 05:32 - 2015-02-19 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-16 05:32 - 2015-02-19 21:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-16 05:32 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-16 05:32 - 2015-02-19 21:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-16 05:32 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-03-16 05:32 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-03-16 05:32 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-03-16 05:32 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-16 05:32 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-16 05:32 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-16 05:32 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-03-16 05:32 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-03-16 05:32 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-03-16 05:32 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-03-16 05:32 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-16 05:32 - 2015-02-19 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-16 05:32 - 2015-02-19 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-16 05:32 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-16 05:32 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-16 05:32 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-16 05:32 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-03-16 05:32 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-16 05:32 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-16 05:32 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-16 05:32 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-16 05:32 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-03-16 05:32 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-16 05:32 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-16 05:32 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-16 05:32 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-16 05:32 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-03-16 05:31 - 2015-03-22 11:27 - 00000000 ____D () C:\Users\Ronald\Desktop\Repair Tools
2015-03-16 05:30 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-16 05:30 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-15 20:15 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-03-15 20:15 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-03-15 20:14 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-03-15 20:14 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-03-15 20:14 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-03-15 20:14 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-03-15 20:14 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-03-15 20:14 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-03-15 20:14 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-03-15 20:14 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-03-15 20:14 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-03-15 20:14 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-03-15 19:31 - 2015-03-15 19:31 - 00002341 _____ () C:\Users\Ronald\Desktop\Safe Money.lnk
2015-03-15 19:29 - 2015-03-15 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-03-15 19:29 - 2015-03-15 19:28 - 00002143 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-03-15 19:28 - 2015-03-15 19:28 - 00000000 ____D () C:\windows\ELAMBKUP
2015-03-15 19:28 - 2015-03-15 19:28 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-03-15 19:28 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2015-03-15 19:27 - 2014-12-13 18:21 - 00843448 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2015-03-15 19:27 - 2014-11-28 18:19 - 00151240 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2015-03-15 19:27 - 2014-10-22 21:13 - 00245960 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klhk.sys
2015-03-15 18:30 - 2015-03-15 18:30 - 01762704 _____ (Kaspersky Lab) C:\Users\Ronald\Downloads\setup.exe
2015-03-15 16:21 - 2015-03-15 16:21 - 00000000 ____D () C:\_OTL
2015-03-15 16:02 - 2015-03-16 17:09 - 00000000 ____D () C:\windows\system32\appmgmt
2015-03-14 21:54 - 2015-03-14 21:54 - 05200384 _____ (AVAST Software) C:\Users\Ronald\Downloads\aswmbr.exe
2015-03-14 21:27 - 2015-03-22 11:27 - 00000000 ____D () C:\FRST
2015-03-14 21:20 - 2015-03-14 21:20 - 00602112 _____ (OldTimer Tools) C:\Users\Ronald\Downloads\OTL.exe
2015-03-14 21:18 - 2015-03-14 21:18 - 02095616 _____ (Farbar) C:\Users\Ronald\Downloads\FRST64.exe
2015-03-14 21:18 - 2015-03-14 21:18 - 02095616 _____ (Farbar) C:\Users\Ronald\Desktop\FRST64.exe
2015-03-14 21:04 - 2015-03-15 15:08 - 00000000 __SHD () C:\Users\Ronald\AppData\Local\EmieBrowserModeList
2015-03-14 21:04 - 2015-03-14 21:04 - 00067573 _____ () C:\ComboFix.txt
2015-03-14 20:53 - 2015-03-14 21:04 - 00000000 ____D () C:\ComboFix
2015-02-22 21:24 - 2015-02-22 16:01 - 00000027 _____ () C:\windows\system32\Drivers\etc\hosts.20150222-202408.backup
2015-02-22 15:51 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe
2015-02-22 15:51 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe
2015-02-22 15:51 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-02-22 15:51 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-02-22 15:51 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-02-22 15:51 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe
2015-02-22 15:51 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe
2015-02-22 15:51 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe
2015-02-22 15:35 - 2015-03-14 21:04 - 00000000 ____D () C:\Qoobox
2015-02-22 15:35 - 2015-02-22 22:06 - 00000000 ____D () C:\windows\erdnt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-22 11:25 - 2014-10-11 12:27 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-22 11:24 - 2011-05-02 19:36 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-22 11:21 - 2010-08-24 01:21 - 01467195 _____ () C:\windows\WindowsUpdate.log
2015-03-22 11:17 - 2009-07-13 23:45 - 00032048 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-22 11:17 - 2009-07-13 23:45 - 00032048 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-22 11:16 - 2010-07-22 19:58 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-22 11:11 - 2010-07-22 19:58 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-22 11:09 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-22 11:08 - 2014-02-18 21:59 - 00011980 _____ () C:\windows\setupact.log
2015-03-19 05:34 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\tracing
2015-03-16 20:13 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2015-03-16 19:44 - 2010-11-08 09:30 - 00000000 ___RD () C:\Users\Ronald\Virtual Machines
2015-03-16 18:46 - 2014-02-18 21:58 - 09703950 _____ () C:\windows\PFRO.log
2015-03-16 18:46 - 2010-07-22 19:58 - 00000000 ____D () C:\Program Files\Google
2015-03-16 18:46 - 2010-07-22 19:58 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-16 18:46 - 2009-07-13 23:45 - 01277928 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-16 18:42 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-03-16 18:42 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\Dism
2015-03-16 17:10 - 2011-03-16 18:33 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Google
2015-03-16 17:09 - 2011-03-27 16:06 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-16 17:06 - 2011-04-09 23:04 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\Apple Computer
2015-03-16 06:42 - 2011-01-31 23:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-16 06:19 - 2013-08-17 17:11 - 00000000 ____D () C:\windows\system32\MRT
2015-03-16 06:11 - 2010-10-31 13:17 - 122905848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-15 22:19 - 2014-12-20 16:36 - 00000000 ____D () C:\windows\system32\appraiser
2015-03-15 22:19 - 2014-05-04 21:25 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-03-15 22:19 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-03-15 18:50 - 2009-07-14 00:13 - 00795874 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-14 21:04 - 2010-11-08 09:30 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Apps\2.0
2015-03-14 21:02 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini
2015-02-24 04:17 - 2010-10-31 13:19 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-02-23 22:17 - 2012-02-26 15:21 - 00000000 ____D () C:\Users\Tommie\Desktop\Tommie
2015-02-22 22:37 - 2015-02-01 11:29 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-02-22 22:07 - 2009-07-13 21:34 - 90439680 _____ () C:\windows\system32\config\SOFTWARE.bak
2015-02-22 22:07 - 2009-07-13 21:34 - 25690112 _____ () C:\windows\system32\config\SYSTEM.bak
2015-02-22 22:07 - 2009-07-13 21:34 - 00524288 _____ () C:\windows\system32\config\DEFAULT.bak
2015-02-22 22:07 - 2009-07-13 21:34 - 00135168 _____ () C:\windows\system32\config\SAM.bak
2015-02-22 22:07 - 2009-07-13 21:34 - 00024576 _____ () C:\windows\system32\config\SECURITY.bak
2015-02-22 21:37 - 2015-02-19 06:30 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-22 17:15 - 2015-02-19 06:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-22 16:04 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
 
==================== Files in the root of some directories =======
 
2015-02-19 06:13 - 2015-02-19 06:13 - 0196147 _____ () C:\Users\Ronald\AppData\Local\ars.cache
2015-02-19 06:13 - 2015-02-19 06:13 - 0400236 _____ () C:\Users\Ronald\AppData\Local\census.cache
2015-02-19 06:02 - 2015-02-19 06:02 - 0000036 _____ () C:\Users\Ronald\AppData\Local\housecall.guid.cache
2014-10-21 06:10 - 2014-10-21 06:10 - 0007634 _____ () C:\Users\Ronald\AppData\Local\Resmon.ResmonCfg
2015-02-19 06:10 - 2015-02-19 06:10 - 0000010 _____ () C:\Users\Ronald\AppData\Local\sponge.last.runtime.cache
2012-05-04 21:05 - 2012-05-04 21:05 - 0017408 _____ () C:\Users\Ronald\AppData\Local\WebpageIcons.db
2013-02-24 19:13 - 2013-03-24 19:56 - 0000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-15 19:04
 
==================== End Of Log ============================
 
 
 
 
 
****************************************************************************************************************************************************************************************************
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Ronald (administrator) on TOMMIETOSHIBA on 22-03-2015 11:27:28
Running from C:\Users\Ronald\Desktop
Loaded Profiles: Ronald (Available profiles: owner & Tommie & Ronald)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
() C:\Program Files (x86)\Google\Update\Install\{4CA7D7CE-D6A0-4885-831E-CA2CA0920392}\41.0.2272.101_41.0.2272.89_chrome_updater.exe
(Google Inc.) C:\Windows\Temp\CR_87860.tmp\setup.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\plugin-nm-server.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKU\S-1-5-21-2389371520-701570842-419298567-1002\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2389371520-701570842-419298567-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Tommie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2389371520-701570842-419298567-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2389371520-701570842-419298567-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/?cid=C001B2Y
SearchScopes: HKLM -> DefaultScope {8261F3EE-9763-4189-8E88-EE9A7FCB938B} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKLM -> {8261F3EE-9763-4189-8E88-EE9A7FCB938B} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKLM-x32 -> DefaultScope {F51AD3D8-3482-4D34-9D19-88ACA5A22E93} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKLM-x32 -> {F51AD3D8-3482-4D34-9D19-88ACA5A22E93} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKU\S-1-5-21-2389371520-701570842-419298567-1002 -> {D743C8D5-BA23-4D6D-AE2A-7D89D0F5EEF1} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKU\S-1-5-21-2389371520-701570842-419298567-1002 -> {F51AD3D8-3482-4D34-9D19-88ACA5A22E93} URL = http://www.google.co...ng}&rlz=1I7TSND
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.50.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2010-10-31] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-03-15] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-03-15] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-03-15] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2010-10-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-03-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-03-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-03-15]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java™ Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Ronald\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-02-19]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
S4 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [186200 2013-03-20] (Garmin Ltd or its subsidiaries)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-13] (iolo technologies, LLC)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-04-07] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-04-07] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [47112 2014-08-19] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [843448 2014-12-13] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)
R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-08-13] (EldoS Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-22 11:27 - 2015-03-22 11:31 - 00024474 _____ () C:\Users\Ronald\Desktop\FRST.txt
2015-03-22 11:13 - 2015-03-22 11:25 - 00008192 _____ () C:\windows\SysWOW64\WDPABKP.dat
2015-03-18 22:20 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-03-18 22:20 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-03-18 22:20 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-03-18 22:20 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-03-18 20:46 - 2015-03-18 20:46 - 00030099 _____ () C:\Users\Ronald\Desktop\Addition.txt
2015-03-17 20:59 - 2015-03-17 20:59 - 00000807 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-03-17 20:59 - 2015-03-17 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-03-17 20:59 - 2015-03-17 20:59 - 00000000 ____D () C:\Program Files\Speccy
2015-03-17 06:24 - 2015-03-17 20:49 - 00000467 _____ () C:\VEW.txt
2015-03-17 06:21 - 2015-03-17 06:19 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ronald\Desktop\procexp.exe
2015-03-17 06:21 - 2015-03-17 06:16 - 05127432 _____ (Piriform Ltd) C:\Users\Ronald\Desktop\spsetup128.exe
2015-03-17 06:20 - 2015-03-17 06:13 - 00061440 _____ ( ) C:\Users\Ronald\Desktop\VEW.exe
2015-03-17 06:19 - 2015-03-17 06:19 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ronald\Downloads\procexp.exe
2015-03-17 06:16 - 2015-03-17 06:16 - 05127432 _____ (Piriform Ltd) C:\Users\Ronald\Downloads\spsetup128.exe
2015-03-17 06:13 - 2015-03-17 06:13 - 00061440 _____ ( ) C:\Users\Ronald\Downloads\VEW.exe
2015-03-16 17:06 - 2015-03-16 17:06 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Apple Computer
2015-03-16 06:37 - 2015-01-08 18:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-03-16 06:37 - 2015-01-08 18:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-03-16 05:51 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-16 05:51 - 2015-02-13 00:22 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-16 05:50 - 2015-03-06 00:56 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-16 05:50 - 2015-03-06 00:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-16 05:50 - 2015-03-06 00:42 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-16 05:50 - 2015-03-06 00:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-16 05:50 - 2015-03-06 00:41 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-16 05:50 - 2015-03-06 00:41 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-16 05:50 - 2015-03-06 00:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-16 05:50 - 2015-03-06 00:38 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-16 05:50 - 2015-03-06 00:36 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-03-16 05:50 - 2015-03-06 00:10 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-03-16 05:50 - 2015-03-06 00:09 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-03-16 05:50 - 2015-03-06 00:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-03-16 05:50 - 2015-03-06 00:07 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-16 05:50 - 2015-03-06 00:07 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-03-16 05:50 - 2015-03-06 00:06 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-16 05:50 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-16 05:50 - 2015-01-30 22:48 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-03-16 05:50 - 2015-01-30 22:48 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-16 05:50 - 2015-01-30 18:56 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-16 05:50 - 2015-01-30 18:56 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-03-16 05:49 - 2015-02-19 23:41 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-16 05:49 - 2015-02-19 23:40 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-16 05:49 - 2015-02-19 23:40 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-16 05:49 - 2015-02-19 23:40 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-16 05:49 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-16 05:49 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-16 05:49 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-16 05:49 - 2015-02-19 23:12 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-16 05:49 - 2015-02-19 22:29 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-16 05:49 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-16 05:49 - 2015-02-02 22:34 - 05554104 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-16 05:49 - 2015-02-02 22:34 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-16 05:49 - 2015-02-02 22:34 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-16 05:49 - 2015-02-02 22:33 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-16 05:49 - 2015-02-02 22:31 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-16 05:49 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-16 05:49 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-16 05:49 - 2015-02-02 22:30 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-16 05:49 - 2015-02-02 22:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-16 05:49 - 2015-02-02 22:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-16 05:49 - 2015-02-02 22:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-16 05:49 - 2015-02-02 22:28 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-16 05:49 - 2015-02-02 22:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-16 05:49 - 2015-02-02 22:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-16 05:49 - 2015-02-02 22:16 - 03973048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-03-16 05:49 - 2015-02-02 22:16 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-03-16 05:49 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-16 05:49 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-16 05:49 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-16 05:49 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-16 05:49 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-16 05:49 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-16 05:49 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-16 05:49 - 2015-02-02 22:08 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-03-16 05:49 - 2015-02-02 21:32 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-16 05:49 - 2014-10-31 17:24 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-16 05:49 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-03-16 05:49 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-03-16 05:48 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-16 05:48 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-16 05:48 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-16 05:48 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-16 05:47 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-16 05:47 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-16 05:32 - 2015-02-23 22:15 - 00389800 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-16 05:32 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-03-16 05:32 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-16 05:32 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-16 05:32 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-16 05:32 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-16 05:32 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-16 05:32 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-16 05:32 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-16 05:32 - 2015-02-19 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-16 05:32 - 2015-02-19 22:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-16 05:32 - 2015-02-19 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-16 05:32 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-16 05:32 - 2015-02-19 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-16 05:32 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-16 05:32 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-16 05:32 - 2015-02-19 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-16 05:32 - 2015-02-19 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-16 05:32 - 2015-02-19 21:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-16 05:32 - 2015-02-19 21:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-16 05:32 - 2015-02-19 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-16 05:32 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-16 05:32 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-16 05:32 - 2015-02-19 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-16 05:32 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-16 05:32 - 2015-02-19 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-16 05:32 - 2015-02-19 21:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-16 05:32 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-16 05:32 - 2015-02-19 21:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-16 05:32 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-03-16 05:32 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-03-16 05:32 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-03-16 05:32 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-16 05:32 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-16 05:32 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-16 05:32 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-03-16 05:32 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-03-16 05:32 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-03-16 05:32 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-03-16 05:32 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-16 05:32 - 2015-02-19 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-16 05:32 - 2015-02-19 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-16 05:32 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-16 05:32 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-16 05:32 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-16 05:32 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-03-16 05:32 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-16 05:32 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-16 05:32 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-16 05:32 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-16 05:32 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-03-16 05:32 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-16 05:32 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-16 05:32 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-16 05:32 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-16 05:32 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-03-16 05:31 - 2015-03-22 11:27 - 00000000 ____D () C:\Users\Ronald\Desktop\Repair Tools
2015-03-16 05:30 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-16 05:30 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-15 20:15 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-03-15 20:15 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-03-15 20:14 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-03-15 20:14 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-03-15 20:14 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-03-15 20:14 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-03-15 20:14 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-03-15 20:14 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-03-15 20:14 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-03-15 20:14 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-03-15 20:14 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-03-15 20:14 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-03-15 19:31 - 2015-03-15 19:31 - 00002341 _____ () C:\Users\Ronald\Desktop\Safe Money.lnk
2015-03-15 19:29 - 2015-03-15 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-03-15 19:29 - 2015-03-15 19:28 - 00002143 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-03-15 19:28 - 2015-03-15 19:28 - 00000000 ____D () C:\windows\ELAMBKUP
2015-03-15 19:28 - 2015-03-15 19:28 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-03-15 19:28 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2015-03-15 19:27 - 2014-12-13 18:21 - 00843448 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2015-03-15 19:27 - 2014-11-28 18:19 - 00151240 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2015-03-15 19:27 - 2014-10-22 21:13 - 00245960 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klhk.sys
2015-03-15 18:30 - 2015-03-15 18:30 - 01762704 _____ (Kaspersky Lab) C:\Users\Ronald\Downloads\setup.exe
2015-03-15 16:21 - 2015-03-15 16:21 - 00000000 ____D () C:\_OTL
2015-03-15 16:02 - 2015-03-16 17:09 - 00000000 ____D () C:\windows\system32\appmgmt
2015-03-14 21:54 - 2015-03-14 21:54 - 05200384 _____ (AVAST Software) C:\Users\Ronald\Downloads\aswmbr.exe
2015-03-14 21:27 - 2015-03-22 11:27 - 00000000 ____D () C:\FRST
2015-03-14 21:20 - 2015-03-14 21:20 - 00602112 _____ (OldTimer Tools) C:\Users\Ronald\Downloads\OTL.exe
2015-03-14 21:18 - 2015-03-14 21:18 - 02095616 _____ (Farbar) C:\Users\Ronald\Downloads\FRST64.exe
2015-03-14 21:18 - 2015-03-14 21:18 - 02095616 _____ (Farbar) C:\Users\Ronald\Desktop\FRST64.exe
2015-03-14 21:04 - 2015-03-15 15:08 - 00000000 __SHD () C:\Users\Ronald\AppData\Local\EmieBrowserModeList
2015-03-14 21:04 - 2015-03-14 21:04 - 00067573 _____ () C:\ComboFix.txt
2015-03-14 20:53 - 2015-03-14 21:04 - 00000000 ____D () C:\ComboFix
2015-02-22 21:24 - 2015-02-22 16:01 - 00000027 _____ () C:\windows\system32\Drivers\etc\hosts.20150222-202408.backup
2015-02-22 15:51 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe
2015-02-22 15:51 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe
2015-02-22 15:51 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-02-22 15:51 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-02-22 15:51 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-02-22 15:51 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe
2015-02-22 15:51 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe
2015-02-22 15:51 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe
2015-02-22 15:35 - 2015-03-14 21:04 - 00000000 ____D () C:\Qoobox
2015-02-22 15:35 - 2015-02-22 22:06 - 00000000 ____D () C:\windows\erdnt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-22 11:25 - 2014-10-11 12:27 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-22 11:24 - 2011-05-02 19:36 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-22 11:21 - 2010-08-24 01:21 - 01467195 _____ () C:\windows\WindowsUpdate.log
2015-03-22 11:17 - 2009-07-13 23:45 - 00032048 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-22 11:17 - 2009-07-13 23:45 - 00032048 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-22 11:16 - 2010-07-22 19:58 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-22 11:11 - 2010-07-22 19:58 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-22 11:09 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-22 11:08 - 2014-02-18 21:59 - 00011980 _____ () C:\windows\setupact.log
2015-03-19 05:34 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\tracing
2015-03-16 20:13 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2015-03-16 19:44 - 2010-11-08 09:30 - 00000000 ___RD () C:\Users\Ronald\Virtual Machines
2015-03-16 18:46 - 2014-02-18 21:58 - 09703950 _____ () C:\windows\PFRO.log
2015-03-16 18:46 - 2010-07-22 19:58 - 00000000 ____D () C:\Program Files\Google
2015-03-16 18:46 - 2010-07-22 19:58 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-16 18:46 - 2009-07-13 23:45 - 01277928 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-16 18:42 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-03-16 18:42 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\Dism
2015-03-16 17:10 - 2011-03-16 18:33 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Google
2015-03-16 17:09 - 2011-03-27 16:06 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-16 17:06 - 2011-04-09 23:04 - 00000000 ____D () C:\Users\Ronald\AppData\Roaming\Apple Computer
2015-03-16 06:42 - 2011-01-31 23:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-16 06:19 - 2013-08-17 17:11 - 00000000 ____D () C:\windows\system32\MRT
2015-03-16 06:11 - 2010-10-31 13:17 - 122905848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-15 22:19 - 2014-12-20 16:36 - 00000000 ____D () C:\windows\system32\appraiser
2015-03-15 22:19 - 2014-05-04 21:25 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-03-15 22:19 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-03-15 18:50 - 2009-07-14 00:13 - 00795874 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-14 21:04 - 2010-11-08 09:30 - 00000000 ____D () C:\Users\Ronald\AppData\Local\Apps\2.0
2015-03-14 21:02 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini
2015-02-24 04:17 - 2010-10-31 13:19 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-02-23 22:17 - 2012-02-26 15:21 - 00000000 ____D () C:\Users\Tommie\Desktop\Tommie
2015-02-22 22:37 - 2015-02-01 11:29 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-02-22 22:07 - 2009-07-13 21:34 - 90439680 _____ () C:\windows\system32\config\SOFTWARE.bak
2015-02-22 22:07 - 2009-07-13 21:34 - 25690112 _____ () C:\windows\system32\config\SYSTEM.bak
2015-02-22 22:07 - 2009-07-13 21:34 - 00524288 _____ () C:\windows\system32\config\DEFAULT.bak
2015-02-22 22:07 - 2009-07-13 21:34 - 00135168 _____ () C:\windows\system32\config\SAM.bak
2015-02-22 22:07 - 2009-07-13 21:34 - 00024576 _____ () C:\windows\system32\config\SECURITY.bak
2015-02-22 21:37 - 2015-02-19 06:30 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-22 17:15 - 2015-02-19 06:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-22 16:04 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
 
==================== Files in the root of some directories =======
 
2015-02-19 06:13 - 2015-02-19 06:13 - 0196147 _____ () C:\Users\Ronald\AppData\Local\ars.cache
2015-02-19 06:13 - 2015-02-19 06:13 - 0400236 _____ () C:\Users\Ronald\AppData\Local\census.cache
2015-02-19 06:02 - 2015-02-19 06:02 - 0000036 _____ () C:\Users\Ronald\AppData\Local\housecall.guid.cache
2014-10-21 06:10 - 2014-10-21 06:10 - 0007634 _____ () C:\Users\Ronald\AppData\Local\Resmon.ResmonCfg
2015-02-19 06:10 - 2015-02-19 06:10 - 0000010 _____ () C:\Users\Ronald\AppData\Local\sponge.last.runtime.cache
2012-05-04 21:05 - 2012-05-04 21:05 - 0017408 _____ () C:\Users\Ronald\AppData\Local\WebpageIcons.db
2013-02-24 19:13 - 2013-03-24 19:56 - 0000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-15 19:04
 
==================== End Of Log ============================

  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Looks like you posted the FRST log twice.  Did you get the Addition log?

 

How is it running?


  • 0

#29
IBGrizzly

IBGrizzly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Sorry,

Seems to be running fine.  No slow downs or delays that I have noticed.

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Ronald at 2015-03-22 11:33:13
Running from C:\Users\Ronald\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.7 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{BE3DFCA2-6F42-509D-555C-68A923314062}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Best Buy pc app (HKU\S-1-5-21-2389371520-701570842-419298567-1002\...\48e4cff94f039634) (Version: 3.1.2.0 - Best Buy)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Elevated Installer (x32 Version: 2.1.12 - Garmin Ltd or its subsidiaries) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Garmin Express (HKLM-x32\...\{6c14a7ec-7ed6-47f1-bb64-afc001a60a24}) (Version: 2.1.12 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.1.12 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.1.12 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.1.12 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 14.0.1 - iolo technologies, LLC)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden
[email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version:  - )
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PrintMaster 2.0 Gold (HKLM-x32\...\6485-4051-8654-1628) (Version:  - Encore Software Inc.)
PSW v2.00 A (HKLM-x32\...\{C121466D-3ABD-445A-9EEB-13479378A9AE}) (Version:  - )
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.13.112.2010 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM-x32\...\{9F153AD3-3523-4542-818E-AE2F92249667}) (Version: 1.3.550.0 - SAMSUNG Electronics CO., LTD.)
Secure Online Account Numbers (x32 Version: 2.0.2.0 - Discover) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12142 - TeamViewer)
The Print Shop 23.1 (HKLM-x32\...\{0C8C6F56-41FA-44F6-8107-DCFAA7EFD601}) (Version: 23.1.11 - Broderbund Software)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}) (Version: 2.0.3977.0 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.22C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
Verizon V CAST Media Manager (HKLM-x32\...\Verizon V CAST Media Manager) (Version:  - Verizon Wireless)
Verizon Wireless Software Upgrade Assistant - Samsung (HKLM-x32\...\{742CC73C-EB96-44B2-BD9C-1A52E086035D}) (Version: 1.11.0808 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) (HKLM-x32\...\{016E6B1B-45FC-44FB-9F83-28E6B1FF6A42}) (Version: 1.11.0203 - SAMSUNG)
WD Quick View (HKLM-x32\...\{79966948-BECF-4CB1-A79F-E76C830A17D2}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{7AE43D6C-B3F1-448D-AD84-1CDC7AC6EBC7}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
XL-5000 Conversion Tool (HKLM-x32\...\{CEAD1D78-2B7C-4F23-911F-CA7DED1E5EC1}) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
01-02-2015 11:05:24 Installed Motorola Device Manager
01-02-2015 11:16:21 Installed Motorola Device Manager
07-02-2015 13:12:02 Windows Update
16-02-2015 15:34:30 Scheduled Checkpoint
15-03-2015 16:01:09 Removed Java™ 6 Update 37
15-03-2015 17:19:17 Windows Update
15-03-2015 20:22:58 Windows Update
16-03-2015 05:54:11 Windows Update
16-03-2015 17:04:12 Removed iTunes
18-03-2015 22:20:22 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-03-14 21:02 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {016C88F3-E949-4659-8B3B-95EA8BB008F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {08365BA4-4989-40D8-B6B2-D15669468B31} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08] (Adobe Systems Incorporated)
Task: {371C46D6-BB61-4A7C-A0C3-03B25C8DFA65} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3A01E189-87CF-4009-8E21-5532BBA6422E} - System32\Tasks\{E263EF1F-65B1-44B0-94C4-3B3729F63FA6} => pcalua.exe -a "C:\ProgramData\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.1.400\english\setup.exe" -d "C:\ProgramData\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.1.400\english"
Task: {5135DD42-B31F-49EB-A3F4-EF72D1E5A999} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {52DDCE8F-CBB1-4EBC-90C3-5E70C6CAFF1E} - System32\Tasks\{0EF4B630-1D94-4753-A61C-7CA604207567} => pcalua.exe -a C:\windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe"
Task: {54A89E75-9646-407B-9560-FA95ED3E6CE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {5B765C21-23CB-49A1-9A27-5BF74178302F} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe [2014-08-13] (iolo technologies, LLC)
Task: {652897E9-158F-4F34-B1B0-1A93F20D2C7F} - System32\Tasks\{BE33B433-7249-4FC6-A459-722A4E91E7B1} => pcalua.exe -a C:\windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe"
Task: {8BFE712F-F1A0-4C4E-B6F4-B48B4BC69CA0} - System32\Tasks\{FDB1350E-9E4A-4CA7-AE76-C7EE2EA1F5E9} => C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe
Task: {B388549F-0611-4C0B-A9FA-AE8093CCB946} - System32\Tasks\{713B9A1C-C5AD-43EB-8644-16783A7D6A04} => pcalua.exe -a C:\windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
Task: {BFBA967B-5CEE-4DFF-8574-3B7505E686EA} - System32\Tasks\{DF2F8AC1-9B1F-48BB-BE4E-215657B6794D} => pcalua.exe -a "C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe"
Task: {CB5EEFD3-F8D1-463F-96C7-1C23955F8B07} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {CC50B580-5A91-4D21-85C0-5FB06853F35B} - System32\Tasks\{26D80C85-EC6A-443F-8F0F-F94BF005E1C3} => pcalua.exe -a "C:\ProgramData\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.1.400\english\setup.exe" -d "C:\ProgramData\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.1.400\english"
Task: {E9F48EC0-D075-4C7F-93F0-70DA27C3E923} - System32\Tasks\{E26C4A03-CC25-4A90-85E9-03320E96591F} => D:\Setup.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2010-03-03 16:15 - 2010-03-03 16:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 15:26 - 2009-11-03 15:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-07-22 19:50 - 2009-06-22 17:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 21:08 - 2009-03-12 21:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 19:38 - 2009-07-25 19:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-01-30 20:11 - 2009-01-30 20:11 - 01091072 _____ () C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCtrl.dll
2009-01-30 20:10 - 2009-01-30 20:10 - 01043456 _____ () C:\Program Files\TOSHIBA\SmartFaceV\FaceRec.dll
2009-01-30 20:11 - 2009-01-30 20:11 - 07861248 _____ () C:\Program Files\TOSHIBA\SmartFaceV\FaceHI.dll
2009-10-13 12:00 - 2009-10-13 12:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-24 01:22 - 2010-08-24 01:22 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-02-05 19:44 - 2010-02-05 19:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-03-22 11:20 - 2015-03-19 16:36 - 00885840 _____ () C:\Program Files (x86)\Google\Update\Install\{4CA7D7CE-D6A0-4885-831E-CA2CA0920392}\41.0.2272.101_41.0.2272.89_chrome_updater.exe
2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\kpcengine.2.3.dll
2015-03-15 15:57 - 2015-03-07 01:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-15 15:57 - 2015-03-07 01:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-15 15:57 - 2015-03-07 01:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2389371520-701570842-419298567-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Ronald\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.50.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Garmin Core Update Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Reminder.lnk => C:\windows\pss\Event Reminder.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: FlashPlayerUpdate => 
MSCONFIG\startupreg: FromDocToPDF Home Page Guard 64 bit => 
MSCONFIG\startupreg: HLBackupScheduler => C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2389371520-701570842-419298567-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2389371520-701570842-419298567-1006 - Limited - Enabled)
Guest (S-1-5-21-2389371520-701570842-419298567-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2389371520-701570842-419298567-1004 - Limited - Enabled)
owner (S-1-5-21-2389371520-701570842-419298567-1000 - Administrator - Enabled) => C:\Users\owner
Ronald (S-1-5-21-2389371520-701570842-419298567-1002 - Administrator - Enabled) => C:\Users\Ronald
Tommie (S-1-5-21-2389371520-701570842-419298567-1001 - Administrator - Enabled) => C:\Users\Tommie
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-14 21:01:45.691
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-14 21:01:45.286
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-14 21:01:44.896
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-14 21:01:44.490
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-22 21:05:41.949
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-22 21:05:41.544
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-22 21:05:41.138
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-22 21:05:40.733
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-22 15:01:18.403
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-22 15:01:18.013
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II N640 Dual-Core Processor
Percentage of memory in use: 56%
Total physical RAM: 3835.68 MB
Available physical RAM: 1659.55 MB
Total Pagefile: 7669.55 MB
Available Pagefile: 5041.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: (TI105955W0C) (Fixed) (Total:453.42 GB) (Free:326.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: FF592F49)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.9 GB) - (Type=17)
 
==================== End Of Log ============================

  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Unless you see other problems I think we are done and can clean up
 
Copy the following:
 
 
:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
 
Right click on OTL and Run As Administrator.   In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.
 
That will get the last of the malware off the system.
 
 
 
You can uninstall or delete any tools we had you download and their logs. 
 
If we ran Combofix:To uninstall combofix, copy the next line:
 
"%userprofile%\Desktop\combofix.exe" /Uninstall
 
Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.
 
 
 
OTL has a cleanup tab but DO NOT USE IT!.  There are reports that it leaves the PC unbootable.  Instead just delete  OTL.exe and the folder c:\_OTL.
 
To hide hidden files again:
 
Vista or Win7
 
# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the  checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer. 
 
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
Unless you have the latest version of Avast which has its own update checker:  To help keep your programs up-to-date you should download and run the UpdateChecker: 
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it.  Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
 Seems to work best if Firefox is the default browser.  Windows always hides its icon so you need to unhide it.  Click on the up arrow to the left of the clock.  Then click on Customize.  Maximize the window so you can see all of the options.  Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications.  OK.  When you reboot you should see the icon.  It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser.  (Seems to work best if it uses Firefox.  If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results.  Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it.  While there, also check Hide Beta Versions.  OK. )  You will see a list of programs that have updates with green down arrows next to them.  You do not need to download any Beta Versions.  There is an option Settings to Hide Beta Versions.  I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases.  OK. 
 
 
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.
 
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow.
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combefore you open them.
 
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
The free version does not update on its own so you should check for updated versions once in a while.
 
(Latest update of CryptoPrevent had an error which prevented AVG scans and I have one report of a no boot situation after installing it (may have been caused by a hard drive failure)  so I'm no longer recommending it for everyone.  Use at your own risk.)
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...-120637284.htmland http://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
 
Make sure Windows Updates is turned and that it works.  Go to Control panel, Windows Updates and see if it works.  
 
 
My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP