Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pc possibly infected with a Keylogger.


  • This topic is locked This topic is locked

#16
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Yes you can.
  • 0

Advertisements


#17
Helpmeout12

Helpmeout12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Josefina (administrator) on GUADALUPE (25-04-2016 17:42:50)
Running from C:\Users\Josefina\Desktop
Loaded Profiles: Josefina (Available Profiles: Josefina)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
( ) C:\Windows\System32\dleacoms.exe
( Rsupport Corporation) C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe
(OctaneVPN) C:\Program Files (x86)\OctaneVPN\resources\bin\win32\octanevpnsrvc\octanevpnsrvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
() C:\Program Files (x86)\RSUPPORT\MobizenService\dat\adb.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Rsupport corporation) C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Spotify Ltd) C:\Users\Josefina\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Insight Software Solutions) C:\Program Files (x86)\ShortKeys2\shklite.exe
() C:\Program Files (x86)\OctaneVPN\octanevpn.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Josefina\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Josefina\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-01-20] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-03-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [593216 2015-08-31] (Razer Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-03-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-328124280-1994820816-3203177752-1001\...\Run: [Spotify Web Helper] => C:\Users\Josefina\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-16] (Spotify Ltd)
HKU\S-1-5-21-328124280-1994820816-3203177752-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe
HKU\S-1-5-21-328124280-1994820816-3203177752-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3586848 2016-02-17] (Nota Inc.)
HKU\S-1-5-21-328124280-1994820816-3203177752-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51662464 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-328124280-1994820816-3203177752-1001\...\Run: [NetUptimeMonitor] => C:\Program Files (x86)\Net Uptime Monitor\NetUptimeMonitor.exe
HKU\S-1-5-21-328124280-1994820816-3203177752-1001\...\RunOnce: [Application Restart #1] => C:\Users\Josefina\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable- (the data entry has 555 more characters).
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ShortKeys Lite.lnk [2014-08-11]
ShortcutTarget: ShortKeys Lite.lnk -> C:\Program Files (x86)\ShortKeys2\shklite.exe (Insight Software Solutions)
Startup: C:\Users\Josefina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OctaneVPN.lnk [2016-01-13]
ShortcutTarget: OctaneVPN.lnk -> C:\Program Files (x86)\OctaneVPN\octanevpn.exe ()
Startup: C:\Users\Josefina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-02-26]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.105.28.12
Tcpip\..\Interfaces\{50356B71-1720-4E53-9A83-75422809EF35}: [DhcpNameServer] 192.168.1.1 68.105.28.12
 
Internet Explorer:
==================
HKU\S-1-5-21-328124280-1994820816-3203177752-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.twitch.tv/directory/following
HKU\S-1-5-21-328124280-1994820816-3203177752-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-20] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-24] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-24] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-07] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Josefina\AppData\Roaming\Mozilla\Firefox\Profiles\yrpp3yb8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-23] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-328124280-1994820816-3203177752-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Josefina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Josefina\AppData\Roaming\Mozilla\Firefox\Profiles\yrpp3yb8.default\Extensions\[email protected] [2016-02-25]
FF Extension: Adblock Plus - C:\Users\Josefina\AppData\Roaming\Mozilla\Firefox\Profiles\yrpp3yb8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-14] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Josefina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Josefina\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-03-20]
CHR Extension: (Google Drive) - C:\Users\Josefina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (Dwarf Galaxy NGC 4449 Theme) - C:\Users\Josefina\AppData\Local\Google\Chrome\User Data\Default\Extensions\babcfbkleafekpcmmmcdjfengfddbjpe [2015-01-09]
CHR Extension: (YouTube) - C:\Users\Josefina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Bing Pong Helper) - C:\Users\Josefina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cohnfldcnegepfhhfbcgecblgjdcmcka [2016-04-22]
CHR Extension: (Google Search) - C:\Users\Josefina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Josefina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-03-09]
CHR Extension: (Avira Browser Safety) - C:\Users\Josefina\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-12]
CHR Extension: (Google Docs Offline) - C:\Users\Josefina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Josefina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-15]
CHR Extension: (Cenafy) - C:\Users\Josefina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndchmakhfaakbkhnkdgambadneloplnn [2015-11-03]
CHR Extension: (Gmail) - C:\Users\Josefina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-03-20] () [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-03-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814464 2015-02-08] ()
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-02-19] (BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
R2 dlea_device; C:\Windows\system32\dleacoms.exe [1054888 2009-07-01] ( )
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [3353872 2015-12-28] ( Rsupport Corporation)
R2 OctaneVPNSrvc; C:\Program Files (x86)\OctaneVPN\resources\bin\win32\octanevpnsrvc\octanevpnsrvc.exe [845342 2015-07-07] (OctaneVPN) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37504 2016-03-10] (The OpenVPN Project)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-03-21] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [132864 2016-04-06] (Razer Inc.)
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4254720 2015-07-28] (A-Volute) [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-30] (DEVGURU Co., LTD.)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881984 2014-01-06] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-20] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-02-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-10] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-02-19] (BitRaider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-25] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-03-10] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-03-30] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-07-28] (Windows ® Win 7 DDK provider)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-03-25] (Synaptics Incorporated)
S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [26392 2014-12-30] (DEVGURU Co., LTD.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-03-23] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-03-23] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-25 17:42 - 2016-04-25 17:43 - 00021813 _____ C:\Users\Josefina\Desktop\FRST.txt
2016-04-25 16:26 - 2016-04-25 16:28 - 00014153 _____ C:\Users\Josefina\Downloads\Fixlog.txt
2016-04-25 16:16 - 2016-04-25 16:16 - 00000324 _____ C:\Users\Josefina\Desktop\fixlist.txt
2016-04-25 16:11 - 2016-04-25 16:11 - 00001055 _____ C:\malwarebytes log.txt
2016-04-25 15:15 - 2016-04-25 15:15 - 22851472 _____ (Malwarebytes ) C:\Users\Josefina\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-25 12:34 - 2016-04-25 12:34 - 00001882 _____ C:\Users\Josefina\Desktop\Spotify (2).lnk
2016-04-25 12:01 - 2016-04-25 12:01 - 00000604 _____ C:\Users\Josefina\Desktop\JRT.txt
2016-04-25 11:54 - 2016-04-25 11:54 - 01610008 _____ (Malwarebytes) C:\Users\Josefina\Downloads\JRT.exe
2016-04-25 11:36 - 2016-04-25 11:39 - 03580480 _____ C:\Users\Josefina\Downloads\Unconfirmed 433708.crdownload
2016-04-25 11:14 - 2016-04-25 11:28 - 00000000 ____D C:\AdwCleaner
2016-04-25 11:11 - 2016-04-25 11:14 - 03580480 _____ C:\Users\Josefina\Downloads\adwcleaner_5.113.exe
2016-04-25 02:45 - 2016-04-25 02:50 - 00037156 _____ C:\Users\Josefina\Downloads\Addition.txt
2016-04-25 02:44 - 2016-04-25 02:53 - 00040154 _____ C:\Users\Josefina\Downloads\FRST.txt
2016-04-25 02:43 - 2016-04-25 02:43 - 02375680 _____ (Farbar) C:\Users\Josefina\Desktop\FRST64 (1).exe
2016-04-24 18:30 - 2016-04-24 18:30 - 00738368 _____ (Oracle Corporation) C:\Users\Josefina\Downloads\chromeinstall-8u91.exe
2016-04-24 17:46 - 2016-04-25 12:34 - 00000000 ____D C:\Users\Josefina\Desktop\spotfiy
2016-04-21 21:32 - 2016-04-21 21:33 - 00000000 ____D C:\Users\Josefina\AppData\Local\PokerStars.USNJ
2016-04-21 21:32 - 2016-04-21 21:32 - 00001985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars NJ.lnk
2016-04-21 21:32 - 2016-04-21 21:32 - 00001979 _____ C:\Users\Public\Desktop\PokerStars NJ.lnk
2016-04-21 21:32 - 2016-04-21 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.USNJ
2016-04-21 21:29 - 2016-04-21 21:33 - 00000000 ____D C:\Program Files (x86)\PokerStars.USNJ
2016-04-21 21:26 - 2016-04-21 21:28 - 82539184 _____ (PokerStars) C:\Users\Josefina\Downloads\PokerStarsInstallUSNJ.exe
2016-04-20 18:34 - 2016-04-20 18:34 - 00000935 _____ C:\Users\Public\Desktop\OpenVPN GUI.lnk
2016-04-20 18:33 - 2016-04-20 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2016-04-20 18:33 - 2016-04-20 18:34 - 00000000 ____D C:\Program Files\TAP-Windows
2016-04-20 18:33 - 2016-04-20 18:34 - 00000000 ____D C:\Program Files\OpenVPN
2016-04-20 18:33 - 2016-04-20 18:33 - 00000000 ____D C:\Users\Josefina\Desktop\octtn
2016-04-20 18:33 - 2016-04-20 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2016-04-20 18:32 - 2016-04-20 18:32 - 01816664 _____ C:\Users\Josefina\Desktop\openvpn-install-2.3.10-I603-x86_64.exe
2016-04-20 18:31 - 2016-04-20 18:32 - 01816664 _____ C:\Users\Josefina\Downloads\openvpn-install-2.3.10-I603-x86_64.exe
2016-04-19 11:34 - 2016-04-19 21:56 - 00000000 ____D C:\Users\Josefina\AppData\Local\Jagex
2016-04-19 11:34 - 2016-04-19 21:56 - 00000000 ____D C:\ProgramData\Jagex
2016-04-19 11:34 - 2016-04-19 11:34 - 00000177 _____ C:\Users\Public\Desktop\RuneScape Launcher.url
2016-04-19 11:34 - 2016-04-19 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jagex
2016-04-19 11:34 - 2016-04-19 11:34 - 00000000 ____D C:\Program Files\Jagex
2016-04-19 11:33 - 2015-08-22 06:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-04-19 11:33 - 2015-08-22 06:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-04-19 11:33 - 2015-08-22 06:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-04-19 11:33 - 2015-08-22 06:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-04-19 11:30 - 2016-04-19 11:30 - 03859928 _____ (Jagex Ltd ) C:\Users\Josefina\Downloads\RuneScape-Setup.exe
2016-04-15 22:12 - 2016-04-15 22:12 - 00001268 _____ C:\Users\Public\Desktop\Razer Cortex.lnk
2016-04-15 22:11 - 2016-03-10 11:17 - 00044144 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2016-04-15 22:09 - 2016-04-15 22:09 - 122010296 _____ (Razer Inc. ) C:\Users\Josefina\Downloads\RazerCortexSetup_7.1.14.12241.exe
2016-04-15 13:47 - 2016-04-15 13:47 - 00000382 _____ C:\Users\Josefina\Documents\NetUptime 20160415 132959.txt
2016-04-15 00:02 - 2016-04-15 00:02 - 00000000 ____D C:\Users\Josefina\jagexcache5
2016-04-15 00:02 - 2016-04-15 00:02 - 00000000 ____D C:\Users\Josefina\jagexcache4
2016-04-15 00:02 - 2016-04-15 00:02 - 00000000 ____D C:\Users\Josefina\jagexcache3
2016-04-15 00:02 - 2016-04-15 00:02 - 00000000 ____D C:\Users\Josefina\jagexcache2
2016-04-14 14:07 - 2016-04-14 14:07 - 00000382 _____ C:\Users\Josefina\Documents\NetUptime 20160414 140649.txt
2016-04-13 14:52 - 2016-04-13 14:52 - 00000382 _____ C:\Users\Josefina\Documents\NetUptime 20160413 143254.txt
2016-04-13 01:00 - 2016-04-13 01:00 - 00000083 _____ C:\Users\Josefina\Desktop\markmywords.txt
2016-04-12 13:22 - 2016-04-12 13:22 - 00000382 _____ C:\Users\Josefina\Documents\NetUptime 20160412 132135.txt
2016-04-12 00:26 - 2016-04-12 00:26 - 00000384 _____ C:\Users\Josefina\Documents\NetUptime 20160412 002559.txt
2016-04-11 13:45 - 2016-04-11 13:47 - 00000382 _____ C:\Users\Josefina\Documents\NetUptime 20160411 134517.txt
2016-04-11 00:02 - 2016-04-11 00:02 - 00000384 _____ C:\Users\Josefina\Documents\NetUptime 20160411 000004.txt
2016-04-10 15:31 - 2016-04-10 16:00 - 00000382 _____ C:\Users\Josefina\Documents\NetUptime 20160410 153002.txt
2016-04-10 00:16 - 2016-04-10 00:17 - 46798944 _____ (Maxthon International ltd.) C:\Users\Josefina\Downloads\mx4.9.1.1000 (1).exe
2016-04-10 00:14 - 2016-04-10 00:14 - 00000008 _____ C:\Users\Josefina\Desktop\untitled(1)
2016-04-10 00:10 - 2016-04-10 00:10 - 00000008 _____ C:\Users\Josefina\Desktop\untitled
2016-04-09 23:59 - 2016-04-10 00:00 - 46798944 _____ (Maxthon International ltd.) C:\Users\Josefina\Downloads\mx4.9.1.1000.exe
2016-04-09 15:46 - 2016-04-09 16:07 - 00000380 _____ C:\Users\Josefina\Documents\NetUptime 20160409 152303.txt
2016-04-08 20:33 - 2016-04-08 21:04 - 00000538 _____ C:\Users\Josefina\Documents\NetUptime 20160408 203348.txt
2016-04-08 19:22 - 2016-04-08 19:56 - 00000380 _____ C:\Users\Josefina\Documents\NetUptime 20160408 192001.txt
2016-04-07 20:28 - 2016-04-07 21:25 - 00000568 _____ C:\Users\Josefina\Documents\NetUptime 20160407 202807.txt
2016-04-07 19:42 - 2016-04-07 20:27 - 00000538 _____ C:\Users\Josefina\Documents\NetUptime 20160407 194153.txt
2016-04-07 19:39 - 2016-04-07 19:39 - 17752712 _____ (Microsoft Corporation) C:\Users\Josefina\Downloads\NUMSetup.exe
2016-04-03 21:50 - 2016-04-21 21:18 - 00000124 _____ C:\Users\Josefina\Desktop\Dharocker(1).ahk
2016-04-03 21:41 - 2016-04-21 14:15 - 00000000 ____D C:\Users\Josefina\Desktop\ahk script
2016-03-30 12:27 - 2016-03-30 12:27 - 03081488 _____ C:\Users\Josefina\Downloads\AutoHotkey112305_Install (3).exe
2016-03-30 12:23 - 2016-03-30 12:24 - 00000000 ____D C:\Users\Josefina\Desktop\ahk
2016-03-30 12:23 - 2016-03-30 12:23 - 00575274 _____ C:\Users\Josefina\Downloads\AutoHotkey112305_x64.zip
2016-03-30 12:23 - 2016-03-30 12:23 - 00575274 _____ C:\Users\Josefina\Desktop\AutoHotkey112305_x64.zip
2016-03-30 12:20 - 2016-03-30 12:20 - 03081488 _____ C:\Users\Josefina\Downloads\AutoHotkey112305_Install (2).exe
2016-03-30 12:20 - 2016-03-30 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2016-03-30 12:20 - 2016-03-30 12:20 - 00000000 ____D C:\Program Files\AutoHotkey
2016-03-29 02:52 - 2016-03-29 02:52 - 03081488 _____ C:\Users\Josefina\Downloads\AutoHotkey112305_Install (1).exe
2016-03-29 02:46 - 2016-03-29 02:46 - 03081488 _____ C:\Users\Josefina\Downloads\AutoHotkey112305_Install.exe
2016-03-28 23:41 - 2016-03-28 23:41 - 00006847 _____ C:\Users\Josefina\Desktop\^09F478495FEAC78BCBDA8775F8AA9F996987B1932EEBD31A22^pimgpsh_thumbnail_win_distr.jpg
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-25 17:43 - 2014-06-23 18:53 - 00000000 ____D C:\Users\Josefina\AppData\Roaming\Skype
2016-04-25 17:42 - 2016-03-17 13:53 - 00000000 ____D C:\FRST
2016-04-25 17:42 - 2015-04-09 02:30 - 00000000 _____ C:\Windows\system32\RzSurroundVADAudioDeviceManager_log.txt
2016-04-25 17:04 - 2016-01-13 10:27 - 00000000 ____D C:\Users\Josefina\AppData\Roaming\OctaneVPN
2016-04-25 17:04 - 2014-05-21 12:01 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-25 16:34 - 2014-06-30 10:50 - 05214720 ___SH C:\Users\Josefina\Desktop\Thumbs.db
2016-04-25 16:34 - 2014-05-21 12:01 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-25 16:33 - 2014-09-11 22:31 - 00000000 __RDO C:\Users\Josefina\OneDrive
2016-04-25 16:33 - 2014-05-21 11:28 - 17397270 _____ C:\Windows\SysWOW64\rootpa.e2e
2016-04-25 16:32 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-25 15:49 - 2014-06-24 00:56 - 00000000 ____D C:\Users\Josefina\AppData\Roaming\Spotify
2016-04-25 15:19 - 2014-11-15 14:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-25 12:34 - 2014-06-24 00:57 - 00000000 ____D C:\Users\Josefina\AppData\Local\Spotify
2016-04-25 12:34 - 2014-06-23 18:29 - 00000047 _____ C:\Users\Josefina\jagex_cl_oldschool_LIVE.dat
2016-04-25 12:21 - 2015-04-09 01:48 - 00314880 ___SH C:\Users\Josefina\Downloads\Thumbs.db
2016-04-25 11:29 - 2013-08-22 06:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-04-25 11:02 - 2014-06-23 18:15 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-328124280-1994820816-3203177752-1001
2016-04-24 23:19 - 2016-03-12 01:34 - 00000376 _____ C:\Users\Josefina\Desktop\EZBlocker-log.txt
2016-04-24 18:38 - 2014-06-23 18:29 - 00000000 ____R C:\Users\Josefina\random.dat
2016-04-24 18:38 - 2014-06-23 18:06 - 00000000 ____D C:\Users\Josefina
2016-04-24 18:34 - 2014-09-18 02:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-24 18:34 - 2014-09-18 02:29 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-24 18:32 - 2015-12-13 00:19 - 00000000 ____D C:\Users\Josefina\.oracle_jre_usage
2016-04-24 18:32 - 2014-09-18 02:29 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-24 17:46 - 2016-03-09 16:17 - 00000000 ____D C:\Users\Josefina\AppData\Local\Eric_Zhang
2016-04-21 12:58 - 2016-02-25 12:24 - 00001121 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-04-21 12:58 - 2016-02-25 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-04-21 12:58 - 2014-05-21 11:25 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-20 20:32 - 2015-12-10 12:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-20 20:32 - 2014-06-23 18:53 - 00000000 ____D C:\ProgramData\Skype
2016-04-20 18:51 - 2016-01-10 20:19 - 00000000 ____D C:\Users\Josefina\AppData\Roaming\.tribot
2016-04-20 18:38 - 2014-07-15 11:34 - 00000000 ____D C:\Program Files (x86)\Verizon
2016-04-20 18:37 - 2014-08-03 09:20 - 00000000 ____D C:\Users\Josefina\AppData\Roaming\Verizon
2016-04-20 13:56 - 2013-08-22 08:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-20 13:55 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\Inf
2016-04-20 13:51 - 2015-04-23 10:04 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-04-20 13:38 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-20 13:38 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2016-04-19 11:59 - 2014-09-17 23:27 - 00000000 ____D C:\Program Files (x86)\SwiftKit
2016-04-19 11:34 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2016-04-19 11:28 - 2014-06-24 20:33 - 00000047 _____ C:\Users\Josefina\jagex_cl_runescape_LIVE.dat
2016-04-17 20:05 - 2014-05-21 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-16 01:52 - 2016-03-18 20:24 - 00000000 ____D C:\Program Files\9-lab
2016-04-15 22:13 - 2014-09-02 20:38 - 00000000 ____D C:\Users\Josefina\AppData\Local\Razer
2016-04-15 22:12 - 2014-12-06 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2016-04-15 22:11 - 2014-09-02 20:36 - 00000000 ____D C:\ProgramData\Razer
2016-04-15 22:11 - 2014-09-02 20:36 - 00000000 ____D C:\Program Files (x86)\Razer
2016-04-14 14:25 - 2015-11-02 21:31 - 00000312 _____ C:\Users\Josefina\Desktop\AutoHotkey.ahk
2016-04-13 16:45 - 2014-07-10 10:44 - 00453280 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-13 00:06 - 2014-06-23 18:07 - 00000000 ____D C:\Users\Josefina\AppData\Local\Packages
2016-04-11 00:09 - 2014-07-08 15:15 - 00000000 ____D C:\Users\Josefina\AppData\Local\CrashDumps
2016-04-10 23:57 - 2016-03-18 21:36 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-04-10 17:03 - 2015-04-08 15:09 - 00000000 ____D C:\Users\Josefina\AppData\LocalLow\Adblock Plus for IE
2016-04-10 17:00 - 2016-03-18 21:36 - 00155097 _____ C:\Windows\ZAM.krnl.trace
2016-04-10 17:00 - 2016-03-18 21:36 - 00001071 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-04-07 13:09 - 2014-06-23 18:16 - 00002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-07 13:09 - 2014-06-23 18:16 - 00002174 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-06 16:06 - 2016-03-19 22:53 - 00000000 ____D C:\Users\Josefina\Desktop\screenshot
2016-04-04 02:17 - 2014-04-10 22:08 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-30 12:20 - 2013-08-22 12:12 - 00000000 ____D C:\Windows\ShellNew
2016-03-30 11:43 - 2014-12-06 17:30 - 00137840 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys
 
Some files in TEMP:
====================
C:\Users\Josefina\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-15 13:41
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Josefina (2016-04-25 17:44:04)
Running from C:\Users\Josefina\Desktop
Windows 8.1 (X64) (2014-06-24 01:07:44)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-328124280-1994820816-3203177752-500 - Administrator - Disabled)
Guest (S-1-5-21-328124280-1994820816-3203177752-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-328124280-1994820816-3203177752-1003 - Limited - Enabled)
Josefina (S-1-5-21-328124280-1994820816-3203177752-1001 - Administrator - Enabled) => C:\Users\Josefina
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{893CB813-4179-4BFE-8D33-ABCC38816B48}) (Version: 1.0.6 - Amazon) <==== ATTENTION
Amazon Kindle (HKU\S-1-5-21-328124280-1994820816-3203177752-1001\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{F80AA689-1C29-E046-3BA4-73A675AE865E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
AutoHotkey 1.1.23.05 (HKLM\...\AutoHotkey) (Version: 1.1.23.05 - Lexikos)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cain & Abel 4.9.56 (HKLM-x32\...\Cain & Abel 4.9.56) (Version:  - )
Camtasia Studio 8 (HKLM-x32\...\{765AD29A-7EF5-4456-8F6F-83467E52AB52}) (Version: 8.4.3.1792 - TechSmith Corporation)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3920.05 - CyberLink Corp.)
Digital Pass Launcher (HKLM-x32\...\{2359C6E9-DE4F-4FDA-9C12-AE6EFC2EE330}) (Version: 1.0.0.0 - TOSHIBA America Information Systems, Inc)
Equalify v2.5.3 (Stable) (HKLM-x32\...\{33EC4F70-9F4B-406F-BB2A-F75A285E927D}) (Version: 2.5.3.0 - Equalify)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 0.9.1 - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Drive (HKLM-x32\...\{B0F1B758-60D6-41F7-93D9-212A448813FE}) (Version: 1.29.1862.0513 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Gyazo 3.2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4815.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-328124280-1994820816-3203177752-1001\...\OneDriveSetup.exe) (Version: 17.3.6302.0225 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mobizen (HKLM-x32\...\{BA0D3A44-BCEE-4C8B-BCD4-F7F1E64F41E3}) (Version: 2.19.0.1 - RSUPPORT)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
OldSchool RuneScape Launcher 1.2.4 (HKLM-x32\...\{5D394B1B-03A1-43BC-BBA9-53BC880F86F3}) (Version: 1.2.4 - Jagex Ltd)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenVPN 2.3.10-I603  (HKLM\...\OpenVPN) (Version: 2.3.10-I603 - )
osu! (HKLM-x32\...\{92428af5-bffa-4c6a-8a6a-30980a440af0}) (Version: latest - ppy Pty Ltd)
PokerStars NJ (HKLM-x32\...\PokerStars NJ) (Version:  - PokerStars NJ)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 7.1.14.12241 - Razer Inc.)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.18 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.27599 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7173 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.2.4 (HKLM-x32\...\{789FF9AB-5FE2-43C8-9FBE-1C3CF9E8A6E9}) (Version: 1.2.4 - Jagex Ltd)
RuneScape Launcher 2.2.2 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.2 - Jagex Ltd)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.53.0 - Samsung Electronics Co., Ltd.)
ShortKeys Lite (HKLM-x32\...\ShortKeys Lite) (Version: 2.3.2.1 - Insight Software Solutions, Inc.)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-328124280-1994820816-3203177752-1001\...\Spotify) (Version: 1.0.27.75.gdc223232 - Spotify AB)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SwiftKit (HKU\S-1-5-21-328124280-1994820816-3203177752-1001\...\SwiftKit) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.2 - Synaptics Incorporated)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{2DB90351-FBAA-472B-9F12-6E1EBBB354DE}) (Version: v2.1.0.22 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{4F0F44AF-90E9-4A6E-9E82-354A3AB79F22}) (Version: 1.0.0.2 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Unity Web Player (HKU\S-1-5-21-328124280-1994820816-3203177752-1001\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14DF1E8B-A87C-4058-8477-755D228551E7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {14EAD3BF-AF61-4C7A-B816-9C423EDA4835} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-02-17] ()
Task: {24B0CFAC-3C93-4726-A82B-5D366188BF9C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-03-25] (Synaptics Incorporated)
Task: {4E129DD4-4194-478D-93B3-A3AB80451A99} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {5EC92CE6-405C-47A2-8AE6-67EE8140D1BB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {6A9D369D-793E-4F71-A544-39D2B438A8B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {7BE26344-0E47-43FA-8205-65BFE019DB49} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-15] (Microsoft Corporation)
Task: {7EB01D07-8195-4B72-A5FE-FEA120C242E0} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-328124280-1994820816-3203177752-1001 => C:\Users\Josefina\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-03-12] (Microsoft Corporation)
Task: {B1E55388-2329-4AA7-8D1F-B775A48BF6EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {D10EAB60-4EBE-48A6-8312-A4B510F9A376} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-02-17] ()
Task: {F9474F12-8CF0-4D45-976D-A871C79E59A2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-04-23 09:14 - 2009-06-19 09:01 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dleadrpp.dll
2014-03-20 08:25 - 2014-03-20 08:25 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2015-04-23 10:04 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-03-21 14:47 - 2016-03-21 14:47 - 00187824 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-10-28 14:16 - 2015-09-01 09:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-11-07 11:06 - 2014-11-06 18:06 - 01016104 _____ () C:\Program Files (x86)\RSUPPORT\MobizenService\dat\adb.exe
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2016-01-13 10:27 - 2015-07-07 15:06 - 00819818 _____ () C:\Program Files (x86)\OctaneVPN\octanevpn.exe
2015-07-07 23:58 - 2015-07-07 23:58 - 00292352 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2015-11-09 17:42 - 2015-11-09 17:42 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\926020eb508f6968545d6a51fb661fad\Windows.UI.ni.dll
2015-11-09 17:42 - 2015-11-09 17:42 - 00521216 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\d07f690ce5d3a2de7c9089a6200d64db\Windows.Data.ni.dll
2016-03-29 03:17 - 2016-03-29 03:17 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\057b7043f4868b76c209d9c426b80743\Windows.Foundation.ni.dll
2014-03-20 08:25 - 2014-03-20 08:25 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-13 10:27 - 2014-05-03 14:56 - 00027648 _____ () C:\Program Files (x86)\OctaneVPN\resources\bin\win32\octanevpnsrvc\servicemanager.pyd
2016-01-13 10:27 - 2014-05-03 14:55 - 00110080 _____ () C:\Program Files (x86)\OctaneVPN\resources\bin\win32\octanevpnsrvc\pywintypes27.dll
2016-01-13 10:27 - 2014-05-03 14:55 - 00042496 _____ () C:\Program Files (x86)\OctaneVPN\resources\bin\win32\octanevpnsrvc\win32service.pyd
2016-01-13 10:27 - 2014-05-03 14:56 - 00100352 _____ () C:\Program Files (x86)\OctaneVPN\resources\bin\win32\octanevpnsrvc\win32api.pyd
2016-01-13 10:27 - 2014-12-10 14:25 - 00774656 _____ () C:\Program Files (x86)\OctaneVPN\resources\bin\win32\octanevpnsrvc\_hashlib.pyd
2016-01-13 10:27 - 2014-05-03 14:55 - 00036864 _____ () C:\Program Files (x86)\OctaneVPN\resources\bin\win32\octanevpnsrvc\win32process.pyd
2016-01-13 10:27 - 2014-05-03 14:55 - 00108544 _____ () C:\Program Files (x86)\OctaneVPN\resources\bin\win32\octanevpnsrvc\win32security.pyd
2016-01-13 10:27 - 2014-05-03 14:55 - 00018432 _____ () C:\Program Files (x86)\OctaneVPN\resources\bin\win32\octanevpnsrvc\win32event.pyd
2016-01-13 10:27 - 2014-05-03 14:56 - 00049664 _____ () C:\Program Files (x86)\OctaneVPN\resources\bin\win32\octanevpnsrvc\win32evtlog.pyd
2016-01-13 10:27 - 2014-12-10 14:25 - 00087552 _____ () C:\Program Files (x86)\OctaneVPN\resources\bin\win32\octanevpnsrvc\_ctypes.pyd
2016-01-13 10:27 - 2014-12-10 14:25 - 00046080 _____ () C:\Program Files (x86)\OctaneVPN\resources\bin\win32\octanevpnsrvc\_socket.pyd
2016-01-13 10:27 - 2014-12-10 14:25 - 01201152 _____ () C:\Program Files (x86)\OctaneVPN\resources\bin\win32\octanevpnsrvc\_ssl.pyd
2016-01-13 10:27 - 2014-05-03 14:55 - 00119808 _____ () C:\Program Files (x86)\OctaneVPN\resources\bin\win32\octanevpnsrvc\win32file.pyd
2016-01-13 10:27 - 2014-05-03 14:55 - 00024064 _____ () C:\Program Files (x86)\OctaneVPN\resources\bin\win32\octanevpnsrvc\win32pipe.pyd
2016-01-13 10:27 - 2014-12-10 14:25 - 00087552 _____ () C:\Program Files (x86)\OctaneVPN\_ctypes.pyd
2016-01-13 10:27 - 2015-01-15 18:19 - 01853440 _____ () C:\Program Files (x86)\OctaneVPN\PySide.QtCore.pyd
2016-01-13 10:27 - 2015-01-15 18:19 - 00110592 _____ () C:\Program Files (x86)\OctaneVPN\pyside-python2.7.dll
2016-01-13 10:27 - 2015-01-15 18:19 - 00108544 _____ () C:\Program Files (x86)\OctaneVPN\shiboken-python2.7.dll
2016-01-13 10:27 - 2015-01-15 18:19 - 06947328 _____ () C:\Program Files (x86)\OctaneVPN\PySide.QtGui.pyd
2016-01-13 10:27 - 2014-12-10 14:25 - 00046080 _____ () C:\Program Files (x86)\OctaneVPN\_socket.pyd
2016-01-13 10:27 - 2014-12-10 14:25 - 01201152 _____ () C:\Program Files (x86)\OctaneVPN\_ssl.pyd
2016-01-13 10:27 - 2014-12-10 14:25 - 00774656 _____ () C:\Program Files (x86)\OctaneVPN\_hashlib.pyd
2016-01-13 10:27 - 2014-12-10 14:25 - 00010240 _____ () C:\Program Files (x86)\OctaneVPN\select.pyd
2016-01-13 10:27 - 2014-05-03 14:55 - 00110080 _____ () C:\Program Files (x86)\OctaneVPN\pywintypes27.dll
2016-01-13 10:27 - 2014-05-03 14:56 - 00100352 _____ () C:\Program Files (x86)\OctaneVPN\win32api.pyd
2016-01-13 10:27 - 2014-05-03 14:55 - 00119808 _____ () C:\Program Files (x86)\OctaneVPN\win32file.pyd
2016-01-13 10:27 - 2014-05-03 14:55 - 00024064 _____ () C:\Program Files (x86)\OctaneVPN\win32pipe.pyd
2016-01-13 10:27 - 2014-05-03 14:55 - 00108544 _____ () C:\Program Files (x86)\OctaneVPN\win32security.pyd
2016-01-13 10:27 - 2012-09-27 17:28 - 00029184 _____ () C:\Program Files (x86)\OctaneVPN\Crypto.Cipher._AES.pyd
2016-01-13 10:27 - 2012-09-27 17:28 - 00009728 _____ () C:\Program Files (x86)\OctaneVPN\Crypto.Random.OSRNG.winrandom.pyd
2016-01-13 10:27 - 2012-09-27 17:28 - 00010240 _____ () C:\Program Files (x86)\OctaneVPN\Crypto.Util._counter.pyd
2016-01-13 10:27 - 2015-01-15 18:19 - 00644608 _____ () C:\Program Files (x86)\OctaneVPN\PySide.QtNetwork.pyd
2016-01-13 10:27 - 2014-05-03 14:55 - 00018432 _____ () C:\Program Files (x86)\OctaneVPN\win32event.pyd
2016-01-13 10:27 - 2014-12-10 14:25 - 00686080 _____ () C:\Program Files (x86)\OctaneVPN\unicodedata.pyd
2016-02-23 19:25 - 2016-02-23 19:25 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-09-04 18:42 - 2015-09-04 18:42 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2014-12-06 17:35 - 2014-11-25 19:12 - 40622592 _____ () C:\Users\Josefina\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2014-12-06 17:36 - 2014-11-25 19:12 - 00911360 _____ () C:\Users\Josefina\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2014-12-06 17:36 - 2014-11-25 19:12 - 00134144 _____ () C:\Users\Josefina\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2016-04-07 13:09 - 2016-04-06 03:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-07 13:09 - 2016-04-06 03:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Josefina\Desktop\signed.papers.jpeg:3or4kl4x13tuuug3Byamue2s4b [85]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-328124280-1994820816-3203177752-1001\...\skype.com -> hxxps://apps.skype.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2016-03-17 22:06 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-328124280-1994820816-3203177752-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Josefina\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.1 - 68.105.28.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{1B003B9D-96EE-48A6-AD8A-F407B4BAE543}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F91702C4-269A-41FB-86AB-F64AD96E3A36}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
 
==================== Restore Points =========================
 
16-04-2016 01:53:31 Removed AirServer Universal (x64)
16-04-2016 01:55:55 Removed Net Uptime Monitor
19-04-2016 11:31:35 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918
20-04-2016 18:27:14 Removed IHA_MessageCenter
25-04-2016 11:56:37 JRT Pre-Junkware Removal
25-04-2016 16:26:33 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/25/2016 12:21:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (04/25/2016 10:51:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28257765
 
Error: (04/25/2016 10:51:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28257765
 
Error: (04/25/2016 10:51:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/25/2016 10:51:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28246922
 
Error: (04/25/2016 10:51:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28246922
 
Error: (04/25/2016 10:51:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/25/2016 12:42:57 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (04/24/2016 11:50:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program spotify.exe version 1.0.27.75 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 25a0
 
Start Time: 01d19e8d939c93af
 
Termination Time: 4294967295
 
Application Path: C:\Users\Josefina\AppData\Roaming\Spotify\spotify.exe
 
Report Id: f623d09a-0ab1-11e6-8470-008cfa816eed
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (04/24/2016 05:05:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 53484188
 
 
System errors:
=============
Error: (04/25/2016 04:27:45 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (04/25/2016 04:27:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/25/2016 04:27:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The dlea_device service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/25/2016 04:27:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Mobizen plugin service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/25/2016 04:27:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The OctaneVPN Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/25/2016 04:27:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Razer Game Scanner service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (04/25/2016 04:27:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The RzSurroundVADStreamingService service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (04/25/2016 04:27:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (04/25/2016 04:27:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA eco Utility Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/25/2016 04:27:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-04-20 18:44:40.212
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-20 18:34:13.716
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-20 18:34:13.569
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-20 18:34:12.500
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-20 18:34:12.339
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-20 18:34:12.138
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-20 17:21:07.239
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-20 17:21:07.090
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-20 17:21:06.928
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-20 17:21:02.737
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics 
Percentage of memory in use: 43%
Total physical RAM: 5081.23 MB
Available physical RAM: 2890.9 MB
Total Virtual: 7641.23 MB
Available Virtual: 4606.5 MB
 
==================== Drives ================================
 
Drive c: (TI10693600C) (Fixed) (Total:687.9 GB) (Free:533.77 GB) NTFS
Drive e: () (Removable) (Total:14.91 GB) (Free:0.1 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#18
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Your machine looks clean.
  • 0

#19
Helpmeout12

Helpmeout12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Is there absolutely no signs of key loggers on it? 


  • 0

#20
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
absolutely no signs of key loggers were seen.
  • 0

#21
Helpmeout12

Helpmeout12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Alright then! Thank you very much for your help. I very much appreciate it.  :spoton:


  • 0

#22
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

Why we need to remove some of our tools:
Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight. They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#23
Helpmeout12

Helpmeout12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Also quick question before we finish off. I currently have Avira Anti-Virus, However my laptop is pretty slow and avira tends to eat up 5-10% of my CPU. What anti virus would you recommend I use? 

 

 

# DelFix v1.013 - Logfile created 25/04/2016 at 19:36:13
# Updated 17/04/2016 by Xplode
# Username : Josefina - GUADALUPE
# Operating System : Windows 8.1  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\SecurityCheck
Deleted : C:\Users\Josefina\Desktop\mbar
Deleted : C:\Users\Josefina\Desktop\Addition.txt
Deleted : C:\Users\Josefina\Desktop\FRST.txt
Deleted : C:\Users\Josefina\Desktop\FRST64 (1).exe
Deleted : C:\Users\Josefina\Desktop\JRT.txt
Deleted : C:\Users\Josefina\Desktop\Rkill.txt
Deleted : C:\Users\Josefina\Desktop\SecurityCheck.txt
Deleted : C:\Users\Josefina\Desktop\ZHPCleaner.txt
Deleted : C:\Users\Josefina\Downloads\Addition.txt
Deleted : C:\Users\Josefina\Downloads\adwcleaner_5.102.exe
Deleted : C:\Users\Josefina\Downloads\adwcleaner_5.113.exe
Deleted : C:\Users\Josefina\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Josefina\Downloads\Fixlog.txt
Deleted : C:\Users\Josefina\Downloads\FRST.txt
Deleted : C:\Users\Josefina\Downloads\FRST64.exe
Deleted : C:\Users\Josefina\Downloads\JRT.exe
Deleted : C:\Users\Josefina\Downloads\SecurityCheck.exe
Deleted : C:\Users\Josefina\Downloads\ZHPCleaner.exe
 
~ Cleaning system restore ...
 
Deleted : RP #103 [Removed AirServer Universal (x64) | 04/16/2016 08:53:31]
Deleted : RP #104 [Removed Net Uptime Monitor | 04/16/2016 08:55:55]
Deleted : RP #105 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 | 04/19/2016 18:31:35]
Deleted : RP #106 [Removed IHA_MessageCenter | 04/21/2016 01:27:14]
Deleted : RP #107 [JRT Pre-Junkware Removal | 04/25/2016 18:56:37]
Deleted : RP #109 [Restore Point Created by FRST | 04/25/2016 23:26:33]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#24
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Windows 8.1 comes with an anti virus program installed it's called windows defender, it's the same as Microsoft Security Essentials, when you uninstall Avira windows defender should go on. When you installed Avira windows defender turned off.

After you uninstall Avira,

to turn Windows Defender on or to check to see if it's already on

1. On Start screen, begin typing Windows Defender until it appears on the left then left-click on it.

2. Select Settings tab.

3. Tick Turn on real-time protection (recommended)

4. Click Save changes.

5. Click Update tab then Update button then wait for the latest updates to be applied.

6. It would now be sensible to do a full-scan to start with, so click on Home tab then select Full then click Scan now.

7. Wait for scan to finish and action results as necessary.

(full scans may take some time)
  • 0

#25
Helpmeout12

Helpmeout12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

So having windows defender is just as good as having a third party anti virus?


  • 0

Advertisements


#26
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
It's what I use, it's a no nonsense free Anti Virus and effective.
  • 0

#27
Helpmeout12

Helpmeout12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Alright sounds good. Thank you again for your help. :)


  • 0

#28
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
If you decide to remove Avira, remove it through the control panel like any program you would normally remove, then I suggest you download an run the "Avira removal tool" found Here
  • 0

#29
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP