Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero Access Malware/Virus/Trojan


  • This topic is locked This topic is locked
38 replies to this topic

#1 Armadillo1

Armadillo1

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 02 October 2014 - 11:12 AM

I am using Vista, S2 on a Toshiba Satellite laptop.  I first noticed that I had the Zero Access Malware when I went to www.thrifty.com to rent a car and was re-directed to rent from Hertz.  I went to my desktop and found that it didn't re-direct me so I rented from my desktoop and then came back to the laptop to run some scans with Malwarebytes and Avast to see if it could find anything wrong.  Doing a search on google, I found some Microsoft Community suggestions and began using Rkill, ComboFix, Tdsskiller, Rogue Killer but still have the problem.  Attached are txt files.

Any help is much appreciated! :smash:

Attached Files


Edited by hamluis, 02 October 2014 - 11:19 AM.
Moved from Vista to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 PM

Posted 04 October 2014 - 10:50 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 Armadillo1

Armadillo1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 05 October 2014 - 01:09 AM

Here's the FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-10-2014 01
Ran by Jack (administrator) on JACKSLAPTOP on 05-10-2014 00:54:42
Running from C:\Users\Jack\Downloads
Loaded Profile: Jack (Available profiles: Jack & Guest)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\TOSHIBA\IVP\ISM\pinger.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Radialpoint Inc.) C:\Program Files\Verizon\VSP\ServicepointService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Authentium, Inc) C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Authentium, Inc) C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Authentium, Inc) C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Quintech, Inc.) C:\Program Files\Verizon\Enterprise Connect\WiFiConnect.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6724128 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [WiFiConnectAutoRun] => C:\Program Files\Verizon\Enterprise Connect\WiFiConnect.exe [970080 2014-07-01] (Quintech, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Policies\Explorer: [NoSharedDocuments] 0
HKU\S-1-5-21-1835885441-439211620-2350860753-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1835885441-439211620-2350860753-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1835885441-439211620-2350860753-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-10-03] (Siber Systems)
HKU\S-1-5-21-1835885441-439211620-2350860753-1000\...\Policies\Explorer: [NoThumbnailCache] 0
HKU\S-1-5-18\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-10-03] (Siber Systems)
Startup: C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U142&ocid=U142DHP
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} https://register.facebook.com/controls/contactx.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\sh876y72.default
FF DefaultSearchEngine: Microsoft (Bing)
FF SearchEngineOrder.1: Microsoft (Bing)
FF SelectedSearchEngine: Microsoft (Bing)
FF Homepage: hxxp://www.msn.com/?pc=AV01
FF Keyword.URL: hxxp://www.bing.com/search
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Jack\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: tdameritrade.com/thinkorswim -> C:\Program Files\thinkTDA\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKCU: tdameritrade.com/tossc -> C:\Program Files\thinkTDA\nptossc.dll (TD Ameritrade)
FF SearchPlugin: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\sh876y72.default\searchplugins\bing-avast.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-05]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-02-09]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-29]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-03]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012-12-04]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
 
Chrome: 
=======
CHR CustomProfile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-03]
CHR Extension: (Google Docs) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-03]
CHR Extension: (Google Drive) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-03]
CHR Extension: (Google Sheets) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-03]
CHR Extension: (TidyNetwork.com) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmeggmpgoihpikfpeokdjadkakhhlocj [2013-03-12]
CHR CustomProfile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-13]
CHR Extension: (Google Drive) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-13]
CHR Extension: (Google Search) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-13]
CHR Extension: (No Name) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-13]
CHR Extension: (RealDownloader) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-02-13]
CHR Extension: (Google Wallet) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-13]
CHR Extension: (Gmail) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-13]
CHR Extension: (RoboForm) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-04-12]
CHR HKLM\...\Chrome\Extension: [cdjbnddbclciabnckgeahmneohjlahdm] - C:\Users\Jack\AppData\Local\0caef71f-0fc0-45b2-bee2-93b23536cd18.crx []
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-05]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-20]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-05] (AVAST Software)
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
S4 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [246520 2010-07-28] (WildTangent, Inc.)
S3 GoogleDesktopManager-061008-081103; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-08-01] (Google)
S2 gupdate1c9952abed6f341; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-22] (Google Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 RemoteAccess; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
R2 ServicepointService; C:\Program Files\Verizon\VSP\ServicepointService.exe [689392 2010-01-11] (Radialpoint Inc.)
R2 vseamps; C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [117288 2010-04-08] (Authentium, Inc)
R2 vsedsps; C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [117288 2010-04-08] (Authentium, Inc)
R2 vseqrts; C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [154152 2010-04-08] (Authentium, Inc)
S3 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-07-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-05] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-07-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-05] ()
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
S3 ExterminateIt; C:\Windows\system32\drivers\extit.sys [70760 2010-07-14] (CurioLab S.M.B.A.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16694 2008-03-31] (PalmSource, Inc.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347648 2009-06-10] (Realtek Semiconductor Corporation                           )
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13024 2013-05-07] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-03] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; No ImagePath
S3 catchme; \??\C:\Users\Jack\AppData\Local\Temp\catchme.sys [X]
S2 CWMonitor; No ImagePath
U0 helpsvc; No ImagePath
U0 ImapiService; No ImagePath
S3 IO_Memory; No ImagePath
S3 IpInIp; No ImagePath
U0 Irmon; No ImagePath
S0 keoqtwo; No ImagePath
S0 mjfp; No ImagePath
S3 MREMPR5; No ImagePath
S3 MRENDIS5; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S0 ofasg; No ImagePath
S2 RPSKT; No ImagePath
U0 srservice; No ImagePath
S3 SVRPEDRV; No ImagePath
S3 Tosrfcom; No ImagePath
U0 UPS; No ImagePath
U0 WZCSVC; No ImagePath
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu160m.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys F5272A105F59A7B3B345D9D6D87DA7AD
C:\Windows\System32\DRIVERS\AGRSM.sys CE91B158FA490CF4C4D487A4130F4660
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 90395B64600EBB4552E26E178C94B2E4
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys 0577DF1D323FE75A739C787893D300EA
C:\Windows\system32\drivers\amdk7.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys 3BFBB5DAE801CB893B8B46345FED6437
C:\Windows\system32\drivers\aswMonFlt.sys C3014C735F450FE822C97FFBB0627113
C:\Windows\system32\drivers\aswRdr.sys D6C9024F5D14843D33ADA8A6A10A1BE1
C:\Windows\system32\Drivers\aswRvrt.sys B7750AF7EDFD95674EB7CA92BCDD3358
C:\Windows\system32\drivers\aswSnx.sys 51FDE588D860857A97E4C4B560E40C9B
C:\Windows\system32\drivers\aswSP.sys 1AEB8CDB797666AF709A291B47AE81E0
C:\Windows\system32\drivers\aswTdi.sys 26C51C289E39E8EE0F12B8B06B71E436
C:\Windows\system32\Drivers\aswVmm.sys 90BEE0170D70D6744CEF2355EEAF8086
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\system32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\system32\drivers\cmdide.sys 45201046C776FFDAF3FC8A0029C581C8
C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Program Files\SystemRequirementsLab\cpudrv.sys D01F685F8B4598D144B0CCE9FF95D8D5
C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C
C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\DRIVERS\Dot4.sys 4F59C172C094E1A1D46463A8DC061CBD
C:\Windows\System32\DRIVERS\Dot4Prt.sys 80BF3BA09F6F2523C8F6B7CC6DBF7BD5
C:\Windows\System32\DRIVERS\dot4usb.sys C55004CA6B419B6695970DFE849B122F
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 5C2C209CDEFBC51D83D66E8A53B2BE89
C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit
C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE
C:\Windows\system32\drivers\extit.sys 8EF8166E412988F210186E2FAE88D083
C:\Windows\system32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05
C:\Windows\system32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5
C:\Windows\System32\DRIVERS\FwLnk.sys CBC22823628544735625B280665E434E
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\System32\drivers\HdAudio.sys 3F90E001369A07243763BD5A523D8722
C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC
C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE
C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd32.sys 038815297078D236D8CC064C295A74C6
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 84ED2154239F9D013BBD3220755ADA8B
C:\Windows\System32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\system32\drivers\kbdhid.sys D2600CB17B7408B4A83F231DC9A11AC3
C:\Windows\system32\drivers\kr10i.sys E8CA038F51F7761BD6E3A3B0B8014263
C:\Windows\system32\drivers\kr10n.sys 6A4ADB9186DD0E114E623DAF57E42B31
C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\system32\drivers\mbam.sys 8683C1B450F4B3872839308D836E0F92
C:\Windows\system32\drivers\MBAMSwissArmy.sys 12E71DA845D76665B56753AD149E32B3
C:\Windows\system32\drivers\mwac.sys 799613BA73D25641402AA81B6403EFF8
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Program Files\Common Files\Motive\MRESP50.sys 07C02C892E8E1A72D6BF35004F0E9C5E
C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C
C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03
C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C
C:\Windows\System32\drivers\msahci.sys 5457DCFA7C0DA43522F4D9D4049C1472
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\system32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\system32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C
C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\drivers\PalmUSBD.sys 240C0D4049A833B16B63B636ACF01672
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\system32\drivers\pciide.sys 3B1901E401473E03EB8C874271E50C26
C:\Windows\System32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\System32\Drivers\PxHelp20.sys 49452BFCEC22F36A7A9B9C2181BC3042
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\system32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\System32\DRIVERS\RTL8187B.sys 7FE5089EB5F624899DE08C30DB4377FC
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys BCCA63A3D143938273A3158757389DC7
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04
C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\DRIVERS\serscan.sys EF70B3D22B4BFFDA6EA851ECB063EFAA
C:\Windows\System32\DRIVERS\SWDUMon.sys C86A229BB5CB5DC47498B2C530A9458E
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 70534D1E4F9AC990536D5FB5B550B3DE
C:\Windows\System32\drivers\tcpip.sys A4196D394207369E1431E8681B373312
C:\Windows\System32\DRIVERS\tcpip.sys A4196D394207369E1431E8681B373312
C:\Windows\System32\drivers\tcpipreg.sys 95389980F70FC4990A4395A0B8BBE1D6
C:\Windows\System32\DRIVERS\tdcmdpst.sys 1825BCEB47BF41C5A9F0E44DE82FC27A
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
C:\Windows\System32\drivers\tifm21.sys E4C85C291DDB3DC5E4A2F227CA465BA6
C:\Windows\System32\DRIVERS\tos_sps32.sys 1EA5F27C29405BF49799FECA77186DA9
C:\Windows\System32\drivers\TrueSight.sys A1965DFC0CD91E7CFC42925F8F597274
C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\System32\DRIVERS\TVALZ_O.SYS 792A8B80F8188ABA4B2BE271583F3E46
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\drivers\usbaudio.sys 1114579556DB85E9FAF9590DBC64CD62
C:\Windows\System32\DRIVERS\usbccgp.sys AAB0B5F72D2D726FBFDC895A2902DE1D
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 153E8515CB86F8BB5D1A8B478EBF4BB2
C:\Windows\System32\DRIVERS\usbhub.sys 2AE6BCEBD85D31317E433733DAF25888
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys A508C9BD8724980512136B039BBA65E9
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys 44056325428A8E4C755830426E29878F
C:\Windows\System32\Drivers\usbvideo.sys 73FF24E21B690625A58109637DDA0DF7
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys FD2E3175FCADA350C7AB4521DCA187EC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\DRIVERS\WSDPrint.sys 4422AC5ED8D4C2F0DB63E71D4C069DD7
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\System32\DRIVERS\yk60x86.sys 04E268ADFC81964C49DC0C082D520F7E
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-05 00:54 - 2014-10-05 00:54 - 00040825 _____ () C:\Users\Jack\Downloads\FRST.txt
2014-10-05 00:52 - 2014-10-05 00:53 - 01100800 _____ (Farbar) C:\Users\Jack\Downloads\FRST.exe
2014-10-04 00:00 - 2014-10-04 00:00 - 00000000 ____D () C:\Program Files\HitmanPro
2014-10-03 18:55 - 2014-10-03 18:55 - 00000000 _____ () C:\Users\Jack\AppData\Local\{D8293890-1A16-4FC0-8894-FE98562B5F64}
2014-10-03 14:21 - 2014-10-03 14:21 - 00000000 ____D () C:\SUPERDelete
2014-10-03 14:16 - 2014-10-03 14:16 - 19686112 _____ (SUPERAntiSpyware) C:\Users\Jack\Downloads\SUPERAntiSpyware.exe
2014-10-03 12:05 - 2014-10-03 12:05 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Jack\Downloads\mbar-1.07.0.1012 (1).exe
2014-10-03 09:44 - 2014-10-03 09:44 - 00020340 _____ () C:\ComboFix.txt
2014-10-03 09:24 - 2014-10-03 09:44 - 00000000 ____D () C:\ComboFix
2014-10-02 22:23 - 2014-10-02 22:23 - 01375089 _____ () C:\Users\Jack\Downloads\adwcleaner_3.311.exe
2014-10-02 20:55 - 2014-10-02 20:55 - 00151240 _____ () C:\Windows\Minidump\Mini100214-01.dmp
2014-10-02 20:51 - 2014-10-02 20:51 - 00000896 _____ () C:\Windows\system32\.crusader
2014-10-02 20:35 - 2014-10-02 20:36 - 10280824 _____ (SurfRight B.V.) C:\Users\Jack\Downloads\HitmanPro.exe
2014-10-02 20:34 - 2014-10-02 20:34 - 01876816 _____ (SurfRight B.V.) C:\Users\Jack\Downloads\hmpalert.exe
2014-10-02 19:38 - 2014-10-02 19:39 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Jack\Downloads\tdsskiller (1).exe
2014-10-02 17:48 - 2014-10-05 00:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-02 17:47 - 2014-10-03 12:06 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-02 17:47 - 2014-10-02 17:47 - 00000864 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-02 17:47 - 2014-10-02 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-02 17:47 - 2014-10-02 17:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-02 17:47 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-02 17:47 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-02 17:46 - 2014-10-02 17:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jack\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-02 17:37 - 2014-10-03 12:20 - 00000000 ____D () C:\Users\Jack\AppData\Local\CrashDumps
2014-10-02 16:28 - 2014-10-02 16:28 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-02 16:26 - 2014-10-02 17:19 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-10-02 16:26 - 2014-10-02 16:26 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-10-02 16:25 - 2014-10-02 16:25 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Jack\Downloads\SpyHunter-Installer (1).exe
2014-10-02 16:23 - 2014-10-02 16:24 - 06823872 _____ (SparkTrust) C:\Users\Jack\Downloads\SparkTrust PC Cleaner Plus Setup_de29dd1_.exe
2014-10-02 15:46 - 2014-10-02 15:46 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\SparkTrust
2014-10-02 15:45 - 2014-10-02 17:41 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-10-02 15:44 - 2014-10-02 15:44 - 06823872 _____ (SparkTrust) C:\Users\Jack\Downloads\SparkTrust PC Cleaner Plus Setup_de2878c_.exe
2014-10-02 15:38 - 2014-10-02 15:38 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Jack\Downloads\SpyHunter-Installer.exe
2014-10-02 13:13 - 2014-10-02 13:13 - 00004091 _____ () C:\Users\Jack\Downloads\JUJ59_UploadDownload (1).isd
2014-10-02 13:12 - 2014-10-02 13:12 - 00004091 _____ () C:\Users\Jack\Downloads\JUJ59_UploadDownload.isd
2014-10-02 09:40 - 2014-10-05 00:54 - 00000000 ____D () C:\FRST
2014-10-01 22:24 - 2014-10-01 22:24 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Jack\Downloads\rkill.exe
2014-10-01 22:18 - 2014-10-03 12:10 - 00000000 ____D () C:\Users\Jack\Desktop\mbar
2014-10-01 22:18 - 2014-10-01 22:18 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Jack\Downloads\mbar-1.07.0.1012.exe
2014-10-01 11:53 - 2014-10-03 09:23 - 05582981 ____R (Swearware) C:\Users\Jack\Downloads\ComboFix.exe
2014-10-01 11:40 - 2014-10-01 11:40 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Jack\Downloads\iExplore.exe
2014-10-01 10:06 - 2014-10-01 10:06 - 00122464 _____ () C:\Users\Jack\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-01 09:37 - 2014-10-03 09:12 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-01 09:37 - 2014-10-01 09:37 - 04893784 _____ () C:\Users\Jack\Downloads\RogueKiller.exe
2014-10-01 09:37 - 2014-10-01 09:37 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-01 09:31 - 2014-10-01 09:31 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Jack\Downloads\tdsskiller.exe
2014-10-01 09:19 - 2014-10-01 09:19 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Jack\Downloads\eXplorer.exe
2014-09-30 21:51 - 2014-09-30 21:51 - 00138800 _____ () C:\Windows\Minidump\Mini093014-01.dmp
2014-09-30 21:50 - 2014-10-02 20:55 - 243215169 _____ () C:\Windows\MEMORY.DMP
2014-09-30 21:43 - 2014-09-30 21:43 - 00000680 _____ () C:\Users\Jack\AppData\Local\d3d9caps.dat
2014-09-30 21:43 - 2014-09-30 21:43 - 00000000 ____D () C:\Users\Jack\AppData\Local\IsolatedStorage
2014-09-30 21:41 - 2014-09-30 21:41 - 00000000 ____D () C:\Users\Jack\AppData\Local\PriceFountain
2014-09-30 20:51 - 2014-10-03 00:12 - 00000000 ____D () C:\AdwCleaner
2014-09-30 20:29 - 2014-09-30 20:29 - 00017044 _____ () C:\Users\Jack\Desktop\Rkill2.txt
2014-09-29 21:18 - 2014-09-29 21:30 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-29 21:04 - 2014-09-29 21:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-29 20:42 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-29 20:42 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-29 20:42 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-29 20:42 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-29 20:42 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-29 20:42 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-29 20:39 - 2014-10-03 09:44 - 00000000 ____D () C:\Qoobox
2014-09-29 20:01 - 2014-10-03 23:08 - 00012292 _____ () C:\Users\Jack\Desktop\Rkill.txt
2014-09-29 19:14 - 2014-10-03 18:54 - 00024268 _____ () C:\Windows\PFRO.log
2014-09-29 19:00 - 2014-10-02 23:38 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-25 14:24 - 2014-09-30 07:37 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-22 12:10 - 2014-09-22 12:10 - 00000000 ____D () C:\ProgramData\WEngineLite
2014-09-22 12:10 - 2014-09-22 12:10 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-09-12 10:21 - 2014-08-15 09:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 10:21 - 2014-08-15 09:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 10:21 - 2014-08-15 09:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 10:21 - 2014-08-15 09:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 10:21 - 2014-08-15 09:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 10:21 - 2014-08-15 09:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 10:21 - 2014-08-15 09:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 10:21 - 2014-08-15 09:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-12 10:21 - 2014-08-15 09:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 10:21 - 2014-08-15 09:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 10:21 - 2014-08-15 09:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 10:21 - 2014-08-15 09:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-12 10:21 - 2014-08-15 09:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 10:21 - 2014-08-15 09:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 10:21 - 2014-08-15 09:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 10:21 - 2014-08-15 09:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-12 10:21 - 2014-08-15 09:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 10:21 - 2014-08-15 09:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 10:21 - 2014-08-15 09:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 10:21 - 2014-08-15 09:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-12 10:21 - 2014-08-15 09:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-05 00:40 - 2014-02-07 17:57 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2014-10-05 00:37 - 2012-07-28 11:25 - 00000000 ___RD () C:\Users\Jack\Dropbox
2014-10-05 00:32 - 2012-07-28 10:54 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Dropbox
2014-10-05 00:31 - 2009-06-30 20:18 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-05 00:30 - 2014-02-07 17:57 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2014-10-05 00:30 - 2012-04-10 09:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-05 00:30 - 2009-06-30 20:18 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-05 00:30 - 2006-11-02 07:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-05 00:30 - 2006-11-02 07:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-04 14:02 - 2014-08-28 12:57 - 01815150 _____ () C:\Windows\WindowsUpdate.log
2014-10-04 14:00 - 2011-12-02 21:43 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-10-04 13:57 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-04 13:56 - 2006-11-02 08:01 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-04 12:42 - 2009-02-22 15:17 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-10-03 22:00 - 2006-11-02 05:33 - 00759720 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-03 14:21 - 2012-04-09 12:37 - 00000000 ____D () C:\Users\Jack\AppData\Local\The Weather Channel
2014-10-03 14:21 - 2012-04-09 12:37 - 00000000 ____D () C:\Program Files\The Weather Channel FW
2014-10-03 12:37 - 2012-12-04 01:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-10-03 12:09 - 2014-02-03 18:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-03 09:41 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
2014-10-02 23:40 - 2010-11-14 17:12 - 00000000 ____D () C:\Program Files\Common Files\Motive
2014-10-02 20:55 - 2008-04-17 18:38 - 00000000 ____D () C:\Windows\Minidump
2014-10-02 20:55 - 2008-03-25 17:36 - 00000000 ____D () C:\Users\Jack
2014-09-30 22:19 - 2006-11-02 05:22 - 64094208 _____ () C:\Windows\system32\config\software.bak
2014-09-30 22:19 - 2006-11-02 05:22 - 43761664 _____ () C:\Windows\system32\config\COMPON~3.bak
2014-09-30 22:19 - 2006-11-02 05:22 - 139198464 _____ () C:\Windows\system32\config\system.bak
2014-09-30 22:19 - 2006-11-02 05:22 - 05607424 _____ () C:\Windows\system32\config\default.bak
2014-09-30 22:19 - 2006-11-02 05:22 - 00094208 _____ () C:\Windows\system32\config\sam.bak
2014-09-30 22:19 - 2006-11-02 05:22 - 00024576 _____ () C:\Windows\system32\config\security.bak
2014-09-30 22:18 - 2010-07-19 00:28 - 00000000 ____D () C:\Windows\ERDNT
2014-09-29 23:16 - 2012-10-24 12:51 - 00009350 _____ () C:\Users\Jack\AppData\Roaming\wklnhst.dat
2014-09-29 23:12 - 2012-10-14 15:37 - 00000000 ____D () C:\Users\Jack\Documents\Personal
2014-09-29 23:05 - 2006-11-02 06:18 - 00000000 __RHD () C:\Users\Default
2014-09-29 23:05 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-09-29 21:54 - 2014-02-04 14:43 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-29 19:14 - 2012-10-14 00:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-28 17:26 - 2014-02-03 15:08 - 00001936 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-28 17:02 - 2012-04-10 09:28 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-28 17:02 - 2011-08-14 00:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-27 22:41 - 2008-03-25 20:29 - 00000000 ____D () C:\Users\Jack\AppData\Local\PokerStars
2014-09-22 12:12 - 2013-12-24 22:01 - 00000248 _____ () C:\Users\Jack\Install-VzInHomeAgentLog.log
2014-09-22 12:12 - 2013-08-26 00:09 - 00000943 _____ () C:\Users\Public\Desktop\Vz  In-Home Agent.lnk
2014-09-22 12:12 - 2008-03-25 19:25 - 00000000 ____D () C:\Program Files\Verizon
2014-09-22 12:10 - 2014-02-03 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
2014-09-22 12:10 - 2008-03-25 19:25 - 00000000 ____D () C:\ProgramData\Verizon
2014-09-22 12:09 - 2014-07-23 11:54 - 00000558 _____ () C:\Users\Jack\request.xml
2014-09-22 12:09 - 2014-07-23 11:54 - 00000491 _____ () C:\Users\Jack\response.xml
2014-09-22 12:09 - 2014-07-23 11:53 - 00000422 _____ () C:\Users\Jack\Install-VzDownloadManager.log
2014-09-22 01:41 - 2009-10-03 11:08 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 17:44 - 2012-07-28 11:25 - 00000961 _____ () C:\Users\Jack\Desktop\Dropbox.lnk
2014-09-21 17:44 - 2012-07-28 10:59 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-19 21:47 - 2013-03-18 17:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-12 23:34 - 2013-03-12 13:17 - 00000824 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-09-12 23:28 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-12 22:37 - 2009-06-12 16:25 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-09-12 10:10 - 2013-07-13 13:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 09:26 - 2006-11-02 05:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-11 14:09 - 2008-03-25 20:29 - 00000000 ____D () C:\Program Files\PokerStars
 
Files to move or delete:
====================
C:\Users\Jack\AspriseJTwain.dll
C:\Users\Jack\GoToAssist_chat2way__317_en.exe
C:\Users\Jack\MetricCollection.dll
C:\Users\Public\MyWebTattoo.exe
 
 
Some content of TEMP:
====================
C:\Users\Jack\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0y0my9.dll
C:\Users\Jack\AppData\Local\temp\HitmanPro.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-04 14:15
 
==================== End Of Log ============================
 
For some reason, I must have run this program before because I saw the Addition.txt with a previous date.  It didn't print again so I'll paste the one I previously ran. :
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-10-2014 01
Ran by Jack at 2014-10-02 09:42:44
Running from C:\Users\Jack\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions (HKLM\...\Digital Editions) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVSDK5 (Version: 5.2.9 - Authentium, Inc) Hidden
Bing Bar (HKLM\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CallAtlanta (HKLM\...\{206A595B-6ED6-4547-9293-C448139826EC}) (Version: 8.6.0 - Primerica Financial Services)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.01.03 - TOSHIBA)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Control Center for KODAK Webcams (HKLM\...\Control Center for KODAK Webcams) (Version:  - )
CyberDefender Link Patrol (HKLM\...\{83682B4C-B98C-4BEB-97CC-8EAD2AF9E4C6}) (Version: 6.06.02.01 - CyberDefender Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DocMgr (Version: 120.0.000.000 - Hewlett-Packard) Hidden
DocProc (Version: 12.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.3 - Ulead Systems, Inc.)
Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\{56B708CC-28A0-3CFC-A83B-BE70E5C4EA18}) (Version: 65.169.107 - Google, Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.7.0806.10245 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.)
HDView for Internet Explorer (HKLM\...\{FCC3BD6A-F118-475D-8748-7EE08EA0AF56}) (Version: 1.0.20 - Microsoft Research)
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPSSupply (Version: 120.0.194.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{925F1DB6-E86E-4378-9091-D1F68B0583C9}) (Version: 2.1.2.8 - Apple Inc.)
IHA_MessageCenter (HKLM\...\{80813829-BE27-4799-8BC7-2F75A7B6CB50}) (Version: 1.1.0 - Verizon)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 120.0.226.000 - Hewlett-Packard) Hidden
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.51.4.3 - Marvell)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.4 (HKLM\...\{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}) (Version: 2.0.3008.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 en-US) (HKLM\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.1.2 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.1.2 (x86 en-US)) (Version: 31.1.2 - Mozilla)
mPlayer version 1.0 (HKLM\...\{B482E758-D602-434C-80B9-DDEFEEAE4BCA}_is1) (Version: 1.0 - Download Freely, LLC)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
OCR Software by I.R.I.S. 12.0 (HKLM\...\HPOCR) (Version: 12.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
palmOne (HKLM\...\{FF8157AA-F640-45BD-B7C2-BAA1016B267A}) (Version: 4.1.0420 - palmOne, Inc.)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)
QuickBooks Financial Center (HKLM\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.00.0000 - Intuit Inc.)
Quicken 2012 (HKLM\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
REALTEK RTL8187B Wireless LAN Driver (HKLM\...\{7095FD27-37F0-4750-9DE8-D37DC0043706}) (Version: Package:1.00.0008 Driver:6.1089.601.2007 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
Redist (HKLM\...\{0F052922-4BCE-4763-A540-00857554336D}) (Version: 3.00.0000 - Verizon)
RoboForm 7-9-9-1 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-9-1 - Siber Systems)
RPS CRT (Version: 7.0.25 - Verizon) Hidden
RPS CRT (Version: 8.0.27 - Verizon) Hidden
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)
Shutterfly Express Uploader (HKLM\...\com.Shutterfly.ExpressUploader) (Version: 1.1.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (Version: 1.1.0 - Shutterfly, Inc.) Hidden
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
System Requirements Lab for Intel (HKLM\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.)
thinkorswim from TD AMERITRADE (HKLM\...\thinkorswim from TD AMERITRADE) (Version:  - TD AMERITRADE, Inc.)
TIPCI (Version: 2.00.0001 - Texas Instruments Inc.) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.05 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.00.33 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.8 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.10.13 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.43 - WildTangent)
TOSHIBA Hardware Setup (HKLM\...\{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}) (Version: 2.00.03 - )
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}) (Version: 2.00.02 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.0.28 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.0.28 - TOSHIBA Corporation) Hidden
TrayApp (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TurboApps Conduit (HKLM\...\{C587A6C6-A6EF-4FF2-892F-0088C64D7A76}) (Version: 1.1.0 - ) <==== ATTENTION
TweakNow PowerPack 2012 (HKLM\...\TweakNow PowerPack 2012_is1) (Version: 4.0.5 - TweakNow.com)
TweakNow RegCleaner 2012 (HKLM\...\TweakNow RegCleaner 2012_is1) (Version: 7.0.0 - TweakNow.com)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Verizon Call Assistant (HKCU\...\Verizon Call Assistant) (Version: 2.7.79 - Verizon)
Verizon Help and Support Tool (HKLM\...\Verizon Help and Support) (Version:  - )
Verizon Servicepoint 3.5.14 (HKLM\...\RadialpointClientGateway_is1) (Version: 3.5.14 - Verizon)
Verizon Wi-Fi Connect 4.200.209 (HKLM\...\{3E957C6D-80E5-48E3-BC02-67F851A138A5}) (Version: 4.200.209 - Verizon)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.63.0 - Verizon)
VzDownloadManager (HKCU\...\VzDownloadManager) (Version: 2.0.0.24 - Verizon)
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version:  - WebEx Communications, Inc)
WebM Media Foundation Components (HKLM\...\webmmf) (Version: 1.0.1.1 - WebM Project)
Windows 7 Upgrade Advisor (HKLM\...\{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}) (Version: 2.0.3001.0 - Microsoft Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live OneCare safety scanner (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden
WinFlex (HKLM\...\WinFlex) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{164A4365-064D-494D-92C8-9303A5080157}\InprocServer32 -> C:\Program Files\palmOne\SgCalendar.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{188047CE-0F0A-11D7-8331-00C04FA03755}\localserver32 -> C:\Program Files\palmOne\QuickInstall.exe (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{1C43DF3D-E1C6-473E-9627-D7638EF63690}\InprocServer32 -> C:\Program Files\palmOne\DmConduit.dll (PalmSource Inc)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{1D67C047-F016-11D6-831E-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PictPreview.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{1FFD7892-06E4-4A0A-941E-BC966900C883}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\Media.ocx (palmOne, Inc. developed by ArcSoft, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{209DAEB8-0F02-11D7-8331-00C04FA03755}\localserver32 -> C:\Program Files\palmOne\QuickInstall.exe (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{2CE29E35-35AA-455F-894F-F70BE74DB639}\InprocServer32 -> C:\Program Files\palmOne\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{2E0C66AC-5A87-4AFF-AC9F-93B33D43E4ED}\InprocServer32 -> C:\Program Files\palmOne\SgDateAlarm.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{3193996D-1AC8-11D4-80CC-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\AlarmSvr.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Facebook\axfbootloader.dll ( )
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{3597288E-FF31-49C2-A58A-EA88F3CEDD42}\InprocServer32 -> C:\Program Files\palmOne\SgCalendar.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{3B52D512-935F-11D6-82D4-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{3CF39B9A-0CF8-4792-A918-67573260BDBE}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\Media.ocx (palmOne, Inc. developed by ArcSoft, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{4054F903-7C40-43D0-8ACE-3F5D73A9890C}\InprocServer32 -> C:\Program Files\palmOne\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{43F73EA1-92AE-11D6-82D3-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{496038FA-3891-4827-AFCD-A7B13B9FF75A}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\PhotosPlugIn.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{61B7A221-D11F-4702-B5C0-79C492A726B9}\InprocServer32 -> C:\Program Files\palmOne\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{6357BCA7-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\DefaultPlugin.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{6357BCB6-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PqiIcon.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{6357BCB9-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PqiIcon.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{6357BCBC-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PqiIcon.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{6357BCBE-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PqiIcon.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{6600B26A-CCCE-4EF9-870E-DAB97E489CDF}\InprocServer32 -> C:\Program Files\palmOne\SgDateAlarm.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{75C8163F-59DF-4C9D-BC00-D0419B2CED5B}\InprocServer32 -> C:\Program Files\palmOne\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{763F9014-A89C-11D6-82E7-00C04FA03755}\localserver32 -> C:\Program Files\palmOne\QuickInstall.exe (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{7686FC59-EA6F-11D5-823E-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\InstServ.dll (Palm, Inc)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{78547CB6-2D08-47F4-A1EB-AF576A33E433}\InprocServer32 -> C:\Program Files\palmOne\SgContacts.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{79b4acff-94d2-58c5-baf6-23df99c7fcba}\InprocServer32 -> C:\Program Files\thinkTDA\npthinkorswim.dll (TD Ameritrade)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{831B49E8-91A6-11D5-820F-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\ExpenseExt.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{831B49E9-91A6-11D5-820F-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\ExpenseExt.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{868C6D64-8B98-11D5-8209-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\NotePadExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{868C6D65-8B98-11D5-8209-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\NotePadExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{87001487-8B8A-4C40-BFEF-036F5BD5BAA3}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\PhotosPlugIn.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{92DA540D-FCC0-442C-8F82-7F6C1DBD66C8}\InprocServer32 -> C:\Program Files\palmOne\SgMemos.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{A61F01A5-CD25-4780-A3B9-041172CD6450}\InprocServer32 -> C:\Program Files\palmOne\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{AB40E4E0-0F0C-11D7-8331-00C04FA03755}\localserver32 -> C:\Program Files\palmOne\QuickInstall.exe (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{AD74B184-E73A-4565-A38C-1329A29C7260}\InprocServer32 -> C:\Program Files\palmOne\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{AF04C884-2C5F-430F-97ED-6E127F47046C}\InprocServer32 -> C:\Program Files\palmOne\DmConduit.dll (PalmSource Inc)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{AF478991-F6B0-40E8-856B-E80BE0677AFC}\InprocServer32 -> C:\Program Files\palmOne\SgTasks.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{B2565128-0F22-11D7-8331-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{B2F7AF3C-0CA7-4EAE-BBBF-A748FBC500DD}\InprocServer32 -> C:\Program Files\palmOne\SgMemos.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{BE1B5231-A3E2-11D6-82E3-00C04FA03755}\localserver32 -> C:\Program Files\palmOne\QuickInstall.exe (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{BE1B5233-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{BE1B5235-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{BE44897A-EB38-11D5-823F-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\RegServ.dll ()
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{C0010C26-F44B-4BE2-9D65-04D3934C5E46}\InprocServer32 -> C:\Program Files\palmOne\SgTasks.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{C11BCF07-4F91-4748-956E-2B4FFC9401C5}\InprocServer32 -> C:\Program Files\palmOne\SgContacts.ocx (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{D75FA101-6942-47DF-88DF-353F30D35682}\InprocServer32 -> C:\Program Files\palmOne\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{dcc9a6f3-492c-5f51-a65d-3dd92b26c165}\InprocServer32 -> C:\Program Files\thinkTDA\nptossc.dll (TD Ameritrade)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{DCDA65F9-134B-4333-BCA0-809306CB2F55}\InprocServer32 -> C:\Program Files\palmOne\DmConduit.dll (PalmSource Inc)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{DEF0B543-775C-4963-A116-DF304EE2C4DA}\InprocServer32 -> C:\Program Files\palmOne\DmConduit.dll (PalmSource Inc)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{DFD4C164-AE18-11D6-82EC-00C04FA03755}\localserver32 -> C:\Program Files\palmOne\QuickInstall.exe (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{E851CFC8-5724-406D-9B36-11A44E72EA11}\InprocServer32 -> C:\Program Files\palmOne\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{EE469827-4ED9-443B-9FB0-EFA81FEA6646}\InprocServer32 -> C:\Program Files\palmOne\Components\DelDups.dll ( palmOne, Inc)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{F0905939-16C0-4D2E-8F4F-73A4BEDEBE73}\InprocServer32 -> C:\Program Files\palmOne\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{F1523FBD-0E09-4E8F-A952-B053B118FAAE}\InprocServer32 -> C:\Program Files\palmOne\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{F21AC7C7-D6F5-11D6-8306-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\PRouter.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1835885441-439211620-2350860753-1000_Classes\CLSID\{FF1CD9A3-00CD-45c1-8182-4EEC229A182D}\InprocServer32 -> C:\Windows\system32\plx_upldr.dll ()
 
==================== Restore Points  =========================
 
14-09-2014 19:20:23 Scheduled Checkpoint
16-09-2014 06:24:11 Scheduled Checkpoint
17-09-2014 01:41:00 Windows Update
18-09-2014 05:49:43 Scheduled Checkpoint
19-09-2014 03:10:31 Scheduled Checkpoint
20-09-2014 02:18:24 Windows Update
20-09-2014 17:37:47 Scheduled Checkpoint
22-09-2014 00:03:53 Scheduled Checkpoint
23-09-2014 22:42:45 Windows Update
27-09-2014 22:50:46 Windows Update
28-09-2014 22:01:49 Scheduled Checkpoint
30-09-2014 04:45:21 Scheduled Checkpoint
01-10-2014 06:32:00 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2014-10-01 20:11 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01A8093F-4FD8-4C47-A18A-D26C44D1439D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-18Core => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07] (Google Inc.)
Task: {188ED2FF-1B91-40DE-94EE-48D4BBCC0266} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2DD9F353-82F5-46B8-AE24-3FEE7103D5F0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1835885441-439211620-2350860753-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3D03D6FB-AD60-4965-B768-ACD316B4E84D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {44255143-761E-4ED4-8179-AE978049D913} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1835885441-439211620-2350860753-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {52EF6010-D2F6-4DAA-B7F7-33B1DC921630} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-05] (AVAST Software)
Task: {6878AC18-916A-44A7-A016-07FA4379898A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-28] (Adobe Systems Incorporated)
Task: {91E2FDA2-E7BF-4AEA-896A-22BF85C4E7B7} - System32\Tasks\SearchGuardPlusUpdater => C:\Program Files\Search Guard PlusU\sgpupdaters.exe
Task: {9814C1D9-128F-4EA6-864F-1EADC24F473B} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {A3DF2941-20FE-4A21-94F9-554F97BC2F4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-22] (Google Inc.)
Task: {BD4A3E0D-55A2-4F2E-B152-CAEDC93DE19A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1835885441-439211620-2350860753-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {BEB5CD8A-05DB-4EF0-95AE-1BA7A77D87A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-22] (Google Inc.)
Task: {D6D318FE-D617-4780-88F0-53008F956A98} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {DE1843FF-0860-40B3-B38B-36834955BCD9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {DEAF5C7B-BBCD-420A-9613-CA90EBEF0FEE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-18UA => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {E5C6451B-7815-4069-8A45-56A4C9CA57A2} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-12] (Google)
Task: {E7B97AC2-069C-4BF8-9422-D90D84944D50} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EBCAF6AC-F263-4894-B38A-964D03E91219} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {EC3A3552-093C-4A35-96D8-D4B81B42DF22} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1835885441-439211620-2350860753-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-03 14:58 - 2014-07-05 21:41 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-03 14:58 - 2014-07-05 21:41 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-28 17:26 - 2014-09-22 23:07 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-28 17:26 - 2014-09-22 23:07 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-28 17:26 - 2014-09-22 23:06 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Billeo.lnk => C:\Windows\pss\Billeo.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk => C:\Windows\pss\HotSync Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Jack^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Bomgar Support Reconnect.lnk => C:\Windows\pss\Bomgar Support Reconnect.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jack^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: VerizonServicepoint.exe => "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
MSCONFIG\startupreg: Verizon_McciTrayApp => "C:\Program Files\Verizon\McciTrayApp.exe"
MSCONFIG\startupreg: WinPatrol => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1835885441-439211620-2350860753-500 - Administrator - Disabled)
Guest (S-1-5-21-1835885441-439211620-2350860753-501 - Limited - Enabled) => C:\Users\Guest.JacksLaptop
Jack (S-1-5-21-1835885441-439211620-2350860753-1000 - Administrator - Enabled) => C:\Users\Jack
 
==================== Faulty Device Manager Devices =============
 
Name: isatap.home
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/02/2014 09:22:58 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/01/2014 10:58:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WeatherBug.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 908
Start Time: 01cfddf4767c7702
Termination Time: 36
 
Error: (10/01/2014 09:55:03 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/01/2014 09:14:49 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/01/2014 08:52:01 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/01/2014 08:50:54 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/01/2014 08:23:11 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/01/2014 11:16:25 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\JACK\APPDATA\ROAMING\THUNDERBIRD\PROFILES\CSQXPQ9F.DEFAULT\GLOBAL-MESSAGES-DB.SQLITE-JOURNAL> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/01/2014 11:08:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WeatherBug.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 9d0
Start Time: 01cfdd918604ef83
Termination Time: 28
 
Error: (10/01/2014 10:15:06 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\JACK\APPDATA\LOCAL\THUNDERBIRD\PROFILES\CSQXPQ9F.DEFAULT\CACHE\9> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (10/02/2014 09:24:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: PnP-X IP Bus EnumeratorFunction Discovery Provider Host%%1068
 
Error: (10/02/2014 09:23:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
keoqtwo
mjfp
ofasg
spldr
Wanarpv6
 
Error: (10/02/2014 09:23:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer BrowserServer%%1068
 
Error: (10/02/2014 09:23:10 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (10/02/2014 09:23:08 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (10/02/2014 09:22:58 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (10/02/2014 09:22:48 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (10/02/2014 09:22:33 AM) (Source: LSM) (EventID: 1048) (User: )
Description: Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode
.
 
Error: (10/02/2014 09:22:33 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084TermService{F9A874B6-F8A8-4D73-B5A8-AB610816828B}
 
Error: (10/01/2014 11:49:45 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
 
 
Microsoft Office Sessions:
=========================
Error: (10/02/2014 09:22:58 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/01/2014 10:58:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WeatherBug.exe1.0.0.090801cfddf4767c770236
 
Error: (10/01/2014 09:55:03 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/01/2014 09:14:49 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/01/2014 08:52:01 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/01/2014 08:50:54 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/01/2014 08:23:11 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/01/2014 11:16:25 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\JACK\APPDATA\ROAMING\THUNDERBIRD\PROFILES\CSQXPQ9F.DEFAULT\GLOBAL-MESSAGES-DB.SQLITE-JOURNAL
 
Error: (10/01/2014 11:08:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WeatherBug.exe1.0.0.09d001cfdd918604ef8328
 
Error: (10/01/2014 10:15:06 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\JACK\APPDATA\LOCAL\THUNDERBIRD\PROFILES\CSQXPQ9F.DEFAULT\CACHE\9
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-02 09:42:34.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-02 09:42:33.660
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-02 09:42:32.880
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-02 09:42:32.085
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-01 23:31:15.475
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-01 23:31:14.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-01 23:31:12.848
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-01 23:31:11.627
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-01 23:31:10.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-01 23:31:08.356
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® Dual CPU T2330 @ 1.60GHz
Percentage of memory in use: 47%
Total physical RAM: 2037.69 MB
Available physical RAM: 1064.08 MB
Total Pagefile: 4312.48 MB
Available Pagefile: 3578.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.25 MB
 
==================== Drives ================================
 
Drive c: (Flash) (Fixed) (Total:147.58 GB) (Free:59.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 32FC1A00)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=147.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 PM

Posted 05 October 2014 - 10:33 AM

It looks like you ran ComboFix.  I'd like to see that log, please.

icon11.gif   Click Start > Run or press Windows Key + R copy/paste the following into the run box that opens and press OK:
c:\ComboFix.txt


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 Armadillo1

Armadillo1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 05 October 2014 - 12:23 PM

ComboFix.Txt :

 

ComboFix 14-10-02.01 - Jack 10/03/2014   9:28.10.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2038.1201 [GMT -5:00]
Running from: c:\users\Jack\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-03 to 2014-10-03  )))))))))))))))))))))))))))))))
.
.
2014-10-03 14:40 . 2014-10-03 14:41 -------- d-----w- c:\users\Jack\AppData\Local\temp
2014-10-03 14:40 . 2014-10-03 14:40 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-10-03 14:40 . 2014-10-03 14:40 -------- d-----w- c:\users\JacksLapTop\AppData\Local\temp
2014-10-03 14:40 . 2014-10-03 14:40 -------- d-----w- c:\users\Jack.JacksLaptop\AppData\Local\temp
2014-10-03 14:40 . 2014-10-03 14:40 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-10-03 14:40 . 2014-10-03 14:40 -------- d-----w- c:\users\Guest.JacksLaptop\AppData\Local\temp
2014-10-03 14:40 . 2014-10-03 14:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-03 01:37 . 2014-10-03 14:05 -------- d-----w- c:\program files\HitmanPro
2014-10-02 22:48 . 2014-10-03 05:19 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-02 22:47 . 2014-05-12 12:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-02 22:47 . 2014-05-12 12:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-02 22:47 . 2014-05-12 12:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-02 22:47 . 2014-10-02 22:47 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-02 22:37 . 2014-10-03 05:08 -------- d-----w- c:\users\Jack\AppData\Local\CrashDumps
2014-10-02 21:28 . 2014-10-02 21:28 -------- d-----w- c:\program files\Enigma Software Group
2014-10-02 21:26 . 2014-10-02 22:19 -------- d-----w- c:\windows\455F074C814E4520B69B5584BD90400C.TMP
2014-10-02 21:26 . 2014-10-02 21:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2014-10-02 20:46 . 2014-10-02 20:46 -------- d-----w- c:\users\Jack\AppData\Roaming\SparkTrust
2014-10-02 20:45 . 2014-10-02 22:41 -------- d-----w- c:\programdata\SparkTrust
2014-10-02 14:40 . 2014-10-02 14:43 -------- d-----w- C:\FRST
2014-10-01 14:37 . 2014-10-03 14:12 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-01 14:37 . 2014-10-01 14:37 -------- d-----w- c:\programdata\RogueKiller
2014-10-01 02:43 . 2014-10-01 02:43 -------- d-----w- c:\users\Jack\AppData\Local\IsolatedStorage
2014-10-01 02:41 . 2014-10-01 02:41 -------- d-----w- c:\program files\RCP
2014-10-01 02:41 . 2014-10-01 02:41 -------- d-----w- c:\users\Jack\AppData\Local\PriceFountain
2014-10-01 01:51 . 2014-10-03 05:12 -------- d-----w- C:\AdwCleaner
2014-09-30 02:18 . 2014-09-30 02:30 -------- d-----w- c:\programdata\HitmanPro
2014-09-30 02:04 . 2014-09-30 02:04 -------- d-----w- c:\programdata\Kaspersky Lab
2014-09-30 00:00 . 2014-10-03 04:38 -------- d-----w- C:\TDSSKiller_Quarantine
2014-09-25 19:24 . 2014-09-30 12:37 -------- d-----w- c:\program files\Mozilla Thunderbird
2014-09-22 17:10 . 2014-09-22 17:10 -------- d-----w- c:\programdata\WEngineLite
2014-09-22 17:10 . 2014-09-22 17:10 -------- d-----w- c:\programdata\Downloaded Installations
2014-09-20 02:47 . 2014-09-20 02:47 3231696 ----a-w- c:\program files\Mozilla Firefox\d3dcompiler_46.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-28 22:02 . 2012-04-10 14:28 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-28 22:02 . 2011-08-14 05:47 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-22 06:41 . 2009-10-03 16:08 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-09-13 03:11 . 2011-08-07 16:26 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 01:03 . 2014-08-28 16:43 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-08-22 23:26 . 2014-08-28 16:43 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-08-07 22:09 . 2014-08-07 22:08 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-08 00:46 . 2014-08-14 15:57 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-06 02:42 . 2014-02-03 19:58 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-06 02:41 . 2014-02-03 19:58 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-07-06 02:41 . 2014-02-03 19:58 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-06 02:41 . 2014-02-03 19:58 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-06 02:41 . 2014-02-03 19:58 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-06 02:41 . 2014-02-03 19:58 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-06 02:41 . 2014-04-22 19:54 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-06 02:41 . 2014-02-03 19:58 55112 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-07-06 02:41 . 2014-07-06 02:41 43152 ----a-w- c:\windows\avastSS.scr
2014-07-06 02:41 . 2014-02-03 19:58 276432 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-09 18:26 . 2012-04-09 18:26 22259528 ----a-w- c:\program files\vlc-2.0.1-win32.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-06 02:41 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2014-08-20 111320]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2000-01-01 6724128]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 129560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"WiFiConnectAutoRun"="c:\program files\Verizon\Enterprise Connect\WiFiConnect.exe" [2014-07-01 970080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2014-08-20 111320]
.
c:\users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jack\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-12 36414624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2013-07-31 21:01 14232 ----a-w- c:\program files\Citrix\GoToAssist\896\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Billeo.lnk]
backup=c:\windows\pss\Billeo.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Billeo.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jack^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Bomgar Support Reconnect.lnk]
backup=c:\windows\pss\Bomgar Support Reconnect.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Jack^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-12-21 06:04 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-01-20 19:16 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 18:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 16:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-11-02 06:29 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2000-01-01 00:00 6724128 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-25 17:29 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-08-14 15:40 1348904 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-11-29 21:16 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
2010-01-11 18:10 4281584 ----a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2010-05-31 11:18 323976 ------w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1835885441-439211620-2350860753-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 06744833
*NewlyCreated* - ECACHE
*NewlyCreated* - PXHELP20
*Deregistered* - 06744833
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-28 22:09 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 22:02]
.
2014-10-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-06 18:18]
.
2014-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 20:18]
.
2014-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 20:18]
.
2014-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
- c:\windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07 22:57]
.
2014-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
- c:\windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07 22:57]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
FF - ProfilePath - c:\users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\sh876y72.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
FF - prefs.js: browser.search.selectedEngine - Microsoft (Bing)
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=AV01
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
SafeBoot-07772163.sys
SafeBoot-16226985.sys
SafeBoot-40022991.sys
SafeBoot-96149313.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-03 09:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
   b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
   0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
   76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
   07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
   34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
   76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
   9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
   fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
   51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:65,d3,09,b7,be,be,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,53,48,18,da,16,d3,42,b3,1d,00,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,53,48,18,da,16,d3,42,b3,1d,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1500)
c:\program files\palmOne\PqiIcon.dll
.
Completion time: 2014-10-03  09:44:17
ComboFix-quarantined-files.txt  2014-10-03 14:44
ComboFix2.txt  2014-10-03 01:16
ComboFix3.txt  2014-10-02 04:53
ComboFix4.txt  2014-10-02 01:51
ComboFix5.txt  2014-10-03 14:24
.
Pre-Run: 64,612,581,376 bytes free
Post-Run: 65,680,261,120 bytes free
.
- - End Of File - - F51326E300F6C587B0F94DF374522D9C
5C616939100B85E558DA92B899A0FC36


#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 PM

Posted 06 October 2014 - 02:11 PM

Please do this next, (I realize that you have already run these once):

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

icon11.gif  Open Malwarebytes AntiMalware (MBAM)
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Please include the following in your next post:
  • adwCleaner log
  • MBAM log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 Armadillo1

Armadillo1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 06 October 2014 - 05:57 PM

AdwCleaner Log:

# AdwCleaner v3.311 - Report created 06/10/2014 at 17:49:51
# Updated 30/09/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Jack - JACKSLAPTOP
# Running from : C:\Users\Jack\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16575
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\sh876y72.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R5].txt - [802 octets] - [06/10/2014 17:49:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [861 octets] ##########
 
Will run Mbam next and report


#8 Armadillo1

Armadillo1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 06 October 2014 - 06:10 PM

Sorry, when I ran the adwcleaner I assumed you also wanted me to clean, as it requested me to do so before I exited.  and then it did a reboot.  It posted a log file after the reboot. 

Here it is:

# AdwCleaner v3.311 - Report created 06/10/2014 at 17:57:45
# Updated 30/09/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Jack - JACKSLAPTOP
# Running from : C:\Users\Jack\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16575
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\sh876y72.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R5].txt - [940 octets] - [06/10/2014 17:49:51]
AdwCleaner[S5].txt - [862 octets] - [06/10/2014 17:57:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [921 octets] ##########  
 
I will run the Mbam next and report.  


#9 Armadillo1

Armadillo1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 06 October 2014 - 07:20 PM

tried to run Malwarebytes and it ran through the first sequence (PreScan) and Ok started to go to next (System Drivers, MasterBoot,etc) and then just checked them ALL off as being OK immediately (didn't really scan them I don't think)  The entire process lasted about 20 seconds.  I know from previous experience with MBAM that it was taking about 20 minutes.  This time only a few seconds.  So, I uninstalled it and then downloaded it again and ran it again, only to have the same experience.....???



#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 PM

Posted 08 October 2014 - 12:44 PM

Let's do this just to be sure:

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • ESET log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 Armadillo1

Armadillo1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 08 October 2014 - 10:17 PM

Here's the log after the scan completed:

 

Scan Log
Version of virus signature database: 10533 (20141008)
Date: 10/8/2014  Time: 5:34:18 PM
Scanned disks, folders and files: C:\
C:\pagefile.sys - error opening [4]
C:\$RECYCLE.BIN\S-1-5-21-1835885441-439211620-2350860753-1000\$R55CXE1.exe » INNO » setup.data - unsupported option
C:\AdwCleaner\Quarantine\C\Program Files\ASP\AdvancedSystemProtector.exe.vir - a variant of MSIL/AdvancedSystemProtector.E potentially unwanted application - action selection postponed until scan completion
C:\AdwCleaner\Quarantine\C\Program Files\ASP\AspManager.exe.vir - a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application - action selection postponed until scan completion
C:\AdwCleaner\Quarantine\C\Program Files\ASP\filetypehelper.exe.vir - a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application - action selection postponed until scan completion
C:\AdwCleaner\Quarantine\C\Program Files\ASP\scandll.dll.vir - a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application - action selection postponed until scan completion
C:\AdwCleaner\Quarantine\C\Program Files\ASP\Troubleshooter\asp-fixer.com.vir - MSIL/AdvancedSystemProtector.G potentially unwanted application - action selection postponed until scan completion
C:\AdwCleaner\Quarantine\C\Program Files\ASP\Troubleshooter\asp-fixer.exe.vir - MSIL/AdvancedSystemProtector.G potentially unwanted application - action selection postponed until scan completion
C:\AdwCleaner\Quarantine\C\Program Files\ASP\Troubleshooter\asp-fixer.pif.vir - MSIL/AdvancedSystemProtector.G potentially unwanted application - action selection postponed until scan completion
C:\AdwCleaner\Quarantine\C\Program Files\ASP\Troubleshooter\asp-fixer.scr.vir - MSIL/AdvancedSystemProtector.G potentially unwanted application - action selection postponed until scan completion
C:\AdwCleaner\Quarantine\C\Program Files\ASP\Troubleshooter\firefox.com.vir - MSIL/AdvancedSystemProtector.G potentially unwanted application - action selection postponed until scan completion
C:\AdwCleaner\Quarantine\C\Program Files\ASP\Troubleshooter\iexplore.exe.vir - MSIL/AdvancedSystemProtector.G potentially unwanted application - action selection postponed until scan completion
C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir - a variant of Win32/Systweak.A potentially unwanted application - action selection postponed until scan completion
C:\Program Files\123\MpAsDesc.dll - error reading
C:\Program Files\123\MpClient.dll - error reading
C:\Program Files\123\MpCmdRun.exe - error reading
C:\Program Files\123\MpEvMsg.dll - error reading
C:\Program Files\123\MpOAV.dll - error reading
C:\Program Files\123\MpRtMon.dll - error reading
C:\Program Files\123\MpRtPlug.dll - error reading
C:\Program Files\123\MpSigDwn.dll - error reading
C:\Program Files\123\MpSoftEx.dll - error reading
C:\Program Files\123\MpSvc.dll - error reading
C:\Program Files\123\MSASCui.exe - error reading
C:\Program Files\123\MsMpCom.dll - error reading
C:\Program Files\123\MsMpLics.dll - error reading
C:\Program Files\123\MsMpRes.dll - error reading
C:\System Volume Information\{01031efe-4f07-11e4-8219-00a0d19ebbe7}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{01031f0c-4f07-11e4-8219-00a0d19ebbe7}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{01031f14-4f07-11e4-8219-00a0d19ebbe7}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{01031f1c-4f07-11e4-8219-00a0d19ebbe7}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{01031f24-4f07-11e4-8219-00a0d19ebbe7}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{2e8b837a-4db4-11e4-bdda-00a0d19ebbe7}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{34d24725-4abc-11e4-963a-00a0d19ebbe7}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{39843f6a-4aa0-11e4-a642-00a0d19ebbe7}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{4432b977-4bf3-11e4-a0e1-00a0d19ebbe7}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{517e85a5-4b75-11e4-8ff1-00a0d19ebbe7}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{62ebb6fe-4e64-11e4-a0bd-00a0d19ebbe7}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{73fa55bf-4be6-11e4-bb62-00a0d19ebbe7}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{9a05e5b6-4a80-11e4-a4a1-00a0d19ebbe7}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{9a05e5be-4a80-11e4-a4a1-00a0d19ebbe7}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{9a53b158-4a83-11e4-86cf-00a0d19ebbe7}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{e87ddcf2-4921-11e4-a70e-00a0d19ebbe7}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{ed9b932c-4b5b-11e4-88e1-00a0d19ebbe7}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{f11c0376-4a46-11e4-b0d5-00a0d19ebbe7}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{f11c0392-4a46-11e4-b0d5-00a0d19ebbe7}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{f8da4cde-4e38-11e4-a8fc-00a0d19ebbe7}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\Users\Jack\AppData\Roaming\Verizon\IHA\VzInHomeAgent.exe » NSIS » IHA.exe - archive damaged - the file could not be extracted.
C:\Users\Jack\Desktop\Unused Icons\rminstall.exe » INNO » {app}\RegMech.exe - is OK
C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.0.6000.16386_none_b3613e39beae266f\MpEvMsg.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16386_none_5585eece5b4407f1\MpAsDesc.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16386_none_5585eece5b4407f1\MsMpLics.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16386_none_5585eece5b4407f1\MsMpRes.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpAsDesc.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpClient.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpCmdRun.exe - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpOAV.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpRtMon.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpRtPlug.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpSigDwn.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpSvc.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MSASCui.exe - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpCom.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpLics.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpRes.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpAsDesc.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpClient.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpCmdRun.exe - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpOAV.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpRtMon.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpRtPlug.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSigDwn.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSoftEx.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSvc.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MSASCui.exe - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpCom.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpLics.dll - error reading
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpRes.dll - error reading
C:\AdwCleaner\Quarantine\C\Program Files\ASP\AdvancedSystemProtector.exe.vir - a variant of MSIL/AdvancedSystemProtector.E potentially unwanted application - cleaned by deleting - quarantined [1]
C:\AdwCleaner\Quarantine\C\Program Files\ASP\AspManager.exe.vir - a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application - cleaned by deleting - quarantined [1]
C:\AdwCleaner\Quarantine\C\Program Files\ASP\filetypehelper.exe.vir - a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application - cleaned by deleting - quarantined [1]
C:\AdwCleaner\Quarantine\C\Program Files\ASP\scandll.dll.vir - a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application - cleaned by deleting - quarantined [1]
C:\AdwCleaner\Quarantine\C\Program Files\ASP\Troubleshooter\asp-fixer.com.vir - MSIL/AdvancedSystemProtector.G potentially unwanted application - cleaned by deleting - quarantined [1]
C:\AdwCleaner\Quarantine\C\Program Files\ASP\Troubleshooter\asp-fixer.exe.vir - MSIL/AdvancedSystemProtector.G potentially unwanted application - cleaned by deleting - quarantined [1]
C:\AdwCleaner\Quarantine\C\Program Files\ASP\Troubleshooter\asp-fixer.pif.vir - MSIL/AdvancedSystemProtector.G potentially unwanted application - cleaned by deleting - quarantined [1]
C:\AdwCleaner\Quarantine\C\Program Files\ASP\Troubleshooter\asp-fixer.scr.vir - MSIL/AdvancedSystemProtector.G potentially unwanted application - cleaned by deleting - quarantined [1]
C:\AdwCleaner\Quarantine\C\Program Files\ASP\Troubleshooter\firefox.com.vir - MSIL/AdvancedSystemProtector.G potentially unwanted application - cleaned by deleting - quarantined [1]
C:\AdwCleaner\Quarantine\C\Program Files\ASP\Troubleshooter\iexplore.exe.vir - MSIL/AdvancedSystemProtector.G potentially unwanted application - cleaned by deleting - quarantined [1]
C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir - a variant of Win32/Systweak.A potentially unwanted application - cleaned by deleting - quarantined [1]
Number of scanned objects: 293434
Number of threats found: 11
Number of cleaned objects: 11
Time of completion: 10:11:07 PM  Total scanning time: 16609 sec (04:36:49)
 
Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.


#12 Armadillo1

Armadillo1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 08 October 2014 - 11:15 PM

As far as I know, nothing has been deleted...



#13 Armadillo1

Armadillo1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 09 October 2014 - 11:02 AM

After I re-look at your instructions and my reply, I'm not sure I gave you the correct information as the setup features were not exactly as you described.  At the end of the SCAN from the ESET software, I could not find anything listed as ESET.LOG .  I simply went to the result of the scan and posted the results of the scan.  Sorry if I am doing something wrong according to your instructions.



#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 PM

Posted 11 October 2014 - 08:59 AM

That log that you posted was fine.  Please run another scan with FRST for me and post that log.


Edited by RPMcMurphy, 11 October 2014 - 09:01 AM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 Armadillo1

Armadillo1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 11 October 2014 - 09:42 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-10-2014
Ran by Jack (administrator) on JACKSLAPTOP on 11-10-2014 09:27:15
Running from C:\Users\Jack\Downloads
Loaded Profile: Jack (Available profiles: Jack & Guest)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
() C:\TOSHIBA\IVP\ISM\pinger.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Radialpoint Inc.) C:\Program Files\Verizon\VSP\ServicepointService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Quintech, Inc.) C:\Program Files\Verizon\Enterprise Connect\WiFiConnect.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Authentium, Inc) C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Authentium, Inc) C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
(Authentium, Inc) C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6724128 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [WiFiConnectAutoRun] => C:\Program Files\Verizon\Enterprise Connect\WiFiConnect.exe [970080 2014-07-01] (Quintech, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2014-09-22] (ESET)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Policies\Explorer: [NoSharedDocuments] 0
HKU\S-1-5-21-1835885441-439211620-2350860753-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1835885441-439211620-2350860753-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-10-03] (Siber Systems)
HKU\S-1-5-21-1835885441-439211620-2350860753-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1835885441-439211620-2350860753-1000\...\Policies\Explorer: [NoThumbnailCache] 0
HKU\S-1-5-18\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-10-03] (Siber Systems)
Startup: C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U142&ocid=U142DHP
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} ->  No File
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} https://register.facebook.com/controls/contactx.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\sh876y72.default
FF DefaultSearchEngine: Microsoft (Bing)
FF SearchEngineOrder.1: Microsoft (Bing)
FF SelectedSearchEngine: Microsoft (Bing)
FF Homepage: hxxp://www.msn.com/?pc=AV01
FF Keyword.URL: hxxp://www.bing.com/search
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Jack\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: tdameritrade.com/thinkorswim -> C:\Program Files\thinkTDA\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKCU: tdameritrade.com/tossc -> C:\Program Files\thinkTDA\nptossc.dll (TD Ameritrade)
FF SearchPlugin: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\sh876y72.default\searchplugins\bing-avast.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-05]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-02-09]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-29]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-03]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012-12-04]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=AV01"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-03]
CHR Extension: (Google Docs) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-03]
CHR Extension: (Google Drive) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-03]
CHR Extension: (Google Sheets) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-03]
CHR Extension: (TidyNetwork.com) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmeggmpgoihpikfpeokdjadkakhhlocj [2013-03-12]
CHR Profile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-13]
CHR Extension: (Google Drive) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-13]
CHR Extension: (Google Search) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-13]
CHR Extension: (No Name) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-13]
CHR Extension: (RealDownloader) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-02-13]
CHR Extension: (Google Wallet) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-13]
CHR Extension: (Gmail) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-13]
CHR Extension: (RoboForm) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-04-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-05]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-20]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-05] (AVAST Software)
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1350112 2014-09-16] (ESET)
S4 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [246520 2010-07-28] (WildTangent, Inc.)
S3 GoogleDesktopManager-061008-081103; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-08-01] (Google)
S2 gupdate1c9952abed6f341; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-22] (Google Inc.)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 RemoteAccess; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
R2 ServicepointService; C:\Program Files\Verizon\VSP\ServicepointService.exe [689392 2010-01-11] (Radialpoint Inc.)
R2 vseamps; C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [117288 2010-04-08] (Authentium, Inc)
R2 vsedsps; C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [117288 2010-04-08] (Authentium, Inc)
R2 vseqrts; C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [154152 2010-04-08] (Authentium, Inc)
S3 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-07-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-05] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-07-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-05] ()
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [191928 2014-08-18] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135296 2014-08-18] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123424 2014-09-18] (ESET)
S3 ExterminateIt; C:\Windows\system32\drivers\extit.sys [70760 2010-07-14] (CurioLab S.M.B.A.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16694 2008-03-31] (PalmSource, Inc.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347648 2009-06-10] (Realtek Semiconductor Corporation                           )
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13024 2013-05-07] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-03] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; No ImagePath
S3 catchme; \??\C:\Users\Jack\AppData\Local\Temp\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
S2 CWMonitor; No ImagePath
U0 helpsvc; No ImagePath
U0 ImapiService; No ImagePath
S3 IO_Memory; No ImagePath
S3 IpInIp; No ImagePath
U0 Irmon; No ImagePath
S0 keoqtwo; No ImagePath
S0 mjfp; No ImagePath
S3 MREMPR5; No ImagePath
S3 MRENDIS5; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S0 ofasg; No ImagePath
S2 RPSKT; No ImagePath
U0 srservice; No ImagePath
S3 SVRPEDRV; No ImagePath
S3 Tosrfcom; No ImagePath
U0 UPS; No ImagePath
U0 WZCSVC; No ImagePath
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu160m.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys F5272A105F59A7B3B345D9D6D87DA7AD
C:\Windows\System32\DRIVERS\AGRSM.sys CE91B158FA490CF4C4D487A4130F4660
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 90395B64600EBB4552E26E178C94B2E4
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys 0577DF1D323FE75A739C787893D300EA
C:\Windows\system32\drivers\amdk7.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys 3BFBB5DAE801CB893B8B46345FED6437
C:\Windows\system32\drivers\aswMonFlt.sys C3014C735F450FE822C97FFBB0627113
C:\Windows\system32\drivers\aswRdr.sys D6C9024F5D14843D33ADA8A6A10A1BE1
C:\Windows\system32\Drivers\aswRvrt.sys B7750AF7EDFD95674EB7CA92BCDD3358
C:\Windows\system32\drivers\aswSnx.sys 51FDE588D860857A97E4C4B560E40C9B
C:\Windows\system32\drivers\aswSP.sys 1AEB8CDB797666AF709A291B47AE81E0
C:\Windows\system32\drivers\aswTdi.sys 26C51C289E39E8EE0F12B8B06B71E436
C:\Windows\system32\Drivers\aswVmm.sys 90BEE0170D70D6744CEF2355EEAF8086
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\system32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\system32\drivers\cmdide.sys 45201046C776FFDAF3FC8A0029C581C8
C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Program Files\SystemRequirementsLab\cpudrv.sys D01F685F8B4598D144B0CCE9FF95D8D5
C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C
C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\DRIVERS\Dot4.sys 4F59C172C094E1A1D46463A8DC061CBD
C:\Windows\System32\DRIVERS\Dot4Prt.sys 80BF3BA09F6F2523C8F6B7CC6DBF7BD5
C:\Windows\System32\DRIVERS\dot4usb.sys C55004CA6B419B6695970DFE849B122F
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 5C2C209CDEFBC51D83D66E8A53B2BE89
C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\eamonm.sys 687CCC438AA414AE22EEA081F98DC645
C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371
C:\Windows\System32\DRIVERS\ehdrv.sys 340870877DBE2A6D848537FC6AC2BA2F
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\epfwwfpr.sys AF28B861BCF67F4A533C95F8FFB671CE
C:\Windows\system32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE
C:\Windows\system32\drivers\extit.sys 8EF8166E412988F210186E2FAE88D083
C:\Windows\system32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05
C:\Windows\system32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5
C:\Windows\System32\DRIVERS\FwLnk.sys CBC22823628544735625B280665E434E
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\System32\drivers\HdAudio.sys 3F90E001369A07243763BD5A523D8722
C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC
C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE
C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd32.sys 038815297078D236D8CC064C295A74C6
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 84ED2154239F9D013BBD3220755ADA8B
C:\Windows\System32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\system32\drivers\kbdhid.sys D2600CB17B7408B4A83F231DC9A11AC3
C:\Windows\system32\drivers\kr10i.sys E8CA038F51F7761BD6E3A3B0B8014263
C:\Windows\system32\drivers\kr10n.sys 6A4ADB9186DD0E114E623DAF57E42B31
C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\system32\drivers\mbam.sys 8683C1B450F4B3872839308D836E0F92
C:\Windows\system32\drivers\mwac.sys 799613BA73D25641402AA81B6403EFF8
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Program Files\Common Files\Motive\MRESP50.sys 07C02C892E8E1A72D6BF35004F0E9C5E
C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C
C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03
C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C
C:\Windows\System32\drivers\msahci.sys 5457DCFA7C0DA43522F4D9D4049C1472
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\system32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\system32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C
C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\drivers\PalmUSBD.sys 240C0D4049A833B16B63B636ACF01672
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\system32\drivers\pciide.sys 3B1901E401473E03EB8C874271E50C26
C:\Windows\System32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\System32\Drivers\PxHelp20.sys 49452BFCEC22F36A7A9B9C2181BC3042
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\system32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\System32\DRIVERS\RTL8187B.sys 7FE5089EB5F624899DE08C30DB4377FC
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys BCCA63A3D143938273A3158757389DC7
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04
C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\DRIVERS\serscan.sys EF70B3D22B4BFFDA6EA851ECB063EFAA
C:\Windows\System32\DRIVERS\SWDUMon.sys C86A229BB5CB5DC47498B2C530A9458E
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 70534D1E4F9AC990536D5FB5B550B3DE
C:\Windows\System32\drivers\tcpip.sys A4196D394207369E1431E8681B373312
C:\Windows\System32\DRIVERS\tcpip.sys A4196D394207369E1431E8681B373312
C:\Windows\System32\drivers\tcpipreg.sys 95389980F70FC4990A4395A0B8BBE1D6
C:\Windows\System32\DRIVERS\tdcmdpst.sys 1825BCEB47BF41C5A9F0E44DE82FC27A
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
C:\Windows\System32\drivers\tifm21.sys E4C85C291DDB3DC5E4A2F227CA465BA6
C:\Windows\System32\DRIVERS\tos_sps32.sys 1EA5F27C29405BF49799FECA77186DA9
C:\Windows\System32\drivers\TrueSight.sys A1965DFC0CD91E7CFC42925F8F597274
C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\System32\DRIVERS\TVALZ_O.SYS 792A8B80F8188ABA4B2BE271583F3E46
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\drivers\usbaudio.sys 1114579556DB85E9FAF9590DBC64CD62
C:\Windows\System32\DRIVERS\usbccgp.sys AAB0B5F72D2D726FBFDC895A2902DE1D
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 153E8515CB86F8BB5D1A8B478EBF4BB2
C:\Windows\System32\DRIVERS\usbhub.sys 2AE6BCEBD85D31317E433733DAF25888
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys A508C9BD8724980512136B039BBA65E9
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys 44056325428A8E4C755830426E29878F
C:\Windows\System32\Drivers\usbvideo.sys 73FF24E21B690625A58109637DDA0DF7
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys FD2E3175FCADA350C7AB4521DCA187EC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\DRIVERS\WSDPrint.sys 4422AC5ED8D4C2F0DB63E71D4C069DD7
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\System32\DRIVERS\yk60x86.sys 04E268ADFC81964C49DC0C082D520F7E
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-11 09:27 - 2014-10-11 09:27 - 00000000 ____D () C:\Users\Jack\Downloads\FRST-OlderVersion
2014-10-10 14:50 - 2014-10-10 14:50 - 02184336 _____ (Microsoft Corporation) C:\Users\Jack\Downloads\DefaultPack.EXE
2014-10-10 14:23 - 2014-10-10 14:23 - 00000000 ____D () C:\Users\Jack\AppData\Local\ESET
2014-10-09 11:23 - 2014-10-10 14:44 - 00050028 _____ () C:\Windows\WindowsUpdate.log
2014-10-09 11:20 - 2014-10-09 11:20 - 00000610 _____ () C:\Windows\PFRO.log
2014-10-08 18:31 - 2014-10-08 18:31 - 01761992 _____ (ESET) C:\Users\Jack\Downloads\eset_nod32_antivirus_live_installer (1).exe
2014-10-08 17:13 - 2014-10-08 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-10-08 17:13 - 2014-10-08 17:13 - 00000000 ____D () C:\ProgramData\ESET
2014-10-08 17:13 - 2014-10-08 17:13 - 00000000 ____D () C:\Program Files\ESET
2014-10-08 17:08 - 2014-10-08 17:08 - 01761992 _____ (ESET) C:\Users\Jack\Downloads\eset_nod32_antivirus_live_installer.exe
2014-10-07 21:27 - 2014-10-07 21:27 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-10-07 17:02 - 2014-10-08 11:20 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-10-07 10:33 - 2014-10-07 10:34 - 01375089 _____ () C:\Users\Jack\Downloads\AdwCleaner.exe
2014-10-06 19:09 - 2014-10-09 00:44 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-06 19:09 - 2014-10-07 11:35 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-06 19:09 - 2014-10-06 19:09 - 00000864 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-06 19:09 - 2014-10-06 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-06 19:09 - 2014-10-06 19:09 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-06 19:09 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-06 19:09 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-06 11:04 - 2014-10-06 11:04 - 00004096 _____ () C:\Users\Jack\Downloads\JUJ59_UploadDownload (2).isd
2014-10-05 00:54 - 2014-10-11 09:27 - 00041666 _____ () C:\Users\Jack\Downloads\FRST.txt
2014-10-05 00:52 - 2014-10-11 09:27 - 01101312 _____ (Farbar) C:\Users\Jack\Downloads\FRST.exe
2014-10-04 00:00 - 2014-10-04 00:00 - 00000000 ____D () C:\Program Files\HitmanPro
2014-10-03 18:55 - 2014-10-03 18:55 - 00000000 _____ () C:\Users\Jack\AppData\Local\{D8293890-1A16-4FC0-8894-FE98562B5F64}
2014-10-03 14:21 - 2014-10-03 14:21 - 00000000 ____D () C:\SUPERDelete
2014-10-03 14:16 - 2014-10-03 14:16 - 19686112 _____ (SUPERAntiSpyware) C:\Users\Jack\Downloads\SUPERAntiSpyware.exe
2014-10-03 12:05 - 2014-10-03 12:05 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Jack\Downloads\mbar-1.07.0.1012 (1).exe
2014-10-03 09:44 - 2014-10-03 09:44 - 00020340 _____ () C:\ComboFix.txt
2014-10-03 09:24 - 2014-10-03 09:44 - 00000000 ____D () C:\ComboFix
2014-10-02 22:23 - 2014-10-02 22:23 - 01375089 _____ () C:\Users\Jack\Downloads\adwcleaner_3.311.exe
2014-10-02 20:51 - 2014-10-02 20:51 - 00000896 _____ () C:\Windows\system32\.crusader
2014-10-02 20:35 - 2014-10-02 20:36 - 10280824 _____ (SurfRight B.V.) C:\Users\Jack\Downloads\HitmanPro.exe
2014-10-02 20:34 - 2014-10-02 20:34 - 01876816 _____ (SurfRight B.V.) C:\Users\Jack\Downloads\hmpalert.exe
2014-10-02 19:38 - 2014-10-02 19:39 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Jack\Downloads\tdsskiller (1).exe
2014-10-02 17:46 - 2014-10-02 17:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jack\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-02 17:37 - 2014-10-09 11:16 - 00000000 ____D () C:\Users\Jack\AppData\Local\CrashDumps
2014-10-02 16:28 - 2014-10-02 16:28 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-02 16:26 - 2014-10-02 17:19 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-10-02 16:26 - 2014-10-02 16:26 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-10-02 16:25 - 2014-10-02 16:25 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Jack\Downloads\SpyHunter-Installer (1).exe
2014-10-02 16:23 - 2014-10-02 16:24 - 06823872 _____ (SparkTrust) C:\Users\Jack\Downloads\SparkTrust PC Cleaner Plus Setup_de29dd1_.exe
2014-10-02 15:46 - 2014-10-02 15:46 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\SparkTrust
2014-10-02 15:44 - 2014-10-02 15:44 - 06823872 _____ (SparkTrust) C:\Users\Jack\Downloads\SparkTrust PC Cleaner Plus Setup_de2878c_.exe
2014-10-02 15:38 - 2014-10-02 15:38 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Jack\Downloads\SpyHunter-Installer.exe
2014-10-02 13:13 - 2014-10-02 13:13 - 00004091 _____ () C:\Users\Jack\Downloads\JUJ59_UploadDownload (1).isd
2014-10-02 13:12 - 2014-10-02 13:12 - 00004091 _____ () C:\Users\Jack\Downloads\JUJ59_UploadDownload.isd
2014-10-02 09:42 - 2014-10-02 09:43 - 00059418 _____ () C:\Users\Jack\Downloads\Addition.txt
2014-10-02 09:40 - 2014-10-11 09:27 - 00000000 ____D () C:\FRST
2014-10-01 22:24 - 2014-10-01 22:24 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Jack\Downloads\rkill.exe
2014-10-01 22:18 - 2014-10-07 11:42 - 00000000 ____D () C:\Users\Jack\Desktop\mbar
2014-10-01 22:18 - 2014-10-01 22:18 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Jack\Downloads\mbar-1.07.0.1012.exe
2014-10-01 11:53 - 2014-10-03 09:23 - 05582981 ____R (Swearware) C:\Users\Jack\Downloads\ComboFix.exe
2014-10-01 11:40 - 2014-10-01 11:40 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Jack\Downloads\iExplore.exe
2014-10-01 10:06 - 2014-10-01 10:06 - 00122464 _____ () C:\Users\Jack\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-01 09:37 - 2014-10-03 09:12 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-01 09:37 - 2014-10-01 09:37 - 04893784 _____ () C:\Users\Jack\Downloads\RogueKiller.exe
2014-10-01 09:37 - 2014-10-01 09:37 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-01 09:31 - 2014-10-01 09:31 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Jack\Downloads\tdsskiller.exe
2014-10-01 09:19 - 2014-10-01 09:19 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Jack\Downloads\eXplorer.exe
2014-09-30 21:43 - 2014-09-30 21:43 - 00000680 _____ () C:\Users\Jack\AppData\Local\d3d9caps.dat
2014-09-30 21:43 - 2014-09-30 21:43 - 00000000 ____D () C:\Users\Jack\AppData\Local\IsolatedStorage
2014-09-30 21:41 - 2014-09-30 21:41 - 00000000 ____D () C:\Users\Jack\AppData\Local\PriceFountain
2014-09-30 20:51 - 2014-10-07 10:40 - 00000000 ____D () C:\AdwCleaner
2014-09-29 21:18 - 2014-09-29 21:30 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-29 21:04 - 2014-09-29 21:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-29 20:42 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-29 20:42 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-29 20:42 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-29 20:42 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-29 20:42 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-29 20:42 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-29 20:39 - 2014-10-03 09:44 - 00000000 ____D () C:\Qoobox
2014-09-29 19:00 - 2014-10-02 23:38 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-25 14:24 - 2014-09-30 07:37 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-22 12:10 - 2014-09-22 12:10 - 00000000 ____D () C:\ProgramData\WEngineLite
2014-09-22 12:10 - 2014-09-22 12:10 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-09-18 12:38 - 2014-09-18 12:38 - 00123424 _____ (ESET) C:\Windows\system32\Drivers\epfwwfpr.sys
2014-09-12 10:21 - 2014-08-15 09:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 10:21 - 2014-08-15 09:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 10:21 - 2014-08-15 09:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 10:21 - 2014-08-15 09:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 10:21 - 2014-08-15 09:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 10:21 - 2014-08-15 09:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 10:21 - 2014-08-15 09:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 10:21 - 2014-08-15 09:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-12 10:21 - 2014-08-15 09:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 10:21 - 2014-08-15 09:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 10:21 - 2014-08-15 09:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 10:21 - 2014-08-15 09:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-12 10:21 - 2014-08-15 09:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 10:21 - 2014-08-15 09:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 10:21 - 2014-08-15 09:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 10:21 - 2014-08-15 09:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-12 10:21 - 2014-08-15 09:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 10:21 - 2014-08-15 09:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 10:21 - 2014-08-15 09:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 10:21 - 2014-08-15 09:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-12 10:21 - 2014-08-15 09:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-11 09:17 - 2012-04-10 09:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-11 09:17 - 2009-06-30 20:18 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-11 09:02 - 2014-02-07 17:57 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2014-10-11 08:30 - 2006-11-02 07:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-11 08:30 - 2006-11-02 07:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-10 17:02 - 2014-02-07 17:57 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2014-10-10 14:35 - 2012-07-28 11:25 - 00000000 ___RD () C:\Users\Jack\Dropbox
2014-10-10 14:34 - 2012-07-28 10:54 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Dropbox
2014-10-10 14:31 - 2011-12-02 21:43 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-10-10 14:30 - 2009-06-30 20:18 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-10 14:29 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-10 14:28 - 2006-11-02 08:01 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-10 12:42 - 2009-02-22 15:17 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-10-10 00:00 - 2008-03-25 20:29 - 00000000 ____D () C:\Users\Jack\AppData\Local\PokerStars
2014-10-09 11:21 - 2010-06-30 14:51 - 00000000 ____D () C:\ProgramData\Radialpoint
2014-10-09 11:14 - 2008-04-17 18:38 - 00000000 ____D () C:\Windows\Minidump
2014-10-08 17:17 - 2008-03-25 17:36 - 00000000 ____D () C:\Users\Jack
2014-10-08 00:18 - 2014-02-03 15:08 - 00001936 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-07 11:41 - 2014-02-03 18:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-06 11:55 - 2012-10-24 12:51 - 00009512 _____ () C:\Users\Jack\AppData\Roaming\wklnhst.dat
2014-10-03 22:00 - 2006-11-02 05:33 - 00759720 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-03 14:21 - 2012-04-09 12:37 - 00000000 ____D () C:\Users\Jack\AppData\Local\The Weather Channel
2014-10-03 14:21 - 2012-04-09 12:37 - 00000000 ____D () C:\Program Files\The Weather Channel FW
2014-10-03 12:37 - 2012-12-04 01:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-10-03 09:41 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
2014-10-02 23:40 - 2010-11-14 17:12 - 00000000 ____D () C:\Program Files\Common Files\Motive
2014-09-30 22:19 - 2006-11-02 05:22 - 64094208 _____ () C:\Windows\system32\config\software.bak
2014-09-30 22:19 - 2006-11-02 05:22 - 43761664 _____ () C:\Windows\system32\config\COMPON~3.bak
2014-09-30 22:19 - 2006-11-02 05:22 - 139198464 _____ () C:\Windows\system32\config\system.bak
2014-09-30 22:19 - 2006-11-02 05:22 - 05607424 _____ () C:\Windows\system32\config\default.bak
2014-09-30 22:19 - 2006-11-02 05:22 - 00094208 _____ () C:\Windows\system32\config\sam.bak
2014-09-30 22:19 - 2006-11-02 05:22 - 00024576 _____ () C:\Windows\system32\config\security.bak
2014-09-30 22:18 - 2010-07-19 00:28 - 00000000 ____D () C:\Windows\ERDNT
2014-09-29 23:12 - 2012-10-14 15:37 - 00000000 ____D () C:\Users\Jack\Documents\Personal
2014-09-29 23:05 - 2006-11-02 06:18 - 00000000 __RHD () C:\Users\Default
2014-09-29 23:05 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-09-29 21:54 - 2014-02-04 14:43 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-29 19:14 - 2012-10-14 00:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-28 17:02 - 2012-04-10 09:28 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-28 17:02 - 2011-08-14 00:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-22 12:12 - 2013-12-24 22:01 - 00000248 _____ () C:\Users\Jack\Install-VzInHomeAgentLog.log
2014-09-22 12:12 - 2013-08-26 00:09 - 00000943 _____ () C:\Users\Public\Desktop\Vz  In-Home Agent.lnk
2014-09-22 12:12 - 2008-03-25 19:25 - 00000000 ____D () C:\Program Files\Verizon
2014-09-22 12:10 - 2014-02-03 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
2014-09-22 12:10 - 2008-03-25 19:25 - 00000000 ____D () C:\ProgramData\Verizon
2014-09-22 12:09 - 2014-07-23 11:54 - 00000558 _____ () C:\Users\Jack\request.xml
2014-09-22 12:09 - 2014-07-23 11:54 - 00000491 _____ () C:\Users\Jack\response.xml
2014-09-22 12:09 - 2014-07-23 11:53 - 00000422 _____ () C:\Users\Jack\Install-VzDownloadManager.log
2014-09-22 01:41 - 2009-10-03 11:08 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 17:44 - 2012-07-28 11:25 - 00000961 _____ () C:\Users\Jack\Desktop\Dropbox.lnk
2014-09-21 17:44 - 2012-07-28 10:59 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-19 21:47 - 2013-03-18 17:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-12 23:34 - 2013-03-12 13:17 - 00000824 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-09-12 23:28 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-12 22:37 - 2009-06-12 16:25 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-09-12 10:10 - 2013-07-13 13:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 09:26 - 2006-11-02 05:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-11 14:09 - 2008-03-25 20:29 - 00000000 ____D () C:\Program Files\PokerStars
 
Files to move or delete:
====================
C:\Users\Jack\AspriseJTwain.dll
C:\Users\Jack\GoToAssist_chat2way__317_en.exe
C:\Users\Jack\MetricCollection.dll
C:\Users\Public\MyWebTattoo.exe
 
 
Some content of TEMP:
====================
C:\Users\Jack\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw4qscp.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-11 02:55
 
==================== End Of Log ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users