Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kaspersky Advanced Disinfection cannot delete file?


  • Please log in to reply
15 replies to this topic

#1 Sssamanthaa

Sssamanthaa

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 21 January 2015 - 11:56 PM

Hello! I found this forum on Google while trying to find an answer to my problems and let me say I'm about to pull my hair out. I ran a full scan yesterday and kaspersky found a virus I suppose so I followed the prompts and let the program do it's thing. Then it started getting frustrating.. Went into "advanced disinfection" mode which is a state where I cannot do anything on the computer outside of kaspersky and it scanned.. "Disinfected".. prompted restart.. Showed an error message.. I restarted and it continued in a 4 hour cycle. The error message I was getting at first was "iCloud.exe - Bad Image" after some googling and advice through kaspersky's online chat, I deleted iCloud and ran a disk cleanup. Then I ran kaspersky and it prompted me to disinfect for a file called "not-a-virus:Adware.Win32.AdPeak.ai" in the path "windows\temp\db24.exe". So I let it do its disinfection and restart and over the last two restarts.. Right before it turns off another bad image error message displays very quickly then it turns off and I go through the whole process again to no avail. Please someone help me :(

BC AdBot (Login to Remove)

 


m

#2 Sssamanthaa

Sssamanthaa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 22 January 2015 - 12:09 AM

On further inspection the file that gets the bad image error is "ApMsgFwd" which is related to my ALPS touchpad. Db24.exe is also a process that is running... And so is nuttkoqiez64.exe. A virus I'm assuming

#3 iangcarroll

iangcarroll

  • Malware Study Hall Senior
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:05:49 PM

Posted 25 January 2015 - 08:02 PM

Hi, let's try a few things. Based on that definition, this is probably adware. If any of the following do not work, make note and proceed on. 

  • Download and execute RKill.
  • Let it run. Copy and paste the displayed log into your next reply.

 

  • Download and execute Malwarebytes. Go through the installation process and open it.
  • Click "Fix Now" to update the database and then initiate a threat scan.
  • Once the scan has completed, quarantine all detected items.
  • Select "Show Detailed Log" and then "Copy to Clipboard". Paste it into your reply.

 

  • Download and execute AdwCleaner.
  • Select "Scan". It will compile a list of adware-infected files.
  • I suggest looking through the entires to ensure it is not deleting any programs you use.
  • Select "Clean". It will delete the listed entries and reboot.
  • Paste the log in your next reply.

 

  • Download and execute Junkware Removal Tool.
  • Press any key to start the scan. Your desktop may go blank while the scan completes.
  • Paste the log into your next reply.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#4 Sssamanthaa

Sssamanthaa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 26 January 2015 - 11:40 AM

 Hello! Thank you for your response.. I'm very surprised at my anti-viruses inability to do this job? Here are the requested logs:
 
RKill:
 
Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/25/2015 08:09:43 PM in x64 mode.
Windows Version: Windows 8.1 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\WINDOWS\system32\dashost.exe (PID: 6592) [WD-HEUR]
 * C:\WINDOWS\system32\SearchIndexer.exe (PID: 7988) [WD-HEUR]
 * C:\WINDOWS\system32\SearchProtocolHost.exe (PID: 5392) [WD-HEUR]
 * C:\WINDOWS\system32\SearchFilterHost.exe (PID: 8120) [WD-HEUR]
 * C:\WINDOWS\SysWOW64\srvany.exe (PID: 7960) [WD-HEUR]
 * C:\WINDOWS\KMService.exe (PID: 5480) [WD-HEUR]
 
6 proccesses terminated!
 
Possibly Patched Files.
 
 * C:\WINDOWS\system32\wininit.exe
 * C:\WINDOWS\system32\winlogon.exe
 * C:\WINDOWS\system32\dwm.exe
 * C:\WINDOWS\System32\spoolsv.exe
 * C:\WINDOWS\system32\conhost.exe
 * C:\WINDOWS\system32\conhost.exe
 * C:\WINDOWS\system32\conhost.exe
 * C:\WINDOWS\system32\conhost.exe
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * C:\WINDOWS\System32\browser.dll : 134,144 : 07/24/2014 04:21 AM : 041a999e4ff9a7cdbe67357751881fb8 [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.3.9600.16384_none_69a786c471f57be1\browser.dll : 3,593 : 09/20/2014 05:29 PM : f464f4c6e0b072091d13c8a4cf810dbb [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.3.9600.17238_none_69e17eda71c97202\browser.dll : 134,144 : 07/24/2014 04:21 AM : 041a999e4ff9a7cdbe67357751881fb8 [Pos Repl]
 
 * C:\WINDOWS\System32\conhost.exe : 356,864 : 07/24/2014 04:11 AM : ea10272605422080ee2fab142a75120d [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.3.9600.16384_none_651a275bd610cc27\conhost.exe : 39,929 : 04/24/2014 06:07 PM : 06635e26580223d648531518b970f7f5 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.3.9600.17031_none_654d199fd5eb1699\conhost.exe : 37,070 : 09/20/2014 05:29 PM : 606d04d5bbe8ed677bb3639432815bfb [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.3.9600.17238_none_65541f71d5e4c248\conhost.exe : 356,864 : 07/24/2014 04:11 AM : ea10272605422080ee2fab142a75120d [Pos Repl]
 
 * C:\WINDOWS\System32\cryptsvc.dll : 129,536 : 08/22/2013 05:01 AM : 0efe4b5884a8032617826a4d76f80969 [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.3.9600.16384_none_66bdf96f6ec6545d\cryptsvc.dll : 129,536 : 08/22/2013 05:01 AM : 0efe4b5884a8032617826a4d76f80969 [Pos Repl]
 
 * C:\WINDOWS\System32\dwm.exe : 109,568 : 02/22/2014 04:09 AM : 2e3340a90140e1f0965dad96c5b28a41 [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-d..ndowmanager-process_31bf3856ad364e35_6.3.9600.16384_none_24a5622a996ce4e5\dwm.exe : 17,594 : 04/24/2014 06:10 PM : edb1fb61d54245a53657f130082d7c56 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-d..ndowmanager-process_31bf3856ad364e35_6.3.9600.17031_none_24d8546e99472f57\dwm.exe : 109,568 : 02/22/2014 04:09 AM : 2e3340a90140e1f0965dad96c5b28a41 [Pos Repl]
 
 * C:\WINDOWS\System32\mshtml.dll : 25,059,840 : 11/21/2014 10:13 PM : d478a4cf07fb8adf72fb16b88e8030b8 [NoSig]
 +-> C:\WINDOWS\SysWOW64\mshtml.dll : 19,749,376 : 11/21/2014 09:22 PM : 220505b0b3e96c857dd01729af0cd369 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.16438_none_16f8482b052b12cb\mshtml.dll : 4,498,186 : 08/18/2014 12:29 AM : 81a14eadd39ce41954cc82da577c0f6b [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17031_none_172429390509ecc7\mshtml.dll : 3,315,923 : 04/24/2014 06:24 PM : c3e53e422ec5642d1e0aa3df6581f14c [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17037_none_1723a089050a868d\mshtml.dll : 4,398,284 : 09/20/2014 05:35 PM : 46cc7b47a8d8a45c7828d71b26347d0c [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17239_none_170dd321051af1b1\mshtml.dll : 4,066,746 : 09/20/2014 05:37 PM : 8d8da532695feeee90e592710f7e9790 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17278_none_1711eb1105173d6c\mshtml.dll : 3,928,125 : 11/02/2014 10:39 PM : 77f087768b9399423ce073a680c75707 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17351_none_1705ba0905207348\mshtml.dll : 5,657,454 : 11/16/2014 07:20 PM : ab68ad0d11af0d2293a46a95d4e18673 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17416_none_16f6770d052caa02\mshtml.dll : 3,844,241 : 01/12/2015 07:31 PM : 68de2886f122c21f73cafc925bb89ac0 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17498_none_16fe4bcd0525a7fc\mshtml.dll : 25,059,840 : 11/21/2014 10:13 PM : d478a4cf07fb8adf72fb16b88e8030b8 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.16438_none_214cf27d398bd4c6\mshtml.dll : 3,610,065 : 09/20/2014 08:44 PM : 2df202c598067e3992a201e961ab78d6 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17031_none_2178d38b396aaec2\mshtml.dll : 2,506,852 : 04/24/2014 09:40 PM : 95d82fcb5ab7da84e29162a3211b5d40 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17037_none_21784adb396b4888\mshtml.dll : 3,438,540 : 09/20/2014 08:46 PM : 4e943487b0c6ca6d05079bffa0eb92a2 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17239_none_21627d73397bb3ac\mshtml.dll : 3,142,637 : 09/20/2014 08:47 PM : f97868f13cc053013216f0fc59c4eb82 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17278_none_216695633977ff67\mshtml.dll : 3,105,554 : 11/02/2014 10:50 PM : 3302c695496063503f1995727485a99e [Pos Repl]
 +-> C:\WINDOWS\WinSxS\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17351_none_215a645b39813543\mshtml.dll : 4,648,506 : 11/16/2014 11:50 PM : 5d1eb6edf692faf4f8201797d25645dd [Pos Repl]
 +-> C:\WINDOWS\WinSxS\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17416_none_214b215f398d6bfd\mshtml.dll : 3,167,581 : 01/21/2015 10:23 PM : 8ffe5bde9fde42b70a1418b628b8dff9 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.9600.17498_none_2152f61f398669f7\mshtml.dll : 19,749,376 : 11/21/2014 09:22 PM : 220505b0b3e96c857dd01729af0cd369 [Pos Repl]
 
 * C:\WINDOWS\System32\msprivs.dll : 2,048 : 08/22/2013 06:44 AM : ff6ae8d9d0f0264656dc55c7f60c1ee5 [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-lsa-msprivs_31bf3856ad364e35_6.3.9600.16384_none_fcd7511d4f5ce0fb\msprivs.dll : 2,048 : 08/22/2013 06:44 AM : ff6ae8d9d0f0264656dc55c7f60c1ee5 [Pos Repl]
 
 * C:\WINDOWS\System32\mswsock.dll : 338,432 : 08/22/2013 05:05 AM : 896b307e803430f67ec772807f9cc023 [NoSig]
 +-> C:\WINDOWS\SysWOW64\mswsock.dll : 270,848 : 08/21/2013 09:55 PM : 5b4ff009d24f73f6fc6eb4870a789843 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.3.9600.16384_none_a911b7110142c502\mswsock.dll : 338,432 : 08/22/2013 05:05 AM : 896b307e803430f67ec772807f9cc023 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.3.9600.16384_none_4cf31b8d48e553cc\mswsock.dll : 270,848 : 08/21/2013 09:55 PM : 5b4ff009d24f73f6fc6eb4870a789843 [Pos Repl]
 
 * C:\WINDOWS\System32\netlogon.dll : 834,560 : 03/06/2014 02:02 AM : 2468c21e34c49e4735b4ba430d448e91 [NoSig]
 +-> C:\WINDOWS\SysWOW64\netlogon.dll : 688,640 : 03/06/2014 01:29 AM : 582918f96c2b7e1e3ae17d08db6dac41 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.16384_none_ee76174e0bf0eecb\netlogon.dll : 108,975 : 04/24/2014 06:41 PM : d817ed82c2a0e1ced9b396826f52f7cb [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.17041_none_ee9e39a60bd3552e\netlogon.dll : 834,560 : 03/06/2014 02:02 AM : 2468c21e34c49e4735b4ba430d448e91 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.16384_none_f8cac1a04051b0c6\netlogon.dll : 58,552 : 04/24/2014 10:24 PM : 35048c9600694c3bf01d644d1aae62be [Pos Repl]
 +-> C:\WINDOWS\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.17041_none_f8f2e3f840341729\netlogon.dll : 688,640 : 03/06/2014 01:29 AM : 582918f96c2b7e1e3ae17d08db6dac41 [Pos Repl]
 
 * C:\WINDOWS\System32\rpcss.dll : 753,664 : 02/22/2014 04:38 AM : 81979817943d830bf24571b7c1b28a1a [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.3.9600.16384_none_5a893c0711d704b0\rpcss.dll : 172,806 : 04/24/2014 06:06 PM : 2d13bab0b28a50346143b983d1eaa0bc [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.3.9600.17031_none_5abc2e4b11b14f22\rpcss.dll : 753,664 : 02/22/2014 04:38 AM : 81979817943d830bf24571b7c1b28a1a [Pos Repl]
 
 * C:\WINDOWS\System32\schannel.dll : 426,496 : 09/26/2014 10:38 PM : f0ce4a653eeba09509eaf93ae2226fa9 [NoSig]
 +-> C:\WINDOWS\SysWOW64\schannel.dll : 357,376 : 09/26/2014 10:17 PM : bc426a818b7f3db5f509bc1b62ff1501 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.3.9600.16384_none_12d4ab192939dd35\schannel.dll : 81,481 : 04/24/2014 06:41 PM : 83482dabf56e3640189db6c9c03808c3 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.3.9600.17031_none_13079d5d291427a7\schannel.dll : 12,925 : 09/20/2014 05:44 PM : b25a9114084c71e4aea72c9bb2e00783 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.3.9600.17193_none_12c8c04f2942ff22\schannel.dll : 118,035 : 11/16/2014 07:25 PM : 838aa90dc03ee67ae0d3a84f489a9044 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.3.9600.17335_none_130ba43729108478\schannel.dll : 103,547 : 11/16/2014 07:25 PM : 08920cb57950ba6786ad933b996763cd [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.3.9600.17385_none_12d5949b2939102d\schannel.dll : 426,496 : 09/26/2014 10:38 PM : f0ce4a653eeba09509eaf93ae2226fa9 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.3.9600.16384_none_1d29556b5d9a9f30\schannel.dll : 58,635 : 04/24/2014 10:24 PM : f0a03568dfac5f6d7096063f1d02c2a4 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.3.9600.17031_none_1d5c47af5d74e9a2\schannel.dll : 21,410 : 09/20/2014 08:51 PM : fcc50223c304c7309c0ab8aa1cb9d8c1 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.3.9600.17193_none_1d1d6aa15da3c11d\schannel.dll : 100,943 : 11/16/2014 11:52 PM : 9257dc0bfb6ef6b29909f9e86489eb33 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.3.9600.17335_none_1d604e895d714673\schannel.dll : 96,415 : 11/16/2014 11:52 PM : 42c6a11f1657fc576721ec57fb71998d [Pos Repl]
 +-> C:\WINDOWS\WinSxS\wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.3.9600.17385_none_1d2a3eed5d99d228\schannel.dll : 357,376 : 09/26/2014 10:17 PM : bc426a818b7f3db5f509bc1b62ff1501 [Pos Repl]
 
 * C:\WINDOWS\System32\schedsvc.dll : 1,212,928 : 08/01/2014 07:18 PM : d3ae5db16eaf913860ec28654ce00e6b [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.3.9600.16384_none_1fbf7e9c6af97f2c\schedsvc.dll : 165,905 : 03/20/2014 06:19 PM : 1031ffdf107264c0e036f79a3b0ccffe [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.3.9600.16502_none_201401346aba6744\schedsvc.dll : 178,820 : 09/20/2014 07:01 PM : c8a487256fbb9a0d28ce49dfeaf3756e [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.3.9600.17276_none_1fcc366e6aefb263\schedsvc.dll : 1,212,928 : 08/01/2014 07:18 PM : d3ae5db16eaf913860ec28654ce00e6b [Pos Repl]
 
 * C:\WINDOWS\System32\spoolsv.exe : 795,136 : 07/24/2014 03:18 AM : 42fea9e0ba9761d9e65a4f167d91515b [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.3.9600.16384_none_c70a032c957fcb8a\spoolsv.exe : 99,497 : 09/20/2014 05:42 PM : 8ca60826dc34eb3177c1f84d7a05d6c4 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.3.9600.17238_none_c743fb429553c1ab\spoolsv.exe : 795,136 : 07/24/2014 03:18 AM : 42fea9e0ba9761d9e65a4f167d91515b [Pos Repl]
 
 * C:\WINDOWS\System32\taskeng.exe : 469,504 : 02/22/2014 03:43 AM : 183360914efc9d25e2a13d335d5e9eb8 [NoSig]
 +-> C:\WINDOWS\SysWOW64\taskeng.exe : 356,352 : 02/22/2014 03:39 AM : 1647317f3d6e812658d6bc10bcc3fe09 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.3.9600.16384_none_d66aad3992d173cb\taskeng.exe : 42,786 : 04/24/2014 07:31 PM : be4499fd132c1bf191455edd220dafb4 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.3.9600.17031_none_d69d9f7d92abbe3d\taskeng.exe : 469,504 : 02/22/2014 03:43 AM : 183360914efc9d25e2a13d335d5e9eb8 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.3.9600.16384_none_7a4c11b5da740295\taskeng.exe : 36,379 : 04/26/2014 07:38 PM : 5eca70a0a6fd0cf18a98cec96fd5781c [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.3.9600.17031_none_7a7f03f9da4e4d07\taskeng.exe : 356,352 : 02/22/2014 03:39 AM : 1647317f3d6e812658d6bc10bcc3fe09 [Pos Repl]
 
 * C:\WINDOWS\System32\termsrv.dll : 1,018,880 : 04/13/2014 10:29 PM : 3d748e5558fd9a9f03182cb2330698dc [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.3.9600.16389_none_7f62a34528369c89\termsrv.dll : 160,809 : 07/19/2014 06:05 PM : ad8954261eed4ab66f8cfb0cac218143 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.3.9600.17095_none_7f53b5b72842754a\termsrv.dll : 1,018,880 : 04/13/2014 10:29 PM : 3d748e5558fd9a9f03182cb2330698dc [Pos Repl]
 
 * C:\WINDOWS\System32\userinit.exe : 25,088 : 08/22/2013 05:03 AM : 08c191b2917862be90c33e31cb6b6d79 [NoSig]
 +-> C:\WINDOWS\SysWOW64\userinit.exe : 21,504 : 08/21/2013 09:54 PM : 41636f77ad6d9a396ea34e4786b96f2b [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_cce71a20a5a6fe7f\userinit.exe : 25,088 : 08/22/2013 05:03 AM : 08c191b2917862be90c33e31cb6b6d79 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_70c87e9ced498d49\userinit.exe : 21,504 : 08/21/2013 09:54 PM : 41636f77ad6d9a396ea34e4786b96f2b [Pos Repl]
 
 * C:\WINDOWS\System32\UxTheme.dll : 1,163,264 : 02/22/2014 07:22 AM : 561a97e82fa0645cb786c19b8d442c31 [NoSig]
 +-> C:\WINDOWS\SysWOW64\uxtheme.dll : 876,544 : 02/22/2014 03:53 AM : 2716eec7a0b6016f11b0a0f8b423dbbe [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.3.9600.16384_none_96a2fadeda86a186\uxtheme.dll : 158,251 : 04/24/2014 07:42 PM : d245d4d98f247694672e0f92316ce6ac [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.3.9600.17031_none_96d5ed22da60ebf8\uxtheme.dll : 1,163,264 : 02/22/2014 07:22 AM : 561a97e82fa0645cb786c19b8d442c31 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.3.9600.16384_none_a0f7a5310ee76381\uxtheme.dll : 83,939 : 04/25/2014 04:12 PM : 1d1da0b82fadc5d8dc55c22bb23bcb2e [Pos Repl]
 +-> C:\WINDOWS\WinSxS\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.3.9600.17031_none_a12a97750ec1adf3\uxtheme.dll : 876,544 : 02/22/2014 03:53 AM : 2716eec7a0b6016f11b0a0f8b423dbbe [Pos Repl]
 
 * C:\WINDOWS\System32\wininet.dll : 2,358,272 : 11/21/2014 08:28 PM : 4af089160fe082e5ea5c4aa72782dca2 [NoSig]
 +-> C:\WINDOWS\SysWOW64\wininet.dll : 1,888,256 : 11/21/2014 08:00 PM : 5e4e0e43e0a5bf9f089696dfa7a3d677 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.16438_none_059e290c84d4a995\wininet.dll : 471,662 : 09/20/2014 05:33 PM : 708ae2360f04b87657d0148a3bd2f51c [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17031_none_05ca0a1a84b38391\wininet.dll : 307,122 : 08/18/2014 12:21 AM : 0218fed60d4efcafcbb63785bf6b4037 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17239_none_05b3b40284c4887b\wininet.dll : 412,638 : 09/20/2014 05:33 PM : f3fb5e78787a6fda806e520f5971f682 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17278_none_05b7cbf284c0d436\wininet.dll : 315,272 : 11/02/2014 10:38 PM : 90bebdbafbbdac3af477e2358f8ba9f5 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17351_none_05ab9aea84ca0a12\wininet.dll : 499,415 : 11/16/2014 07:19 PM : 78a79794f4d389c45ffcdc55ae89de58 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17416_none_059c57ee84d640cc\wininet.dll : 333,928 : 01/12/2015 07:27 PM : bdb363574a2f060164762acbaec5b613 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17498_none_05a42cae84cf3ec6\wininet.dll : 2,358,272 : 11/21/2014 08:28 PM : 4af089160fe082e5ea5c4aa72782dca2 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.16438_none_a97f8d88cc77385f\wininet.dll : 331,603 : 04/25/2014 04:21 PM : e1f2cd824568d4b828a6e321a34822a6 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17031_none_a9ab6e96cc56125b\wininet.dll : 229,501 : 08/18/2014 01:02 PM : cc12664dbd7ca68c750082a9368cd5f6 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17239_none_a995187ecc671745\wininet.dll : 291,660 : 09/20/2014 09:02 PM : e95d91a9caa671059f4b3ca92ea103db [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17278_none_a999306ecc636300\wininet.dll : 235,179 : 11/02/2014 10:55 PM : 6096501d1f4f82bea0c4d5683106b3f2 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17351_none_a98cff66cc6c98dc\wininet.dll : 430,337 : 11/16/2014 11:55 PM : 8e40aafefdb9027ac0f38885ec30feff [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17416_none_a97dbc6acc78cf96\wininet.dll : 253,886 : 01/21/2015 10:27 PM : b2dc3cb5b3faeb2c012bf1b22dbefc6c [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17498_none_a985912acc71cd90\wininet.dll : 1,888,256 : 11/21/2014 08:00 PM : 5e4e0e43e0a5bf9f089696dfa7a3d677 [Pos Repl]
 
 * C:\WINDOWS\System32\wininit.exe : 144,384 : 08/22/2013 04:58 AM : 48cfa7be561a7be144c29bb912055016 [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.3.9600.16384_none_21b118d9d847ad16\wininit.exe : 144,384 : 08/22/2013 04:58 AM : 48cfa7be561a7be144c29bb912055016 [Pos Repl]
 
 * C:\WINDOWS\System32\winlogon.exe : 562,176 : 02/22/2014 04:45 AM : 306eb21e5b480ae9065ea55ac8c35936 [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.16384_none_60816121a8e88269\winlogon.exe : 89,459 : 04/24/2014 07:52 PM : e40dc8df924e02f04f3620dbac1ace31 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.17031_none_60b45365a8c2ccdb\winlogon.exe : 562,176 : 02/22/2014 04:45 AM : 306eb21e5b480ae9065ea55ac8c35936 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\afd.sys : 563,200 : 05/29/2014 10:03 PM : 374e27295f0a9dcaa8fc96370f9beea5 [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.3.9600.16384_none_c8a6a29d326425c4\afd.sys : 74,194 : 06/22/2014 12:47 AM : 45c75b303e61c25299982ade438f01ee [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.3.9600.17088_none_c8aa874b3260ad4c\afd.sys : 907 : 07/19/2014 06:18 PM : bf19ce0fbc4a4ba6b3281936ac71f31f [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.3.9600.17194_none_c89bb81d326c6108\afd.sys : 563,200 : 05/29/2014 10:03 PM : 374e27295f0a9dcaa8fc96370f9beea5 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\bridge.sys : 115,712 : 07/24/2014 06:41 AM : e0927efa25d473367c3341b9f5969779 [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_6.3.9600.16384_none_f8a850e5da0c9f9b\bridge.sys : 4,712 : 09/20/2014 05:41 PM : f18e805b773429f34c6a654ccbfb27a0 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_6.3.9600.17238_none_f8e248fbd9e095bc\bridge.sys : 12 : 11/02/2014 10:41 PM : 6a0d431d31fd7a741095d524ecdaeae3 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_6.3.9600.17278_none_f8b7094bda010580\bridge.sys : 115,712 : 07/24/2014 06:41 AM : e0927efa25d473367c3341b9f5969779 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\bthport.sys : 1,200,640 : 07/24/2014 06:42 AM : 97b9076611291ae4c4c107bc915bd026 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\bth.inf_amd64_cb8283874d195e42\bthport.sys : 1,200,640 : 07/24/2014 06:42 AM : 97b9076611291ae4c4c107bc915bd026 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_bth.inf_31bf3856ad364e35_6.3.9600.16421_none_634104d68f5a4785\bthport.sys : 55,761 : 06/22/2014 12:22 AM : 73f1160cb99db1524dff4fd579cce541 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_bth.inf_31bf3856ad364e35_6.3.9600.16523_none_634307508f58775a\bthport.sys : 54,852 : 06/22/2014 12:23 AM : a75118015d0de914a3b1f88ab0394840 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_bth.inf_31bf3856ad364e35_6.3.9600.17093_none_62f737968f9162cf\bthport.sys : 59,289 : 09/20/2014 05:28 PM : 425331994a485647a28e487d52aa0735 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_bth.inf_31bf3856ad364e35_6.3.9600.17238_none_633d1c5c8f5c342a\bthport.sys : 12 : 11/02/2014 10:37 PM : 6a0d431d31fd7a741095d524ecdaeae3 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_bth.inf_31bf3856ad364e35_6.3.9600.17278_none_6311dcac8f7ca3ee\bthport.sys : 1,200,640 : 07/24/2014 06:42 AM : 97b9076611291ae4c4c107bc915bd026 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\cdrom.sys : 164,352 : 08/22/2013 03:46 AM : c6796ea22b513e3457514d92dcdb1a3d [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\cdrom.inf_amd64_42e9c29f0affc440\cdrom.sys : 164,352 : 08/22/2013 03:46 AM : c6796ea22b513e3457514d92dcdb1a3d [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_cdrom.inf_31bf3856ad364e35_6.3.9600.16384_none_5067bbed77be70be\cdrom.sys : 164,352 : 08/22/2013 03:46 AM : c6796ea22b513e3457514d92dcdb1a3d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\CmBatt.sys : 25,472 : 08/22/2013 06:39 AM : ef6ef85dadc3184a10d8f2f7159973cb [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\cmbatt.inf_amd64_8084a24b78e6b0ac\CmBatt.sys : 25,472 : 08/22/2013 06:39 AM : ef6ef85dadc3184a10d8f2f7159973cb [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_cmbatt.inf_31bf3856ad364e35_6.3.9600.16384_none_562a9f10cf0268e6\CmBatt.sys : 25,472 : 08/22/2013 06:39 AM : ef6ef85dadc3184a10d8f2f7159973cb [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\fdc.sys : 30,720 : 08/22/2013 06:40 AM : 5d8402613e778b3bd45e687a8372710b [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\fdc.inf_amd64_30aaa9c3455cc9e3\fdc.sys : 30,720 : 08/22/2013 06:40 AM : 5d8402613e778b3bd45e687a8372710b [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_fdc.inf_31bf3856ad364e35_6.3.9600.16384_none_f2501378b45eecea\fdc.sys : 30,720 : 08/22/2013 06:40 AM : 5d8402613e778b3bd45e687a8372710b [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\flpydisk.sys : 25,088 : 08/22/2013 06:40 AM : be743083cf7063c486a4398e3aefe59a [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\flpydisk.inf_amd64_07f27cf0dbb1f69a\flpydisk.sys : 25,088 : 08/22/2013 06:40 AM : be743083cf7063c486a4398e3aefe59a [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_flpydisk.inf_31bf3856ad364e35_6.3.9600.16384_none_d7c870384e72c5b7\flpydisk.sys : 25,088 : 08/22/2013 06:40 AM : be743083cf7063c486a4398e3aefe59a [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\hidclass.sys : 111,616 : 03/06/2014 04:24 AM : abb7341766902f5aab45e15f34d19e15 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\input.inf_amd64_701a85ae9c05bd46\hidclass.sys : 111,616 : 03/06/2014 04:24 AM : abb7341766902f5aab45e15f34d19e15 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_input.inf_31bf3856ad364e35_6.3.9600.16384_none_112df9d1f414b64f\hidclass.sys : 8,365 : 04/24/2014 05:55 PM : ebec6b9c6a94b247c0ea49df613ffe87 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_input.inf_31bf3856ad364e35_6.3.9600.17041_none_11561c29f3f71cb2\hidclass.sys : 111,616 : 03/06/2014 04:24 AM : abb7341766902f5aab45e15f34d19e15 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\hidparse.sys : 32,512 : 08/22/2013 06:40 AM : 7ffb24b4a54b1acd46cf6899d879cc9f [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\input.inf_amd64_701a85ae9c05bd46\hidparse.sys : 32,512 : 08/22/2013 06:40 AM : 7ffb24b4a54b1acd46cf6899d879cc9f [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_input.inf_31bf3856ad364e35_6.3.9600.16384_none_112df9d1f414b64f\hidparse.sys : 12 : 04/24/2014 05:55 PM : 4ef2f979fbd9cebf51229944c3032567 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_input.inf_31bf3856ad364e35_6.3.9600.17041_none_11561c29f3f71cb2\hidparse.sys : 32,512 : 08/22/2013 06:40 AM : 7ffb24b4a54b1acd46cf6899d879cc9f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\hidusb.sys : 33,280 : 03/06/2014 04:24 AM : 8db8eab9d0c6a5df0bdcadea239220b4 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\input.inf_amd64_701a85ae9c05bd46\hidusb.sys : 33,280 : 03/06/2014 04:24 AM : 8db8eab9d0c6a5df0bdcadea239220b4 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_input.inf_31bf3856ad364e35_6.3.9600.16384_none_112df9d1f414b64f\hidusb.sys : 6,264 : 04/24/2014 05:55 PM : daef137a6e46aca211c07508f3da9666 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_input.inf_31bf3856ad364e35_6.3.9600.17041_none_11561c29f3f71cb2\hidusb.sys : 33,280 : 03/06/2014 04:24 AM : 8db8eab9d0c6a5df0bdcadea239220b4 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\i8042prt.sys : 107,520 : 08/22/2013 06:39 AM : 84cfc5efa97d0c965ede1d56f116a541 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\keyboard.inf_amd64_57d0e7cd01925293\i8042prt.sys : 107,520 : 08/22/2013 06:39 AM : 84cfc5efa97d0c965ede1d56f116a541 [Pos Repl]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\msmouse.inf_amd64_df78ac5eb9b0d374\i8042prt.sys : 107,520 : 08/22/2013 06:39 AM : 84cfc5efa97d0c965ede1d56f116a541 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_keyboard.inf_31bf3856ad364e35_6.3.9600.16384_none_880ccde3aceff2f2\i8042prt.sys : 107,520 : 08/22/2013 06:39 AM : 84cfc5efa97d0c965ede1d56f116a541 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_msmouse.inf_31bf3856ad364e35_6.3.9600.16384_none_3ef26b87a65239c6\i8042prt.sys : 107,520 : 08/22/2013 06:39 AM : 84cfc5efa97d0c965ede1d56f116a541 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\intelppm.sys : 98,816 : 08/22/2013 03:46 AM : 47e74a8e53c7c24dce38311e1451c1d9 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\cpu.inf_amd64_816b3548dde5c146\intelppm.sys : 98,816 : 08/22/2013 03:46 AM : 47e74a8e53c7c24dce38311e1451c1d9 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_cpu.inf_31bf3856ad364e35_6.3.9600.16384_none_4e08baa9c3582627\intelppm.sys : 98,816 : 08/22/2013 03:46 AM : 47e74a8e53c7c24dce38311e1451c1d9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ipnat.sys : 142,848 : 11/27/2013 07:02 AM : b7342b3c58e91107f6e946a93d9d4efd [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-ipnat_31bf3856ad364e35_6.3.9600.16404_none_4c2cf8e94f12003b\ipnat.sys : 5,077 : 03/02/2014 07:18 PM : 4907572ddd26659df2127e720e73127d [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-ipnat_31bf3856ad364e35_6.3.9600.16477_none_4be44a534f480fd7\ipnat.sys : 142,848 : 11/27/2013 07:02 AM : b7342b3c58e91107f6e946a93d9d4efd [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ks.sys : 295,424 : 07/04/2014 07:59 AM : 1dd05f4857c2188744b9e864658949dd [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.3.9600.16395_none_483552c069e25709\ks.sys : 45,548 : 04/24/2014 06:27 PM : fea8b12c915362d14c04689c587d0110 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.3.9600.17031_none_487214a669b56c33\ks.sys : 34,457 : 11/02/2014 10:40 PM : 4fd32fa435eb2eefb5991af2f58153d9 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.3.9600.17227_none_4882ea1a69a7e29a\ks.sys : 295,424 : 07/04/2014 07:59 AM : 1dd05f4857c2188744b9e864658949dd [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mouhid.sys : 30,208 : 08/22/2013 06:39 AM : 02d98bf804084e9a0d69d1c69b02cca9 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\msmouse.inf_amd64_df78ac5eb9b0d374\mouhid.sys : 30,208 : 08/22/2013 06:39 AM : 02d98bf804084e9a0d69d1c69b02cca9 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_msmouse.inf_31bf3856ad364e35_6.3.9600.16384_none_3ef26b87a65239c6\mouhid.sys : 30,208 : 08/22/2013 06:39 AM : 02d98bf804084e9a0d69d1c69b02cca9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mrxdav.sys : 140,800 : 12/19/2014 01:26 AM : db32958f0e704efbf7f15161a569e39f [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.3.9600.16384_none_0569454299b2ab0e\mrxdav.sys : 6,437 : 04/24/2014 07:51 PM : fd65e388f8453911a0502706a738d155 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.3.9600.17041_none_0591679a99951171\mrxdav.sys : 17,626 : 01/21/2015 10:19 PM : 686ce1019da64aa5c40b6cd7e7b2b5fe [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.3.9600.17560_none_057ad0f699a621bf\mrxdav.sys : 140,800 : 12/19/2014 01:26 AM : db32958f0e704efbf7f15161a569e39f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mrxsmb.sys : 402,432 : 04/30/2014 01:41 AM : 7a1a3f213cdb3363d179d5014272025d [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.3.9600.16408_none_70aa4fae24cff892\mrxsmb.sys : 34,143 : 03/02/2014 07:28 PM : bcf04cd193ba6e0097c125f03b22b9a6 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.3.9600.16474_none_705a9f12250c56cd\mrxsmb.sys : 61,632 : 04/24/2014 06:45 PM : 3bd00d23c841ef102f9612a4f57a32e4 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.3.9600.17016_none_709d60ce24da06da\mrxsmb.sys : 214 : 04/24/2014 06:45 PM : 1b93e540f257e23aae53d2d53d439a2b [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.3.9600.17041_none_7077ef9824f6dbfa\mrxsmb.sys : 27,514 : 06/22/2014 12:41 AM : 402a8413b626875c9e199e9674778b7c [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.3.9600.17088_none_7053b1ee2510fd1f\mrxsmb.sys : 28,926 : 08/18/2014 12:39 AM : af4882510c3d1ef3025276dd908ed2b4 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.3.9600.17111_none_7098614224de854e\mrxsmb.sys : 402,432 : 04/30/2014 01:41 AM : 7a1a3f213cdb3363d179d5014272025d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ndisuio.sys : 60,416 : 08/22/2013 06:37 AM : b832b35055ba2b7b4181861ff94d8e59 [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-ndisuio_31bf3856ad364e35_6.3.9600.16384_none_5caf67cebad52455\ndisuio.sys : 60,416 : 08/22/2013 06:37 AM : b832b35055ba2b7b4181861ff94d8e59 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\parport.sys : 94,208 : 08/22/2013 06:40 AM : 764b1121867b2d9b31c491668ac72b2b [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\msports.inf_amd64_1be60ad3a61e5531\parport.sys : 94,208 : 08/22/2013 06:40 AM : 764b1121867b2d9b31c491668ac72b2b [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_msports.inf_31bf3856ad364e35_6.3.9600.16384_none_e95610bc8c554aa7\parport.sys : 94,208 : 08/22/2013 06:40 AM : 764b1121867b2d9b31c491668ac72b2b [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\portcls.sys : 272,896 : 02/22/2014 07:11 AM : 8685379b82ac81187813225905531d1e [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_fbf94909f1ca7601\portcls.sys : 272,896 : 02/22/2014 07:11 AM : 8685379b82ac81187813225905531d1e [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_wdmaudio.inf_31bf3856ad364e35_6.3.9600.16405_none_517d3aadeddae62b\portcls.sys : 33,281 : 04/24/2014 08:06 PM : 31cb71951eca5eaf501a38dff4b72c90 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_wdmaudio.inf_31bf3856ad364e35_6.3.9600.17031_none_5158ab61edf6f9a7\portcls.sys : 272,896 : 02/22/2014 07:11 AM : 8685379b82ac81187813225905531d1e [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\processr.sys : 92,160 : 08/22/2013 03:46 AM : ecd373f9571c745894367cc2635ea44f [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\cpu.inf_amd64_816b3548dde5c146\processr.sys : 92,160 : 08/22/2013 03:46 AM : ecd373f9571c745894367cc2635ea44f [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_cpu.inf_31bf3856ad364e35_6.3.9600.16384_none_4e08baa9c3582627\processr.sys : 92,160 : 08/22/2013 03:46 AM : ecd373f9571c745894367cc2635ea44f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rdbss.sys : 408,576 : 12/17/2013 02:21 AM : a1a5e79c0d1352afdc08328a623da051 [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-rdbss_31bf3856ad364e35_6.3.9600.16384_none_4a9337d735607608\rdbss.sys : 11,993 : 03/20/2014 06:15 PM : 98dc8f1c3494d56163bc87d4f431fcba [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-rdbss_31bf3856ad364e35_6.3.9600.16493_none_4a876987356975c9\rdbss.sys : 408,576 : 12/17/2013 02:21 AM : a1a5e79c0d1352afdc08328a623da051 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rdpdr.sys : 195,584 : 11/14/2013 02:16 AM : 680c1dae268b6fb67fa21b389a8b79ef [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-terminalservices-rdpdr_31bf3856ad364e35_6.3.9600.16384_none_f1f86fb91cfe4a57\rdpdr.sys : 195,584 : 11/14/2013 02:16 AM : 680c1dae268b6fb67fa21b389a8b79ef [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\serenum.sys : 23,040 : 08/22/2013 06:40 AM : 3cd600c089c1251beeb4cd4cd5164f9e [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\msports.inf_amd64_1be60ad3a61e5531\serenum.sys : 23,040 : 08/22/2013 06:40 AM : 3cd600c089c1251beeb4cd4cd5164f9e [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_msports.inf_31bf3856ad364e35_6.3.9600.16384_none_e95610bc8c554aa7\serenum.sys : 23,040 : 08/22/2013 06:40 AM : 3cd600c089c1251beeb4cd4cd5164f9e [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\serial.sys : 83,456 : 08/22/2013 06:40 AM : d864381bc9c725fab01d94c060660166 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\msports.inf_amd64_1be60ad3a61e5531\serial.sys : 83,456 : 08/22/2013 06:40 AM : d864381bc9c725fab01d94c060660166 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_msports.inf_31bf3856ad364e35_6.3.9600.16384_none_e95610bc8c554aa7\serial.sys : 83,456 : 08/22/2013 06:40 AM : d864381bc9c725fab01d94c060660166 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sfloppy.sys : 17,408 : 08/22/2013 06:40 AM : 472b7a5ac181c050888db454663dd764 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\flpydisk.inf_amd64_07f27cf0dbb1f69a\sfloppy.sys : 17,408 : 08/22/2013 06:40 AM : 472b7a5ac181c050888db454663dd764 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_flpydisk.inf_31bf3856ad364e35_6.3.9600.16384_none_d7c870384e72c5b7\sfloppy.sys : 17,408 : 08/22/2013 06:40 AM : 472b7a5ac181c050888db454663dd764 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\srv.sys : 412,160 : 07/24/2014 06:43 AM : 6416e79a58a8fcc33a447a4dddd3bf04 [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.3.9600.16421_none_caf3a9f5ca3ca7c5\srv.sys : 124,003 : 09/20/2014 05:45 PM : 4e33c2a8c5540fb39b7e921e384e4b7f [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.3.9600.17238_none_caefc17bca3e946a\srv.sys : 412,160 : 07/24/2014 06:43 AM : 6416e79a58a8fcc33a447a4dddd3bf04 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbuhci.sys : 37,376 : 05/31/2014 01:30 AM : 064260b3a5868ac894a4943543bc7ab7 [NoSig]
 +-> C:\WINDOWS\System32\DriverStore\FileRepository\usbport.inf_amd64_3f56d051255458c6\usbuhci.sys : 37,376 : 05/31/2014 01:30 AM : 064260b3a5868ac894a4943543bc7ab7 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_usbport.inf_31bf3856ad364e35_6.3.9600.16384_none_ae80bf7dd784a7ca\usbuhci.sys : 7,599 : 08/18/2014 12:50 AM : 85e042018f94c2039492dfc2e2d147fa [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_usbport.inf_31bf3856ad364e35_6.3.9600.17116_none_aece54f1d74a3634\usbuhci.sys : 182 : 08/18/2014 12:50 AM : c8260a950484895acda4dbba30e70468 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_usbport.inf_31bf3856ad364e35_6.3.9600.17195_none_ae76d547d78bfc65\usbuhci.sys : 12 : 09/20/2014 07:08 PM : ac26f500db64617f336315bb5a0fdbe1 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_usbport.inf_31bf3856ad364e35_6.3.9600.17238_none_aebab793d7589deb\usbuhci.sys : 37,376 : 05/31/2014 01:30 AM : 064260b3a5868ac894a4943543bc7ab7 [Pos Repl]
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 01/25/2015 08:24:08 PM
Execution time: 0 hours(s), 14 minute(s), and 25 seconds(s)
 
 
Malware Bytes:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2015-01-26
Scan Time: 12:42:56 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.26.04
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: samantha
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 391888
Time Elapsed: 54 min, 48 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
RiskWare.Tool.CK, C:\Windows\KMService.exe, 6408, Delete-on-Reboot, [14e8c239becb2c0a16d7065882801de3]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 10
PUP.Optional.CompatibilityVerifier.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Verifies and fixes application compatibility issues, Quarantined, [f903b14a8bfef24413135a22fd0659a7], 
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\LevelQualityWatcher, Quarantined, [3cc067947a0f1125cb17fba20df625db], 
PUP.Optional.SupraSavings, HKLM\SOFTWARE\suprasavings, Quarantined, [02fae7146920ed494342f1a6e61d03fd], 
PUP.Optional.SupraSavings, HKLM\SOFTWARE\WOW6432NODE\SupraSavings, Quarantined, [22dac03b0485c2747e073f589172d22e], 
PUP.Optional.AdPeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\nuttkoqiez64, Quarantined, [0def2bd09aef76c046f09a14758ec040], 
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1569493587-2057853311-4053961254-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [68940af197f2d95dfc55e3f550b4639d], 
PUP.Optional.RRSavings.A, HKU\S-1-5-21-1569493587-2057853311-4053961254-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Rr Savings, Quarantined, [6597b942c5c4ed498fe40da1a55e2fd1], 
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-1569493587-2057853311-4053961254-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, Quarantined, [ca3243b87415b3836ae5c6ecea19748c], 
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-1569493587-2057853311-4053961254-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, Quarantined, [f40806f546439b9b57f3325b3cc73dc3], 
PUP.Optional.HDVidCodec.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\1ClickDownload, Quarantined, [8f6d9d5e177257dfbea02220bd46ca36], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 8
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier, Quarantined, [e9130dee6227f04646e0d0ac09faa65a], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\locales, Quarantined, [e9130dee6227f04646e0d0ac09faa65a], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\samantha\AppData\Roaming\Compatibility Verifier, Quarantined, [f903b14a8bfef24413135a22fd0659a7], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\samantha\AppData\Roaming\Compatibility Verifier\locales, Quarantined, [f903b14a8bfef24413135a22fd0659a7], 
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com, Quarantined, [8f6d9d5e177257dfbea02220bd46ca36], 
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo, Quarantined, [64989566b7d2171faf4e82c3bf44b050], 
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo\0.1_0, Quarantined, [64989566b7d2171faf4e82c3bf44b050], 
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo\0.1_0\_metadata, Quarantined, [64989566b7d2171faf4e82c3bf44b050], 
 
Files: 50
RiskWare.Tool.CK, C:\Windows\KMService.exe, Delete-on-Reboot, [14e8c239becb2c0a16d7065882801de3], 
PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, Quarantined, [f3092ccf474237ff489285b85fa103fd], 
Riskware.Crk, C:\Users\samantha\Downloads\Office 2010 Activator.zip, Quarantined, [42baa85390f92d092c746e8fad5351af], 
PUP.Optional.OutBrowse, C:\Users\samantha\Downloads\Installation (1).exe, Quarantined, [49b3d12a8ffa67cf04c043abfc0511ef], 
PUP.Optional.OutBrowse, C:\Users\samantha\Downloads\Installation (2).exe, Quarantined, [5ba167946722f046d7ed618d8879fb05], 
PUP.Optional.OutBrowse, C:\Users\samantha\Downloads\Installation.exe, Quarantined, [a75534c7fc8db6808a3acd21ea176b95], 
PUP.Optional.YourFileDownloader, C:\Users\samantha\Downloads\sims_3_steam_it_up_sauna_downloader.exe, Quarantined, [c43823d87a0fd165e59bb9650df335cb], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef.pak, Quarantined, [e9130dee6227f04646e0d0ac09faa65a], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, Quarantined, [e9130dee6227f04646e0d0ac09faa65a], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, Quarantined, [e9130dee6227f04646e0d0ac09faa65a], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, Quarantined, [e9130dee6227f04646e0d0ac09faa65a], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, Quarantined, [e9130dee6227f04646e0d0ac09faa65a], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Quarantined, [e9130dee6227f04646e0d0ac09faa65a], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\debug.log, Quarantined, [e9130dee6227f04646e0d0ac09faa65a], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Quarantined, [e9130dee6227f04646e0d0ac09faa65a], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\icudtl.dat, Quarantined, [e9130dee6227f04646e0d0ac09faa65a], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Quarantined, [e9130dee6227f04646e0d0ac09faa65a], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Quarantined, [e9130dee6227f04646e0d0ac09faa65a], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Quarantined, [e9130dee6227f04646e0d0ac09faa65a], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, Quarantined, [e9130dee6227f04646e0d0ac09faa65a], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\samantha\AppData\Roaming\Compatibility Verifier\cef.pak, Quarantined, [f903b14a8bfef24413135a22fd0659a7], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\samantha\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, Quarantined, [f903b14a8bfef24413135a22fd0659a7], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\samantha\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, Quarantined, [f903b14a8bfef24413135a22fd0659a7], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\samantha\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, Quarantined, [f903b14a8bfef24413135a22fd0659a7], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\samantha\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, Quarantined, [f903b14a8bfef24413135a22fd0659a7], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\samantha\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Quarantined, [f903b14a8bfef24413135a22fd0659a7], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\samantha\AppData\Roaming\Compatibility Verifier\debug.log, Quarantined, [f903b14a8bfef24413135a22fd0659a7], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\samantha\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Quarantined, [f903b14a8bfef24413135a22fd0659a7], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\samantha\AppData\Roaming\Compatibility Verifier\icudtl.dat, Quarantined, [f903b14a8bfef24413135a22fd0659a7], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\samantha\AppData\Roaming\Compatibility Verifier\libEGL.dll, Quarantined, [f903b14a8bfef24413135a22fd0659a7], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\samantha\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Quarantined, [f903b14a8bfef24413135a22fd0659a7], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\samantha\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Quarantined, [f903b14a8bfef24413135a22fd0659a7], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\samantha\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, Quarantined, [f903b14a8bfef24413135a22fd0659a7], 
PUP.Optional.AZLyrics.A, C:\Users\samantha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, Quarantined, [679572893d4c72c4d550176a6c97de22], 
PUP.Optional.AZLyrics.A, C:\Users\samantha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, Quarantined, [946874876b1e0e28d94c7f025da60000], 
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com\b.bmp, Quarantined, [8f6d9d5e177257dfbea02220bd46ca36], 
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com\finish.bmp, Quarantined, [8f6d9d5e177257dfbea02220bd46ca36], 
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com\FinishHDVID.exe, Quarantined, [8f6d9d5e177257dfbea02220bd46ca36], 
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com\HDVidCodec.exe, Quarantined, [8f6d9d5e177257dfbea02220bd46ca36], 
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com\hdvid_temp.bmp, Quarantined, [8f6d9d5e177257dfbea02220bd46ca36], 
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com\stage2, Quarantined, [8f6d9d5e177257dfbea02220bd46ca36], 
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com\uninst.exe, Quarantined, [8f6d9d5e177257dfbea02220bd46ca36], 
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo\0.1_0\extension.js, Quarantined, [64989566b7d2171faf4e82c3bf44b050], 
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo\0.1_0\icon-128.png, Quarantined, [64989566b7d2171faf4e82c3bf44b050], 
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo\0.1_0\icon-16.png, Quarantined, [64989566b7d2171faf4e82c3bf44b050], 
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo\0.1_0\icon-48.png, Quarantined, [64989566b7d2171faf4e82c3bf44b050], 
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo\0.1_0\jquery-2.0.3.min.js, Quarantined, [64989566b7d2171faf4e82c3bf44b050], 
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo\0.1_0\manifest.json, Quarantined, [64989566b7d2171faf4e82c3bf44b050], 
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo\0.1_0\_metadata\computed_hashes.json, Quarantined, [64989566b7d2171faf4e82c3bf44b050], 
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo\0.1_0\_metadata\verified_contents.json, Quarantined, [64989566b7d2171faf4e82c3bf44b050], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Adwcleaner:
I accidentally closed the log on restart... not sure if this is the one you are looking for?
The path is: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-2015-01-26 (00-42-54).xml
 
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/01/26 00:42:56 -0500</date>
<logfile>mbam-log-2015-01-26 (00-42-54).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2015.01.26.04</malware-database>
<rootkit-database>v2015.01.14.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>samantha</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>391888</objects>
<time>3288</time>
<processes>1</processes>
<modules>0</modules>
<keys>10</keys>
<values>0</values>
<datas>0</datas>
<folders>8</folders>
<files>50</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>C:\Windows\KMService.exe</path><vendor>RiskWare.Tool.CK</vendor><action>delete-on-reboot</action><pid>6408</pid><hash>14e8c239becb2c0a16d7065882801de3</hash></process>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Verifies and fixes application compatibility issues</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>f903b14a8bfef24413135a22fd0659a7</hash></key>
<key><path>HKLM\SOFTWARE\LevelQualityWatcher</path><vendor>PUP.Optional.AdPeak.A</vendor><action>success</action><hash>3cc067947a0f1125cb17fba20df625db</hash></key>
<key><path>HKLM\SOFTWARE\suprasavings</path><vendor>PUP.Optional.SupraSavings</vendor><action>success</action><hash>02fae7146920ed494342f1a6e61d03fd</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SupraSavings</path><vendor>PUP.Optional.SupraSavings</vendor><action>success</action><hash>22dac03b0485c2747e073f589172d22e</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\nuttkoqiez64</path><vendor>PUP.Optional.AdPeak.A</vendor><action>success</action><hash>0def2bd09aef76c046f09a14758ec040</hash></key>
<key><path>HKU\S-1-5-21-1569493587-2057853311-4053961254-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload</path><vendor>PUP.Optional.1ClickDownload.A</vendor><action>success</action><hash>68940af197f2d95dfc55e3f550b4639d</hash></key>
<key><path>HKU\S-1-5-21-1569493587-2057853311-4053961254-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Rr Savings</path><vendor>PUP.Optional.RRSavings.A</vendor><action>success</action><hash>6597b942c5c4ed498fe40da1a55e2fd1</hash></key>
<key><path>HKU\S-1-5-21-1569493587-2057853311-4053961254-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>ca3243b87415b3836ae5c6ecea19748c</hash></key>
<key><path>HKU\S-1-5-21-1569493587-2057853311-4053961254-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp</path><vendor>PUP.Optional.DVDVideoSoftTB.A</vendor><action>success</action><hash>f40806f546439b9b57f3325b3cc73dc3</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\1ClickDownload</path><vendor>PUP.Optional.HDVidCodec.A</vendor><action>success</action><hash>8f6d9d5e177257dfbea02220bd46ca36</hash></key>
<folder><path>C:\Users\Default\AppData\Roaming\Compatibility Verifier</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>e9130dee6227f04646e0d0ac09faa65a</hash></folder>
<folder><path>C:\Users\Default\AppData\Roaming\Compatibility Verifier\locales</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>e9130dee6227f04646e0d0ac09faa65a</hash></folder>
<folder><path>C:\Users\samantha\AppData\Roaming\Compatibility Verifier</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>f903b14a8bfef24413135a22fd0659a7</hash></folder>
<folder><path>C:\Users\samantha\AppData\Roaming\Compatibility Verifier\locales</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>f903b14a8bfef24413135a22fd0659a7</hash></folder>
<folder><path>C:\Program Files (x86)\hdvidcodec.com</path><vendor>PUP.Optional.HDVidCodec.A</vendor><action>success</action><hash>8f6d9d5e177257dfbea02220bd46ca36</hash></folder>
<folder><path>C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>64989566b7d2171faf4e82c3bf44b050</hash></folder>
<folder><path>C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo\0.1_0</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>64989566b7d2171faf4e82c3bf44b050</hash></folder>
<folder><path>C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo\0.1_0\_metadata</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>64989566b7d2171faf4e82c3bf44b050</hash></folder>
<file><path>C:\Windows\KMService.exe</path><vendor>RiskWare.Tool.CK</vendor><action>delete-on-reboot</action><hash>14e8c239becb2c0a16d7065882801de3</hash></file>
<file><path>C:\temp\InstallFilter64.msi</path><vendor>PUP.Optional.AdPeak.A</vendor><action>success</action><hash>f3092ccf474237ff489285b85fa103fd</hash></file>
<file><path>C:\Users\samantha\Downloads\Office 2010 Activator.zip</path><vendor>Riskware.Crk</vendor><action>success</action><hash>42baa85390f92d092c746e8fad5351af</hash></file>
<file><path>C:\Users\samantha\Downloads\Installation (1).exe</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>49b3d12a8ffa67cf04c043abfc0511ef</hash></file>
<file><path>C:\Users\samantha\Downloads\Installation (2).exe</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>5ba167946722f046d7ed618d8879fb05</hash></file>
<file><path>C:\Users\samantha\Downloads\Installation.exe</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>a75534c7fc8db6808a3acd21ea176b95</hash></file>
<file><path>C:\Users\samantha\Downloads\sims_3_steam_it_up_sauna_downloader.exe</path><vendor>PUP.Optional.YourFileDownloader</vendor><action>success</action><hash>c43823d87a0fd165e59bb9650df335cb</hash></file>
<file><path>C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef.pak</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>e9130dee6227f04646e0d0ac09faa65a</hash></file>
<file><path>C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>e9130dee6227f04646e0d0ac09faa65a</hash></file>
<file><path>C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>e9130dee6227f04646e0d0ac09faa65a</hash></file>
<file><path>C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>e9130dee6227f04646e0d0ac09faa65a</hash></file>
<file><path>C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>e9130dee6227f04646e0d0ac09faa65a</hash></file>
<file><path>C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>e9130dee6227f04646e0d0ac09faa65a</hash></file>
<file><path>C:\Users\Default\AppData\Roaming\Compatibility Verifier\debug.log</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>e9130dee6227f04646e0d0ac09faa65a</hash></file>
<file><path>C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>e9130dee6227f04646e0d0ac09faa65a</hash></file>
<file><path>C:\Users\Default\AppData\Roaming\Compatibility Verifier\icudtl.dat</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>e9130dee6227f04646e0d0ac09faa65a</hash></file>
<file><path>C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>e9130dee6227f04646e0d0ac09faa65a</hash></file>
<file><path>C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>e9130dee6227f04646e0d0ac09faa65a</hash></file>
<file><path>C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>e9130dee6227f04646e0d0ac09faa65a</hash></file>
<file><path>C:\Users\Default\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>e9130dee6227f04646e0d0ac09faa65a</hash></file>
<file><path>C:\Users\samantha\AppData\Roaming\Compatibility Verifier\cef.pak</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>f903b14a8bfef24413135a22fd0659a7</hash></file>
<file><path>C:\Users\samantha\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>f903b14a8bfef24413135a22fd0659a7</hash></file>
<file><path>C:\Users\samantha\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>f903b14a8bfef24413135a22fd0659a7</hash></file>
<file><path>C:\Users\samantha\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>f903b14a8bfef24413135a22fd0659a7</hash></file>
<file><path>C:\Users\samantha\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>f903b14a8bfef24413135a22fd0659a7</hash></file>
<file><path>C:\Users\samantha\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>f903b14a8bfef24413135a22fd0659a7</hash></file>
<file><path>C:\Users\samantha\AppData\Roaming\Compatibility Verifier\debug.log</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>f903b14a8bfef24413135a22fd0659a7</hash></file>
<file><path>C:\Users\samantha\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>f903b14a8bfef24413135a22fd0659a7</hash></file>
<file><path>C:\Users\samantha\AppData\Roaming\Compatibility Verifier\icudtl.dat</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>f903b14a8bfef24413135a22fd0659a7</hash></file>
<file><path>C:\Users\samantha\AppData\Roaming\Compatibility Verifier\libEGL.dll</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>f903b14a8bfef24413135a22fd0659a7</hash></file>
<file><path>C:\Users\samantha\AppData\Roaming\Compatibility Verifier\libGLESv2.dll</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>f903b14a8bfef24413135a22fd0659a7</hash></file>
<file><path>C:\Users\samantha\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>f903b14a8bfef24413135a22fd0659a7</hash></file>
<file><path>C:\Users\samantha\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe</path><vendor>PUP.Optional.CompatibilityVerifier.A</vendor><action>success</action><hash>f903b14a8bfef24413135a22fd0659a7</hash></file>
<file><path>C:\Users\samantha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage</path><vendor>PUP.Optional.AZLyrics.A</vendor><action>success</action><hash>679572893d4c72c4d550176a6c97de22</hash></file>
<file><path>C:\Users\samantha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal</path><vendor>PUP.Optional.AZLyrics.A</vendor><action>success</action><hash>946874876b1e0e28d94c7f025da60000</hash></file>
<file><path>C:\Program Files (x86)\hdvidcodec.com\b.bmp</path><vendor>PUP.Optional.HDVidCodec.A</vendor><action>success</action><hash>8f6d9d5e177257dfbea02220bd46ca36</hash></file>
<file><path>C:\Program Files (x86)\hdvidcodec.com\finish.bmp</path><vendor>PUP.Optional.HDVidCodec.A</vendor><action>success</action><hash>8f6d9d5e177257dfbea02220bd46ca36</hash></file>
<file><path>C:\Program Files (x86)\hdvidcodec.com\FinishHDVID.exe</path><vendor>PUP.Optional.HDVidCodec.A</vendor><action>success</action><hash>8f6d9d5e177257dfbea02220bd46ca36</hash></file>
<file><path>C:\Program Files (x86)\hdvidcodec.com\HDVidCodec.exe</path><vendor>PUP.Optional.HDVidCodec.A</vendor><action>success</action><hash>8f6d9d5e177257dfbea02220bd46ca36</hash></file>
<file><path>C:\Program Files (x86)\hdvidcodec.com\hdvid_temp.bmp</path><vendor>PUP.Optional.HDVidCodec.A</vendor><action>success</action><hash>8f6d9d5e177257dfbea02220bd46ca36</hash></file>
<file><path>C:\Program Files (x86)\hdvidcodec.com\stage2</path><vendor>PUP.Optional.HDVidCodec.A</vendor><action>success</action><hash>8f6d9d5e177257dfbea02220bd46ca36</hash></file>
<file><path>C:\Program Files (x86)\hdvidcodec.com\uninst.exe</path><vendor>PUP.Optional.HDVidCodec.A</vendor><action>success</action><hash>8f6d9d5e177257dfbea02220bd46ca36</hash></file>
<file><path>C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo\0.1_0\extension.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>64989566b7d2171faf4e82c3bf44b050</hash></file>
<file><path>C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo\0.1_0\icon-128.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>64989566b7d2171faf4e82c3bf44b050</hash></file>
<file><path>C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo\0.1_0\icon-16.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>64989566b7d2171faf4e82c3bf44b050</hash></file>
<file><path>C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo\0.1_0\icon-48.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>64989566b7d2171faf4e82c3bf44b050</hash></file>
<file><path>C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo\0.1_0\jquery-2.0.3.min.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>64989566b7d2171faf4e82c3bf44b050</hash></file>
<file><path>C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo\0.1_0\manifest.json</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>64989566b7d2171faf4e82c3bf44b050</hash></file>
<file><path>C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo\0.1_0\_metadata\computed_hashes.json</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>64989566b7d2171faf4e82c3bf44b050</hash></file>
<file><path>C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo\0.1_0\_metadata\verified_contents.json</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>64989566b7d2171faf4e82c3bf44b050</hash></file>
</items>
</mbam-log>
 
JRT:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by samantha on 2015-01-26 at 11:25:35.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-01-26 at 11:38:18.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#5 iangcarroll

iangcarroll

  • Malware Study Hall Senior
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:05:49 PM

Posted 26 January 2015 - 11:56 AM

Great. Is Kaspersky able to run now? If so, please run a full scan. Also, did your computer or browser ever have any incessant ads/popups? If so, are they gone? You had some adware on there.


Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#6 iangcarroll

iangcarroll

  • Malware Study Hall Senior
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:05:49 PM

Posted 26 January 2015 - 12:03 PM

Also please see if there is a log in C:\AdwCleaner.


Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#7 Sssamanthaa

Sssamanthaa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 26 January 2015 - 12:09 PM

Yes here is the log!

# AdwCleaner v4.109 - Report created 26/01/2015 at 09:41:30
# Updated 24/01/2015 by Xplode
# Database : 2015-01-25.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : samantha - SAMSLAPTOP
# Running from : C:\Users\samantha\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : nuttkoqiez64
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Users\samantha\AppData\Roaming\Oxy
File Deleted : C:\Users\samantha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\samantha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\samantha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Escolade
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v40.0.2214.91
 
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN47276462612174302&ctid=CT3281675&UM=2&sspv=S41C
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.snapdo.com/?q={searchTerms}&category=Web&publisher=tuguu&country=us&feedid=infospace&st=nt&dpid=us&lan=en&start=1
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=1713&systemid=1&v=n11099-235&apn_uid=2138524033384661&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=CA&userid=921d1170-7676-f53e-cca8-c12e29efd086&searchtype=ds&q={searchTerms}&installDate=25/01/2014
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN47276462612174302&ctid=CT3281675&UM=2&sspv=&UP=SP8EB1E72B-522F-4F22-95BA-108E2ECEF774
 
*************************
 
AdwCleaner[R0].txt - [5444 octets] - [26/01/2015 01:41:56]
AdwCleaner[S0].txt - [5285 octets] - [26/01/2015 09:41:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5345 octets] ##########
 
 
I will run kasperky.. usually takes about 8 hours to do a full scan. And yes I did notice some strange popups that would flash white for not even a second while I had my browser open. Haven't see them yet.


#8 iangcarroll

iangcarroll

  • Malware Study Hall Senior
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:05:49 PM

Posted 27 January 2015 - 08:42 AM

Let me know if the Kaspersky scan turns up anything.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#9 merito

merito

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 27 January 2015 - 08:48 PM

I just wanted to say thanks to iangcarroll  I followed what you said to do and it worked like a charm  

 

Thanks Again



#10 Sssamanthaa

Sssamanthaa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 27 January 2015 - 09:50 PM

Kaspersky says 11 threats found and neutralized, and 361 ignored. Not sure if this is normal or not.



#11 iangcarroll

iangcarroll

  • Malware Study Hall Senior
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:05:49 PM

Posted 27 January 2015 - 09:56 PM

Does it let you see what they were flagged as?

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#12 Sssamanthaa

Sssamanthaa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 27 January 2015 - 10:13 PM

No, and even the log is pretty much useless.. I can't even tell what the 11 neutralized threats were. Do you want the logs?



#13 iangcarroll

iangcarroll

  • Malware Study Hall Senior
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:05:49 PM

Posted 27 January 2015 - 11:20 PM

I don't use Kaspersky, but that sounds weird haha. Pasting the log would be great.


Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#14 Sssamanthaa

Sssamanthaa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 29 January 2015 - 03:12 PM

I think it might be too long whenever I try to paste the screen turns grey?



#15 iangcarroll

iangcarroll

  • Malware Study Hall Senior
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:05:49 PM

Posted 29 January 2015 - 03:19 PM

Unfortunately I've been accepted into the training program for malware removal, so I cannot assist you. Luckily someone will probably be along to help you soon.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users