Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RKILL found ZEROACCESS ROOTKIT


  • This topic is locked This topic is locked
21 replies to this topic

#1 trinitydigital

trinitydigital

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 27 December 2013 - 04:48 PM

I did an AVAST bootscan and ran RKILL. I posted results from FARBAR Recovery scan tool. SEE ATTACHED.

*********************************************************************************************************************************************

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2013 01
Ran by SYSTEM on MININT-BR1785L on 27-12-2013 12:10:37
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [dldwmon.exe] - C:\Program Files (x86)\Dell V505\dldwmon.exe [677104 2008-10-02] ()
HKLM\...\Run: [dldwamon] - C:\Program Files (x86)\Dell V505\dldwamon.exe [16624 2008-10-02] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell V505] - C:\Program Files (x86)\Dell V505\fm3032.exe [312560 2008-10-02] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-26] (AVAST Software)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\607\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\Lisa\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\ooVoo.exe [19071672 2010-10-31] (ooVoo LLC)
HKU\Lisa\...\Run: [MobiLink 3] - C:\Program Files (x86)\Novatel Wireless\MobiLink3\MobiLink3.exe [1857360 2010-04-23] (Novatel Wireless Inc.)
HKU\Lisa\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19876456 2013-06-21] (Skype Technologies S.A.)
HKU\Lisa\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Lisa\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-26] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2013-12-26] (AVAST Software)
S3 CACLEARWIRE; C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [124240 2009-11-09] (SmithMicro Inc.)
S3 CLEARWIRERcAppSvc; C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [120144 2009-11-09] (SmithMicro Inc.)
S2 dldwCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dldwserv.exe [34032 2008-05-16] ()
S2 dldw_device; C:\Windows\system32\dldwcoms.exe [1041136 2008-05-16] ( )
S2 dldw_device; C:\Windows\SysWow64\dldwcoms.exe [595184 2008-05-16] ( )
S3 ExpressAccountsService; C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe [2096644 2010-11-24] (NCH Software)
S3 ExpressInvoiceService; C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [1642500 2010-11-24] (NCH Software)
S2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company)
S3 InventoriaService; C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe [1363972 2010-11-24] (NCH Software)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MpfService; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [893112 2009-05-08] (McAfee, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S2 myAgtSvc; C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [282824 2010-04-05] (McAfee, Inc.)
S2 MyFunCardsbarIEService; C:\Program Files (x86)\MyFunCardsbarIE\bar\1.bin\c8barsvc.exe [28766 2011-03-14] (MyFunCards)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S2 NvtlService; C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [91472 2010-04-23] ()
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
S2 SMSI Device Launch Service; C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [107856 2009-11-09] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
S2 Tether; C:\Program Files (x86)\Tether\TBService.exe [52664 2010-11-18] ()
S2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-30] ()

==================== Drivers (Whitelisted) ====================

S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2013-12-26] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-26] (AVAST Software)
S1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [439648 2013-12-26] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-26] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-26] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-26] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-26] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-26] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-26] ()
S3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [318336 2009-11-03] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [62976 2009-11-03] (Beceem communications pvt ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-11-10] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-11-10] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-11-10] (Novatel Wireless Inc.)
S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2009-11-09] (Smith Micro Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 deahbmuf; \??\C:\Windows\system32\drivers\deahbmuf.sys [x]
S1 edjyvwxt; \??\C:\Windows\system32\drivers\edjyvwxt.sys [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Accelerometer.sys 1CFFE9C06E66A57DAE1452E449A58240
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\System32\DRIVERS\agrsm64.sys 98022774D9930ECBB292E70DB7601DF6
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\System32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\System32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswKbd.sys 57483E691D635510533E081EC4CB81EC
C:\Windows\system32\drivers\aswMonFlt.sys 9C2BEA3957EFFD45F352F0938DFB3721
C:\Windows\System32\DRIVERS\aswNdisFlt.sys A9D461311E23E79E79AF951ABA53399E
C:\Windows\system32\drivers\aswRdr2.sys 679712B7A353EE665B9301592164A172
C:\Windows\System32\Drivers\aswRvrt.sys C04F7B373881009D7994D9BF55D24AB4
C:\Windows\system32\drivers\aswSnx.sys 52B5F8FAF7E78C02D26B0B6E3A05F596
C:\Windows\system32\drivers\aswSP.sys 251360C2FCA22BAFE0583314B3262F98
C:\Windows\system32\drivers\aswStm.sys AAB5F5336EDBB5D99CC7E1A9F4D8F63F
C:\Windows\System32\Drivers\aswVmm.sys 90399625F341AB76BA4B85A5E860EB1F
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys F8633CDD09647A64EE8DB550630427FF
C:\Windows\System32\drivers\AtiHdmi.sys 3B9014FB7CE9E20FD726321C7DB7D8B0
C:\Windows\System32\DRIVERS\atikmdag.sys A29087680A1C3B049E3C05438E8FF2B8
C:\Windows\System32\DRIVERS\AtiPcie.sys 7C5D273E29DCC5505469B299C6F29163
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\drxvi314_64.sys 2BC216938A30981473FFEDB251196095
C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys D127A82E01D64B6DD6A838DB710CCEA9
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys C7259495924D21F1AFA26467D9F4DAE0
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys B9430166FEB246F6070A62B3554932C9
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\system32\drivers\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\enecir.sys 524C79054636D2E5751169005006460B
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hpdskflt.sys 05712FDDBD45A5864EB326FAABC6A4E3
C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 9AF482D058BE59CC28BCE52E7C4B747C
C:\Windows\System32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\System32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys C6B88D62F20AC646C6BD5C032EC2FAF9
C:\Windows\System32\Drivers\Mpfp.sys AE2E68527013EB4F761ECCC630F7F1A3
C:\Windows\System32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\System32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netw5v64.sys 64428DFDAF6E88366CB51F45A79C5F69
C:\Windows\System32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys ACE8C64C57E4A711473C8BC10ADF692B
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\System32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NWADIenum.sys 17BCF5DF3C54DCF2AF2E164EB84A0169
C:\Windows\System32\DRIVERS\nwusbmdm.sys A3FADCF96ABF4803E7A946CD48641AC3
C:\Windows\System32\DRIVERS\nwusbser.sys A3FADCF96ABF4803E7A946CD48641AC3
C:\Windows\System32\DRIVERS\nwusbser2.sys A3FADCF96ABF4803E7A946CD48641AC3
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\system32\PCTINDIS5X64.SYS B5D3C24E4EA8E6D4850E83DAD8C510D4
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\qrkis.sys E92CA234469CC386AD81B9DB924FE9D4
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RimUsb_AMD64.sys 7B04C9843921AB1F695FB395422C5360
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys ==> MD5 is legit
C:\Windows\System32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssudmdm.sys AAF6F247F1DC370C593B4430974EAD9C
C:\Windows\System32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys ED1722F43CE61409EF68340402D6267D
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 929C9FA0B18AD2EBC8340591C4BF00FF
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys ACCEA6BC68D0C9A78EB97EE159028B4E
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 311C1DD1088E55BEAE15954D17F50646
C:\Windows\System32\DRIVERS\usbfilter.sys 44D9C773FEBFF10593B50DDFC2D6BC27
C:\Windows\System32\DRIVERS\usbhub.sys 280E90CBF4B2DDD169F0728CB44D726F
C:\Windows\System32\DRIVERS\usbohci.sys 9406D801042FAF859CF81B2C886413DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\usb8023.sys 92B3172E8C14C1444682F510843A9988
C:\Windows\system32\drivers\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\yk62x64.sys B3EEACF62445E24FBB2CD4B0FB4DB026

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-27 10:01 - 2013-12-27 10:01 - 00043187 _____ C:\Users\Lisa\Desktop\Addition.txt
2013-12-27 10:00 - 2013-12-27 10:01 - 00078685 _____ C:\Users\Lisa\Desktop\FRST.txt
2013-12-27 10:00 - 2013-12-27 10:00 - 00000000 ____D C:\FRST
2013-12-27 10:00 - 2013-12-27 09:42 - 01930746 _____ (Farbar) C:\Users\Lisa\Desktop\FRST64.exe
2013-12-27 09:58 - 2013-12-27 09:58 - 00056540 _____ C:\Users\Lisa\Desktop\combofixlisa.txt
2013-12-27 09:49 - 2013-12-27 09:49 - 00056540 _____ C:\ComboFix.txt
2013-12-27 09:17 - 2013-12-27 09:17 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-12-27 09:17 - 2013-12-27 09:17 - 00000000 ____D C:\Program Files\HitmanPro
2013-12-27 09:16 - 2013-12-27 09:14 - 10264904 _____ (SurfRight B.V.) C:\Users\Lisa\Desktop\hitmanpro_x64.exe
2013-12-27 09:12 - 2013-12-27 09:35 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-27 09:04 - 2013-12-27 08:40 - 02959376 _____ (Microsoft Corporation) C:\Users\Lisa\Desktop\dotnetfx35setup.exe
2013-12-27 09:04 - 2013-12-26 10:58 - 09452704 _____ (SurfRight B.V.) C:\Users\Lisa\Desktop\HitmanPro.exe
2013-12-27 09:04 - 2013-12-26 10:57 - 02218636 _____ C:\Users\Lisa\Desktop\tdsskiller.zip
2013-12-26 11:04 - 2013-12-26 11:04 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\AVAST Software
2013-12-26 11:03 - 2013-12-27 09:34 - 00002222 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-12-26 11:03 - 2013-12-26 11:03 - 00002032 _____ C:\Users\Public\Desktop\avast! SafeZone.lnk
2013-12-26 11:02 - 2013-12-27 09:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-26 11:02 - 2013-12-26 11:02 - 00079672 _____ (AVAST Software) C:\Windows\System32\Drivers\aswstm.sys
2013-12-26 11:02 - 2013-12-26 11:01 - 01034464 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-12-26 11:02 - 2013-12-26 11:01 - 00422216 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-12-26 11:02 - 2013-12-26 11:01 - 00207904 _____ C:\Windows\System32\Drivers\aswVmm.sys
2013-12-26 11:02 - 2013-12-26 11:01 - 00092544 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-12-26 11:02 - 2013-12-26 11:01 - 00078648 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-12-26 11:02 - 2013-12-26 11:01 - 00065776 _____ C:\Windows\System32\Drivers\aswRvrt.sys
2013-12-26 11:02 - 2013-12-26 11:01 - 00028184 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2013-12-26 11:01 - 2013-12-26 11:01 - 00439648 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNdisFlt.sys
2013-12-26 11:01 - 2013-12-26 11:01 - 00334136 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-12-26 11:01 - 2013-12-26 11:01 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-26 10:58 - 2013-12-26 10:58 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-26 10:55 - 2013-12-26 10:55 - 00000000 ____D C:\Users\Lisa\Desktop\avast
2013-12-26 10:55 - 2013-12-26 10:55 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-25 13:57 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-12-25 13:57 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-12-25 13:57 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-12-25 13:57 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-25 13:57 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-12-25 13:57 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-12-25 13:57 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-12-25 13:57 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-12-25 13:57 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-12-25 13:57 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-25 13:57 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-12-25 13:57 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-12-25 13:57 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-12-25 13:57 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-12-25 13:57 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-12-25 13:57 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-25 13:57 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-25 13:57 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-12-25 13:57 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-25 13:57 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-25 13:57 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-25 13:57 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-12-25 13:57 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-12-25 13:57 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-25 13:57 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-25 13:57 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-12-25 13:57 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-12-25 13:57 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-12-25 13:57 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-25 13:57 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-25 13:57 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-25 12:53 - 2013-12-25 13:17 - 00000000 ____D C:\Users\Lisa\Desktop\PDF FILES
2013-12-25 12:28 - 2013-12-25 12:28 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-25 12:10 - 2013-12-25 12:10 - 00000000 ____D C:\Users\Lisa\AppData\Local\ShoppingAssistant
2013-12-25 11:56 - 2013-12-25 12:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 11:56 - 2013-12-25 11:56 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Malwarebytes
2013-12-25 11:56 - 2013-12-25 11:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-25 11:56 - 2013-04-04 12:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-12-25 11:56 - 2010-11-29 15:42 - 00038224 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2013-12-25 11:42 - 2013-12-25 11:42 - 00000000 ____D C:\Windows\SysWOW64\SearchProtect
2013-12-25 11:09 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-25 11:09 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-25 11:09 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-25 11:09 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-25 11:09 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-25 11:09 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-25 11:09 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-25 11:09 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-25 11:08 - 2011-12-19 11:46 - 00000034 _____ C:\Users\Lisa\Desktop\MWB.txt
2013-12-25 11:07 - 2013-12-27 09:49 - 00000000 ____D C:\Qoobox
2013-12-25 11:07 - 2013-12-27 09:47 - 00000000 ____D C:\Windows\erdnt
2013-12-25 10:46 - 2011-12-26 13:44 - 01008141 _____ C:\Users\Lisa\Desktop\rkill.com
2013-12-25 10:41 - 2013-12-27 09:36 - 00006510 _____ C:\Users\Lisa\Desktop\Rkill.txt
2013-12-25 10:39 - 2013-12-25 10:42 - 05158070 ____R (Swearware) C:\Users\Lisa\Desktop\ComboFix.exe
2013-12-25 10:39 - 2013-12-17 10:47 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Lisa\Desktop\rkill.exe
2013-12-25 10:13 - 2013-10-14 16:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\System32\IEUDINIT.EXE
2013-12-25 10:06 - 2013-12-25 10:06 - 01228800 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00942592 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00774144 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-25 10:06 - 2013-12-25 10:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-12-25 10:06 - 2013-12-25 10:06 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00413696 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-12-25 10:06 - 2013-12-25 10:06 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-25 10:06 - 2013-12-25 10:06 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00263376 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00147968 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00131072 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00101376 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-12-25 10:06 - 2013-12-25 10:06 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-25 10:06 - 2013-12-25 10:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-25 10:02 - 2013-12-25 10:13 - 00009741 _____ C:\Windows\IE11_main.log
2013-12-16 10:29 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-12-16 10:29 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2013-12-16 10:29 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-16 10:29 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 17:04 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-12-11 17:04 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 17:02 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 17:02 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-12-11 17:02 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\System32\msieftp.dll
2013-12-11 17:02 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 17:02 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-12-11 17:02 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-12-11 17:02 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 17:02 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2013-12-11 17:02 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2013-12-11 16:59 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2013-12-11 16:59 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2013-12-11 16:59 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 16:59 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 16:59 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2013-12-11 16:59 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2013-12-11 16:59 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 16:59 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 16:40 - 2013-12-11 16:40 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-10 09:53 - 2013-12-25 11:42 - 00000000 ____D C:\Users\Lisa\AppData\Local\SearchProtect

==================== One Month Modified Files and Folders =======

2013-12-27 10:01 - 2013-12-27 10:01 - 00043187 _____ C:\Users\Lisa\Desktop\Addition.txt
2013-12-27 10:01 - 2013-12-27 10:00 - 00078685 _____ C:\Users\Lisa\Desktop\FRST.txt
2013-12-27 10:00 - 2013-12-27 10:00 - 00000000 ____D C:\FRST
2013-12-27 09:58 - 2013-12-27 09:58 - 00056540 _____ C:\Users\Lisa\Desktop\combofixlisa.txt
2013-12-27 09:49 - 2013-12-27 09:49 - 00056540 _____ C:\ComboFix.txt
2013-12-27 09:49 - 2013-12-25 11:07 - 00000000 ____D C:\Qoobox
2013-12-27 09:49 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2013-12-27 09:47 - 2013-12-25 11:07 - 00000000 ____D C:\Windows\erdnt
2013-12-27 09:47 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2013-12-27 09:46 - 2010-05-04 13:01 - 00000000 ____D C:\users\Lisa
2013-12-27 09:42 - 2013-12-27 10:00 - 01930746 _____ (Farbar) C:\Users\Lisa\Desktop\FRST64.exe
2013-12-27 09:36 - 2013-12-25 10:41 - 00006510 _____ C:\Users\Lisa\Desktop\Rkill.txt
2013-12-27 09:35 - 2013-12-27 09:12 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-27 09:34 - 2013-12-26 11:03 - 00002222 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-12-27 09:32 - 2011-05-08 13:44 - 00002243 _____ C:\Windows\epplauncher.mif
2013-12-27 09:31 - 2010-05-25 22:01 - 00000000 ____D C:\Program Files (x86)\Graboid
2013-12-27 09:30 - 2011-05-25 21:54 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-12-27 09:21 - 2010-03-23 00:24 - 01156146 _____ C:\Windows\WindowsUpdate.log
2013-12-27 09:17 - 2013-12-27 09:17 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-12-27 09:17 - 2013-12-27 09:17 - 00000000 ____D C:\Program Files\HitmanPro
2013-12-27 09:14 - 2013-12-27 09:16 - 10264904 _____ (SurfRight B.V.) C:\Users\Lisa\Desktop\hitmanpro_x64.exe
2013-12-27 09:03 - 2010-07-15 12:30 - 00017705 _____ C:\Windows\System32\Config.MPF
2013-12-27 09:03 - 2010-05-04 20:56 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Skype
2013-12-27 09:02 - 2013-12-26 11:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-27 09:02 - 2010-10-10 22:08 - 00000000 ___RD C:\Users\Lisa\Documents\My Dropbox
2013-12-27 09:02 - 2010-10-10 22:06 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Dropbox
2013-12-27 09:02 - 2010-09-13 17:36 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4030728106-2350430166-202763514-1001UA.job
2013-12-27 09:00 - 2011-09-11 13:56 - 00000372 _____ C:\Windows\Tasks\WpsUpdateTask_Lisa.job
2013-12-27 09:00 - 2010-05-04 20:56 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-27 09:00 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-27 09:00 - 2009-07-13 20:51 - 02688813 _____ C:\Windows\setupact.log
2013-12-27 08:57 - 2010-05-04 20:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-27 08:40 - 2013-12-27 09:04 - 02959376 _____ (Microsoft Corporation) C:\Users\Lisa\Desktop\dotnetfx35setup.exe
2013-12-26 14:15 - 2010-03-23 00:26 - 00745676 _____ C:\Windows\PFRO.log
2013-12-26 12:50 - 2012-06-13 20:28 - 00000000 ____D C:\Program Files (x86)\1ClickDownload
2013-12-26 11:25 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-26 11:25 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-26 11:21 - 2010-08-06 21:59 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{16536A42-0B6B-4824-8DF7-087AECC3A953}
2013-12-26 11:04 - 2013-12-26 11:04 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\AVAST Software
2013-12-26 11:03 - 2013-12-26 11:03 - 00002032 _____ C:\Users\Public\Desktop\avast! SafeZone.lnk
2013-12-26 11:02 - 2013-12-26 11:02 - 00079672 _____ (AVAST Software) C:\Windows\System32\Drivers\aswstm.sys
2013-12-26 11:01 - 2013-12-26 11:02 - 01034464 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-12-26 11:01 - 2013-12-26 11:02 - 00422216 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-12-26 11:01 - 2013-12-26 11:02 - 00207904 _____ C:\Windows\System32\Drivers\aswVmm.sys
2013-12-26 11:01 - 2013-12-26 11:02 - 00092544 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-12-26 11:01 - 2013-12-26 11:02 - 00078648 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-12-26 11:01 - 2013-12-26 11:02 - 00065776 _____ C:\Windows\System32\Drivers\aswRvrt.sys
2013-12-26 11:01 - 2013-12-26 11:02 - 00028184 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2013-12-26 11:01 - 2013-12-26 11:01 - 00439648 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNdisFlt.sys
2013-12-26 11:01 - 2013-12-26 11:01 - 00334136 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-12-26 11:01 - 2013-12-26 11:01 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-26 10:58 - 2013-12-27 09:04 - 09452704 _____ (SurfRight B.V.) C:\Users\Lisa\Desktop\HitmanPro.exe
2013-12-26 10:58 - 2013-12-26 10:58 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-26 10:57 - 2013-12-27 09:04 - 02218636 _____ C:\Users\Lisa\Desktop\tdsskiller.zip
2013-12-26 10:55 - 2013-12-26 10:55 - 00000000 ____D C:\Users\Lisa\Desktop\avast
2013-12-26 10:55 - 2013-12-26 10:55 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-26 10:51 - 2009-07-13 21:13 - 00743650 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-26 10:10 - 2012-01-28 10:00 - 00000000 ____D C:\Program Files\Smart PDF Converter
2013-12-26 10:06 - 2011-01-05 23:37 - 00000000 ____D C:\Users\Lisa\AppData\Local\Conduit
2013-12-26 10:03 - 2010-03-23 00:53 - 00000000 ____D C:\ProgramData\Norton
2013-12-26 10:02 - 2010-09-13 17:36 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4030728106-2350430166-202763514-1001Core.job
2013-12-26 09:58 - 2010-05-24 11:17 - 00000000 ____D C:\Program Files (x86)\Skyhook Wireless
2013-12-25 13:21 - 2011-01-25 09:13 - 00000000 ____D C:\FREEPLAN
2013-12-25 13:19 - 2010-08-21 20:51 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Sammsoft
2013-12-25 13:17 - 2013-12-25 12:53 - 00000000 ____D C:\Users\Lisa\Desktop\PDF FILES
2013-12-25 13:11 - 2012-10-27 20:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-25 13:11 - 2010-10-24 11:54 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-12-25 13:11 - 2010-05-04 20:56 - 00000000 ____D C:\Program Files\Google
2013-12-25 13:11 - 2010-05-04 20:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-25 13:11 - 2009-10-30 19:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-25 13:09 - 2013-10-16 06:42 - 00000000 ____D C:\ProgramData\Conduit
2013-12-25 13:09 - 2013-10-16 06:38 - 00000000 ____D C:\ProgramData\DSearchLink
2013-12-25 13:09 - 2013-10-16 06:37 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\PerformerSoft
2013-12-25 13:09 - 2013-09-13 23:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-12-25 13:09 - 2013-06-05 09:50 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2013-12-25 13:09 - 2012-09-20 12:28 - 00000000 ____D C:\Program Files (x86)\AppGraffiti
2013-12-25 13:09 - 2012-03-28 23:25 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Systweak
2013-12-25 13:09 - 2012-03-03 13:54 - 00000000 ____D C:\Program Files (x86)\Productivity_3.1
2013-12-25 13:01 - 2013-11-26 14:54 - 00003118 _____ C:\Windows\System32\Tasks\PC Performer
2013-12-25 12:55 - 2010-11-07 20:09 - 00000000 ____D C:\Program Files (x86)\WinAce
2013-12-25 12:28 - 2013-12-25 12:28 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-25 12:28 - 2013-12-25 11:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 12:26 - 2011-03-13 17:56 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Uniblue
2013-12-25 12:24 - 2010-10-24 11:54 - 00000000 ____D C:\ProgramData\Yahoo!
2013-12-25 12:23 - 2010-06-10 17:55 - 00000000 ____D C:\Users\Lisa\AppData\Local\CrashDumps
2013-12-25 12:22 - 2013-10-16 06:38 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Yandex
2013-12-25 12:19 - 2013-10-16 06:39 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-12-25 12:19 - 2010-05-04 20:56 - 00000000 ____D C:\Users\Lisa\AppData\Local\Google
2013-12-25 12:19 - 2010-05-04 20:56 - 00000000 ____D C:\ProgramData\Google
2013-12-25 12:11 - 2012-06-13 21:08 - 00000000 ____D C:\Program Files (x86)\SweetIM
2013-12-25 12:10 - 2013-12-25 12:10 - 00000000 ____D C:\Users\Lisa\AppData\Local\ShoppingAssistant
2013-12-25 12:04 - 2011-03-13 16:57 - 00000000 ____D C:\ProgramData\Transparent
2013-12-25 11:56 - 2013-12-25 11:56 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Malwarebytes
2013-12-25 11:56 - 2013-12-25 11:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-25 11:42 - 2013-12-25 11:42 - 00000000 ____D C:\Windows\SysWOW64\SearchProtect
2013-12-25 11:42 - 2013-12-10 09:53 - 00000000 ____D C:\Users\Lisa\AppData\Local\SearchProtect
2013-12-25 11:33 - 2013-11-18 19:00 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-12-25 11:30 - 2010-05-24 11:17 - 00000258 __RSH C:\ProgramData\ntuser.pol
2013-12-25 11:28 - 2009-07-13 18:34 - 97255424 _____ C:\Windows\System32\config\software.bak
2013-12-25 11:28 - 2009-07-13 18:34 - 23855104 _____ C:\Windows\System32\config\system.bak
2013-12-25 11:28 - 2009-07-13 18:34 - 00786432 _____ C:\Windows\System32\config\default.bak
2013-12-25 11:28 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\System32\config\security.bak
2013-12-25 11:28 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\System32\config\sam.bak
2013-12-25 11:07 - 2009-07-13 21:08 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-25 10:42 - 2013-12-25 10:39 - 05158070 ____R (Swearware) C:\Users\Lisa\Desktop\ComboFix.exe
2013-12-25 10:27 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-25 10:18 - 2009-07-13 20:45 - 00489256 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-25 10:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-25 10:13 - 2013-12-25 10:02 - 00009741 _____ C:\Windows\IE11_main.log
2013-12-25 10:06 - 2013-12-25 10:06 - 01228800 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00942592 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00774144 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-25 10:06 - 2013-12-25 10:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-12-25 10:06 - 2013-12-25 10:06 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00413696 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-12-25 10:06 - 2013-12-25 10:06 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-25 10:06 - 2013-12-25 10:06 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00263376 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00147968 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00131072 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00101376 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-12-25 10:06 - 2013-12-25 10:06 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-25 10:06 - 2013-12-25 10:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-25 10:06 - 2013-12-25 10:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-12-25 10:06 - 2013-12-25 10:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-25 10:02 - 2013-07-14 00:01 - 00000000 ____D C:\Windows\System32\MRT
2013-12-25 09:54 - 2010-07-04 08:57 - 90708896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-12-17 10:47 - 2013-12-25 10:39 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Lisa\Desktop\rkill.exe
2013-12-16 10:28 - 2009-10-30 20:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-16 09:47 - 2010-05-04 13:41 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\HpUpdate
2013-12-11 17:03 - 2012-03-27 16:00 - 00000842 _____ C:\Windows\SysWOW64\AppLog.log
2013-12-11 16:40 - 2013-12-11 16:40 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-10 11:58 - 2010-08-21 16:06 - 00000000 ____D C:\Users\Lisa\AppData\Local\Citrix
2013-12-10 09:57 - 2010-09-13 17:36 - 00003872 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4030728106-2350430166-202763514-1001UA
2013-12-10 09:57 - 2010-09-13 17:36 - 00003476 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4030728106-2350430166-202763514-1001Core
2013-12-07 22:35 - 2010-05-04 20:56 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-07 22:35 - 2010-05-04 20:56 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-05 21:01 - 2010-07-28 19:25 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-27 16:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-11-27 14:26 - 2011-11-24 01:16 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLisa
2013-11-27 14:26 - 2011-11-24 01:16 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForLisa.job
2013-11-27 14:20 - 2013-11-19 06:32 - 00000000 ____D C:\Users\Lisa\AppData\Local\{0B03F214-DB79-4D3E-8A07-FC168A60EC46}
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-12-10 10:07:21
Restore point made on: 2013-12-16 09:50:39
Restore point made on: 2013-12-25 10:23:45
Restore point made on: 2013-12-25 11:46:50
Restore point made on: 2013-12-25 12:10:28
Restore point made on: 2013-12-25 12:24:53
Restore point made on: 2013-12-25 12:26:13
Restore point made on: 2013-12-25 12:27:21
Restore point made on: 2013-12-25 13:20:59
Restore point made on: 2013-12-25 13:56:59
Restore point made on: 2013-12-26 09:56:09
Restore point made on: 2013-12-26 10:00:30
Restore point made on: 2013-12-26 10:01:29
Restore point made on: 2013-12-26 10:03:19
Restore point made on: 2013-12-26 10:04:17
Restore point made on: 2013-12-26 10:08:38
Restore point made on: 2013-12-26 10:12:08
Restore point made on: 2013-12-26 10:13:19
Restore point made on: 2013-12-26 10:58:10
Restore point made on: 2013-12-26 11:02:32

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3836.2 MB
Available physical RAM: 3086.26 MB
Total Pagefile: 3834.34 MB
Available Pagefile: 3080.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.42 GB) (Free:173.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:17.37 GB) (Free:2.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive h: () (Removable) (Total:7.53 GB) (Free:7.5 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 29E95222)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 0035C793)
Partition 1: (Active) - (Size=8 GB) - (Type=0C)


LastRegBack: 2013-12-25 13:40

==================== End Of Log ============================

 

*************************************************************************************************************************

 

Farbar Recovery Scan Tool (x64) Version: 27-12-2013 01
Ran by SYSTEM at 2013-12-27 12:15:06
Running from H:\
Boot Mode: Recovery

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2013-12-27 09:47] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

X:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

X:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:57 PM

Posted 28 December 2013 - 08:01 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

If the computer is able to boot in Normal Mode please rerun FRST from there and post the logs in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 trinitydigital

trinitydigital
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 28 December 2013 - 12:52 PM

I will follow your directions exactly. FRST results posted below:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2013 01
Ran by Lisa (administrator) on LISA-PC on 28-12-2013 11:44:07
Running from C:\Users\Lisa\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\dldwcoms.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe
() C:\Program Files (x86)\Tor\tor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-26] (AVAST Software)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\607\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19876456 2013-06-21] (Skype Technologies S.A.)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - Systweak Toolbar - {424e2f9c-eb5b-4b51-87e5-5831781bc515} - C:\Program Files (x86)\Systweak\prxtbSyst.dll (Conduit Ltd.)
URLSearchHook: HKCU - Systweak Toolbar - {424e2f9c-eb5b-4b51-87e5-5831781bc515} - C:\Program Files (x86)\Systweak\prxtbSyst.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} URL = http://dts.search-results.com/sr?src=ieb&appid=173&systemid=431&sr=0&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} URL = http://dts.search-results.com/sr?src=ieb&appid=173&systemid=431&sr=0&q={searchTerms}
SearchScopes: HKLM - {B1880777-7432-4176-BC7F-35ECEA387ABD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - DefaultScope {389B667C-505A-45DE-A5DD-9C22327D6FB7} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {19a733b4-76ad-4d67-8e3e-54f4de06bc85} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm896YYus&ptb=9ADEFE34-A4EF-4548-82F7-D1CE4983C903&psa=&ind=2011060110&ptnrS=ZUxdm896YYus&si=ry555&st=sb&n=77de578e&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} URL = http://dts.search-results.com/sr?src=ieb&appid=173&systemid=431&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3065694
SearchScopes: HKLM-x32 - {B1880777-7432-4176-BC7F-35ECEA387ABD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={0A65C90D-B5DF-11E1-AF2E-C80AA944FAC8}
SearchScopes: HKLM-x32 - {F8305D7D-CF69-465a-9003-813C6013A702} URL = http://start.flashvideodownloader.org/result.php?cx=partner-pub-5087362176467115:lyglkqaff6i&cof=FORID:10&ie=ISO-8859-1&sa=Search&q={searchTerms}
SearchScopes: HKLM-x32 - {F8305D7D-CF79-465a-9003-813C6013A702} URL = http://start.flashvideodownloader.org/result.php?cx=partner-pub-5087362176467115:h6z8ss-efx2&cof=FORID:10&ie=ISO-8859-1&sa=Search&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {030822DC-7EB3-4A24-8581-1720E8A1D940} URL = http://dts.search-results.com/sr?src=ieb&appid=173&systemid=431&sr=0&q={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = browseforchange/search/redirect/?type=default&user_id=1daba5cb-bb99-469a-941a-c304fe80a064&query={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} URL =
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKCU - {B1880777-7432-4176-BC7F-35ECEA387ABD} URL =
BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Lisa\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Lisa\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
BHO-x32: No Name - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~2\SITERA~1\SiteRank.dll No File
BHO-x32: 80c8c39c - {20C2CF76-FFD4-899F-DC61-4477BB06D296} -  No File
BHO-x32: 80c8c39c - {21083446-FDC5-DA1C-FE6A-CF0EBC686FA5} -  No File
BHO-x32: No Name - {2A836234-186C-41A0-9863-40BECDEDED9F} -  No File
BHO-x32: Systweak Toolbar - {424e2f9c-eb5b-4b51-87e5-5831781bc515} - C:\Program Files (x86)\Systweak\prxtbSyst.dll (Conduit Ltd.)
BHO-x32: 80c8c39c - {663CF1F1-81F8-EBD8-A028-46B926FDCE4E} -  No File
BHO-x32: Toolbar BHO - {664a876f-a887-4016-abb7-423f1129d6ca} - C:\PROGRA~2\MYFUNC~2\bar\1.bin\c8bar.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: 80c8c39c - {79EB4A07-7E68-E8E9-5831-DB325EB5CC1C} -  No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Smiley Bar for Facebook - {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - C:\Program Files (x86)\Smiley Bar for Facebook\ScriptHost.dll No File
BHO-x32: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll No File
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Search Assistant BHO - {a53d3e99-2d75-4752-a2b4-b2c727d7df8c} - C:\Program Files (x86)\MyFunCardsbarIE\bar\1.bin\c8SrcAs.dll No File
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO-x32: Updater For Simppull Toolbar - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll No File
BHO-x32: No Name - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -  No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} -  No File
BHO-x32: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -  No File
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - MyFunCards - {4b3b7746-935c-48e9-95cd-a855419cdef0} - C:\Program Files (x86)\MyFunCardsbarIE\bar\1.bin\c8bar.dll No File
Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} -  No File
Toolbar: HKLM-x32 - Systweak Toolbar - {424e2f9c-eb5b-4b51-87e5-5831781bc515} - C:\Program Files (x86)\Systweak\prxtbSyst.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKCU - No Name - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKCU - No Name - {90EEE664-34B1-422A-A782-779AF65CDF6D} -  No File
Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} -  No File
Toolbar: HKCU - No Name - {B80F591E-FE9A-46CF-A13E-180377240586} -  No File
Toolbar: HKCU - No Name - {795828A9-F271-43A8-8536-4484BB991D3D} -  No File
Toolbar: HKCU - No Name - {9565115D-C7D6-46D3-BD63-B67B481A4368} -  No File
Toolbar: HKCU - No Name - {EAF74B81-D41B-495C-8A59-1AFE89FC5A82} -  No File
Toolbar: HKCU - No Name - {424E2F9C-EB5B-4B51-87E5-5831781BC515} -  No File
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://freetrial.webex.com/client/T27L/webex/ieatgpc1.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.768.dll No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default
FF SelectedSearchEngine: NCH Customized Web Search
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Lisa\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @nds.com/PCShowPlugin - C:\Users\Lisa\AppData\Local\DIRECTV Player\npPCShowPlugin.dll No File
FF Plugin HKCU: @nds.com/PlayerPlugin - C:\Users\Lisa\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Lisa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Lisa\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Lisa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lisa\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lisa\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: NDS.com/PlayerPlugin - C:\Users\Lisa\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\bProtect.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\inbox-search.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\mywebsearch.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\search-here.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\web-search-powered-by-google.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\yandex.ru-093940.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober767652262.xml
FF Extension: No Name - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\Extensions\nostmp
FF Extension: Adobe DLM (powered by getPlus®) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF Extension: Lizardlink - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\Extensions\firefox@lizardlink.biz.xpi
FF Extension: 1Click Downloader - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\Extensions\OneClickDownloader@OneClickDownloader.com.xpi
FF Extension: Yontoo - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\Extensions\plugin@yontoo.com.xpi
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF Extension: onetab - C:\Program Files (x86)\Mozilla Firefox\extensions\onetab@onetab.net
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF Extension: Smiley Bar for Facebook - C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}] - C:\Program Files (x86)\PriceGong\2.1.0\FF
FF HKCU\...\Firefox\Extensions: [specialsavings@superfish.com] - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles/up4kkm2d.default\extensions\specialsavings@superfish.com
FF HKCU\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF Extension: Smiley Bar for Facebook - C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks

Chrome:
=======
CHR DefaultSearchKeyword: search.conduit.com
CHR DefaultSearchProvider: Conduit
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN14117570222276824&ctid=CT3267244&UM=2
CHR DefaultNewTabURL:
CHR Extension: (avast! Online Security) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0
CHR Extension: (Google Wallet) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR HKLM-x32\...\Chrome\Extension: [cbnocfnjkmlljbfgpkbhefnlpbiemhif] - C:\Users\Lisa\AppData\Roaming\OneTab\OneTab.crx
CHR HKLM-x32\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\Lisa\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx
CHR HKLM-x32\...\Chrome\Extension: [dhdepfaagokllfmhfbcfmocaeigmoebo] - C:\Users\Lisa\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [dhoigiahaahldpgnbbimfecackdgccna] - C:\Users\Lisa\AppData\Local\CRE\dhoigiahaahldpgnbbimfecackdgccna.crx
CHR HKLM-x32\...\Chrome\Extension: [dlfienamagdnkekbbbocojppncdambda] - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [fojnkghiggpfagjciliabphpgnbmehjf] - C:\Users\Lisa\AppData\Local\Temp\ccex.crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - C:\Users\Lisa\AppData\Roaming\StatusWinks\statuswinks.crx
CHR HKLM-x32\...\Chrome\Extension: [iolllphbfidpiigenecjjflaefapfnef] - C:\Users\Lisa\AppData\Local\CRE\iolllphbfidpiigenecjjflaefapfnef.crx
CHR HKLM-x32\...\Chrome\Extension: [jainjonnknhmbbkibcbmhihbopigapdm] - C:\Program Files (x86)\Lizardlink\jainjonnknhmbbkibcbmhihbopigapdm.crx
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM-x32\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files (x86)\1ClickDownload\1click12.crx
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Lisa\AppData\Local\Temp\YontooLayers.crx
CHR HKLM-x32\...\Chrome\Extension: [nkcpopggjcjkiicpenikeogioednjeac] - C:\Users\Lisa\AppData\Local\Temp\nkcpopggjcjkiicpenikeogioednjeac.crx
CHR HKLM-x32\...\Chrome\Extension: [ollhcmlejlencfgmgnihgapkpbflogkh] - C:\Users\Lisa\AppData\Local\CRE\ollhcmlejlencfgmgnihgapkpbflogkh.crx

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-26] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2013-12-26] (AVAST Software)
S3 CACLEARWIRE; C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [124240 2009-11-09] (SmithMicro Inc.)
S3 CLEARWIRERcAppSvc; C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [120144 2009-11-09] (SmithMicro Inc.)
S2 dldwCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dldwserv.exe [34032 2008-05-16] ()
R2 dldw_device; C:\Windows\system32\dldwcoms.exe [1041136 2008-05-16] ( )
R2 dldw_device; C:\Windows\SysWow64\dldwcoms.exe [595184 2008-05-16] ( )
S3 ExpressAccountsService; C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe [2096644 2010-11-24] (NCH Software)
S3 ExpressInvoiceService; C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [1642500 2010-11-24] (NCH Software)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-12-27] (SurfRight B.V.)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company)
S3 InventoriaService; C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe [1363972 2010-11-24] (NCH Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MyFunCardsbarIEService; C:\Program Files (x86)\MyFunCardsbarIE\bar\1.bin\c8barsvc.exe [28766 2011-03-14] (MyFunCards)
R2 NvtlService; C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [91472 2010-04-23] ()
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
R2 SMSI Device Launch Service; C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [107856 2009-11-09] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-30] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 myAgtSvc; "C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" /ServiceStart [x]

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2013-12-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-26] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [439648 2013-12-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-26] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-26] ()
S3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [318336 2009-11-03] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [62976 2009-11-03] (Beceem communications pvt ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-11-10] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-11-10] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-11-10] (Novatel Wireless Inc.)
S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2009-11-09] (Smith Micro Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 deahbmuf; \??\C:\Windows\system32\drivers\deahbmuf.sys [x]
S1 edjyvwxt; \??\C:\Windows\system32\drivers\edjyvwxt.sys [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Accelerometer.sys 1CFFE9C06E66A57DAE1452E449A58240
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\System32\DRIVERS\agrsm64.sys 98022774D9930ECBB292E70DB7601DF6
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\System32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\System32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswKbd.sys 57483E691D635510533E081EC4CB81EC
C:\Windows\system32\drivers\aswMonFlt.sys 9C2BEA3957EFFD45F352F0938DFB3721
C:\Windows\System32\DRIVERS\aswNdisFlt.sys A9D461311E23E79E79AF951ABA53399E
C:\Windows\system32\drivers\aswRdr2.sys 679712B7A353EE665B9301592164A172
C:\Windows\System32\Drivers\aswRvrt.sys C04F7B373881009D7994D9BF55D24AB4
C:\Windows\system32\drivers\aswSnx.sys 52B5F8FAF7E78C02D26B0B6E3A05F596
C:\Windows\system32\drivers\aswSP.sys 251360C2FCA22BAFE0583314B3262F98
C:\Windows\system32\drivers\aswStm.sys AAB5F5336EDBB5D99CC7E1A9F4D8F63F
C:\Windows\System32\Drivers\aswVmm.sys 90399625F341AB76BA4B85A5E860EB1F
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys F8633CDD09647A64EE8DB550630427FF
C:\Windows\System32\drivers\AtiHdmi.sys 3B9014FB7CE9E20FD726321C7DB7D8B0
C:\Windows\System32\DRIVERS\atikmdag.sys A29087680A1C3B049E3C05438E8FF2B8
C:\Windows\System32\DRIVERS\AtiPcie.sys 7C5D273E29DCC5505469B299C6F29163
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\drxvi314_64.sys 2BC216938A30981473FFEDB251196095
C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys D127A82E01D64B6DD6A838DB710CCEA9
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys C7259495924D21F1AFA26467D9F4DAE0
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys B9430166FEB246F6070A62B3554932C9
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\system32\drivers\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\enecir.sys 524C79054636D2E5751169005006460B
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hpdskflt.sys 05712FDDBD45A5864EB326FAABC6A4E3
C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 9AF482D058BE59CC28BCE52E7C4B747C
C:\Windows\System32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\System32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Mpfp.sys AE2E68527013EB4F761ECCC630F7F1A3
C:\Windows\System32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\System32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netw5v64.sys 64428DFDAF6E88366CB51F45A79C5F69
C:\Windows\System32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\System32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NWADIenum.sys 17BCF5DF3C54DCF2AF2E164EB84A0169
C:\Windows\System32\DRIVERS\nwusbmdm.sys A3FADCF96ABF4803E7A946CD48641AC3
C:\Windows\System32\DRIVERS\nwusbser.sys A3FADCF96ABF4803E7A946CD48641AC3
C:\Windows\System32\DRIVERS\nwusbser2.sys A3FADCF96ABF4803E7A946CD48641AC3
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\system32\PCTINDIS5X64.SYS B5D3C24E4EA8E6D4850E83DAD8C510D4
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\qrkis.sys E92CA234469CC386AD81B9DB924FE9D4
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RimUsb_AMD64.sys 7B04C9843921AB1F695FB395422C5360
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys ==> MD5 is legit
C:\Windows\System32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssudmdm.sys AAF6F247F1DC370C593B4430974EAD9C
C:\Windows\System32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys ED1722F43CE61409EF68340402D6267D
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 929C9FA0B18AD2EBC8340591C4BF00FF
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys ACCEA6BC68D0C9A78EB97EE159028B4E
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 311C1DD1088E55BEAE15954D17F50646
C:\Windows\System32\DRIVERS\usbfilter.sys 44D9C773FEBFF10593B50DDFC2D6BC27
C:\Windows\System32\DRIVERS\usbhub.sys 280E90CBF4B2DDD169F0728CB44D726F
C:\Windows\System32\DRIVERS\usbohci.sys 9406D801042FAF859CF81B2C886413DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\usb8023.sys 92B3172E8C14C1444682F510843A9988
C:\Windows\system32\drivers\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\yk62x64.sys B3EEACF62445E24FBB2CD4B0FB4DB026

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-28 11:43 - 2013-12-28 11:43 - 00000000 ____D C:\Users\Lisa\Desktop\FRST-OlderVersion
2013-12-28 09:23 - 2013-12-28 09:27 - 00021638 _____ C:\Windows\iis7.log
2013-12-28 09:22 - 2013-12-28 09:22 - 00000000 ____D C:\Windows\SysWOW64\BestPractices
2013-12-28 09:22 - 2013-12-28 09:22 - 00000000 ____D C:\Windows\system32\BestPractices
2013-12-28 09:22 - 2013-12-28 09:22 - 00000000 ____D C:\inetpub
2013-12-28 09:07 - 2013-12-28 09:07 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-12-27 17:41 - 2013-12-27 17:41 - 00819152 _____ (Google Inc.) C:\Users\Lisa\Downloads\GoogleEarthSetup (3).exe
2013-12-27 15:52 - 2013-12-28 09:17 - 00006680 _____ C:\Users\Lisa\Desktop\Rkill.txt
2013-12-27 14:58 - 2013-12-28 09:15 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-12-27 12:57 - 2013-12-27 17:15 - 00000000 ____D C:\Users\Lisa\Desktop\tdsskiller
2013-12-27 12:01 - 2013-12-27 12:01 - 00043187 _____ C:\Users\Lisa\Desktop\Addition.txt
2013-12-27 12:00 - 2013-12-28 11:44 - 00047937 _____ C:\Users\Lisa\Desktop\FRST.txt
2013-12-27 12:00 - 2013-12-28 11:43 - 01931176 _____ (Farbar) C:\Users\Lisa\Desktop\FRST64.exe
2013-12-27 12:00 - 2013-12-28 11:43 - 00000000 ____D C:\FRST
2013-12-27 11:49 - 2013-12-27 11:49 - 00056540 _____ C:\ComboFix.txt
2013-12-27 11:17 - 2013-12-27 14:06 - 00000000 ____D C:\Program Files\HitmanPro
2013-12-27 11:16 - 2013-12-27 11:14 - 10264904 _____ (SurfRight B.V.) C:\Users\Lisa\Desktop\hitmanpro_x64.exe
2013-12-27 11:12 - 2013-12-27 14:58 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-27 11:04 - 2013-12-27 10:40 - 02959376 _____ (Microsoft Corporation) C:\Users\Lisa\Desktop\dotnetfx35setup.exe
2013-12-26 13:04 - 2013-12-26 13:04 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\AVAST Software
2013-12-26 13:03 - 2013-12-27 11:34 - 00002222 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-12-26 13:03 - 2013-12-26 13:03 - 00002032 _____ C:\Users\Public\Desktop\avast! SafeZone.lnk
2013-12-26 13:02 - 2013-12-27 13:18 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-26 13:02 - 2013-12-26 13:02 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-26 13:02 - 2013-12-26 13:01 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-26 13:02 - 2013-12-26 13:01 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-26 13:02 - 2013-12-26 13:01 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-26 13:02 - 2013-12-26 13:01 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-26 13:02 - 2013-12-26 13:01 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-26 13:02 - 2013-12-26 13:01 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-26 13:02 - 2013-12-26 13:01 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2013-12-26 13:01 - 2013-12-26 13:01 - 00439648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2013-12-26 13:01 - 2013-12-26 13:01 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-26 13:01 - 2013-12-26 13:01 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-26 12:58 - 2013-12-26 12:58 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-26 12:55 - 2013-12-26 12:55 - 00000000 ____D C:\Users\Lisa\Desktop\avast
2013-12-26 12:55 - 2013-12-26 12:55 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-25 15:57 - 2013-11-26 05:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-25 15:57 - 2013-11-26 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-25 15:57 - 2013-11-26 04:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-25 15:57 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-25 15:57 - 2013-11-26 03:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-25 15:57 - 2013-11-26 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-25 15:57 - 2013-11-26 03:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-25 15:57 - 2013-11-26 03:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-25 15:57 - 2013-11-26 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-25 15:57 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-25 15:57 - 2013-11-26 03:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-25 15:57 - 2013-11-26 03:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-25 15:57 - 2013-11-26 03:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-25 15:57 - 2013-11-26 03:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-25 15:57 - 2013-11-26 02:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-25 15:57 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-25 15:57 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-25 15:57 - 2013-11-26 02:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-25 15:57 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-25 15:57 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-25 15:57 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-25 15:57 - 2013-11-26 02:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-25 15:57 - 2013-11-26 01:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-25 15:57 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-25 15:57 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-25 15:57 - 2013-11-26 01:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-25 15:57 - 2013-11-26 00:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-25 15:57 - 2013-11-26 00:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-25 15:57 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-25 15:57 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-25 15:57 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-25 14:53 - 2013-12-27 17:23 - 00000000 ____D C:\Users\Lisa\Desktop\PDF FILES
2013-12-25 14:28 - 2013-12-25 14:28 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-25 14:10 - 2013-12-25 14:10 - 00000000 ____D C:\Users\Lisa\AppData\Local\ShoppingAssistant
2013-12-25 13:56 - 2013-12-25 14:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 13:56 - 2013-12-25 13:56 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Malwarebytes
2013-12-25 13:56 - 2013-12-25 13:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-25 13:56 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-25 13:56 - 2010-11-29 17:42 - 00038224 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2013-12-25 13:42 - 2013-12-25 13:42 - 00000000 ____D C:\Windows\SysWOW64\SearchProtect
2013-12-25 13:09 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-25 13:09 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-25 13:09 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-25 13:09 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-25 13:09 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-25 13:09 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-25 13:09 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-25 13:08 - 2011-12-19 13:46 - 00000034 _____ C:\Users\Lisa\Desktop\MWB.txt
2013-12-25 13:07 - 2013-12-27 11:49 - 00000000 ____D C:\Qoobox
2013-12-25 13:07 - 2013-12-27 11:47 - 00000000 ____D C:\Windows\erdnt
2013-12-25 12:39 - 2013-12-17 12:47 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Lisa\Desktop\rkill.exe
2013-12-25 12:13 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-25 12:06 - 2013-12-25 12:06 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-25 12:06 - 2013-12-25 12:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-25 12:06 - 2013-12-25 12:06 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-25 12:06 - 2013-12-25 12:06 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-25 12:06 - 2013-12-25 12:06 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-25 12:06 - 2013-12-25 12:06 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-25 12:06 - 2013-12-25 12:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-25 12:02 - 2013-12-25 12:13 - 00009741 _____ C:\Windows\IE11_main.log
2013-12-16 12:29 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-16 12:29 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-16 12:29 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-16 12:29 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 19:04 - 2013-11-11 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 19:04 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 19:02 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 19:02 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 19:02 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 19:02 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 19:02 - 2013-10-29 19:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 19:02 - 2013-10-18 20:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 19:02 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 19:02 - 2013-10-03 20:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 19:02 - 2013-10-03 19:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 18:59 - 2013-10-11 20:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 18:59 - 2013-10-11 20:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 18:59 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 18:59 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 18:59 - 2013-10-11 19:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 18:59 - 2013-10-11 19:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 18:59 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 18:59 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 18:40 - 2013-12-11 18:40 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-10 11:53 - 2013-12-25 13:42 - 00000000 ____D C:\Users\Lisa\AppData\Local\SearchProtect

==================== One Month Modified Files and Folders =======

2013-12-28 11:44 - 2013-12-27 12:00 - 00047937 _____ C:\Users\Lisa\Desktop\FRST.txt
2013-12-28 11:43 - 2013-12-28 11:43 - 00000000 ____D C:\Users\Lisa\Desktop\FRST-OlderVersion
2013-12-28 11:43 - 2013-12-27 12:00 - 01931176 _____ (Farbar) C:\Users\Lisa\Desktop\FRST64.exe
2013-12-28 11:43 - 2013-12-27 12:00 - 00000000 ____D C:\FRST
2013-12-28 11:43 - 2010-10-11 00:06 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Dropbox
2013-12-28 11:43 - 2010-05-04 22:56 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Skype
2013-12-28 11:42 - 2010-10-11 00:08 - 00000000 ___RD C:\Users\Lisa\Documents\My Dropbox
2013-12-28 11:42 - 2010-05-04 22:56 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-28 11:40 - 2010-03-23 02:26 - 00767778 _____ C:\Windows\PFRO.log
2013-12-28 11:40 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-28 11:40 - 2009-07-13 22:51 - 02689485 _____ C:\Windows\setupact.log
2013-12-28 11:39 - 2012-03-03 15:54 - 00000000 ____D C:\Program Files (x86)\Productivity_3.1
2013-12-28 09:37 - 2012-10-27 22:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-28 09:27 - 2013-12-28 09:23 - 00021638 _____ C:\Windows\iis7.log
2013-12-28 09:27 - 2011-05-08 15:43 - 00819666 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-28 09:27 - 2009-07-13 23:13 - 00863220 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-28 09:22 - 2013-12-28 09:22 - 00000000 ____D C:\Windows\SysWOW64\BestPractices
2013-12-28 09:22 - 2013-12-28 09:22 - 00000000 ____D C:\Windows\system32\BestPractices
2013-12-28 09:22 - 2013-12-28 09:22 - 00000000 ____D C:\inetpub
2013-12-28 09:22 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2013-12-28 09:22 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\inetsrv
2013-12-28 09:19 - 2010-10-19 19:05 - 00002415 _____ C:\Users\Lisa\Desktop\s Quick Connect.lnk
2013-12-28 09:17 - 2013-12-27 15:52 - 00006680 _____ C:\Users\Lisa\Desktop\Rkill.txt
2013-12-28 09:15 - 2013-12-27 14:58 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-12-28 09:07 - 2013-12-28 09:07 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-12-27 17:56 - 2010-03-23 02:24 - 01274600 _____ C:\Windows\WindowsUpdate.log
2013-12-27 17:41 - 2013-12-27 17:41 - 00819152 _____ (Google Inc.) C:\Users\Lisa\Downloads\GoogleEarthSetup (3).exe
2013-12-27 17:40 - 2010-05-04 22:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-27 17:23 - 2013-12-25 14:53 - 00000000 ____D C:\Users\Lisa\Desktop\PDF FILES
2013-12-27 17:18 - 2011-05-08 15:44 - 00001945 _____ C:\Windows\epplauncher.mif
2013-12-27 17:15 - 2013-12-27 12:57 - 00000000 ____D C:\Users\Lisa\Desktop\tdsskiller
2013-12-27 17:06 - 2010-09-13 19:36 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4030728106-2350430166-202763514-1001UA.job
2013-12-27 16:58 - 2011-09-11 15:56 - 00000372 _____ C:\Windows\Tasks\WpsUpdateTask_Lisa.job
2013-12-27 16:25 - 2011-11-24 03:16 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLisa
2013-12-27 16:25 - 2011-11-24 03:16 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForLisa.job
2013-12-27 15:58 - 2010-06-10 19:55 - 00000000 ____D C:\Users\Lisa\AppData\Local\CrashDumps
2013-12-27 15:45 - 2010-05-04 15:36 - 00000000 ___RD C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-27 15:12 - 2009-07-13 22:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-27 15:12 - 2009-07-13 22:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-27 14:58 - 2013-12-27 11:12 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-27 14:53 - 2010-08-06 23:59 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{16536A42-0B6B-4824-8DF7-087AECC3A953}
2013-12-27 14:43 - 2013-10-25 19:19 - 00003364 _____ C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2013-12-27 14:06 - 2013-12-27 11:17 - 00000000 ____D C:\Program Files\HitmanPro
2013-12-27 14:04 - 2011-06-25 21:34 - 00000000 ____D C:\Program Files (x86)\FVDIEPlugin
2013-12-27 14:04 - 2011-05-28 16:28 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\go
2013-12-27 13:18 - 2013-12-26 13:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-27 12:53 - 2010-08-26 12:57 - 00000000 ____D C:\Windows\pss
2013-12-27 12:47 - 2010-08-02 12:51 - 00000000 ____D C:\ProgramData\WinZip
2013-12-27 12:47 - 2010-05-04 15:01 - 00000000 ____D C:\Users\Lisa
2013-12-27 12:01 - 2013-12-27 12:01 - 00043187 _____ C:\Users\Lisa\Desktop\Addition.txt
2013-12-27 11:49 - 2013-12-27 11:49 - 00056540 _____ C:\ComboFix.txt
2013-12-27 11:49 - 2013-12-25 13:07 - 00000000 ____D C:\Qoobox
2013-12-27 11:49 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Default
2013-12-27 11:47 - 2013-12-25 13:07 - 00000000 ____D C:\Windows\erdnt
2013-12-27 11:47 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2013-12-27 11:34 - 2013-12-26 13:03 - 00002222 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-12-27 11:31 - 2010-05-26 00:01 - 00000000 ____D C:\Program Files (x86)\Graboid
2013-12-27 11:30 - 2011-05-25 23:54 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-12-27 11:14 - 2013-12-27 11:16 - 10264904 _____ (SurfRight B.V.) C:\Users\Lisa\Desktop\hitmanpro_x64.exe
2013-12-27 10:40 - 2013-12-27 11:04 - 02959376 _____ (Microsoft Corporation) C:\Users\Lisa\Desktop\dotnetfx35setup.exe
2013-12-26 14:50 - 2012-06-13 22:28 - 00000000 ____D C:\Program Files (x86)\1ClickDownload
2013-12-26 13:04 - 2013-12-26 13:04 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\AVAST Software
2013-12-26 13:03 - 2013-12-26 13:03 - 00002032 _____ C:\Users\Public\Desktop\avast! SafeZone.lnk
2013-12-26 13:02 - 2013-12-26 13:02 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-26 13:01 - 2013-12-26 13:02 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-26 13:01 - 2013-12-26 13:02 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-26 13:01 - 2013-12-26 13:02 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-26 13:01 - 2013-12-26 13:02 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-26 13:01 - 2013-12-26 13:02 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-26 13:01 - 2013-12-26 13:02 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-26 13:01 - 2013-12-26 13:02 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2013-12-26 13:01 - 2013-12-26 13:01 - 00439648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2013-12-26 13:01 - 2013-12-26 13:01 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-26 13:01 - 2013-12-26 13:01 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-26 12:58 - 2013-12-26 12:58 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-26 12:55 - 2013-12-26 12:55 - 00000000 ____D C:\Users\Lisa\Desktop\avast
2013-12-26 12:55 - 2013-12-26 12:55 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-26 12:10 - 2012-01-28 12:00 - 00000000 ____D C:\Program Files\Smart PDF Converter
2013-12-26 12:06 - 2011-01-06 01:37 - 00000000 ____D C:\Users\Lisa\AppData\Local\Conduit
2013-12-26 12:03 - 2010-03-23 02:53 - 00000000 ____D C:\ProgramData\Norton
2013-12-26 12:02 - 2010-09-13 19:36 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4030728106-2350430166-202763514-1001Core.job
2013-12-26 11:58 - 2010-05-24 13:17 - 00000000 ____D C:\Program Files (x86)\Skyhook Wireless
2013-12-25 15:21 - 2011-01-25 11:13 - 00000000 ____D C:\FREEPLAN
2013-12-25 15:19 - 2010-08-21 22:51 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Sammsoft
2013-12-25 15:11 - 2010-10-24 13:54 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-12-25 15:11 - 2010-05-04 22:56 - 00000000 ____D C:\Program Files\Google
2013-12-25 15:11 - 2010-05-04 22:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-25 15:11 - 2009-10-30 21:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-25 15:09 - 2013-10-16 08:42 - 00000000 ____D C:\ProgramData\Conduit
2013-12-25 15:09 - 2013-10-16 08:38 - 00000000 ____D C:\ProgramData\DSearchLink
2013-12-25 15:09 - 2013-10-16 08:37 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\PerformerSoft
2013-12-25 15:09 - 2013-09-14 01:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-12-25 15:09 - 2013-06-05 11:50 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2013-12-25 15:09 - 2012-09-20 14:28 - 00000000 ____D C:\Program Files (x86)\AppGraffiti
2013-12-25 15:09 - 2012-03-29 01:25 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Systweak
2013-12-25 15:01 - 2013-11-26 16:54 - 00003118 _____ C:\Windows\System32\Tasks\PC Performer
2013-12-25 14:55 - 2010-11-07 22:09 - 00000000 ____D C:\Program Files (x86)\WinAce
2013-12-25 14:28 - 2013-12-25 14:28 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-25 14:28 - 2013-12-25 13:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 14:26 - 2011-03-13 19:56 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Uniblue
2013-12-25 14:24 - 2010-10-24 13:54 - 00000000 ____D C:\ProgramData\Yahoo!
2013-12-25 14:22 - 2013-10-16 08:38 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Yandex
2013-12-25 14:19 - 2013-10-16 08:39 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-12-25 14:19 - 2010-05-04 22:56 - 00000000 ____D C:\Users\Lisa\AppData\Local\Google
2013-12-25 14:19 - 2010-05-04 22:56 - 00000000 ____D C:\ProgramData\Google
2013-12-25 14:11 - 2012-06-13 23:08 - 00000000 ____D C:\Program Files (x86)\SweetIM
2013-12-25 14:10 - 2013-12-25 14:10 - 00000000 ____D C:\Users\Lisa\AppData\Local\ShoppingAssistant
2013-12-25 14:04 - 2011-03-13 18:57 - 00000000 ____D C:\ProgramData\Transparent
2013-12-25 13:56 - 2013-12-25 13:56 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Malwarebytes
2013-12-25 13:56 - 2013-12-25 13:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-25 13:42 - 2013-12-25 13:42 - 00000000 ____D C:\Windows\SysWOW64\SearchProtect
2013-12-25 13:42 - 2013-12-10 11:53 - 00000000 ____D C:\Users\Lisa\AppData\Local\SearchProtect
2013-12-25 13:33 - 2013-11-18 21:00 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-12-25 13:30 - 2010-05-24 13:17 - 00000258 __RSH C:\ProgramData\ntuser.pol
2013-12-25 13:28 - 2009-07-13 20:34 - 97255424 _____ C:\Windows\system32\config\software.bak
2013-12-25 13:28 - 2009-07-13 20:34 - 23855104 _____ C:\Windows\system32\config\system.bak
2013-12-25 13:28 - 2009-07-13 20:34 - 00786432 _____ C:\Windows\system32\config\default.bak
2013-12-25 13:28 - 2009-07-13 20:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-12-25 13:28 - 2009-07-13 20:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-12-25 13:07 - 2009-07-13 23:08 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-25 12:27 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-25 12:26 - 2011-11-27 03:16 - 00001413 _____ C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-25 12:18 - 2009-07-13 22:45 - 00489256 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-25 12:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-25 12:13 - 2013-12-25 12:02 - 00009741 _____ C:\Windows\IE11_main.log
2013-12-25 12:06 - 2013-12-25 12:06 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-25 12:06 - 2013-12-25 12:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-25 12:06 - 2013-12-25 12:06 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-25 12:06 - 2013-12-25 12:06 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-25 12:06 - 2013-12-25 12:06 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-25 12:06 - 2013-12-25 12:06 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-25 12:06 - 2013-12-25 12:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-25 12:06 - 2013-12-25 12:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-25 12:06 - 2013-12-25 12:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-25 12:02 - 2013-07-14 02:01 - 00000000 ____D C:\Windows\system32\MRT
2013-12-25 11:54 - 2010-07-04 10:57 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-17 12:47 - 2013-12-25 12:39 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Lisa\Desktop\rkill.exe
2013-12-16 12:28 - 2009-10-30 22:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-16 11:47 - 2010-05-04 15:41 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\HpUpdate
2013-12-11 19:03 - 2012-03-27 18:00 - 00000842 _____ C:\Windows\SysWOW64\AppLog.log
2013-12-11 18:40 - 2013-12-11 18:40 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-10 13:58 - 2010-08-21 18:06 - 00000000 ____D C:\Users\Lisa\AppData\Local\Citrix
2013-12-10 11:57 - 2010-09-13 19:36 - 00003872 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4030728106-2350430166-202763514-1001UA
2013-12-10 11:57 - 2010-09-13 19:36 - 00003476 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4030728106-2350430166-202763514-1001Core
2013-12-08 00:35 - 2010-05-04 22:56 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-08 00:35 - 2010-05-04 22:56 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-05 23:01 - 2010-07-28 21:25 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-25 15:40

==================== End Of Log ============================



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:57 PM

Posted 29 December 2013 - 04:27 PM

Hi,

 

 

You have a lot of crapware...

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 trinitydigital

trinitydigital
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 30 December 2013 - 10:24 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-12-2013 01
Ran by Lisa at 2013-12-30 09:14:49 Run:1
Running from C:\Users\Lisa\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] - [x]
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} URL = http://dts.search-results.com/sr?src=ieb&appid=173&systemid=431&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} URL = http://dts.search-results.com/sr?src=ieb&appid=173&systemid=431&sr=0&q={searchTerms}
SearchScopes: HKLM - {B1880777-7432-4176-BC7F-35ECEA387ABD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {19a733b4-76ad-4d67-8e3e-54f4de06bc85} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm896YYus&ptb=9ADEFE34-A4EF-4548-82F7-D1CE4983C903&psa=&ind=2011060110&ptnrS=ZUxdm896YYus&si=ry555&st=sb&n=77de578e&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} URL = http://dts.search-results.com/sr?src=ieb&appid=173&systemid=431&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3065694
SearchScopes: HKLM-x32 - {B1880777-7432-4176-BC7F-35ECEA387ABD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={0A65C90D-B5DF-11E1-AF2E-C80AA944FAC8}
SearchScopes: HKLM-x32 - {F8305D7D-CF69-465a-9003-813C6013A702} URL = http://start.flashvideodownloader.org/result.php?cx=partner-pub-5087362176467115:lyglkqaff6i&cof=FORID:10&ie=ISO-8859-1&sa=Search&q={searchTerms}
SearchScopes: HKLM-x32 - {F8305D7D-CF79-465a-9003-813C6013A702} URL = http://start.flashvideodownloader.org/result.php?cx=partner-pub-5087362176467115:h6z8ss-efx2&cof=FORID:10&ie=ISO-8859-1&sa=Search&q={searchTerms}
SearchScopes: HKCU - {030822DC-7EB3-4A24-8581-1720E8A1D940} URL = http://dts.search-results.com/sr?src=ieb&appid=173&systemid=431&sr=0&q={searchTerms}
SearchScopes: HKCU - {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = browseforchange/search/redirect/?type=default&user_id=1daba5cb-bb99-469a-941a-c304fe80a064&query={searchTerms}
BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Lisa\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Lisa\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
C:\Users\Lisa\AppData\Roaming\Complitly
BHO-x32: No Name - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~2\SITERA~1\SiteRank.dll No File
BHO-x32: 80c8c39c - {20C2CF76-FFD4-899F-DC61-4477BB06D296} -  No File
BHO-x32: 80c8c39c - {21083446-FDC5-DA1C-FE6A-CF0EBC686FA5} -  No File
BHO-x32: No Name - {2A836234-186C-41A0-9863-40BECDEDED9F} -  No File
BHO-x32: Systweak Toolbar - {424e2f9c-eb5b-4b51-87e5-5831781bc515} - C:\Program Files (x86)\Systweak\prxtbSyst.dll (Conduit Ltd.)
C:\Program Files (x86)\Systweak\prxtbSyst.dll
BHO-x32: 80c8c39c - {663CF1F1-81F8-EBD8-A028-46B926FDCE4E} -  No File
BHO-x32: Toolbar BHO - {664a876f-a887-4016-abb7-423f1129d6ca} - C:\PROGRA~2\MYFUNC~2\bar\1.bin\c8bar.dll No File
BHO-x32: 80c8c39c - {79EB4A07-7E68-E8E9-5831-DB325EB5CC1C} -  No File
BHO-x32: Smiley Bar for Facebook - {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - C:\Program Files (x86)\Smiley Bar for Facebook\ScriptHost.dll No File
BHO-x32: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll No File
BHO-x32: Search Assistant BHO - {a53d3e99-2d75-4752-a2b4-b2c727d7df8c} - C:\Program Files (x86)\MyFunCardsbarIE\bar\1.bin\c8SrcAs.dll No File
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO-x32: Updater For Simppull Toolbar - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll No File
BHO-x32: No Name - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -  No File
BHO-x32: No Name - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} -  No File
BHO-x32: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -  No File
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - MyFunCards - {4b3b7746-935c-48e9-95cd-a855419cdef0} - C:\Program Files (x86)\MyFunCardsbarIE\bar\1.bin\c8bar.dll No File
Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} -  No File
Toolbar: HKLM-x32 - Systweak Toolbar - {424e2f9c-eb5b-4b51-87e5-5831781bc515} - C:\Program Files (x86)\Systweak\prxtbSyst.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKCU - No Name - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKCU - No Name - {90EEE664-34B1-422A-A782-779AF65CDF6D} -  No File
Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} -  No File
Toolbar: HKCU - No Name - {B80F591E-FE9A-46CF-A13E-180377240586} -  No File
Toolbar: HKCU - No Name - {795828A9-F271-43A8-8536-4484BB991D3D} -  No File
Toolbar: HKCU - No Name - {9565115D-C7D6-46D3-BD63-B67B481A4368} -  No File
Toolbar: HKCU - No Name - {EAF74B81-D41B-495C-8A59-1AFE89FC5A82} -  No File
Toolbar: HKCU - No Name - {424E2F9C-EB5B-4B51-87E5-5831781BC515} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.768.dll No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
FF SelectedSearchEngine: NCH Customized Web Search
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q=
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\bProtect.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\inbox-search.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\mywebsearch.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\search-here.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\web-search-powered-by-google.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\yandex.ru-093940.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober767652262.xml
FF Extension: 1Click Downloader - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\Extensions\OneClickDownloader@OneClickDownloader.com.xpi
FF Extension: Yontoo - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\Extensions\plugin@yontoo.com.xpi
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF Extension: onetab - C:\Program Files (x86)\Mozilla Firefox\extensions\onetab@onetab.net
FF HKLM-x32\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF Extension: Smiley Bar for Facebook - C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF HKCU\...\Firefox\Extensions: [{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}] - C:\Program Files (x86)\PriceGong\2.1.0\FF
FF HKCU\...\Firefox\Extensions: [specialsavings@superfish.com] - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles/up4kkm2d.default\extensions\specialsavings@superfish.com
FF HKCU\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF Extension: Smiley Bar for Facebook - C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
CHR DefaultSearchKeyword: search.conduit.com
CHR DefaultSearchProvider: Conduit
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN14117570222276824&ctid=CT3267244&UM=2
CHR HKLM-x32\...\Chrome\Extension: [cbnocfnjkmlljbfgpkbhefnlpbiemhif] - C:\Users\Lisa\AppData\Roaming\OneTab\OneTab.crx
CHR HKLM-x32\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\Lisa\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx
CHR HKLM-x32\...\Chrome\Extension: [dhdepfaagokllfmhfbcfmocaeigmoebo] - C:\Users\Lisa\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [dhoigiahaahldpgnbbimfecackdgccna] - C:\Users\Lisa\AppData\Local\CRE\dhoigiahaahldpgnbbimfecackdgccna.crx
CHR HKLM-x32\...\Chrome\Extension: [dlfienamagdnkekbbbocojppncdambda] - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [fojnkghiggpfagjciliabphpgnbmehjf] - C:\Users\Lisa\AppData\Local\Temp\ccex.crx
CHR HKLM-x32\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - C:\Users\Lisa\AppData\Roaming\StatusWinks\statuswinks.crx
CHR HKLM-x32\...\Chrome\Extension: [iolllphbfidpiigenecjjflaefapfnef] - C:\Users\Lisa\AppData\Local\CRE\iolllphbfidpiigenecjjflaefapfnef.crx
CHR HKLM-x32\...\Chrome\Extension: [jainjonnknhmbbkibcbmhihbopigapdm] - C:\Program Files (x86)\Lizardlink\jainjonnknhmbbkibcbmhihbopigapdm.crx
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM-x32\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files (x86)\1ClickDownload\1click12.crx
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Lisa\AppData\Local\Temp\YontooLayers.crx
CHR HKLM-x32\...\Chrome\Extension: [nkcpopggjcjkiicpenikeogioednjeac] - C:\Users\Lisa\AppData\Local\Temp\nkcpopggjcjkiicpenikeogioednjeac.crx
CHR HKLM-x32\...\Chrome\Extension: [ollhcmlejlencfgmgnihgapkpbflogkh] - C:\Users\Lisa\AppData\Local\CRE\ollhcmlejlencfgmgnihgapkpbflogkh.crx
S4 MyFunCardsbarIEService; C:\Program Files (x86)\MyFunCardsbarIE\bar\1.bin\c8barsvc.exe [28766 2011-03-14] (MyFunCards)
S2 myAgtSvc; "C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" /ServiceStart [x]
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 deahbmuf; \??\C:\Windows\system32\drivers\deahbmuf.sys [x]
S1 edjyvwxt; \??\C:\Windows\system32\drivers\edjyvwxt.sys [x]
2013-12-10 11:53 - 2013-12-25 13:42 - 00000000 ____D C:\Users\Lisa\AppData\Local\SearchProtect
2013-12-26 14:50 - 2012-06-13 22:28 - 00000000 ____D C:\Program Files (x86)\1ClickDownload
2013-12-26 12:06 - 2011-01-06 01:37 - 00000000 ____D C:\Users\Lisa\AppData\Local\Conduit
2013-12-25 15:09 - 2013-10-16 08:42 - 00000000 ____D C:\ProgramData\Conduit
2013-12-25 15:09 - 2013-10-16 08:38 - 00000000 ____D C:\ProgramData\DSearchLink
2013-12-25 15:09 - 2013-10-16 08:37 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\PerformerSoft
2013-12-25 15:09 - 2013-09-14 01:00 - 00000000 ____D C:\ProgramData\BitGuard
2013-12-25 15:09 - 2013-06-05 11:50 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2013-12-25 15:09 - 2012-09-20 14:28 - 00000000 ____D C:\Program Files (x86)\AppGraffiti
2013-12-25 15:09 - 2012-03-29 01:25 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Systweak
2013-12-25 15:01 - 2013-11-26 16:54 - 00003118 _____ C:\Windows\System32\Tasks\PC Performer
2013-12-25 14:26 - 2011-03-13 19:56 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Uniblue
2013-12-25 14:22 - 2013-10-16 08:38 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Yandex
2013-12-25 14:19 - 2013-10-16 08:39 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-12-25 14:11 - 2012-06-13 23:08 - 00000000 ____D C:\Program Files (x86)\SweetIM
2013-12-25 14:10 - 2013-12-25 14:10 - 00000000 ____D C:\Users\Lisa\AppData\Local\ShoppingAssistant
2013-12-25 13:42 - 2013-12-25 13:42 - 00000000 ____D C:\Windows\SysWOW64\SearchProtect
2013-12-25 13:42 - 2013-12-10 11:53 - 00000000 ____D C:\Users\Lisa\AppData\Local\SearchProtect
2013-12-25 13:33 - 2013-11-18 21:00 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
C:\Program Files (x86)\Google\Desktop\Install
end
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B1880777-7432-4176-BC7F-35ECEA387ABD} => Key deleted successfully.
HKCR\CLSID\{B1880777-7432-4176-BC7F-35ECEA387ABD} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{19a733b4-76ad-4d67-8e3e-54f4de06bc85} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{19a733b4-76ad-4d67-8e3e-54f4de06bc85} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B1880777-7432-4176-BC7F-35ECEA387ABD} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B1880777-7432-4176-BC7F-35ECEA387ABD} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F8305D7D-CF69-465a-9003-813C6013A702} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F8305D7D-CF79-465a-9003-813C6013A702} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{030822DC-7EB3-4A24-8581-1720E8A1D940} => Key deleted successfully.
HKCR\CLSID\{030822DC-7EB3-4A24-8581-1720E8A1D940} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} => Key deleted successfully.
HKCR\CLSID\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0} => Key deleted successfully.
HKCR\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0} => Key deleted successfully.
C:\Users\Lisa\AppData\Roaming\Complitly => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20C2CF76-FFD4-899F-DC61-4477BB06D296} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{20C2CF76-FFD4-899F-DC61-4477BB06D296} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21083446-FDC5-DA1C-FE6A-CF0EBC686FA5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{21083446-FDC5-DA1C-FE6A-CF0EBC686FA5} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A836234-186C-41A0-9863-40BECDEDED9F} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2A836234-186C-41A0-9863-40BECDEDED9F} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{424e2f9c-eb5b-4b51-87e5-5831781bc515} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{424e2f9c-eb5b-4b51-87e5-5831781bc515} => Key deleted successfully.
"C:\Program Files (x86)\Systweak\prxtbSyst.dll" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{663CF1F1-81F8-EBD8-A028-46B926FDCE4E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{663CF1F1-81F8-EBD8-A028-46B926FDCE4E} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{664a876f-a887-4016-abb7-423f1129d6ca} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{664a876f-a887-4016-abb7-423f1129d6ca} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79EB4A07-7E68-E8E9-5831-DB325EB5CC1C} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{79EB4A07-7E68-E8E9-5831-DB325EB5CC1C} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a53d3e99-2d75-4752-a2b4-b2c727d7df8c} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{a53d3e99-2d75-4752-a2b4-b2c727d7df8c} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C4B8BAB4-1667-11DF-A242-BA9455D89593} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4E6BF2A-1667-11DF-A01F-1F9655D89593} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E4E6BF2A-1667-11DF-A01F-1F9655D89593} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4b3b7746-935c-48e9-95cd-a855419cdef0} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{4b3b7746-935c-48e9-95cd-a855419cdef0} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{06C7AD57-B655-418D-9AB8-9526A6D2E052} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{06C7AD57-B655-418D-9AB8-9526A6D2E052} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{424e2f9c-eb5b-4b51-87e5-5831781bc515} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{424e2f9c-eb5b-4b51-87e5-5831781bc515} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => Value deleted successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => Value deleted successfully.
HKCR\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} => Value deleted successfully.
HKCR\CLSID\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} => Value deleted successfully.
HKCR\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{90EEE664-34B1-422A-A782-779AF65CDF6D} => Value deleted successfully.
HKCR\CLSID\{90EEE664-34B1-422A-A782-779AF65CDF6D} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} => Value deleted successfully.
HKCR\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B80F591E-FE9A-46CF-A13E-180377240586} => Value deleted successfully.
HKCR\CLSID\{B80F591E-FE9A-46CF-A13E-180377240586} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{795828A9-F271-43A8-8536-4484BB991D3D} => Value deleted successfully.
HKCR\CLSID\{795828A9-F271-43A8-8536-4484BB991D3D} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9565115D-C7D6-46D3-BD63-B67B481A4368} => Value deleted successfully.
HKCR\CLSID\{9565115D-C7D6-46D3-BD63-B67B481A4368} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EAF74B81-D41B-495C-8A59-1AFE89FC5A82} => Value deleted successfully.
HKCR\CLSID\{EAF74B81-D41B-495C-8A59-1AFE89FC5A82} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{424E2F9C-EB5B-4B51-87E5-5831781BC515} => Value deleted successfully.
HKCR\CLSID\{424E2F9C-EB5B-4B51-87E5-5831781BC515} => Key not found.
HKCR\PROTOCOLS\Handler\dssrequest => Key deleted successfully.
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found.
HKCR\PROTOCOLS\Handler\myrm => Key deleted successfully.
HKCR\CLSID\{4D034FC3-013F-4b95-B544-44D49ABE3E76} => Key not found.
HKCR\PROTOCOLS\Handler\sacore => Key deleted successfully.
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\dssrequest => Key not found.
HKCR\Wow6432Node\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\myrm => Key not found.
HKCR\Wow6432Node\CLSID\{4D034FC3-013F-4b95-B544-44D49ABE3E76} => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\sacore => Key not found.
HKCR\Wow6432Node\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\babylon.xml => Moved successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\bingp.xml => Moved successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\bProtect.xml => Moved successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\conduit-search.xml => Moved successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\conduit.xml => Moved successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\inbox-search.xml => Moved successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\MyStart Search.xml => Moved successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\mywebsearch.xml => Moved successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\search-here.xml => Moved successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\Search_Results.xml => Moved successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\sweetim.xml => Moved successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\web-search-powered-by-google.xml => Moved successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\searchplugins\yandex.ru-093940.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober767652262.xml => Moved successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\Extensions\OneClickDownloader@OneClickDownloader.com.xpi => Moved successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\Extensions\plugin@yontoo.com.xpi => Moved successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\onetab@onetab.net => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\statuswinks@StatusWinks => Value deleted successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks => Moved successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} => Value deleted successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\specialsavings@superfish.com => Value deleted successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\statuswinks@StatusWinks => Value deleted successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks not found.
CHR DefaultSearchKeyword: search.conduit.com ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Conduit ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN14117570222276824&ctid=CT3267244&UM=2 ==> The Chrome "Settings" can be used to fix the entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cbnocfnjkmlljbfgpkbhefnlpbiemhif => Key deleted successfully.
C:\Users\Lisa\AppData\Roaming\OneTab\OneTab.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cgiaikfpllchefojlnehlmpekeogihnm => Key deleted successfully.
C:\Users\Lisa\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo => Key deleted successfully.
"C:\Users\Lisa\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb => Key deleted successfully.
"C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhoigiahaahldpgnbbimfecackdgccna => Key deleted successfully.
C:\Users\Lisa\AppData\Local\CRE\dhoigiahaahldpgnbbimfecackdgccna.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda => Key deleted successfully.
"C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fojnkghiggpfagjciliabphpgnbmehjf => Key deleted successfully.
"C:\Users\Lisa\AppData\Local\Temp\ccex.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hgojaaaiddhmiiakpejiklijbalpckih => Key deleted successfully.
C:\Users\Lisa\AppData\Roaming\StatusWinks\statuswinks.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iolllphbfidpiigenecjjflaefapfnef => Key deleted successfully.
C:\Users\Lisa\AppData\Local\CRE\iolllphbfidpiigenecjjflaefapfnef.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jainjonnknhmbbkibcbmhihbopigapdm => Key deleted successfully.
"C:\Program Files (x86)\Lizardlink\jainjonnknhmbbkibcbmhihbopigapdm.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn => Key deleted successfully.
C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh => Key deleted successfully.
"C:\Program Files (x86)\1ClickDownload\1click12.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc => Key deleted successfully.
"C:\Users\Lisa\AppData\Local\Temp\YontooLayers.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nkcpopggjcjkiicpenikeogioednjeac => Key deleted successfully.
"C:\Users\Lisa\AppData\Local\Temp\nkcpopggjcjkiicpenikeogioednjeac.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ollhcmlejlencfgmgnihgapkpbflogkh => Key deleted successfully.
C:\Users\Lisa\AppData\Local\CRE\ollhcmlejlencfgmgnihgapkpbflogkh.crx => Moved successfully.
MyFunCardsbarIEService => Service deleted successfully.
myAgtSvc => Service deleted successfully.
MPFP => Service deleted successfully.
catchme => Service deleted successfully.
deahbmuf => Service deleted successfully.
edjyvwxt => Service deleted successfully.
C:\Users\Lisa\AppData\Local\SearchProtect => Moved successfully.
"C:\Program Files (x86)\1ClickDownload" => File/Directory not found.
C:\Users\Lisa\AppData\Local\Conduit => Moved successfully.
C:\ProgramData\Conduit => Moved successfully.
C:\ProgramData\DSearchLink => Moved successfully.
C:\Users\Lisa\AppData\Roaming\PerformerSoft => Moved successfully.
C:\ProgramData\BitGuard => Moved successfully.
C:\Windows\SysWOW64\WNLT => Moved successfully.
"C:\Program Files (x86)\AppGraffiti" => File/Directory not found.
C:\Users\Lisa\AppData\Roaming\Systweak => Moved successfully.
C:\Windows\System32\Tasks\PC Performer => Moved successfully.
C:\Users\Lisa\AppData\Roaming\Uniblue => Moved successfully.
C:\Users\Lisa\AppData\Roaming\Yandex => Moved successfully.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
"C:\Program Files (x86)\SweetIM" => File/Directory not found.
C:\Users\Lisa\AppData\Local\ShoppingAssistant => Moved successfully.
C:\Windows\SysWOW64\SearchProtect => Moved successfully.
"C:\Users\Lisa\AppData\Local\SearchProtect" => File/Directory not found.
C:\Windows\System32\Tasks\RegClean Pro => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.


The system needs a manual reboot.

==== End of Fixlog ====



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:57 PM

Posted 30 December 2013 - 10:29 AM

Hello,

 

 

Nice work! :)
Let's check for leftovers.

The most of them should take no more than 5 minutes each.

 

 

 

STEP 1

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
     
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 2




  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3



Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 4




  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and copy and past the results at pastebin.com and post the link to the log in your next reply.




STEP 5



Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 6



Please download AdwCleaner by Xplode and save to your Desktop.


  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#7 trinitydigital

trinitydigital
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 30 December 2013 - 05:05 PM

Replied with logs in pastebin named

RKILL found ZEROACCESS ROOTKIT

 

I tried to follow directions the best I could sir.

 I saw sooo much junk on it.

This was not my computer. A friend of mine asked me to look at it. I did the best I could before I contacted you guys.

 Mine is squeaky clean.

 

 Thanks again for your excellence.



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:57 PM

Posted 30 December 2013 - 05:42 PM

Hello,

 

I need to see the logs.The link you need to give me, is the address in the browser when you pressed the submit button at pastebin.com for each one.

 

Thanks! :)

 

 

Regards,

Georgi


cXfZ4wS.png


#9 trinitydigital

trinitydigital
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 31 December 2013 - 10:56 AM

I've never done that before. My mistake.



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:57 PM

Posted 31 December 2013 - 10:59 AM

Hi, bighat.gif

 

No problems. Take your time. In Bulgaria the New Year will come after 6 hours so I'll catch you tomorrow. snowflake.gif

And I wish you Happy New Year! champagne1.gif

 

Regards,

Georgi


cXfZ4wS.png


#11 trinitydigital

trinitydigital
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 31 December 2013 - 11:07 AM

Thank you. Happy New Year to you. May God bless you.



#12 trinitydigital

trinitydigital
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 01 January 2014 - 12:24 PM

All of them are in one post. They are separated by dividers > *************************************

 

I had posted here: http://pastebin.com/AiRnV2sV

 

If you need me to, I will post individually.

Happy New Year.



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:57 PM

Posted 02 January 2014 - 05:15 AM

Hello,

 

Happy new year to you as well! :)

 

Btw I didn't asked you to delete the entries with RogueKiller. Fortunately they are malicious so there are no problems.

As for MBAM you posted the log from the real-time protection instead of the system scan.

 

Also we should repair a broken service.

 

Now download the following file and save it to your desktop:

RemoteAccess.reg

 

Now double click on it. An information box will pop up asking if you want to merge the information in the file into the registry, click YES.

 

 

And finally, lets run the following tools to make sure there is nothing lurking on the system:

 

 

STEP 1

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.

 

 

 

STEP 2

 

 

Also I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Run ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

 

 

STEP 3

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

 

STEP 4

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

Regards,

Georgi


cXfZ4wS.png


#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:57 PM

Posted 06 January 2014 - 07:22 AM

Hi,

 

Are you still with me?

 

 

Regards,

Georgi


cXfZ4wS.png


#15 trinitydigital

trinitydigital
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 06 January 2014 - 11:45 AM

Yes sir. I sent the last set of them on Friday.

I will send them again here:

HitmanPro 3.7.8.208
www.hitmanpro.com

   Computer name . . . . : LISA-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : Lisa-PC\Lisa
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (23 days left)

   Scan date . . . . . . : 2014-01-03 10:29:41
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 56s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 0

   Objects scanned . . . : 2,152,290
   Files scanned . . . . : 68,927
   Remnants scanned  . . : 741,688 files / 1,341,675 keys

****************************************************************************************************************

C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll.vir    a variant of Win32/Adware.Yontoo.B application
C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\LocalLow\Productivity_3.1\ldrtbProd.dll.vir    a variant of Win32/Toolbar.Conduit.P application
C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\LocalLow\Productivity_3.1\tbProd.dll.vir    a variant of Win32/Toolbar.Conduit.B application
C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\LocalLow\Systweak\ldrtbSyst.dll.vir    a variant of Win32/Toolbar.Conduit.P application
C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\LocalLow\Systweak\tbSyst.dll.vir    a variant of Win32/Toolbar.Conduit.B application
C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\LocalLow\Systweak\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir    a variant of Win32/PriceGong.A application
C:\AdwCleaner\Quarantine\C\Users\Lisa\AppData\Roaming\SeeSimilar02\install_helper.exe.vir    Win32/bProtector.H application
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\ARFC\wrtc.exe.vir    Win32/SweetIM.E application
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\SweetNT.crx.vir    Win32/SweetIM.E application
C:\FRST\Quarantine\plugin@yontoo.com.xpi    Win32/Adware.Yontoo application
C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\24x7desk.64.dll.vir    Win64/24x7Help.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\24x7desk.dll.vir    Win32/24x7Help.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Help.exe.vir    a variant of Win32/24x7Help.B application
C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Hook.dll.vir    Win32/24x7Help.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Hook.exe.vir    Win32/24x7Help.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Hook64.dll.vir    Win64/24x7Help.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Hook64.exe.vir    Win64/24x7Help.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Svc.exe.vir    Win32/24x7Help.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\chrome\queryexplorer.jar.vir    Win32/Adware.OneStep application
C:\Qoobox\Quarantine\C\Program Files (x86)\PriceGong\2.6.4\PriceGong.crx.vir    Win32/PriceGong.B application
C:\Qoobox\Quarantine\C\Program Files (x86)\Savings Sidekick\ButtonUtil.dll.vir    a variant of Win32/Toolbar.CrossRider.G application
C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbarUpdater.exe.vir    Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar.vir    Win32/Adware.Toolbar.Shopper.AD application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll.vir    Win32/Toolbar.SearchSuite.H application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll.vir    a variant of Win32/Toolbar.SearchSuite.C application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll.vir    a variant of Win32/Toolbar.SearchSuite application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll.vir    Win32/Toolbar.SearchSuite application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll.vir    probably a variant of Win32/Toolbar.SearchSuite.D application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll.vir    probably a variant of Win32/Toolbar.SearchSuite.D application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF12.dll.vir    probably a variant of Win32/Toolbar.SearchSuite.D application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF13.dll.vir    probably a variant of Win32/Toolbar.SearchSuite.D application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF14.dll.vir    probably a variant of Win32/Toolbar.SearchSuite.D application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll.vir    probably a variant of Win32/Toolbar.SearchSuite.D application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll.vir    probably a variant of Win32/Toolbar.SearchSuite.D application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll.vir    probably a variant of Win32/Toolbar.SearchSuite.D application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll.vir    probably a variant of Win32/Toolbar.SearchSuite.D application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll.vir    probably a variant of Win32/Toolbar.SearchSuite.D application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll.vir    probably a variant of Win32/Toolbar.SearchSuite.D application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll.vir    probably a variant of Win32/Toolbar.SearchSuite.D application
C:\Qoobox\Quarantine\C\PROGRA~2\MYFUNC~2\bar\1.bin\c8BAr.dll.vir    a variant of Win32/Toolbar.MyWebSearch.W application
C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S2T06NMB\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi    a variant of Win32/PriceGong.A application
C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SOTYBXEW\html_comp[2].htm    Win32/PriceGong.B application
C:\Users\Lisa\AppData\Local\Mozilla\Firefox\Profiles\up4kkm2d.default\Cache\C\93\8F843d01    Win32/PriceGong.B application
C:\Users\Lisa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\7ff8dfd3-46694def    a variant of Java/JShrink.A application
C:\Users\Lisa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3db83733-1cc94f7a    a variant of Java/JShrink.A application
C:\Users\Lisa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\47363e7b-7d0eca3e    a variant of Java/JShrink.A application
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\up4kkm2d.default\extensions\firefox@lizardlink.biz.xpi    Win32/BrowseFox.B application
C:\Users\Lisa\Downloads\ashampoo_anti-malware_1.21_8108.exe    a variant of Win32/Toolbar.Conduit.B application
C:\Users\Lisa\Downloads\cnet_office-convert-pdf-to-jpg-jpeg-tiff-free_exe.exe    a variant of Win32/InstallCore.D application
C:\Users\Lisa\Downloads\cnet_pdftoimage_exe.exe    a variant of Win32/InstallCore.D application
C:\Users\Lisa\Downloads\FreeHideIP-3.8.6.6.Setup (1).exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Lisa\Downloads\FreeHideIP-3.8.6.6.Setup (2).exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Lisa\Downloads\FreeHideIP-3.8.6.6.Setup.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Lisa\Downloads\fTalkV3 (1).exe    Win32/Toolbar.SearchSuite application
C:\Users\Lisa\Downloads\fTalkV3.exe    Win32/Toolbar.SearchSuite application
C:\Users\Lisa\Downloads\GraboidVideoSetup-1.73-complete.exe    Win32/Graboid application
C:\Users\Lisa\Downloads\OffercastInstaller_AVR_U-0087-01-P_ (1).exe    a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\Lisa\Downloads\OffercastInstaller_AVR_U-0087-01-P_.exe    a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\Lisa\Downloads\Productivity_2.exe    a variant of Win32/Toolbar.Conduit.B application
C:\Users\Lisa\Downloads\SolitaireMaster3-dm(2).exe    a variant of Win32/Adware.Trymedia.A application
C:\Users\Lisa\Downloads\SolitaireMaster3-dm(3).exe    a variant of Win32/Adware.Trymedia.A application
C:\Users\Lisa\Downloads\SolitaireMaster3-dm(4).exe    a variant of Win32/Adware.Trymedia.A application
C:\Users\Lisa\Downloads\SolitaireMaster3-dm(5).exe    a variant of Win32/Adware.Trymedia.A application
C:\Users\Lisa\Downloads\SolitaireMaster3-dm.exe    a variant of Win32/Adware.Trymedia.A application

*************************************************************************************************************************************************************************************

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by Lisa on Thu 01/02/2014 at 16:16:36.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4030728106-2350430166-202763514-1001\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4030728106-2350430166-202763514-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_USERS\.DEFAULT\Software\bProtector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\rcpsetup_softonic_728_90_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\rcpsetup_softonic_728_90_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\rcpsetup_softonic_728_90_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\rcpsetup_softonic_728_90_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Lisa\AppData\Roaming\shoppingdaisy"
Successfully deleted: [Folder] "C:\Users\Lisa\appdata\local\blekkotb_031"
Successfully deleted: [Folder] "C:\Users\Lisa\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Lisa\appdata\local\ftalk"
Successfully deleted: [Folder] "C:\Users\Lisa\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Lisa\appdata\locallow\simppulltoolbar"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{01B3C352-0024-450B-BA85-27CC3CC6B4E8}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{02588B5A-0CF7-41AC-976E-9E3FB5C988F5}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{026DB077-9788-452D-AE2A-732324BAA2A1}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{045DA533-8BEC-414F-95B8-D59A7E242FA1}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{0560860C-5CD2-445A-99E8-F7479B055AAE}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{056F3553-C8C9-4086-8E74-406EB2BE2C1A}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{05DEC6BB-0C30-4AE8-A4BE-089030C45044}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{05E22D4E-078B-43C0-8E56-F4374524AEB9}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{07506C97-1492-4697-AB3F-5AF352E1844F}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{075E652D-C01F-4229-9E91-FC7DF89EED0E}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{07859387-C542-43DC-A281-0D36D4176A2A}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{07965D23-B44F-4893-867D-39D054CD2702}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{079CAF77-9A85-448E-8E0A-E2829A19A74B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{07C74CE2-8E2F-4866-BB75-73D4B19C0287}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{08F7FD94-475D-440E-858A-817843CA26F4}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{09E767B6-67CE-4CD4-A723-457CDCB80C10}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{09F535AD-14EA-4DF7-BB82-561A9ACA34B4}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{0A02B115-E91E-41DB-94C6-5E8FB2808BB3}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{0A23834C-2E9E-41F8-842A-E8BD1B51D515}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{0AC12BAC-41EA-4E72-9FDF-3783E6FAB368}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{0B03F214-DB79-4D3E-8A07-FC168A60EC46}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{0B1CB5C7-A1D6-4D14-8355-7B837751FB80}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{0D0DD563-D990-453F-BB8C-6376A5EE8BB8}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{0D53B54A-B289-46D3-BE92-0599FAA04E9B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{0DC63895-0521-43E7-9727-89C768FEA065}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{0DE28DEB-6AE2-4E33-B051-F67434B7F0DA}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{0E433253-CBE4-404A-A096-6928DAA61378}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{0E4AA93C-DE4E-4566-BF3A-B31C8DC7D2D2}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{0EF113B8-8EB8-4CD4-BF02-43DC7A64B590}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{11552C1A-FEBE-4B90-A16F-FE2A4CB20D77}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{127710AB-E049-4FD3-A5E3-535AFCF35FBA}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{1278720C-C10B-478C-A450-1838827B4845}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{12D98BA4-DCA9-45AB-ADB8-42D1D683454B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{131BD83D-89D4-429F-ADB8-2CE4F43DC3BB}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{131C642B-53A9-4C38-A096-4F7E6E9F3F82}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{13349808-8F28-4093-8DD7-507084A21EF1}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{13CE6390-6868-4481-A694-8A4F066AB466}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{140BA19A-BC0F-4E2D-AB0C-E396BF294D08}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{14BCF863-4B54-4FE5-991A-6468D32F0B6C}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{14DD2A8B-D849-4F27-8688-F9D18D80FA65}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{1542980D-8B47-41B4-8AFE-AD0E43FFF8F4}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{161A18A9-03B9-4532-9F49-6E3338D981B0}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{16A4B216-CC7A-4C82-8E78-BA463A1A37BF}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{17A3EB66-ADE6-407F-8A85-48029E73F34A}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{19567660-6535-4D43-88E2-1EA649DED345}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{19C24A4D-6158-46CC-A2EC-CB7DC1D5E344}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{1A40523C-4663-4E7E-997B-E6871F99F448}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{1ADE2F22-95B1-46EE-8F4C-313FEEFB382C}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{1AE15B77-9507-4105-B652-07241DD95A0D}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{1B9E0F6A-F84E-4119-BD6B-82CCA4807105}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{1C67FB56-9A4B-4098-98D0-CEEC51153180}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{1C713ACA-5EA7-41AF-AC1F-E0CEAD60BC98}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{1CCE506B-8985-4A82-9D12-71304A2EDE94}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{1D3FD7EB-BE76-4EAB-B1D7-B85EAC331D59}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{1EE5E591-C30A-46B4-A32A-E0E4ADECC2B5}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{1FA6245C-93F6-4A28-A5E3-EA3DBFB3E27D}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{206ED2AE-42F8-4561-A83F-8418AEC3C49B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{2123A6F8-78BF-4D18-A2EF-EA691BBC1591}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{228F70EC-35B4-45E1-A81F-BA4943958084}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{2361702D-1DFC-4824-A83A-D0EBAF5DC292}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{23B51ACD-7239-44CF-BD1C-6AC236BCFC6A}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{24AE78A2-9F48-4D84-8BF7-64FEF2EDECAA}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{24CA50D3-EB74-4DFA-BAD3-455824E761DE}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{25A873ED-889A-488B-8A69-5047D06601B8}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{270A6999-8C5C-443B-B5E9-1D1ADC187B63}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{27C12A5B-ED4C-4DE7-AEAB-99721D0F998B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{28E528B5-DFD9-4381-AFCF-5AAE23445AD8}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{2A36A01D-4E36-4A53-AA8C-995C597DBB23}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{2B583289-CFC5-4CA2-A352-2EB403836103}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{2DE58077-43AA-41CF-9707-A78614961921}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{2E456797-AF72-4CD4-B471-152C48AA27E2}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{2E500071-C292-41D6-AACA-E4BA8CEDA942}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{2F630EB3-C49B-48DE-B145-B741E0B7FF0C}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{2F9C6715-DA3F-4FE5-B1BC-3329DC91A991}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{2FB629E7-686D-4429-AB3E-5DDF22D1495A}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{2FB7CE56-9E87-4E1C-BAC3-59FC370C3A9F}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{318DB32D-DA35-4BBF-A697-F082862B85DC}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{32F5CA92-3AAA-4C41-ACA1-5F610A0BCBC3}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{3308F70A-25D3-4AA2-8295-9F4127187C07}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{353E453D-0730-400D-B5DA-71C612ECB3E7}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{358962A7-F5BA-4660-9E91-71E76F212E63}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{3840B620-2BD9-4978-B01D-A7BEBA96CEB3}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{395BED08-8889-4072-A694-A15DF3AE3D62}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{3BA115D1-D7D5-4EB4-9A2C-03F346E4B455}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{3D5AE460-A39D-454B-BFDD-977DDCC29D9B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{3EC41CB5-3F6E-4C73-AA54-2973B0937D6C}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{3EDFC2B3-B188-4CEF-BA9B-1A7BBD72F47F}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{3F1ADEDD-2B3E-4530-AED5-8CBA2F8C0326}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{40475EB4-C35B-4FF1-B0FD-6AE97898CB76}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{427B7D6B-F360-4851-8F1E-6D338D44FB6B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{429EA20F-180E-42EF-9869-72A1FF6E9C5E}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{4321B3E4-8656-41E4-A1B0-2BF49D48E122}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{433B3C0B-0563-4037-B230-E54627F9952A}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{4491C819-A364-443C-A8E9-7CDBF409C128}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{449B0AAB-E91E-4E34-8114-27EBAC1611E6}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{452598B1-9B9F-4C17-8FE3-EB22C74A73AB}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{4633B597-8056-4FE9-AAA0-88CE7F08713B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{46401093-A7F3-4C4D-91B9-79B9901E205D}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{46B7F40F-8686-43E5-90A4-83A2E75BA30C}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{46E430A2-6D4A-48EA-A175-707FF94BD2F7}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{47158687-1E9D-4E95-9B5F-EA93C60205E2}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{48697AD4-FD18-4446-ADEF-1F658D3D19CC}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{48C7FCED-82E1-4430-A302-62C6B1FA78D5}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{48D430EC-404D-4BB6-891B-0C98A38DE7D8}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{494F7A8E-2C6E-402D-BFE2-9953089F8755}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{4A02F0B7-9029-4542-9FBA-385E0E0808CE}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{4B413F99-B7B4-443C-9D47-6189688A68DE}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{4BF37975-4DFB-4AFF-8472-1EE3555E4075}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{4D136B26-63D2-4BF8-BC3B-5BA923DCEC95}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{4D7DEB90-0767-45DB-8DCD-BEFA7882E550}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{4DA1BF0A-0BF0-40CB-8450-C044C74C8488}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{4F3FA2CC-69B7-4E98-86B6-BC44A5E08560}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{4F66E9FB-3F86-47E6-966D-395FD257B328}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{4F7EC8F9-A2DB-4B61-80C8-3E1315F036A1}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{4FC33A10-A801-4006-87C7-6222E549FB22}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{4FD494E2-869C-4473-853D-8FD093811689}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{503F35CF-0BC0-476B-8C34-6D5D2401857E}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{50DB2B4D-821C-4161-84D1-2BA18DF64454}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{51DB24DD-0B91-44C5-822A-A3F83697E05B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{521BA19A-362C-403A-A3AE-172A7B6596B1}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{524736A5-04A8-4E3D-ADF7-4B16B4EEFC91}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{526BFFBD-2F56-49DF-BC30-21E4989C90D0}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{531F8022-0C4B-481B-A065-9407E1A98CAE}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{533CAAF6-201F-4E68-9F87-D4AA61C7A7C0}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{53F8CFA5-224B-46B5-AD6B-60855161B514}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{543EFB89-E7FD-4126-BE65-FF5A2EE2D109}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{5525CDCE-65C7-4B00-B0AA-CAC059B7FE9F}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{55B7F626-DE3F-4763-BAF7-C0C3533D92D7}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{55F61FF3-1024-4FBE-A4C0-13B7647D01A3}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{560739B6-1BBD-4114-9778-3DEEA587DD9C}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{5679FC53-5619-48CD-9543-4092DA028D42}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{569B7364-B177-431B-8017-EB94641E870F}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{56B1C0F4-EF85-4CEA-98D0-28B3E626DB3B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{57C916DE-B713-4A72-83EB-F68D8DC7F546}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{57DDEBF3-EB63-4161-8276-9FB9FFF6DE49}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{585C289B-1A41-4D76-8D3E-8EE164DCE9E1}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{5911D358-00AD-4C19-9B0D-DCD19DDAA9EE}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{5B1A2458-B1A6-456B-8071-80C7289C5228}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{5B572BD0-D5C8-4187-86A2-84B270BEFE38}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{5CB5AB99-36AD-4948-AA50-D27BF2C098DB}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{5DFF9ACA-4868-4D76-820E-2EACE8F08FE2}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{5EA150D4-62EB-4492-899D-57FD3BDF2D81}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{5EFA75D5-7CAC-4EEC-85AC-F117ABB7C303}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{5F910318-1E1D-4F16-98FB-4A57DD44BB66}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{60D45EBA-176C-47E7-B200-0C55A066F486}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{6147DCC3-8E74-45A0-A04A-CF630ECD5A34}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{621B0FFF-9CB1-4BDE-8556-E05051917749}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{62F45647-E0A9-4A3E-81D9-C01E74D37D80}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{63B4293A-E08F-4244-A535-04FFCC66D583}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{646187D5-2456-4404-BCC1-40EF7A41D7BF}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{6597C446-3B54-4553-BFD9-50C58F9B04EB}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{65F2951B-2E3B-49BD-A4D4-B53023B26952}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{66C1664D-6009-427A-A186-A69ED873D8BE}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{675ADA8B-2CCE-40BD-A488-AE0B013773DC}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{67A3C9EC-2F74-40DB-8EB6-BA7D3BECD9C0}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{6842FDCC-019F-48A6-8939-C7EFDFEC1863}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{687B3B7E-6B87-4745-A0FF-DEAA7F6294ED}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{68C59621-D16B-48D1-AFD7-90D024B28F0B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{68F614D8-C381-4337-BFED-5F7B88DC562F}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{690DAB7F-D512-4B77-9257-F2E97BEA374C}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{6A0F04A4-FFF4-44F7-A518-6651230DA800}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{6A5F7A83-5F1A-4E50-9EC1-A41B4D43DF6A}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{6AB66275-CADD-4F34-B541-FC6652F567EE}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{6B492E69-E4CF-42B3-B1E7-001EA4D2864B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{6C7638BE-0130-438B-8ED9-088EB028AB39}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{6CC76291-9F64-4825-9FC0-DD687371841F}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{6D2A8352-D628-4E7E-A189-8AF070D4C573}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{6D702993-2BA7-4928-B662-1CF70D0BC7CE}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{6DFFA130-A1C4-40F5-B367-A7D9C8726747}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{6E239332-30FF-4973-8F47-8E04A0B5B9D6}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{6E7841F5-8E2D-4E8C-BFAC-7671624D8F99}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{6EA49FB5-BA22-432A-9E9F-22FA73C563DF}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{6EC3F151-9FA5-46C9-9595-187C2A249892}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{6ED76CDB-509F-4FC1-A0C7-6A44A6B69492}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{7021FC93-BF89-47E0-A313-F64967C2890A}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{715E5098-7E36-4C4E-9BD4-6D6D36CDCED2}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{72104800-2639-4D43-9C13-3D1BCEED4CCB}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{731B97CB-036F-481F-9827-1AF0C3714C94}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{73C860E8-252E-44A5-8541-4B25496F6CAA}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{7569AB5C-81DF-4612-9D5A-6D4BE8FBD4DF}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{75EF0C16-19E7-4E7D-BB8F-6FBE983E4D9D}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{76243558-DA18-4957-95FE-F6D594BBF730}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{764AA6E7-8D39-40AB-9A7E-7F15B62FB89E}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{7B26B68F-3A1A-43B0-ACEB-75420E5F6325}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{7C7316B0-5489-430E-9542-5DCAA98B9CD0}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{7DE5138D-9DF5-45F2-BEC3-C556D43298F3}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{7F542034-530E-4715-BF05-DBED80033D5D}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{7F7E400D-D686-4A18-A2E2-9F4FBCEDD7D1}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{7F812D19-CA88-4FA8-A661-731F6B1A98AB}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{7F8D4B52-306C-46B0-B659-624DCDF79205}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{7FCED19F-BBE6-4620-941D-C88D2D373E59}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{7FEE7D65-96D3-4316-8537-28D427EAC1A9}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{80190FEC-5FEB-494A-B45B-D573EF76DF49}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{8033C28D-ECF6-4A07-8703-3E8035FDC3BE}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{80570C70-C633-47A5-AAF2-C4A7244B9431}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{805AEAF6-E56D-4130-A0AE-D76E339DF410}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{809313E5-8C48-41D2-B600-F8227742935A}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{817FF124-4F43-4375-AEFF-35BFF34E8E9C}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{822251A6-2AE1-4032-8BEC-A243CD4850BD}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{826E362D-3F46-4E70-970F-8D83F1B0877B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{82B18BFB-539F-4AAD-ABBD-9CC2F6E07E87}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{82F6D04D-8C76-4300-B412-618058E1A638}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{842DB30F-A72C-43B9-BCC3-0C551A39B7C3}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{84780310-C0F4-47D3-8536-CD91A299C24D}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{84D95673-3AE4-4251-9352-840E04F251DE}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{8611B5AE-A81D-4B63-9172-BEEEFB7A6D0A}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{8877F2EC-CCEF-4493-8FB4-7F2AA4B190A2}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{8955EA08-EE48-445F-92CE-1960F44443A4}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{89CFF426-E8D8-4F06-A420-A342263EA613}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{8A08F3CE-4058-41B6-ADFF-FF9E7E8B6C2B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{8A887085-CB62-4A8C-B9E5-0031C1CD5D63}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{8A8B5FF1-214E-4350-BD7F-00D3B80D67B4}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{8B2EAD8E-4DA8-41CB-9BF2-B2FFF28F54A0}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{8B56BB53-59C9-44A5-8CD2-821F08B7548B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{8B8408A3-0836-48C1-9B2C-0FEA291F4D7B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{8D084610-402C-4064-9680-62F229B35C7C}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{8E2B8F86-3C34-444D-BEE3-0FB6A7ADE294}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{8F18CEFB-77D0-4E02-84F0-3D2394FCF750}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{8F194C4B-4489-450B-A1CA-897D588E1036}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{8FB9FF04-C53D-4B22-B3C9-68901CFD9426}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{8FFE7342-5F91-4F78-9456-34F3616FFE00}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{91107DBA-816A-4EEE-A55E-E7AC153BF552}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{911BCE88-D58E-4B55-BBFB-ECA1A73C0F44}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{914CF43D-8003-4AE1-A879-76A14E49392B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{91838BA3-D340-4001-B249-30E76B2377E9}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{9223C409-1CFB-4988-A956-DC84923F2918}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{92E43CEE-CC54-4D28-A0AD-1B1E434D9701}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{94E7510A-930F-4F41-89B9-3FFA3F22C953}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{955C7ED7-ECC5-438F-B050-29011200EB38}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{95913EAC-C80F-4EE8-AF34-F32C7A789447}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{95F77EA1-8D29-42DC-B8D3-8CABE77D2C94}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{962069FB-1A17-4223-8E62-94DAED636168}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{968B0344-BB99-4FB6-A41A-6FB306AFD87E}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{968C4729-6214-495C-9DBB-3B80945BFEF1}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{97279939-D11E-4DA0-95BF-DA316FB83D0B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{972CD598-952B-4ABA-B68B-73729E539693}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{972DDC77-7170-4D27-8907-638A8AE47023}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{97551E94-CF04-4FA5-81C1-AEBAF75F5706}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{97DE5139-71FB-4CA1-9957-7AD9D3D5626A}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{98721DB2-E8F3-47E4-BD97-A369AD202918}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{9892CE68-A531-4CD4-B451-533C8C809BA6}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{98A4C945-0B6E-4857-BB03-C7DAA614E82C}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{98C2914D-9480-45C7-861F-9B45CCB04056}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{98CF1938-FD2A-410D-942F-FD564BD12CCE}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{99498FB3-9F02-4B6D-A428-B1CA428DE724}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{99981B58-ED52-4F95-999E-5FEA1D8ED6B9}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{9AAA33C9-A203-4089-A68E-06F4C636B484}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{9AF0A67D-AD17-4FFA-BC3E-4B916BB9EEEF}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{9B00457B-DD53-48E3-895E-8D3705EA9B97}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{9B308B1D-64DD-4205-A6CB-09EE7DA53EF9}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{9B87155D-0248-4B37-8A6E-BA78D2E84A56}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{9B9FA2CF-1A95-4300-B140-2EC506E70DAD}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{9BF7188C-D753-4104-BDEE-75CE119B06F0}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{9C133900-4782-4E20-A813-7A4080D02941}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{9C23EBDD-B582-4178-B420-F181471DFC2F}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{9C94C9EA-A3DB-46ED-8C81-E747A018B68B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{9CE3AAED-CA5E-4745-8468-C261B7D20B55}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{9D55FD9A-D84B-4791-83A3-7564E17A0CEE}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{9DCD82F9-53C3-4C51-B8D5-2DF6165AF862}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{9E1EFED5-EEA6-4244-A828-EDB4D78C7E41}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{9F6DD3CF-E0C2-42EF-98E7-84D3387F9959}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{9FDB6623-5377-4556-AC9F-BEA00814589B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A1336E32-42A3-43A4-A3AE-18E0D175BCE3}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A1751B90-887B-4060-BF4D-0040D6BA6D99}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A1B21165-6A49-4B5D-88E6-67244576BF2E}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A202D6BF-A64D-40EF-A96B-C28FFDE9458F}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A207F159-10D0-401E-B34A-EE53CB550F1D}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A3040A89-1A4E-4DB6-AF6A-B5F7A253B5E2}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A33C3F63-5F36-4992-B09D-800CCF539F98}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A4774395-F345-4957-961B-E9EB976C954B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A48665AC-61DD-4E6B-9CB9-646829AEF89A}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A56F9D32-9F33-4552-BAAA-1705839D657C}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A58D1F92-B6D3-4D97-8288-7D03FCD327DB}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A619F85A-8FB6-4641-B80D-D9FCFA92ED83}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A6361D7C-0BD4-492C-B852-63A3E8B9D605}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A66414E1-5B4F-4C7C-AFEE-FF9ECBF11B6C}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A6D39D86-04F9-410D-9591-1C8FDB8A8833}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A72F2A17-6DA5-48C0-8DB5-AE57EAF412B6}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A838B911-E9CB-4CDE-8182-13BDE95E80ED}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A84DEAF9-0BD7-46D4-9AA6-4E08277D7B30}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A8729C03-ADEA-412A-A2E0-17B88E3A8A96}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A8925245-A754-4BE6-977D-88E2E42173FA}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A94B737C-9DAA-44BB-AF70-94650DDAF03B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{A99417B1-B8FD-4F3D-A096-B8CB49B38912}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{AA02CFD6-1E96-4A74-9AF6-066630686CFF}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{AAB67CE1-D7F6-4597-9250-2B98D06F3303}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{AB077868-CC41-406C-AB11-D1ECE0F6332D}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{ACC090E9-0A80-41DA-837C-1201F208191C}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{AE64EA2D-3B11-4736-BC38-61CC2B0C8A81}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{AE8F9BB0-13C8-4D24-8499-10C3F97C6109}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{AEDCB4A5-496B-404A-9CBA-518C71A8E5B6}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{AF3C88E0-34C0-4669-A278-46A21667F4FD}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{AFA5B330-5019-48A9-A311-B0B7AC4C06E7}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B08B2E94-953C-4AFF-BACC-4B9038B1BEE3}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B0C41F94-20E8-4AAE-9EC4-295421761ACD}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B1ACAC66-5109-4B35-8D58-5750E86668E1}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B231149E-2923-4BC8-9F9B-A588E4D05808}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B2901DD1-BFEF-481C-B0DF-BF0C88B22B6B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B30ED9EE-9CBB-49E1-9DD5-5C65107FC9E5}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B3459207-0047-4AD9-8DB7-086A0FE32F57}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B352A652-25E4-48C9-8887-F87D3864D664}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B3917E04-5391-487F-B044-3833E3F690B5}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B3AB1E5A-E3C1-487F-9C15-C2E0C83044F1}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B3FAEEAC-0805-480F-BC82-4575374EFC38}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B42B29C8-4791-4BD4-8B1B-3F9E341B1D83}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B4F1AA97-8776-46DC-B827-5FB8FE7BE7DF}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B53D6204-AF0D-4928-B35C-2203FB4CFF8F}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B57EF7A7-979E-48FF-8B39-CB5F46677FE7}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B69D0912-EAD5-4863-8DA0-4E20D85226B6}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B7317D81-7183-40A0-90D6-14A9CA2576D9}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B83BA675-A93B-46D3-A822-52352824580D}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B8C734B0-6FDE-4E88-AA88-57AEFE500A90}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B9360C6C-FAD9-4E33-9271-9A50AD7D5E1C}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B9772BC2-6A47-4E56-BD82-ACAF70ACC232}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B9A82A4F-7417-4143-931E-9FABE382E413}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{B9D903E8-FC6D-4176-805C-6D15B1BFB6EB}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{BA393E23-F3E1-4B7A-BC7F-4B406A0D495E}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{BABFBFC8-A974-4EAD-891C-4ECF753FEE2B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{BC3E8E3F-1EDC-4D55-8303-2372A29657D9}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{BC50D077-6F0F-4E29-9DA7-421A72EB3193}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{BDA019FE-DDBC-47A6-A25A-54F0580FF67B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{BE74615B-D9FE-47C6-A6F6-6292539EE25E}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{BFED90B7-C125-4E7C-B30F-293D7DCF6048}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{C03D06A0-9EF6-436D-87FD-9413ABA202FA}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{C1401E1F-E2E0-4BAC-B7C1-444BF60B2256}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{C3EE556F-B596-4EEC-B88E-914B49A96E89}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{C3F7D2AB-25AF-4528-923F-3E7991C9950C}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{C49DE2C8-26D3-4641-AE76-136BB1EA987C}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{C5412FF3-E600-40DE-A346-A19587FFDF88}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{C55627CB-732F-42E3-ADD4-9FDF730A5588}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{C6C83D4C-4F21-447A-8F79-AC6EFDE76B23}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{C773E730-B6DE-4051-AD93-378C72D70A4D}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{C8885B7C-8805-4531-A750-91ECC69D12A3}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{C8B2C764-07FF-4FAD-9613-E97292FFBF35}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{C9109DDF-FD68-4643-B648-AFE7923361BF}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{C9414841-28FD-4F73-94EB-920E4FF3BC38}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{C964857C-ECF6-4C1C-8B15-57B9B033CD25}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{C9B57AA6-22FD-4083-AFBA-CA7FC77E6165}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{C9BCC3B3-9A32-4CFC-B52E-3A6981AD0C78}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{CB3BA28F-B3F7-4DF4-80FB-D54BC63C06FB}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{CBC41BA6-2FB9-4DE9-BE58-99E6C075162A}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{CC1EF144-71D5-4B23-9F0D-FA36E7B19455}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{CE383856-4071-400A-BA73-800A01152452}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{CE47ABF3-0942-42EA-8E05-43194090F526}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{CE7BA144-75D7-4AD6-A629-13A3D5AC1E6D}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{CEACCDBF-3575-4136-BBD6-ADFA7B40415F}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{CFA022F0-E918-497A-A7F9-65B5B2049050}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{D007D4E1-178C-4792-BD9A-D2B46B2316D7}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{D084CFFC-A547-42C9-8D25-7ECDC5B48A00}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{D169AE9B-B829-4838-A00B-86BC927607C8}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{D1DA7F51-6881-4CC2-BE0A-83E20C861E5D}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{D1FFD5A6-FBB4-4067-8401-4D595D4A09BF}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{D2508299-2E11-47DE-BAEA-44A59503F26B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{D26BCC35-A54B-4D02-95F0-820324C6C4D8}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{D2BFE24C-00C0-4F58-BCA9-D205862DE9B4}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{D2D752C4-12DD-4BEF-AC96-1495550B37AF}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{D3A31776-FD25-4E39-9C5C-80A49305C501}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{D3F0DA28-F56C-4F32-97C4-590598808BEC}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{D4258F05-3322-409C-B294-2D152D5422BE}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{D473BC04-8B33-4BE8-8670-28C982EED3F7}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{D4DE6C9C-2633-4CB8-8CD2-0B9F10179A7E}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{D681F475-9200-4BBB-A095-1197E62A5BC6}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{D6A3E74D-222F-4F91-920A-A1D3CD502172}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{D737F81C-C261-448E-9E8B-907843AC0176}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{D75B44E9-3C98-4708-B221-93CA144F002D}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{D9204D16-A280-48AF-90AA-93403E23CDF6}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{D9E822D5-7118-48E3-A205-2519F6D77350}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{D9F8BA03-55C0-49A0-88F6-D89C96A14C15}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{DA50226D-E38C-4C65-8416-DCFE57DA0A9F}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{DA52BC07-1385-4CE2-925C-DD94FAF34EBC}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{DB27DA01-1665-43E4-96DD-99C3AD4CA5E8}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{DBD1F463-6EED-46B3-8E94-35FC6D21D888}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{DCA9647A-DBE6-45DA-B35D-B83B24DC487D}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{DCD2B883-50FF-44AF-A889-CDF5A83EC527}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{DCDBF6AC-3E95-4811-B5E9-59E52B105181}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{DDE354DD-EB77-44E8-945C-3B2A4AFDAC6E}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{DEF79F1D-A60C-4842-A4D5-2D1D78D55B76}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{DF525443-E716-48E8-A618-C14C71333A5C}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{DFAE9D49-6264-438B-9925-DBFEEDE25C1B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{E004F626-5B81-42AF-BC73-652E3652466D}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{E033A57D-3379-4D14-BDDD-6D7430825438}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{E04A0699-9050-4379-82FB-8A2D294048E3}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{E0A69B69-A32D-43EF-B877-295256B4E365}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{E0F06D46-DB40-4495-B53D-24F9BD6CFD9F}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{E167CC08-9EA3-497A-BDE8-3CD6642D7D65}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{E1E51FA8-F831-40CE-88CA-64B94FC6D689}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{E2113C16-780C-450C-B121-640D48077350}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{E31B89B4-8D61-4600-B70E-4190A411A25D}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{E393FBEC-C8B2-4CC4-A525-B0A13433E07C}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{E49346E0-5ACC-48DE-92F9-6CA90CF80F3A}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{E493CD25-F360-4DA5-A59E-3E9372DE8FDF}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{E55D52E3-DDEF-4398-B422-C8E27434D3EE}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{E64BC7B4-39A6-4135-BE6C-91B4421E706E}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{E64D52D1-F116-49F4-B4E3-19BF29FC5300}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{E71D3969-1F8C-48C8-BD2D-259AF2995E9B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{E80A991C-C4A2-4BEB-A2F0-95C3DDCE85D4}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{E824495E-C18A-45AD-95B9-6063A9D935A6}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{E97BFE6F-2A15-4813-B8ED-ADA520AE604B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{EA25C6F6-0BB0-4C81-9D3F-52FD61C6A391}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{EA5D2B9E-39F9-423C-9631-848F1157F9A4}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{ED1585C9-B02F-46D8-AEC3-D09FA60D18BE}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{EE5B937F-4302-490A-B03D-EF923F18512F}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{EF2EE50F-8348-4E99-B270-C7981A0A5E75}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{EF4DC310-CCBA-424C-A692-2C72C7BC379D}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F013322D-853E-4E4F-86B3-2F95F84D32A7}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F03F77D5-1AF7-4D6A-AFFA-4CD4BC67D443}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F17688D3-2798-4C12-9D77-6879B415856D}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F192FF4B-0751-4BB7-AEFD-529DC8728B13}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F20241EC-18B6-41B3-9596-5969850473B7}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F2357356-D78A-4650-BDC4-CC6F9815A09E}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F2B5853C-D1A5-470C-9B45-60EB29C11873}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F3B57D62-66C8-42C0-8562-334BD9F8E081}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F3BF494C-247E-4C46-9B8E-EE9D98C28433}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F3C3A559-8BEF-4D12-9E35-D3E99669C692}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F4443447-7094-42F4-BF19-03339547C73F}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F47688AE-84B8-47D5-A738-154B1985ED72}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F4FC0010-1D50-4D44-9096-12BBEB0389E0}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F523900F-C02C-46DE-8E86-564ADF0A4DFD}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F554617E-F68C-4BF0-A8FF-2072642877D1}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F5881801-DFF2-4D3E-8BA8-624D0C408E44}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F5ADBD3F-E1B0-43CD-8074-16DC9C52CD06}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F62A7774-090B-44E8-A03C-2FF736F40124}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F64C8EB7-2CCC-490A-9594-43EA7BF44FD2}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F65B4353-2EDB-4C83-96B0-43D9E07FE917}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F6756318-804E-4C0E-BAA8-32227C57BAA5}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F6F3412B-7CF5-4D41-A029-060D7E6006C4}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F7425B7E-2675-44B7-BC9A-A305EC3213BF}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F78C2C61-DEEB-4271-811B-A3B5458B43B4}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F7D063BE-70E7-475B-B0D8-0F1A261B5EAC}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F7DD5A8A-DE9A-4543-9B02-FD5F9ECB53F6}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F8D3D5C7-8837-40C9-9B47-51AA13AC052D}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F9A9D1E2-F29E-436F-AA6D-7277E0BC54A0}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{F9E63224-410B-4EC0-9216-BAC13E6FDF71}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{FAE56A8D-2F8B-4B84-8CFA-AF86354421D0}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{FC71DDF7-8F26-4FF7-A000-4872B8E06E2E}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{FD41D268-BE13-4778-A7AF-838D89196B8A}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{FDC13FC9-9378-4000-AF8E-A68C9DA7CED4}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{FDD6BA88-6399-45FA-BCC1-47275E2A8ADC}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{FDE1A259-31F4-4A20-9212-DD1D3408E78B}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{FDE7EF88-E923-4700-BC32-1D0C9AF8C329}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{FEAFD1B5-838B-49A0-B34A-62204193E6A9}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{FF13114F-A176-4D15-8CD2-8A6086F84D57}
Successfully deleted: [Empty Folder] C:\Users\Lisa\appdata\local\{FF496C97-A6EF-4359-A8CB-5B685DE3DF95}



~~~ FireFox

Successfully deleted the following from C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\up4kkm2d.default\prefs.js

user_pref("extensions.alexa.searchconf", "{\n  \"google\" : {\n    \"urlexp\" : \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n    \"rankometer\" :  {\n  
Emptied folder: C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\up4kkm2d.default\minidumps [6 files]



~~~ Chrome

Dumping contents of C:\Users\Lisa\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Lisa\appdata\local\Google\Chrome\User Data\Default\Default\Extensions
C:\Users\Lisa\appdata\local\Google\Chrome\User Data\Default\Default\fofjkoglbpoijfefmaeellhiifmhoica
C:\Users\Lisa\appdata\local\Google\Chrome\User Data\Default\Default\Preferences
C:\Users\Lisa\appdata\local\Google\Chrome\User Data\Default\Default\Web Data
C:\Users\Lisa\appdata\local\Google\Chrome\User Data\Default\Default\Extensions\cgiaikfpllchefojlnehlmpekeogihnm
C:\Users\Lisa\appdata\local\Google\Chrome\User Data\Default\Default\Extensions\ollhcmlejlencfgmgnihgapkpbflogkh
C:\Users\Lisa\appdata\local\Google\Chrome\User Data\Default\Default\fofjkoglbpoijfefmaeellhiifmhoica\manifest.json

Successfully deleted: [Folder] C:\Users\Lisa\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/02/2014 at 16:29:39.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.02.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Lisa :: LISA-PC [administrator]

Protection: Enabled

1/2/2014 5:00:06 PM
mbam-log-2014-01-02 (17-00-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230426
Time elapsed: 13 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users