Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELLO


  • This topic is locked This topic is locked
68 replies to this topic

#1 lindaalleman

lindaalleman

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:08 AM

Posted 21 April 2015 - 09:21 AM

I'm new and have a problem I saw addressed last year re:  

http://prntscr.com/6v1csk

 

notepad keepss popping up

I NEED HELP.

 

TY

 

http://prntscr.com/6v1csk

FRST_18-04-2015_08-23-32

Attached Files


Edited by hamluis, 21 April 2015 - 09:33 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:08 AM

Posted 23 April 2015 - 06:21 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 lindaalleman

lindaalleman
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:08 AM

Posted 23 April 2015 - 07:55 AM

don't know about the cracked software, crack, keygens, ets,

 

http://prntscr.com/6x7lho



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:08 AM

Posted 23 April 2015 - 08:04 AM

Please follow my instructions.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 lindaalleman

lindaalleman
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:08 AM

Posted 23 April 2015 - 08:06 AM

http://prntscr.com/6x7qxx



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:08 AM

Posted 23 April 2015 - 08:08 AM

I don't see anything at your links. Please post the logs otherwise I can not provide help.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 lindaalleman

lindaalleman
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:08 AM

Posted 23 April 2015 - 08:11 AM

hope i did this right and you got the copies.

thank you



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:08 AM

Posted 23 April 2015 - 08:14 AM

I do not see any logs. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 lindaalleman

lindaalleman
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:08 AM

Posted 23 April 2015 - 08:14 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015 01
Ran by Linda (administrator) on LINDA-TOSHIBA on 23-04-2015 07:57:22
Running from C:\Users\Linda\Documents
Loaded Profiles: Linda (Available profiles: Linda & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSHDLL64.EXE
() C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Users\Linda\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(TOSHIBA) C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-02-28] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2011-12-22] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-02] ()
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-03-16] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-02-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-21] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-09-18] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Hoster (42626)] => C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [187432 2014-10-06] (F-Secure Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\...\Run: [OneDrive] => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-04-10] (Microsoft Corporation)
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Norton Download Manager{NF2805-PROD-FSD3202}] => C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe /m
HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-04-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-04-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-04-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-04-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-04-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-04-10] (Microsoft Corporation)
CHR HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3021046642-3450732640-4103114356-1000 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3021046642-3450732640-4103114356-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2015-04-15] (F-Secure Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2015-04-15] (F-Secure Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-25] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-3021046642-3450732640-4103114356-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3021046642-3450732640-4103114356-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
Tcpip\..\Interfaces\{19939083-6582-4C13-AEA1-006C46B07701}: [NameServer] 8.26.56.26,156.154.70.22
Tcpip\..\Interfaces\{74034E90-8A2B-4D03-885B-6C552D1E3D7D}: [NameServer] 8.26.56.26,156.154.70.22
 
FireFox:
========
FF ProfilePath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default
FF Homepage: msm.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: AdBlock for Firefox - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2015-02-24]
FF Extension: Flash Control - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi [2015-02-24]
FF Extension: Autofill IRCTC Tatkal Form-Plugin & Extension - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\Extensions\jid2-l8SPBzHJWBIiHQ@jetpack.xpi [2015-02-24]
FF Extension: Max Tabs - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\Extensions\maxtabs@cheeaun.xpi [2015-02-24]
FF Extension: YouTube Flash Video Player - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2015-02-24]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.5\coFFFw
FF HKLM-x32\...\Firefox\Extensions: [{1043b5a0-0578-4aa4-8648-31ce07b39c76}] - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Browsing Protection - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2015-03-27]
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [Not Found]
FF Extension: No Name - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\extensions\iobitascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/
CHR StartupUrls: Default -> "hxxp://www.msn.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Chrome PDF Viewer) - chrome-extension://mhjfbmdgcfjbbpaeojofohoefgiehjai/ No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - internal-pdf-viewer No File
CHR Profile: C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Candy Match) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpgdfngkiaibbgkilmngidgmbjdjbji [2014-03-14]
CHR Extension: (Angry Birds) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-03-14]
CHR Extension: (Mahjong Words 2) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\akoaibgodkfmengiiainfdbjmmamfall [2014-03-14]
CHR Extension: (App Kid ) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\amgpkhhebbdpmdfkjeabhdhlognbbihn [2014-07-17]
CHR Extension: (Google Drive) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-19]
CHR Extension: (TV) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2014-03-14]
CHR Extension: (YouTube) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-14]
CHR Extension: (eBay) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom [2015-02-23]
CHR Extension: (Dirt Farmer's Farmville Toolbar) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncmkflkdcckehapobbkeijklnapnpg [2014-03-14]
CHR Extension: (Video Poker) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cikdcpagdgnihikinbpjjaajjpcjcdlo [2014-03-14]
CHR Extension: (Christmas Mahjong) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coconnhpdpfcoglmhjniaoipnmklkmhf [2014-03-14]
CHR Extension: (Facebook one click login) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\confmkfbghmjiogjgafolpgoalpojmkb [2014-07-17]
CHR Extension: (Google Search) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-14]
CHR Extension: (Catch The Candy Halloween) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\daglghcncenbabpilbehfdigmfndokah [2014-03-14]
CHR Extension: (Email this page (by Google)) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2014-03-14]
CHR Extension: (Box Office) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbbohlkjglcppclgngklojecglglinl [2014-07-17]
CHR Extension: (Deuces Wild Video Poker) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebbblhehiobpccacljhmjifbplfemldh [2014-03-14]
CHR Extension: (Mahjongg) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop [2014-03-14]
CHR Extension: (Share link via email) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdbkikfbnnhmachnnomjfgjbgkcnjkb [2014-07-17]
CHR Extension: (Classic for Facebook) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad [2014-11-25]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2014-07-17]
CHR Extension: (Candy Mahjong) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbeaamkeeefhgfcmbnjmffohnahademp [2014-03-14]
CHR Extension: (Click&Clean) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2014-04-04]
CHR Extension: (AdBlock) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-23]
CHR Extension: (Halloween Mahjong) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpakeodedigoifepmiljaacocfcpgcf [2014-03-14]
CHR Extension: (Pin It Button) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-09-09]
CHR Extension: (PageSpeed Insights (by Google)) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli [2014-07-29]
CHR Extension: (Summer Mahjong) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhebamddpnanijapgpghgalikpipdlaf [2014-03-14]
CHR Extension: (Facebook Emoticons) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkdlcejbjnnmjgajjjfenejacioiimpp [2014-07-17]
CHR Extension: (Fruit Connect) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmikpcdpocppkfklafbajehobcoijegf [2014-03-14]
CHR Extension: (TLRemove) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hneieddeibpcngeljjkdpcajfcgelalk [2014-08-10]
CHR Extension: (Crackle) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-07-17]
CHR Extension: (Dirt Farmer's Click Trap Remover) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\icgpkdoghndaeolkpcikaieakkfjnall [2014-03-14]
CHR Extension: (Memory Bug) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifdfhkbomhmpieanlgonlgjhckibmail [2014-03-14]
CHR Extension: (Cookies) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2015-01-23]
CHR Extension: (Five-O Poker) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jajjdppmldkodfjppfhfhmgnefjipbph [2014-03-14]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2015-03-27]
CHR Extension: (Hao TV) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhpmjfnlelbbbimnhhhnnmmfdpeffkj [2014-07-17]
CHR Extension: (Online Movies) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ladmdajlenfamcedgfipcecmdmgfpdhc [2014-07-17]
CHR Extension: (Mahjong Solitaire for Kids - Duckie Deck) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcbdikccblkaigboagkfeopedidbbjg [2014-03-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-07]
CHR Extension: (Word Ruffle) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lemfhebbbpeknpobpdlngjecnidoafbg [2014-03-14]
CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2014-03-14]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2014-04-16]
CHR Extension: (Kids Love Puzzles) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfphmjghemcgmbekijcajniphlcflbjm [2014-03-14]
CHR Extension: (ScootPad) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjchkacpbjppajjghmohegkkcikmeef [2014-07-17]
CHR Extension: (Faster Chrome Pro) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncfebkjhppaffifdkonhpmgeijcjleln [2014-04-03]
CHR Extension: (Google Wallet) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Barnyard Match) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\obbpofjmecckjelpfbpapjadpekijbhm [2014-03-14]
CHR Extension: (Make Photo Gallery) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcejpbljkjnljdjckjclmeoekieilokj [2014-07-17]
CHR Extension: (Click&Clean App) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-03-14]
CHR Extension: (Outlook.com) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-02-23]
CHR Extension: (Valentines Day Mahjong) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgamjkpppddoomaiaoepbobjmeojblce [2014-03-14]
CHR Extension: (Gmail) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]
CHR Extension: (Whitelist for Chrome) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pocjkchlmhkjafdpmkklknmjhokobgmh [2014-03-14]
CHR HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Linda\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [Not Found]
CHR HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lfoibgciimcbjkngfcdkebkgbecoeimf] - C:\Users\Linda\AppData\Local\CRE\lfoibgciimcbjkngfcdkebkgbecoeimf.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Linda\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/Charter Security Suite/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-09-08]
CHR HKLM-x32\...\Chrome\Extension: [lfoibgciimcbjkngfcdkebkgbecoeimf] - C:\Users\Linda\AppData\Local\CRE\lfoibgciimcbjkngfcdkebkgbecoeimf.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 fshoster; C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [187432 2014-10-06] (F-Secure Corporation)
R2 FSMA; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-09-18] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [60456 2015-03-15] (F-Secure Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
U2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
S4 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2013-08-23] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [126392 2011-11-30] (Symantec Corporation)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [208424 2015-03-27] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71080 2015-04-14] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2015-03-27] ()
R3 fsni; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\fsni64.sys [90152 2015-04-15] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2014-09-18] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-21] (Anchorfree Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdhub30.sys C17BAFA60F941A1AF5C2B10D8632C409
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 0468FB7AE99626524F9BDE3E1E030F63
C:\Windows\System32\DRIVERS\atikmpag.sys 41DF60B783AF496C93AB22B3B30518E1
C:\Windows\System32\DRIVERS\amdkmpfd.sys 554FB0F28C411FB1EAFD4EA46A8CAAA4
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\amdxhc.sys 3DC51308F5E7A4BB8020D16E64E9D882
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 2B3B05C0A7768BF033217EB8F33F9C35
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys 476F455E9ACD598FD2D82A7F2896F040
C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys 91E3FB44FD00648B026CE6EE5C5414FB
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fsbts.sys F59F2C574AA5D84477EB89F87C938F16
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\fsni64.sys D3B6995B7D1CD9481AA54ECB8B8DF595
C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys CE9F24B67CCADE6AD5B9FFE3DB3F79A7
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\System32\DRIVERS\FwLnk.sys 60ACB128E64C35C2B4E4AAB1B0A5C293
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 112A84BD9A31C59826AC2979D451F0DA
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 3CE6A9BEF066BF9488E6BC4D6C62F77E
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pgeffect.sys 91111CEBBDE8015E822C46120ED9537C
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpdispm.sys BDF2DB2F19945AFAF102A2C03062EFB1
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys A115F49BEA840A5F049BC6310F35F776
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUVStor.sys 36FCA0C67BCDC0DA047F5F36743B5CB9
C:\Windows\System32\DRIVERS\rtl8192Ce.sys F33E70E48A54A7A1BFBEEB4F3B273E4A
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 92F4AFC1FDE7A4CA0C88F9143F4DD323
C:\Windows\System32\DRIVERS\taphss6.sys FA08663E58C3B856CD9A83F3279337FE
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZ_O.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZFL.sys 9C7191F4B2E49BFF47A6C1144B5923FA
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbfilter.sys 33A58C5630200E17B51C8D73DD64181B
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\DRIVERS\WSDScan.sys 4A2A5C50DD1A63577D3ACA94269FBC7F
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== Three Months Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-23 07:57 - 2015-04-23 07:58 - 00052160 _____ () C:\Users\Linda\Documents\FRST.txt
2015-04-23 07:56 - 2015-04-23 07:56 - 00000000 ____D () C:\Users\Linda\Documents\FRST-OlderVersion
2015-04-22 15:42 - 2015-04-22 15:42 - 00283200 _____ () C:\windows\Minidump\042215-73726-01.dmp
2015-04-22 07:49 - 2015-04-22 07:49 - 02218632 _____ (Microsoft Corporation) C:\Users\Linda\Downloads\DefaultPack (1).EXE
2015-04-22 07:28 - 2015-04-22 07:28 - 17258952 _____ (Bitdefender LLC) C:\Users\Linda\Downloads\RemovalToolUnifiedLauncher_sirefef.exe
2015-04-22 07:28 - 2015-04-22 07:28 - 00390776 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\TrufosAlt.sys
2015-04-22 07:01 - 2015-04-22 07:01 - 00000000 ___HD () C:\OneDriveTemp
2015-04-22 06:56 - 2015-04-22 06:56 - 16090224 _____ (SUPERAdBlocker.com and SUPERAntiSpyware.com) C:\Users\Linda\Downloads\SASDEFINITIONS (1).EXE
2015-04-22 06:54 - 2015-04-22 06:54 - 16090224 _____ (SUPERAdBlocker.com and SUPERAntiSpyware.com) C:\Users\Linda\Downloads\SASDEFINITIONS.EXE
2015-04-21 07:59 - 2015-04-22 18:36 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-04-21 07:59 - 2015-04-21 07:59 - 02931056 _____ () C:\Users\Linda\Downloads\SecurityTaskManager_Setup.exe
2015-04-21 07:59 - 2015-04-21 07:59 - 00000000 ____D () C:\Users\Linda\AppData\Local\SecTaskMan
2015-04-19 09:31 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe
2015-04-19 09:31 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe
2015-04-19 09:31 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-04-19 09:31 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-04-19 09:31 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-04-19 09:31 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe
2015-04-19 09:31 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe
2015-04-19 09:31 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe
2015-04-19 09:30 - 2015-04-19 11:03 - 00000000 ____D () C:\ComboFix
2015-04-19 09:29 - 2015-04-19 09:30 - 00000000 ____D () C:\Qoobox
2015-04-19 09:28 - 2015-04-19 10:34 - 00000000 ____D () C:\windows\erdnt
2015-04-19 08:28 - 2015-04-19 08:29 - 02217984 _____ () C:\Users\Linda\Downloads\adwcleaner_4.201 (1).exe
2015-04-19 08:27 - 2015-04-19 08:27 - 02217984 _____ () C:\Users\Linda\Downloads\adwcleaner_4.201.exe
2015-04-19 08:22 - 2015-04-19 08:22 - 00004429 _____ () C:\Users\Linda\Desktop\JRT.txt
2015-04-19 08:12 - 2015-04-19 08:12 - 00000207 _____ () C:\windows\tweaking.com-regbackup-LINDA-TOSHIBA-Windows-7-Home-Premium-(64-bit).dat
2015-04-19 08:12 - 2015-04-19 08:12 - 00000000 ____D () C:\RegBackup
2015-04-19 08:11 - 2015-04-19 08:11 - 02686254 _____ (Thisisu) C:\Users\Linda\Downloads\JRT.exe
2015-04-18 13:02 - 2015-04-22 15:42 - 553180866 _____ () C:\windows\MEMORY.DMP
2015-04-18 13:02 - 2015-04-18 13:02 - 00283200 _____ () C:\windows\Minidump\041815-74786-01.dmp
2015-04-18 09:01 - 2015-04-18 09:01 - 02098176 _____ (Farbar) C:\Users\Linda\Downloads\FRST64 (1).exe
2015-04-18 08:51 - 2015-04-23 07:56 - 02099712 _____ (Farbar) C:\Users\Linda\Documents\FRST64.exe
2015-04-18 08:22 - 2015-04-18 09:03 - 00038586 _____ () C:\Users\Linda\Downloads\Addition.txt
2015-04-18 08:21 - 2015-04-18 09:05 - 00049874 _____ () C:\Users\Linda\Downloads\FRST.txt
2015-04-18 08:20 - 2015-04-23 07:57 - 00000000 ____D () C:\FRST
2015-04-18 08:19 - 2015-04-18 08:19 - 02098176 _____ (Farbar) C:\Users\Linda\Downloads\FRST64.exe
2015-04-17 07:09 - 2015-04-17 07:09 - 00000000 ___HD () C:\ProgramData\CanonIJMyPrinter
2015-04-16 18:03 - 2015-04-16 18:03 - 00002051 _____ () C:\Users\Linda\Desktop\Canon MG2900 series Printer (Copy 1) - Shortcut.lnk
2015-04-16 14:04 - 2015-04-16 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2900 series User Registration
2015-04-16 13:56 - 2015-04-16 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2900 series Manual
2015-04-16 13:49 - 2015-04-17 07:09 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-04-16 13:44 - 2015-04-16 13:45 - 51285592 _____ () C:\Users\Linda\Downloads\win-mg2900-1_1-ucd (1).exe
2015-04-16 11:45 - 2015-04-16 11:45 - 00017440 _____ () C:\Users\Linda\Documents\local port
2015-04-16 06:49 - 2015-04-16 06:49 - 00000915 _____ () C:\Users\Linda\Desktop\MG2900 series (UPnP)_0FA27B000000 - Shortcut.lnk
2015-04-16 06:27 - 2015-04-16 06:27 - 00000000 ____H () C:\Users\Linda\Documents\Default.rdp
2015-04-15 17:45 - 2015-04-15 17:45 - 18178736 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-04-14 16:59 - 2015-04-14 16:59 - 00910000 _____ () C:\Users\Linda\Downloads\MicrosoftSystemScan_08b63aa3-66e5-415b-b158-8ac33be52770.exe
2015-04-14 07:29 - 2015-04-14 07:29 - 00000000 ____D () C:\Users\Linda\AppData\Local\Microsoft_Corporation
2015-04-13 16:28 - 2015-04-23 07:21 - 00000510 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task ccc395ff-2b56-4db5-a6f2-9b61e0dbacf3.job
2015-04-13 16:28 - 2015-04-23 06:52 - 00000510 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1b483962-ffe0-402a-9cf2-fa8d2820b407.job
2015-04-13 16:28 - 2015-04-14 07:36 - 00003594 _____ () C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 1b483962-ffe0-402a-9cf2-fa8d2820b407
2015-04-13 16:28 - 2015-04-13 16:28 - 00003520 _____ () C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ccc395ff-2b56-4db5-a6f2-9b61e0dbacf3
2015-04-13 16:27 - 2015-04-13 16:27 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\SUPERAntiSpyware.com
2015-04-13 16:26 - 2015-04-23 07:23 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-13 16:26 - 2015-04-13 16:26 - 00001819 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-04-13 16:26 - 2015-04-13 16:26 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-13 16:26 - 2015-04-13 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-13 16:25 - 2015-04-13 16:25 - 21654912 _____ (SUPERAntiSpyware) C:\Users\Linda\Downloads\SUPERAntiSpyware.exe
2015-04-11 19:16 - 2011-02-25 01:19 - 02871808 _____ (Microsoft Corporation) C:\windows\explorer - Copy.exe
2015-04-11 11:55 - 2015-04-11 11:55 - 00000000 ____D () C:\ProgramData\SetupTemp
2015-04-11 11:40 - 2015-04-11 11:40 - 51285592 _____ () C:\Users\Linda\Downloads\win-mg2900-1_1-ucd.exe
2015-04-10 20:37 - 2015-04-10 20:37 - 00985600 _____ () C:\Users\Linda\Downloads\MicrosoftFixit50123 (1).msi
2015-04-10 20:22 - 2015-04-10 20:22 - 00985600 _____ () C:\Users\Linda\Downloads\MicrosoftFixit50123.msi
2015-04-10 09:00 - 2015-04-10 09:00 - 00652930 _____ () C:\Users\Linda\Downloads\HealthSummary20150410.zip
2015-04-10 08:45 - 2015-04-10 08:45 - 00347816 _____ (Microsoft Corporation) C:\Users\Linda\Downloads\MicrosoftFixit.Printing.Run.exe
2015-03-27 21:10 - 2015-03-27 21:38 - 00056016 _____ () C:\windows\system32\Drivers\fsbts.sys
2015-03-27 21:10 - 2015-03-27 21:10 - 00000685 _____ () C:\windows\fsav_db_setup.log
2015-03-27 21:07 - 2015-03-27 21:10 - 04168131 _____ () C:\windows\FSISU.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00873387 _____ () C:\windows\FSSFM.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00748694 _____ () C:\windows\FSSETUP.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00136091 _____ () C:\windows\FSPROD.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00088551 _____ () C:\windows\RunSetup.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00073840 _____ () C:\windows\FSAVINST.LOG
2015-03-27 21:07 - 2015-03-27 21:10 - 00009972 _____ () C:\windows\FSAVCSIN.LOG
2015-03-27 21:07 - 2015-03-27 21:10 - 00004429 _____ () C:\windows\FSGKIAIN.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00004370 _____ () C:\windows\fstnbins.LOG
2015-03-27 21:07 - 2015-03-27 21:10 - 00003519 _____ () C:\windows\fsavunin.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00001869 _____ () C:\windows\FSLDIN.LOG
2015-03-27 21:07 - 2015-03-27 21:07 - 00140799 _____ () C:\windows\FSDEPH.log
2015-03-27 21:07 - 2015-03-27 21:07 - 00020588 _____ () C:\windows\prodsett_copy.ini
2015-03-27 21:07 - 2015-03-27 21:07 - 00019318 _____ () C:\windows\fspplugin.log
2015-03-27 14:17 - 2015-03-27 14:15 - 00000022 _____ () C:\Users\Linda\Documents\[bcc-talk] FW [sugarlandcivicassociation] Shooting Behind Sub..zip
2015-03-26 20:15 - 2015-03-26 20:17 - 00000022 _____ () C:\Users\Linda\Downloads\[sugarlandcivicassociation] Shooting Behind Sub..zip
2015-03-15 15:29 - 2015-03-15 15:29 - 00007601 _____ () C:\Users\Linda\AppData\Local\Resmon.ResmonCfg
2015-03-05 07:58 - 2015-03-05 11:00 - 00000000 ____D () C:\Users\Linda\AppData\Local\Microsoft Games
2015-03-05 07:56 - 2015-04-06 03:41 - 00000000 ____D () C:\windows\System32\Tasks\Games
2015-03-03 15:16 - 2015-04-19 10:25 - 00005540 _____ () C:\windows\PFRO.log
2015-02-26 19:47 - 2015-02-26 19:47 - 00002136 _____ () C:\Users\Public\Desktop\Charter Security Suite.lnk
2015-02-26 19:47 - 2015-02-26 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Charter Security Suite
2015-02-26 19:46 - 2015-04-18 07:55 - 00000000 ____D () C:\Program Files (x86)\Charter Security Suite
2015-02-26 19:34 - 2015-03-27 21:11 - 00000000 ____D () C:\ProgramData\F-Secure
2015-02-26 19:34 - 2015-02-26 19:49 - 00000000 ____D () C:\Users\Linda\AppData\Local\F-Secure
2015-02-26 19:34 - 2015-02-26 19:34 - 00838184 _____ (F-Secure Corporation) C:\Users\Linda\Downloads\CharterNetworkInstaller_C-WKBRV-FF9HD-NF47E-VYUU3_ (1).exe
2015-02-26 09:08 - 2015-04-23 07:21 - 00002768 _____ () C:\windows\setupact.log
2015-02-26 09:08 - 2015-02-26 09:08 - 00000000 _____ () C:\windows\setuperr.log
2015-02-25 10:23 - 2015-02-25 10:23 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-02-24 17:26 - 2015-02-24 17:26 - 00000000 ____D () C:\Users\Linda\AppData\Local\Macromedia
2015-02-24 17:21 - 2015-02-24 17:21 - 00243424 _____ () C:\Users\Linda\Downloads\Firefox Setup Stub 36.0 (1).exe
2015-02-24 17:14 - 2015-02-24 17:14 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Mozilla
2015-02-24 17:14 - 2015-02-24 17:14 - 00000000 ____D () C:\Users\Linda\AppData\Local\Mozilla
2015-02-24 17:13 - 2015-02-24 17:13 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-24 17:09 - 2015-02-24 17:09 - 00243424 _____ () C:\Users\Linda\Downloads\Firefox Setup Stub 36.0.exe
2015-02-08 18:59 - 2015-04-19 08:40 - 00000000 ____D () C:\AdwCleaner
2015-02-08 18:58 - 2015-02-08 18:58 - 02112512 _____ () C:\Users\Linda\Downloads\adwcleaner_4.110.exe
2015-02-08 10:04 - 2015-02-08 10:04 - 00838184 _____ (F-Secure Corporation) C:\Users\Linda\Downloads\CharterNetworkInstaller_C-WKBRV-FF9HD-NF47E-VYUU3_.exe
2015-02-04 12:23 - 2015-02-04 12:23 - 00875688 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2015-02-04 12:13 - 2015-02-04 12:13 - 00869536 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-23 07:58 - 2014-11-27 20:49 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-23 07:45 - 2013-09-11 13:31 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-23 07:45 - 2013-04-29 13:37 - 01867978 _____ () C:\windows\WindowsUpdate.log
2015-04-23 07:34 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-23 07:34 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-23 07:27 - 2009-07-14 00:13 - 00867358 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-23 07:24 - 2013-05-14 22:58 - 00000438 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-04-23 07:23 - 2014-10-12 06:31 - 00000000 ___RD () C:\Users\Linda\OneDrive
2015-04-23 07:21 - 2014-11-27 20:49 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-23 07:21 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-22 15:42 - 2014-08-01 18:46 - 00000000 ____D () C:\windows\Minidump
2015-04-22 15:37 - 2009-07-14 00:08 - 00032558 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-04-20 18:44 - 2014-02-06 14:11 - 00000000 ____D () C:\Users\Linda\AppData\Local\CrashDumps
2015-04-19 10:29 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini
2015-04-19 10:23 - 2013-08-03 13:11 - 00000000 ____D () C:\windows\system32\MRT
2015-04-19 10:05 - 2013-04-30 16:56 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-18 18:04 - 2013-04-29 16:10 - 00000000 ____D () C:\Users\Linda
2015-04-18 18:02 - 2014-03-12 17:26 - 00000000 ____D () C:\Users\DefaultAppPool
2015-04-18 18:02 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2015-04-18 08:27 - 2014-02-05 18:41 - 01138176 ___SH () C:\Users\Linda\Downloads\Thumbs.db
2015-04-17 07:32 - 2009-07-14 00:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2015-04-16 14:18 - 2014-09-12 08:08 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-04-16 14:06 - 2014-09-12 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-04-16 14:05 - 2009-07-13 22:20 - 00000000 __RSD () C:\windows\Media
2015-04-16 14:04 - 2014-09-12 08:51 - 00002036 _____ () C:\Users\Public\Desktop\Canon Quick Menu.lnk
2015-04-16 14:04 - 2014-09-12 08:51 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2015-04-16 13:56 - 2014-09-12 08:46 - 00000000 ____D () C:\Program Files\Canon
2015-04-16 13:56 - 2014-09-12 08:45 - 00002373 _____ () C:\Users\Public\Desktop\Canon MG2900 series On-screen Manual.lnk
2015-04-15 19:41 - 2014-11-27 20:50 - 00002270 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 17:45 - 2013-09-11 13:31 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 17:45 - 2013-09-11 13:31 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 17:45 - 2013-09-11 13:31 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 09:17 - 2013-04-29 15:00 - 00859972 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-04-13 16:45 - 2014-07-31 12:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-10 18:08 - 2014-10-12 06:31 - 00002177 _____ () C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
 
==================== Files in the root of some directories =======
 
2013-09-28 18:02 - 2013-09-28 18:02 - 50053120 _____ () C:\Program Files (x86)\GUTA7B0.tmp
2015-03-15 15:29 - 2015-03-15 15:29 - 0007601 _____ () C:\Users\Linda\AppData\Local\Resmon.ResmonCfg
2014-01-01 09:51 - 2014-01-01 09:51 - 0000003 _____ () C:\Users\Linda\AppData\Local\updater.log
2014-01-01 09:51 - 2015-01-16 16:30 - 0000425 _____ () C:\Users\Linda\AppData\Local\UserProducts.xml
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {3e9af1b9-b103-11e2-a99d-85737e88d19a}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {2ee545f7-b111-11e2-bfae-00266c19c9cf}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{2ee545f8-b111-11e2-bfae-00266c19c9cf}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{2ee545f8-b111-11e2-bfae-00266c19c9cf}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {2ee545f7-b111-11e2-bfae-00266c19c9cf}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \windows
resumeobject            {3e9af1b9-b103-11e2-a99d-85737e88d19a}
nx                      OptIn
 
Resume from Hibernate
---------------------
identifier              {3e9af1b9-b103-11e2-a99d-85737e88d19a}
device                  partition=C:
path                    \windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {2ee545f8-b111-11e2-bfae-00266c19c9cf}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
 
LastRegBack: 2015-04-14 06:58
 
==================== End Of Log ============================


#10 lindaalleman

lindaalleman
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:08 AM

Posted 23 April 2015 - 08:16 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015 01
Ran by Linda (administrator) on LINDA-TOSHIBA on 23-04-2015 07:57:22
Running from C:\Users\Linda\Documents
Loaded Profiles: Linda (Available profiles: Linda & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSHDLL64.EXE
() C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Users\Linda\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(TOSHIBA) C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-02-28] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2011-12-22] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-02] ()
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-03-16] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-02-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-21] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-09-18] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Hoster (42626)] => C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [187432 2014-10-06] (F-Secure Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\...\Run: [OneDrive] => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-04-10] (Microsoft Corporation)
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Norton Download Manager{NF2805-PROD-FSD3202}] => C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe /m
HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-04-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-04-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-04-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-04-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-04-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-04-10] (Microsoft Corporation)
CHR HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3021046642-3450732640-4103114356-1000 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3021046642-3450732640-4103114356-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2015-04-15] (F-Secure Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2015-04-15] (F-Secure Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-25] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-3021046642-3450732640-4103114356-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3021046642-3450732640-4103114356-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
Tcpip\..\Interfaces\{19939083-6582-4C13-AEA1-006C46B07701}: [NameServer] 8.26.56.26,156.154.70.22
Tcpip\..\Interfaces\{74034E90-8A2B-4D03-885B-6C552D1E3D7D}: [NameServer] 8.26.56.26,156.154.70.22
 
FireFox:
========
FF ProfilePath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default
FF Homepage: msm.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: AdBlock for Firefox - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2015-02-24]
FF Extension: Flash Control - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi [2015-02-24]
FF Extension: Autofill IRCTC Tatkal Form-Plugin & Extension - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\Extensions\jid2-l8SPBzHJWBIiHQ@jetpack.xpi [2015-02-24]
FF Extension: Max Tabs - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\Extensions\maxtabs@cheeaun.xpi [2015-02-24]
FF Extension: YouTube Flash Video Player - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2015-02-24]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.5\coFFFw
FF HKLM-x32\...\Firefox\Extensions: [{1043b5a0-0578-4aa4-8648-31ce07b39c76}] - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Browsing Protection - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2015-03-27]
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [Not Found]
FF Extension: No Name - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\extensions\iobitascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/
CHR StartupUrls: Default -> "hxxp://www.msn.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Chrome PDF Viewer) - chrome-extension://mhjfbmdgcfjbbpaeojofohoefgiehjai/ No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - internal-pdf-viewer No File
CHR Profile: C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Candy Match) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpgdfngkiaibbgkilmngidgmbjdjbji [2014-03-14]
CHR Extension: (Angry Birds) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-03-14]
CHR Extension: (Mahjong Words 2) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\akoaibgodkfmengiiainfdbjmmamfall [2014-03-14]
CHR Extension: (App Kid ) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\amgpkhhebbdpmdfkjeabhdhlognbbihn [2014-07-17]
CHR Extension: (Google Drive) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-19]
CHR Extension: (TV) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2014-03-14]
CHR Extension: (YouTube) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-14]
CHR Extension: (eBay) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom [2015-02-23]
CHR Extension: (Dirt Farmer's Farmville Toolbar) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncmkflkdcckehapobbkeijklnapnpg [2014-03-14]
CHR Extension: (Video Poker) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cikdcpagdgnihikinbpjjaajjpcjcdlo [2014-03-14]
CHR Extension: (Christmas Mahjong) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coconnhpdpfcoglmhjniaoipnmklkmhf [2014-03-14]
CHR Extension: (Facebook one click login) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\confmkfbghmjiogjgafolpgoalpojmkb [2014-07-17]
CHR Extension: (Google Search) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-14]
CHR Extension: (Catch The Candy Halloween) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\daglghcncenbabpilbehfdigmfndokah [2014-03-14]
CHR Extension: (Email this page (by Google)) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2014-03-14]
CHR Extension: (Box Office) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbbohlkjglcppclgngklojecglglinl [2014-07-17]
CHR Extension: (Deuces Wild Video Poker) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebbblhehiobpccacljhmjifbplfemldh [2014-03-14]
CHR Extension: (Mahjongg) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop [2014-03-14]
CHR Extension: (Share link via email) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdbkikfbnnhmachnnomjfgjbgkcnjkb [2014-07-17]
CHR Extension: (Classic for Facebook) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad [2014-11-25]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2014-07-17]
CHR Extension: (Candy Mahjong) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbeaamkeeefhgfcmbnjmffohnahademp [2014-03-14]
CHR Extension: (Click&Clean) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2014-04-04]
CHR Extension: (AdBlock) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-23]
CHR Extension: (Halloween Mahjong) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpakeodedigoifepmiljaacocfcpgcf [2014-03-14]
CHR Extension: (Pin It Button) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-09-09]
CHR Extension: (PageSpeed Insights (by Google)) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli [2014-07-29]
CHR Extension: (Summer Mahjong) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhebamddpnanijapgpghgalikpipdlaf [2014-03-14]
CHR Extension: (Facebook Emoticons) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkdlcejbjnnmjgajjjfenejacioiimpp [2014-07-17]
CHR Extension: (Fruit Connect) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmikpcdpocppkfklafbajehobcoijegf [2014-03-14]
CHR Extension: (TLRemove) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hneieddeibpcngeljjkdpcajfcgelalk [2014-08-10]
CHR Extension: (Crackle) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-07-17]
CHR Extension: (Dirt Farmer's Click Trap Remover) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\icgpkdoghndaeolkpcikaieakkfjnall [2014-03-14]
CHR Extension: (Memory Bug) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifdfhkbomhmpieanlgonlgjhckibmail [2014-03-14]
CHR Extension: (Cookies) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2015-01-23]
CHR Extension: (Five-O Poker) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jajjdppmldkodfjppfhfhmgnefjipbph [2014-03-14]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2015-03-27]
CHR Extension: (Hao TV) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhpmjfnlelbbbimnhhhnnmmfdpeffkj [2014-07-17]
CHR Extension: (Online Movies) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ladmdajlenfamcedgfipcecmdmgfpdhc [2014-07-17]
CHR Extension: (Mahjong Solitaire for Kids - Duckie Deck) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcbdikccblkaigboagkfeopedidbbjg [2014-03-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-07]
CHR Extension: (Word Ruffle) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lemfhebbbpeknpobpdlngjecnidoafbg [2014-03-14]
CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2014-03-14]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2014-04-16]
CHR Extension: (Kids Love Puzzles) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfphmjghemcgmbekijcajniphlcflbjm [2014-03-14]
CHR Extension: (ScootPad) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjchkacpbjppajjghmohegkkcikmeef [2014-07-17]
CHR Extension: (Faster Chrome Pro) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncfebkjhppaffifdkonhpmgeijcjleln [2014-04-03]
CHR Extension: (Google Wallet) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Barnyard Match) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\obbpofjmecckjelpfbpapjadpekijbhm [2014-03-14]
CHR Extension: (Make Photo Gallery) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcejpbljkjnljdjckjclmeoekieilokj [2014-07-17]
CHR Extension: (Click&Clean App) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-03-14]
CHR Extension: (Outlook.com) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-02-23]
CHR Extension: (Valentines Day Mahjong) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgamjkpppddoomaiaoepbobjmeojblce [2014-03-14]
CHR Extension: (Gmail) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]
CHR Extension: (Whitelist for Chrome) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pocjkchlmhkjafdpmkklknmjhokobgmh [2014-03-14]
CHR HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Linda\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [Not Found]
CHR HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lfoibgciimcbjkngfcdkebkgbecoeimf] - C:\Users\Linda\AppData\Local\CRE\lfoibgciimcbjkngfcdkebkgbecoeimf.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Linda\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/Charter Security Suite/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-09-08]
CHR HKLM-x32\...\Chrome\Extension: [lfoibgciimcbjkngfcdkebkgbecoeimf] - C:\Users\Linda\AppData\Local\CRE\lfoibgciimcbjkngfcdkebkgbecoeimf.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 fshoster; C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [187432 2014-10-06] (F-Secure Corporation)
R2 FSMA; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-09-18] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [60456 2015-03-15] (F-Secure Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
U2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
S4 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2013-08-23] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [126392 2011-11-30] (Symantec Corporation)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [208424 2015-03-27] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71080 2015-04-14] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2015-03-27] ()
R3 fsni; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\fsni64.sys [90152 2015-04-15] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2014-09-18] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-21] (Anchorfree Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdhub30.sys C17BAFA60F941A1AF5C2B10D8632C409
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 0468FB7AE99626524F9BDE3E1E030F63
C:\Windows\System32\DRIVERS\atikmpag.sys 41DF60B783AF496C93AB22B3B30518E1
C:\Windows\System32\DRIVERS\amdkmpfd.sys 554FB0F28C411FB1EAFD4EA46A8CAAA4
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\amdxhc.sys 3DC51308F5E7A4BB8020D16E64E9D882
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 2B3B05C0A7768BF033217EB8F33F9C35
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys 476F455E9ACD598FD2D82A7F2896F040
C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys 91E3FB44FD00648B026CE6EE5C5414FB
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fsbts.sys F59F2C574AA5D84477EB89F87C938F16
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\fsni64.sys D3B6995B7D1CD9481AA54ECB8B8DF595
C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys CE9F24B67CCADE6AD5B9FFE3DB3F79A7
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\System32\DRIVERS\FwLnk.sys 60ACB128E64C35C2B4E4AAB1B0A5C293
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 112A84BD9A31C59826AC2979D451F0DA
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 3CE6A9BEF066BF9488E6BC4D6C62F77E
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pgeffect.sys 91111CEBBDE8015E822C46120ED9537C
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpdispm.sys BDF2DB2F19945AFAF102A2C03062EFB1
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys A115F49BEA840A5F049BC6310F35F776
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUVStor.sys 36FCA0C67BCDC0DA047F5F36743B5CB9
C:\Windows\System32\DRIVERS\rtl8192Ce.sys F33E70E48A54A7A1BFBEEB4F3B273E4A
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 92F4AFC1FDE7A4CA0C88F9143F4DD323
C:\Windows\System32\DRIVERS\taphss6.sys FA08663E58C3B856CD9A83F3279337FE
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZ_O.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZFL.sys 9C7191F4B2E49BFF47A6C1144B5923FA
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbfilter.sys 33A58C5630200E17B51C8D73DD64181B
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\DRIVERS\WSDScan.sys 4A2A5C50DD1A63577D3ACA94269FBC7F
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== Three Months Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-23 07:57 - 2015-04-23 07:58 - 00052160 _____ () C:\Users\Linda\Documents\FRST.txt
2015-04-23 07:56 - 2015-04-23 07:56 - 00000000 ____D () C:\Users\Linda\Documents\FRST-OlderVersion
2015-04-22 15:42 - 2015-04-22 15:42 - 00283200 _____ () C:\windows\Minidump\042215-73726-01.dmp
2015-04-22 07:49 - 2015-04-22 07:49 - 02218632 _____ (Microsoft Corporation) C:\Users\Linda\Downloads\DefaultPack (1).EXE
2015-04-22 07:28 - 2015-04-22 07:28 - 17258952 _____ (Bitdefender LLC) C:\Users\Linda\Downloads\RemovalToolUnifiedLauncher_sirefef.exe
2015-04-22 07:28 - 2015-04-22 07:28 - 00390776 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\TrufosAlt.sys
2015-04-22 07:01 - 2015-04-22 07:01 - 00000000 ___HD () C:\OneDriveTemp
2015-04-22 06:56 - 2015-04-22 06:56 - 16090224 _____ (SUPERAdBlocker.com and SUPERAntiSpyware.com) C:\Users\Linda\Downloads\SASDEFINITIONS (1).EXE
2015-04-22 06:54 - 2015-04-22 06:54 - 16090224 _____ (SUPERAdBlocker.com and SUPERAntiSpyware.com) C:\Users\Linda\Downloads\SASDEFINITIONS.EXE
2015-04-21 07:59 - 2015-04-22 18:36 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-04-21 07:59 - 2015-04-21 07:59 - 02931056 _____ () C:\Users\Linda\Downloads\SecurityTaskManager_Setup.exe
2015-04-21 07:59 - 2015-04-21 07:59 - 00000000 ____D () C:\Users\Linda\AppData\Local\SecTaskMan
2015-04-19 09:31 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe
2015-04-19 09:31 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe
2015-04-19 09:31 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-04-19 09:31 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-04-19 09:31 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-04-19 09:31 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe
2015-04-19 09:31 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe
2015-04-19 09:31 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe
2015-04-19 09:30 - 2015-04-19 11:03 - 00000000 ____D () C:\ComboFix
2015-04-19 09:29 - 2015-04-19 09:30 - 00000000 ____D () C:\Qoobox
2015-04-19 09:28 - 2015-04-19 10:34 - 00000000 ____D () C:\windows\erdnt
2015-04-19 08:28 - 2015-04-19 08:29 - 02217984 _____ () C:\Users\Linda\Downloads\adwcleaner_4.201 (1).exe
2015-04-19 08:27 - 2015-04-19 08:27 - 02217984 _____ () C:\Users\Linda\Downloads\adwcleaner_4.201.exe
2015-04-19 08:22 - 2015-04-19 08:22 - 00004429 _____ () C:\Users\Linda\Desktop\JRT.txt
2015-04-19 08:12 - 2015-04-19 08:12 - 00000207 _____ () C:\windows\tweaking.com-regbackup-LINDA-TOSHIBA-Windows-7-Home-Premium-(64-bit).dat
2015-04-19 08:12 - 2015-04-19 08:12 - 00000000 ____D () C:\RegBackup
2015-04-19 08:11 - 2015-04-19 08:11 - 02686254 _____ (Thisisu) C:\Users\Linda\Downloads\JRT.exe
2015-04-18 13:02 - 2015-04-22 15:42 - 553180866 _____ () C:\windows\MEMORY.DMP
2015-04-18 13:02 - 2015-04-18 13:02 - 00283200 _____ () C:\windows\Minidump\041815-74786-01.dmp
2015-04-18 09:01 - 2015-04-18 09:01 - 02098176 _____ (Farbar) C:\Users\Linda\Downloads\FRST64 (1).exe
2015-04-18 08:51 - 2015-04-23 07:56 - 02099712 _____ (Farbar) C:\Users\Linda\Documents\FRST64.exe
2015-04-18 08:22 - 2015-04-18 09:03 - 00038586 _____ () C:\Users\Linda\Downloads\Addition.txt
2015-04-18 08:21 - 2015-04-18 09:05 - 00049874 _____ () C:\Users\Linda\Downloads\FRST.txt
2015-04-18 08:20 - 2015-04-23 07:57 - 00000000 ____D () C:\FRST
2015-04-18 08:19 - 2015-04-18 08:19 - 02098176 _____ (Farbar) C:\Users\Linda\Downloads\FRST64.exe
2015-04-17 07:09 - 2015-04-17 07:09 - 00000000 ___HD () C:\ProgramData\CanonIJMyPrinter
2015-04-16 18:03 - 2015-04-16 18:03 - 00002051 _____ () C:\Users\Linda\Desktop\Canon MG2900 series Printer (Copy 1) - Shortcut.lnk
2015-04-16 14:04 - 2015-04-16 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2900 series User Registration
2015-04-16 13:56 - 2015-04-16 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2900 series Manual
2015-04-16 13:49 - 2015-04-17 07:09 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-04-16 13:44 - 2015-04-16 13:45 - 51285592 _____ () C:\Users\Linda\Downloads\win-mg2900-1_1-ucd (1).exe
2015-04-16 11:45 - 2015-04-16 11:45 - 00017440 _____ () C:\Users\Linda\Documents\local port
2015-04-16 06:49 - 2015-04-16 06:49 - 00000915 _____ () C:\Users\Linda\Desktop\MG2900 series (UPnP)_0FA27B000000 - Shortcut.lnk
2015-04-16 06:27 - 2015-04-16 06:27 - 00000000 ____H () C:\Users\Linda\Documents\Default.rdp
2015-04-15 17:45 - 2015-04-15 17:45 - 18178736 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-04-14 16:59 - 2015-04-14 16:59 - 00910000 _____ () C:\Users\Linda\Downloads\MicrosoftSystemScan_08b63aa3-66e5-415b-b158-8ac33be52770.exe
2015-04-14 07:29 - 2015-04-14 07:29 - 00000000 ____D () C:\Users\Linda\AppData\Local\Microsoft_Corporation
2015-04-13 16:28 - 2015-04-23 07:21 - 00000510 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task ccc395ff-2b56-4db5-a6f2-9b61e0dbacf3.job
2015-04-13 16:28 - 2015-04-23 06:52 - 00000510 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1b483962-ffe0-402a-9cf2-fa8d2820b407.job
2015-04-13 16:28 - 2015-04-14 07:36 - 00003594 _____ () C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 1b483962-ffe0-402a-9cf2-fa8d2820b407
2015-04-13 16:28 - 2015-04-13 16:28 - 00003520 _____ () C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ccc395ff-2b56-4db5-a6f2-9b61e0dbacf3
2015-04-13 16:27 - 2015-04-13 16:27 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\SUPERAntiSpyware.com
2015-04-13 16:26 - 2015-04-23 07:23 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-13 16:26 - 2015-04-13 16:26 - 00001819 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-04-13 16:26 - 2015-04-13 16:26 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-13 16:26 - 2015-04-13 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-13 16:25 - 2015-04-13 16:25 - 21654912 _____ (SUPERAntiSpyware) C:\Users\Linda\Downloads\SUPERAntiSpyware.exe
2015-04-11 19:16 - 2011-02-25 01:19 - 02871808 _____ (Microsoft Corporation) C:\windows\explorer - Copy.exe
2015-04-11 11:55 - 2015-04-11 11:55 - 00000000 ____D () C:\ProgramData\SetupTemp
2015-04-11 11:40 - 2015-04-11 11:40 - 51285592 _____ () C:\Users\Linda\Downloads\win-mg2900-1_1-ucd.exe
2015-04-10 20:37 - 2015-04-10 20:37 - 00985600 _____ () C:\Users\Linda\Downloads\MicrosoftFixit50123 (1).msi
2015-04-10 20:22 - 2015-04-10 20:22 - 00985600 _____ () C:\Users\Linda\Downloads\MicrosoftFixit50123.msi
2015-04-10 09:00 - 2015-04-10 09:00 - 00652930 _____ () C:\Users\Linda\Downloads\HealthSummary20150410.zip
2015-04-10 08:45 - 2015-04-10 08:45 - 00347816 _____ (Microsoft Corporation) C:\Users\Linda\Downloads\MicrosoftFixit.Printing.Run.exe
2015-03-27 21:10 - 2015-03-27 21:38 - 00056016 _____ () C:\windows\system32\Drivers\fsbts.sys
2015-03-27 21:10 - 2015-03-27 21:10 - 00000685 _____ () C:\windows\fsav_db_setup.log
2015-03-27 21:07 - 2015-03-27 21:10 - 04168131 _____ () C:\windows\FSISU.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00873387 _____ () C:\windows\FSSFM.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00748694 _____ () C:\windows\FSSETUP.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00136091 _____ () C:\windows\FSPROD.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00088551 _____ () C:\windows\RunSetup.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00073840 _____ () C:\windows\FSAVINST.LOG
2015-03-27 21:07 - 2015-03-27 21:10 - 00009972 _____ () C:\windows\FSAVCSIN.LOG
2015-03-27 21:07 - 2015-03-27 21:10 - 00004429 _____ () C:\windows\FSGKIAIN.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00004370 _____ () C:\windows\fstnbins.LOG
2015-03-27 21:07 - 2015-03-27 21:10 - 00003519 _____ () C:\windows\fsavunin.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00001869 _____ () C:\windows\FSLDIN.LOG
2015-03-27 21:07 - 2015-03-27 21:07 - 00140799 _____ () C:\windows\FSDEPH.log
2015-03-27 21:07 - 2015-03-27 21:07 - 00020588 _____ () C:\windows\prodsett_copy.ini
2015-03-27 21:07 - 2015-03-27 21:07 - 00019318 _____ () C:\windows\fspplugin.log
2015-03-27 14:17 - 2015-03-27 14:15 - 00000022 _____ () C:\Users\Linda\Documents\[bcc-talk] FW [sugarlandcivicassociation] Shooting Behind Sub..zip
2015-03-26 20:15 - 2015-03-26 20:17 - 00000022 _____ () C:\Users\Linda\Downloads\[sugarlandcivicassociation] Shooting Behind Sub..zip
2015-03-15 15:29 - 2015-03-15 15:29 - 00007601 _____ () C:\Users\Linda\AppData\Local\Resmon.ResmonCfg
2015-03-05 07:58 - 2015-03-05 11:00 - 00000000 ____D () C:\Users\Linda\AppData\Local\Microsoft Games
2015-03-05 07:56 - 2015-04-06 03:41 - 00000000 ____D () C:\windows\System32\Tasks\Games
2015-03-03 15:16 - 2015-04-19 10:25 - 00005540 _____ () C:\windows\PFRO.log
2015-02-26 19:47 - 2015-02-26 19:47 - 00002136 _____ () C:\Users\Public\Desktop\Charter Security Suite.lnk
2015-02-26 19:47 - 2015-02-26 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Charter Security Suite
2015-02-26 19:46 - 2015-04-18 07:55 - 00000000 ____D () C:\Program Files (x86)\Charter Security Suite
2015-02-26 19:34 - 2015-03-27 21:11 - 00000000 ____D () C:\ProgramData\F-Secure
2015-02-26 19:34 - 2015-02-26 19:49 - 00000000 ____D () C:\Users\Linda\AppData\Local\F-Secure
2015-02-26 19:34 - 2015-02-26 19:34 - 00838184 _____ (F-Secure Corporation) C:\Users\Linda\Downloads\CharterNetworkInstaller_C-WKBRV-FF9HD-NF47E-VYUU3_ (1).exe
2015-02-26 09:08 - 2015-04-23 07:21 - 00002768 _____ () C:\windows\setupact.log
2015-02-26 09:08 - 2015-02-26 09:08 - 00000000 _____ () C:\windows\setuperr.log
2015-02-25 10:23 - 2015-02-25 10:23 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-02-24 17:26 - 2015-02-24 17:26 - 00000000 ____D () C:\Users\Linda\AppData\Local\Macromedia
2015-02-24 17:21 - 2015-02-24 17:21 - 00243424 _____ () C:\Users\Linda\Downloads\Firefox Setup Stub 36.0 (1).exe
2015-02-24 17:14 - 2015-02-24 17:14 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Mozilla
2015-02-24 17:14 - 2015-02-24 17:14 - 00000000 ____D () C:\Users\Linda\AppData\Local\Mozilla
2015-02-24 17:13 - 2015-02-24 17:13 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-24 17:09 - 2015-02-24 17:09 - 00243424 _____ () C:\Users\Linda\Downloads\Firefox Setup Stub 36.0.exe
2015-02-08 18:59 - 2015-04-19 08:40 - 00000000 ____D () C:\AdwCleaner
2015-02-08 18:58 - 2015-02-08 18:58 - 02112512 _____ () C:\Users\Linda\Downloads\adwcleaner_4.110.exe
2015-02-08 10:04 - 2015-02-08 10:04 - 00838184 _____ (F-Secure Corporation) C:\Users\Linda\Downloads\CharterNetworkInstaller_C-WKBRV-FF9HD-NF47E-VYUU3_.exe
2015-02-04 12:23 - 2015-02-04 12:23 - 00875688 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2015-02-04 12:13 - 2015-02-04 12:13 - 00869536 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-23 07:58 - 2014-11-27 20:49 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-23 07:45 - 2013-09-11 13:31 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-23 07:45 - 2013-04-29 13:37 - 01867978 _____ () C:\windows\WindowsUpdate.log
2015-04-23 07:34 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-23 07:34 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-23 07:27 - 2009-07-14 00:13 - 00867358 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-23 07:24 - 2013-05-14 22:58 - 00000438 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-04-23 07:23 - 2014-10-12 06:31 - 00000000 ___RD () C:\Users\Linda\OneDrive
2015-04-23 07:21 - 2014-11-27 20:49 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-23 07:21 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-22 15:42 - 2014-08-01 18:46 - 00000000 ____D () C:\windows\Minidump
2015-04-22 15:37 - 2009-07-14 00:08 - 00032558 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-04-20 18:44 - 2014-02-06 14:11 - 00000000 ____D () C:\Users\Linda\AppData\Local\CrashDumps
2015-04-19 10:29 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini
2015-04-19 10:23 - 2013-08-03 13:11 - 00000000 ____D () C:\windows\system32\MRT
2015-04-19 10:05 - 2013-04-30 16:56 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-18 18:04 - 2013-04-29 16:10 - 00000000 ____D () C:\Users\Linda
2015-04-18 18:02 - 2014-03-12 17:26 - 00000000 ____D () C:\Users\DefaultAppPool
2015-04-18 18:02 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2015-04-18 08:27 - 2014-02-05 18:41 - 01138176 ___SH () C:\Users\Linda\Downloads\Thumbs.db
2015-04-17 07:32 - 2009-07-14 00:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2015-04-16 14:18 - 2014-09-12 08:08 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-04-16 14:06 - 2014-09-12 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-04-16 14:05 - 2009-07-13 22:20 - 00000000 __RSD () C:\windows\Media
2015-04-16 14:04 - 2014-09-12 08:51 - 00002036 _____ () C:\Users\Public\Desktop\Canon Quick Menu.lnk
2015-04-16 14:04 - 2014-09-12 08:51 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2015-04-16 13:56 - 2014-09-12 08:46 - 00000000 ____D () C:\Program Files\Canon
2015-04-16 13:56 - 2014-09-12 08:45 - 00002373 _____ () C:\Users\Public\Desktop\Canon MG2900 series On-screen Manual.lnk
2015-04-15 19:41 - 2014-11-27 20:50 - 00002270 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 17:45 - 2013-09-11 13:31 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 17:45 - 2013-09-11 13:31 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 17:45 - 2013-09-11 13:31 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 09:17 - 2013-04-29 15:00 - 00859972 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-04-13 16:45 - 2014-07-31 12:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-10 18:08 - 2014-10-12 06:31 - 00002177 _____ () C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
 
==================== Files in the root of some directories =======
 
2013-09-28 18:02 - 2013-09-28 18:02 - 50053120 _____ () C:\Program Files (x86)\GUTA7B0.tmp
2015-03-15 15:29 - 2015-03-15 15:29 - 0007601 _____ () C:\Users\Linda\AppData\Local\Resmon.ResmonCfg
2014-01-01 09:51 - 2014-01-01 09:51 - 0000003 _____ () C:\Users\Linda\AppData\Local\updater.log
2014-01-01 09:51 - 2015-01-16 16:30 - 0000425 _____ () C:\Users\Linda\AppData\Local\UserProducts.xml
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {3e9af1b9-b103-11e2-a99d-85737e88d19a}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {2ee545f7-b111-11e2-bfae-00266c19c9cf}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{2ee545f8-b111-11e2-bfae-00266c19c9cf}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{2ee545f8-b111-11e2-bfae-00266c19c9cf}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {2ee545f7-b111-11e2-bfae-00266c19c9cf}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \windows
resumeobject            {3e9af1b9-b103-11e2-a99d-85737e88d19a}
nx                      OptIn
 
Resume from Hibernate
---------------------
identifier              {3e9af1b9-b103-11e2-a99d-85737e88d19a}
device                  partition=C:
path                    \windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {2ee545f8-b111-11e2-bfae-00266c19c9cf}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
 
LastRegBack: 2015-04-14 06:58
 
==================== End Of Log ============================


#11 lindaalleman

lindaalleman
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:08 AM

Posted 23 April 2015 - 08:17 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015 01
Ran by Linda (administrator) on LINDA-TOSHIBA on 23-04-2015 07:57:22
Running from C:\Users\Linda\Documents
Loaded Profiles: Linda (Available profiles: Linda & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSHDLL64.EXE
() C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Users\Linda\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(TOSHIBA) C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-02-28] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2011-12-22] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-02] ()
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-03-16] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-02-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-21] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-09-18] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Hoster (42626)] => C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [187432 2014-10-06] (F-Secure Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\...\Run: [OneDrive] => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-04-10] (Microsoft Corporation)
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Norton Download Manager{NF2805-PROD-FSD3202}] => C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe /m
HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-04-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-04-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-04-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-04-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-04-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-04-10] (Microsoft Corporation)
CHR HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3021046642-3450732640-4103114356-1000 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3021046642-3450732640-4103114356-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2015-04-15] (F-Secure Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2015-04-15] (F-Secure Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-25] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-3021046642-3450732640-4103114356-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3021046642-3450732640-4103114356-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
Tcpip\..\Interfaces\{19939083-6582-4C13-AEA1-006C46B07701}: [NameServer] 8.26.56.26,156.154.70.22
Tcpip\..\Interfaces\{74034E90-8A2B-4D03-885B-6C552D1E3D7D}: [NameServer] 8.26.56.26,156.154.70.22
 
FireFox:
========
FF ProfilePath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default
FF Homepage: msm.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: AdBlock for Firefox - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2015-02-24]
FF Extension: Flash Control - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi [2015-02-24]
FF Extension: Autofill IRCTC Tatkal Form-Plugin & Extension - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\Extensions\jid2-l8SPBzHJWBIiHQ@jetpack.xpi [2015-02-24]
FF Extension: Max Tabs - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\Extensions\maxtabs@cheeaun.xpi [2015-02-24]
FF Extension: YouTube Flash Video Player - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2015-02-24]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.5\coFFFw
FF HKLM-x32\...\Firefox\Extensions: [{1043b5a0-0578-4aa4-8648-31ce07b39c76}] - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Browsing Protection - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2015-03-27]
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [Not Found]
FF Extension: No Name - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\extensions\iobitascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/
CHR StartupUrls: Default -> "hxxp://www.msn.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Chrome PDF Viewer) - chrome-extension://mhjfbmdgcfjbbpaeojofohoefgiehjai/ No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - internal-pdf-viewer No File
CHR Profile: C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Candy Match) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpgdfngkiaibbgkilmngidgmbjdjbji [2014-03-14]
CHR Extension: (Angry Birds) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-03-14]
CHR Extension: (Mahjong Words 2) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\akoaibgodkfmengiiainfdbjmmamfall [2014-03-14]
CHR Extension: (App Kid ) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\amgpkhhebbdpmdfkjeabhdhlognbbihn [2014-07-17]
CHR Extension: (Google Drive) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-19]
CHR Extension: (TV) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2014-03-14]
CHR Extension: (YouTube) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-14]
CHR Extension: (eBay) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom [2015-02-23]
CHR Extension: (Dirt Farmer's Farmville Toolbar) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncmkflkdcckehapobbkeijklnapnpg [2014-03-14]
CHR Extension: (Video Poker) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cikdcpagdgnihikinbpjjaajjpcjcdlo [2014-03-14]
CHR Extension: (Christmas Mahjong) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coconnhpdpfcoglmhjniaoipnmklkmhf [2014-03-14]
CHR Extension: (Facebook one click login) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\confmkfbghmjiogjgafolpgoalpojmkb [2014-07-17]
CHR Extension: (Google Search) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-14]
CHR Extension: (Catch The Candy Halloween) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\daglghcncenbabpilbehfdigmfndokah [2014-03-14]
CHR Extension: (Email this page (by Google)) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2014-03-14]
CHR Extension: (Box Office) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbbohlkjglcppclgngklojecglglinl [2014-07-17]
CHR Extension: (Deuces Wild Video Poker) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebbblhehiobpccacljhmjifbplfemldh [2014-03-14]
CHR Extension: (Mahjongg) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop [2014-03-14]
CHR Extension: (Share link via email) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdbkikfbnnhmachnnomjfgjbgkcnjkb [2014-07-17]
CHR Extension: (Classic for Facebook) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad [2014-11-25]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2014-07-17]
CHR Extension: (Candy Mahjong) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbeaamkeeefhgfcmbnjmffohnahademp [2014-03-14]
CHR Extension: (Click&Clean) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2014-04-04]
CHR Extension: (AdBlock) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-23]
CHR Extension: (Halloween Mahjong) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpakeodedigoifepmiljaacocfcpgcf [2014-03-14]
CHR Extension: (Pin It Button) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-09-09]
CHR Extension: (PageSpeed Insights (by Google)) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli [2014-07-29]
CHR Extension: (Summer Mahjong) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhebamddpnanijapgpghgalikpipdlaf [2014-03-14]
CHR Extension: (Facebook Emoticons) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkdlcejbjnnmjgajjjfenejacioiimpp [2014-07-17]
CHR Extension: (Fruit Connect) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmikpcdpocppkfklafbajehobcoijegf [2014-03-14]
CHR Extension: (TLRemove) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hneieddeibpcngeljjkdpcajfcgelalk [2014-08-10]
CHR Extension: (Crackle) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-07-17]
CHR Extension: (Dirt Farmer's Click Trap Remover) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\icgpkdoghndaeolkpcikaieakkfjnall [2014-03-14]
CHR Extension: (Memory Bug) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifdfhkbomhmpieanlgonlgjhckibmail [2014-03-14]
CHR Extension: (Cookies) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2015-01-23]
CHR Extension: (Five-O Poker) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jajjdppmldkodfjppfhfhmgnefjipbph [2014-03-14]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2015-03-27]
CHR Extension: (Hao TV) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhpmjfnlelbbbimnhhhnnmmfdpeffkj [2014-07-17]
CHR Extension: (Online Movies) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ladmdajlenfamcedgfipcecmdmgfpdhc [2014-07-17]
CHR Extension: (Mahjong Solitaire for Kids - Duckie Deck) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcbdikccblkaigboagkfeopedidbbjg [2014-03-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-07]
CHR Extension: (Word Ruffle) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lemfhebbbpeknpobpdlngjecnidoafbg [2014-03-14]
CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2014-03-14]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2014-04-16]
CHR Extension: (Kids Love Puzzles) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfphmjghemcgmbekijcajniphlcflbjm [2014-03-14]
CHR Extension: (ScootPad) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjchkacpbjppajjghmohegkkcikmeef [2014-07-17]
CHR Extension: (Faster Chrome Pro) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncfebkjhppaffifdkonhpmgeijcjleln [2014-04-03]
CHR Extension: (Google Wallet) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Barnyard Match) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\obbpofjmecckjelpfbpapjadpekijbhm [2014-03-14]
CHR Extension: (Make Photo Gallery) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcejpbljkjnljdjckjclmeoekieilokj [2014-07-17]
CHR Extension: (Click&Clean App) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-03-14]
CHR Extension: (Outlook.com) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-02-23]
CHR Extension: (Valentines Day Mahjong) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgamjkpppddoomaiaoepbobjmeojblce [2014-03-14]
CHR Extension: (Gmail) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]
CHR Extension: (Whitelist for Chrome) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pocjkchlmhkjafdpmkklknmjhokobgmh [2014-03-14]
CHR HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Linda\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [Not Found]
CHR HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lfoibgciimcbjkngfcdkebkgbecoeimf] - C:\Users\Linda\AppData\Local\CRE\lfoibgciimcbjkngfcdkebkgbecoeimf.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Linda\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/Charter Security Suite/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-09-08]
CHR HKLM-x32\...\Chrome\Extension: [lfoibgciimcbjkngfcdkebkgbecoeimf] - C:\Users\Linda\AppData\Local\CRE\lfoibgciimcbjkngfcdkebkgbecoeimf.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 fshoster; C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [187432 2014-10-06] (F-Secure Corporation)
R2 FSMA; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-09-18] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [60456 2015-03-15] (F-Secure Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
U2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
S4 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2013-08-23] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [126392 2011-11-30] (Symantec Corporation)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [208424 2015-03-27] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71080 2015-04-14] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2015-03-27] ()
R3 fsni; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\fsni64.sys [90152 2015-04-15] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2014-09-18] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-21] (Anchorfree Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdhub30.sys C17BAFA60F941A1AF5C2B10D8632C409
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 0468FB7AE99626524F9BDE3E1E030F63
C:\Windows\System32\DRIVERS\atikmpag.sys 41DF60B783AF496C93AB22B3B30518E1
C:\Windows\System32\DRIVERS\amdkmpfd.sys 554FB0F28C411FB1EAFD4EA46A8CAAA4
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\amdxhc.sys 3DC51308F5E7A4BB8020D16E64E9D882
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 2B3B05C0A7768BF033217EB8F33F9C35
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys 476F455E9ACD598FD2D82A7F2896F040
C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys 91E3FB44FD00648B026CE6EE5C5414FB
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fsbts.sys F59F2C574AA5D84477EB89F87C938F16
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\fsni64.sys D3B6995B7D1CD9481AA54ECB8B8DF595
C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys CE9F24B67CCADE6AD5B9FFE3DB3F79A7
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\System32\DRIVERS\FwLnk.sys 60ACB128E64C35C2B4E4AAB1B0A5C293
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 112A84BD9A31C59826AC2979D451F0DA
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 3CE6A9BEF066BF9488E6BC4D6C62F77E
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pgeffect.sys 91111CEBBDE8015E822C46120ED9537C
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpdispm.sys BDF2DB2F19945AFAF102A2C03062EFB1
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys A115F49BEA840A5F049BC6310F35F776
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUVStor.sys 36FCA0C67BCDC0DA047F5F36743B5CB9
C:\Windows\System32\DRIVERS\rtl8192Ce.sys F33E70E48A54A7A1BFBEEB4F3B273E4A
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 92F4AFC1FDE7A4CA0C88F9143F4DD323
C:\Windows\System32\DRIVERS\taphss6.sys FA08663E58C3B856CD9A83F3279337FE
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZ_O.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZFL.sys 9C7191F4B2E49BFF47A6C1144B5923FA
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbfilter.sys 33A58C5630200E17B51C8D73DD64181B
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\DRIVERS\WSDScan.sys 4A2A5C50DD1A63577D3ACA94269FBC7F
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== Three Months Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-23 07:57 - 2015-04-23 07:58 - 00052160 _____ () C:\Users\Linda\Documents\FRST.txt
2015-04-23 07:56 - 2015-04-23 07:56 - 00000000 ____D () C:\Users\Linda\Documents\FRST-OlderVersion
2015-04-22 15:42 - 2015-04-22 15:42 - 00283200 _____ () C:\windows\Minidump\042215-73726-01.dmp
2015-04-22 07:49 - 2015-04-22 07:49 - 02218632 _____ (Microsoft Corporation) C:\Users\Linda\Downloads\DefaultPack (1).EXE
2015-04-22 07:28 - 2015-04-22 07:28 - 17258952 _____ (Bitdefender LLC) C:\Users\Linda\Downloads\RemovalToolUnifiedLauncher_sirefef.exe
2015-04-22 07:28 - 2015-04-22 07:28 - 00390776 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\TrufosAlt.sys
2015-04-22 07:01 - 2015-04-22 07:01 - 00000000 ___HD () C:\OneDriveTemp
2015-04-22 06:56 - 2015-04-22 06:56 - 16090224 _____ (SUPERAdBlocker.com and SUPERAntiSpyware.com) C:\Users\Linda\Downloads\SASDEFINITIONS (1).EXE
2015-04-22 06:54 - 2015-04-22 06:54 - 16090224 _____ (SUPERAdBlocker.com and SUPERAntiSpyware.com) C:\Users\Linda\Downloads\SASDEFINITIONS.EXE
2015-04-21 07:59 - 2015-04-22 18:36 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-04-21 07:59 - 2015-04-21 07:59 - 02931056 _____ () C:\Users\Linda\Downloads\SecurityTaskManager_Setup.exe
2015-04-21 07:59 - 2015-04-21 07:59 - 00000000 ____D () C:\Users\Linda\AppData\Local\SecTaskMan
2015-04-19 09:31 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe
2015-04-19 09:31 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe
2015-04-19 09:31 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-04-19 09:31 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-04-19 09:31 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-04-19 09:31 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe
2015-04-19 09:31 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe
2015-04-19 09:31 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe
2015-04-19 09:30 - 2015-04-19 11:03 - 00000000 ____D () C:\ComboFix
2015-04-19 09:29 - 2015-04-19 09:30 - 00000000 ____D () C:\Qoobox
2015-04-19 09:28 - 2015-04-19 10:34 - 00000000 ____D () C:\windows\erdnt
2015-04-19 08:28 - 2015-04-19 08:29 - 02217984 _____ () C:\Users\Linda\Downloads\adwcleaner_4.201 (1).exe
2015-04-19 08:27 - 2015-04-19 08:27 - 02217984 _____ () C:\Users\Linda\Downloads\adwcleaner_4.201.exe
2015-04-19 08:22 - 2015-04-19 08:22 - 00004429 _____ () C:\Users\Linda\Desktop\JRT.txt
2015-04-19 08:12 - 2015-04-19 08:12 - 00000207 _____ () C:\windows\tweaking.com-regbackup-LINDA-TOSHIBA-Windows-7-Home-Premium-(64-bit).dat
2015-04-19 08:12 - 2015-04-19 08:12 - 00000000 ____D () C:\RegBackup
2015-04-19 08:11 - 2015-04-19 08:11 - 02686254 _____ (Thisisu) C:\Users\Linda\Downloads\JRT.exe
2015-04-18 13:02 - 2015-04-22 15:42 - 553180866 _____ () C:\windows\MEMORY.DMP
2015-04-18 13:02 - 2015-04-18 13:02 - 00283200 _____ () C:\windows\Minidump\041815-74786-01.dmp
2015-04-18 09:01 - 2015-04-18 09:01 - 02098176 _____ (Farbar) C:\Users\Linda\Downloads\FRST64 (1).exe
2015-04-18 08:51 - 2015-04-23 07:56 - 02099712 _____ (Farbar) C:\Users\Linda\Documents\FRST64.exe
2015-04-18 08:22 - 2015-04-18 09:03 - 00038586 _____ () C:\Users\Linda\Downloads\Addition.txt
2015-04-18 08:21 - 2015-04-18 09:05 - 00049874 _____ () C:\Users\Linda\Downloads\FRST.txt
2015-04-18 08:20 - 2015-04-23 07:57 - 00000000 ____D () C:\FRST
2015-04-18 08:19 - 2015-04-18 08:19 - 02098176 _____ (Farbar) C:\Users\Linda\Downloads\FRST64.exe
2015-04-17 07:09 - 2015-04-17 07:09 - 00000000 ___HD () C:\ProgramData\CanonIJMyPrinter
2015-04-16 18:03 - 2015-04-16 18:03 - 00002051 _____ () C:\Users\Linda\Desktop\Canon MG2900 series Printer (Copy 1) - Shortcut.lnk
2015-04-16 14:04 - 2015-04-16 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2900 series User Registration
2015-04-16 13:56 - 2015-04-16 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2900 series Manual
2015-04-16 13:49 - 2015-04-17 07:09 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-04-16 13:44 - 2015-04-16 13:45 - 51285592 _____ () C:\Users\Linda\Downloads\win-mg2900-1_1-ucd (1).exe
2015-04-16 11:45 - 2015-04-16 11:45 - 00017440 _____ () C:\Users\Linda\Documents\local port
2015-04-16 06:49 - 2015-04-16 06:49 - 00000915 _____ () C:\Users\Linda\Desktop\MG2900 series (UPnP)_0FA27B000000 - Shortcut.lnk
2015-04-16 06:27 - 2015-04-16 06:27 - 00000000 ____H () C:\Users\Linda\Documents\Default.rdp
2015-04-15 17:45 - 2015-04-15 17:45 - 18178736 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-04-14 16:59 - 2015-04-14 16:59 - 00910000 _____ () C:\Users\Linda\Downloads\MicrosoftSystemScan_08b63aa3-66e5-415b-b158-8ac33be52770.exe
2015-04-14 07:29 - 2015-04-14 07:29 - 00000000 ____D () C:\Users\Linda\AppData\Local\Microsoft_Corporation
2015-04-13 16:28 - 2015-04-23 07:21 - 00000510 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task ccc395ff-2b56-4db5-a6f2-9b61e0dbacf3.job
2015-04-13 16:28 - 2015-04-23 06:52 - 00000510 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1b483962-ffe0-402a-9cf2-fa8d2820b407.job
2015-04-13 16:28 - 2015-04-14 07:36 - 00003594 _____ () C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 1b483962-ffe0-402a-9cf2-fa8d2820b407
2015-04-13 16:28 - 2015-04-13 16:28 - 00003520 _____ () C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ccc395ff-2b56-4db5-a6f2-9b61e0dbacf3
2015-04-13 16:27 - 2015-04-13 16:27 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\SUPERAntiSpyware.com
2015-04-13 16:26 - 2015-04-23 07:23 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-13 16:26 - 2015-04-13 16:26 - 00001819 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-04-13 16:26 - 2015-04-13 16:26 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-13 16:26 - 2015-04-13 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-13 16:25 - 2015-04-13 16:25 - 21654912 _____ (SUPERAntiSpyware) C:\Users\Linda\Downloads\SUPERAntiSpyware.exe
2015-04-11 19:16 - 2011-02-25 01:19 - 02871808 _____ (Microsoft Corporation) C:\windows\explorer - Copy.exe
2015-04-11 11:55 - 2015-04-11 11:55 - 00000000 ____D () C:\ProgramData\SetupTemp
2015-04-11 11:40 - 2015-04-11 11:40 - 51285592 _____ () C:\Users\Linda\Downloads\win-mg2900-1_1-ucd.exe
2015-04-10 20:37 - 2015-04-10 20:37 - 00985600 _____ () C:\Users\Linda\Downloads\MicrosoftFixit50123 (1).msi
2015-04-10 20:22 - 2015-04-10 20:22 - 00985600 _____ () C:\Users\Linda\Downloads\MicrosoftFixit50123.msi
2015-04-10 09:00 - 2015-04-10 09:00 - 00652930 _____ () C:\Users\Linda\Downloads\HealthSummary20150410.zip
2015-04-10 08:45 - 2015-04-10 08:45 - 00347816 _____ (Microsoft Corporation) C:\Users\Linda\Downloads\MicrosoftFixit.Printing.Run.exe
2015-03-27 21:10 - 2015-03-27 21:38 - 00056016 _____ () C:\windows\system32\Drivers\fsbts.sys
2015-03-27 21:10 - 2015-03-27 21:10 - 00000685 _____ () C:\windows\fsav_db_setup.log
2015-03-27 21:07 - 2015-03-27 21:10 - 04168131 _____ () C:\windows\FSISU.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00873387 _____ () C:\windows\FSSFM.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00748694 _____ () C:\windows\FSSETUP.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00136091 _____ () C:\windows\FSPROD.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00088551 _____ () C:\windows\RunSetup.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00073840 _____ () C:\windows\FSAVINST.LOG
2015-03-27 21:07 - 2015-03-27 21:10 - 00009972 _____ () C:\windows\FSAVCSIN.LOG
2015-03-27 21:07 - 2015-03-27 21:10 - 00004429 _____ () C:\windows\FSGKIAIN.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00004370 _____ () C:\windows\fstnbins.LOG
2015-03-27 21:07 - 2015-03-27 21:10 - 00003519 _____ () C:\windows\fsavunin.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00001869 _____ () C:\windows\FSLDIN.LOG
2015-03-27 21:07 - 2015-03-27 21:07 - 00140799 _____ () C:\windows\FSDEPH.log
2015-03-27 21:07 - 2015-03-27 21:07 - 00020588 _____ () C:\windows\prodsett_copy.ini
2015-03-27 21:07 - 2015-03-27 21:07 - 00019318 _____ () C:\windows\fspplugin.log
2015-03-27 14:17 - 2015-03-27 14:15 - 00000022 _____ () C:\Users\Linda\Documents\[bcc-talk] FW [sugarlandcivicassociation] Shooting Behind Sub..zip
2015-03-26 20:15 - 2015-03-26 20:17 - 00000022 _____ () C:\Users\Linda\Downloads\[sugarlandcivicassociation] Shooting Behind Sub..zip
2015-03-15 15:29 - 2015-03-15 15:29 - 00007601 _____ () C:\Users\Linda\AppData\Local\Resmon.ResmonCfg
2015-03-05 07:58 - 2015-03-05 11:00 - 00000000 ____D () C:\Users\Linda\AppData\Local\Microsoft Games
2015-03-05 07:56 - 2015-04-06 03:41 - 00000000 ____D () C:\windows\System32\Tasks\Games
2015-03-03 15:16 - 2015-04-19 10:25 - 00005540 _____ () C:\windows\PFRO.log
2015-02-26 19:47 - 2015-02-26 19:47 - 00002136 _____ () C:\Users\Public\Desktop\Charter Security Suite.lnk
2015-02-26 19:47 - 2015-02-26 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Charter Security Suite
2015-02-26 19:46 - 2015-04-18 07:55 - 00000000 ____D () C:\Program Files (x86)\Charter Security Suite
2015-02-26 19:34 - 2015-03-27 21:11 - 00000000 ____D () C:\ProgramData\F-Secure
2015-02-26 19:34 - 2015-02-26 19:49 - 00000000 ____D () C:\Users\Linda\AppData\Local\F-Secure
2015-02-26 19:34 - 2015-02-26 19:34 - 00838184 _____ (F-Secure Corporation) C:\Users\Linda\Downloads\CharterNetworkInstaller_C-WKBRV-FF9HD-NF47E-VYUU3_ (1).exe
2015-02-26 09:08 - 2015-04-23 07:21 - 00002768 _____ () C:\windows\setupact.log
2015-02-26 09:08 - 2015-02-26 09:08 - 00000000 _____ () C:\windows\setuperr.log
2015-02-25 10:23 - 2015-02-25 10:23 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-02-24 17:26 - 2015-02-24 17:26 - 00000000 ____D () C:\Users\Linda\AppData\Local\Macromedia
2015-02-24 17:21 - 2015-02-24 17:21 - 00243424 _____ () C:\Users\Linda\Downloads\Firefox Setup Stub 36.0 (1).exe
2015-02-24 17:14 - 2015-02-24 17:14 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Mozilla
2015-02-24 17:14 - 2015-02-24 17:14 - 00000000 ____D () C:\Users\Linda\AppData\Local\Mozilla
2015-02-24 17:13 - 2015-02-24 17:13 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-24 17:09 - 2015-02-24 17:09 - 00243424 _____ () C:\Users\Linda\Downloads\Firefox Setup Stub 36.0.exe
2015-02-08 18:59 - 2015-04-19 08:40 - 00000000 ____D () C:\AdwCleaner
2015-02-08 18:58 - 2015-02-08 18:58 - 02112512 _____ () C:\Users\Linda\Downloads\adwcleaner_4.110.exe
2015-02-08 10:04 - 2015-02-08 10:04 - 00838184 _____ (F-Secure Corporation) C:\Users\Linda\Downloads\CharterNetworkInstaller_C-WKBRV-FF9HD-NF47E-VYUU3_.exe
2015-02-04 12:23 - 2015-02-04 12:23 - 00875688 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2015-02-04 12:13 - 2015-02-04 12:13 - 00869536 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-23 07:58 - 2014-11-27 20:49 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-23 07:45 - 2013-09-11 13:31 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-23 07:45 - 2013-04-29 13:37 - 01867978 _____ () C:\windows\WindowsUpdate.log
2015-04-23 07:34 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-23 07:34 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-23 07:27 - 2009-07-14 00:13 - 00867358 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-23 07:24 - 2013-05-14 22:58 - 00000438 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-04-23 07:23 - 2014-10-12 06:31 - 00000000 ___RD () C:\Users\Linda\OneDrive
2015-04-23 07:21 - 2014-11-27 20:49 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-23 07:21 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-22 15:42 - 2014-08-01 18:46 - 00000000 ____D () C:\windows\Minidump
2015-04-22 15:37 - 2009-07-14 00:08 - 00032558 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-04-20 18:44 - 2014-02-06 14:11 - 00000000 ____D () C:\Users\Linda\AppData\Local\CrashDumps
2015-04-19 10:29 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini
2015-04-19 10:23 - 2013-08-03 13:11 - 00000000 ____D () C:\windows\system32\MRT
2015-04-19 10:05 - 2013-04-30 16:56 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-18 18:04 - 2013-04-29 16:10 - 00000000 ____D () C:\Users\Linda
2015-04-18 18:02 - 2014-03-12 17:26 - 00000000 ____D () C:\Users\DefaultAppPool
2015-04-18 18:02 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2015-04-18 08:27 - 2014-02-05 18:41 - 01138176 ___SH () C:\Users\Linda\Downloads\Thumbs.db
2015-04-17 07:32 - 2009-07-14 00:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2015-04-16 14:18 - 2014-09-12 08:08 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-04-16 14:06 - 2014-09-12 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-04-16 14:05 - 2009-07-13 22:20 - 00000000 __RSD () C:\windows\Media
2015-04-16 14:04 - 2014-09-12 08:51 - 00002036 _____ () C:\Users\Public\Desktop\Canon Quick Menu.lnk
2015-04-16 14:04 - 2014-09-12 08:51 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2015-04-16 13:56 - 2014-09-12 08:46 - 00000000 ____D () C:\Program Files\Canon
2015-04-16 13:56 - 2014-09-12 08:45 - 00002373 _____ () C:\Users\Public\Desktop\Canon MG2900 series On-screen Manual.lnk
2015-04-15 19:41 - 2014-11-27 20:50 - 00002270 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 17:45 - 2013-09-11 13:31 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 17:45 - 2013-09-11 13:31 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 17:45 - 2013-09-11 13:31 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 09:17 - 2013-04-29 15:00 - 00859972 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-04-13 16:45 - 2014-07-31 12:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-10 18:08 - 2014-10-12 06:31 - 00002177 _____ () C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
 
==================== Files in the root of some directories =======
 
2013-09-28 18:02 - 2013-09-28 18:02 - 50053120 _____ () C:\Program Files (x86)\GUTA7B0.tmp
2015-03-15 15:29 - 2015-03-15 15:29 - 0007601 _____ () C:\Users\Linda\AppData\Local\Resmon.ResmonCfg
2014-01-01 09:51 - 2014-01-01 09:51 - 0000003 _____ () C:\Users\Linda\AppData\Local\updater.log
2014-01-01 09:51 - 2015-01-16 16:30 - 0000425 _____ () C:\Users\Linda\AppData\Local\UserProducts.xml
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {3e9af1b9-b103-11e2-a99d-85737e88d19a}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {2ee545f7-b111-11e2-bfae-00266c19c9cf}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{2ee545f8-b111-11e2-bfae-00266c19c9cf}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{2ee545f8-b111-11e2-bfae-00266c19c9cf}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {2ee545f7-b111-11e2-bfae-00266c19c9cf}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \windows
resumeobject            {3e9af1b9-b103-11e2-a99d-85737e88d19a}
nx                      OptIn
 
Resume from Hibernate
---------------------
identifier              {3e9af1b9-b103-11e2-a99d-85737e88d19a}
device                  partition=C:
path                    \windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {2ee545f8-b111-11e2-bfae-00266c19c9cf}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
 
LastRegBack: 2015-04-14 06:58
 
==================== End Of Log ============================


#12 lindaalleman

lindaalleman
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:08 AM

Posted 23 April 2015 - 08:20 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015 01
Ran by Linda (administrator) on LINDA-TOSHIBA on 23-04-2015 07:57:22
Running from C:\Users\Linda\Documents
Loaded Profiles: Linda (Available profiles: Linda & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSHDLL64.EXE
() C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Users\Linda\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(TOSHIBA) C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-02-28] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2011-12-22] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-02] ()
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-03-16] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-02-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-21] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-09-18] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Hoster (42626)] => C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [187432 2014-10-06] (F-Secure Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\...\Run: [OneDrive] => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-04-10] (Microsoft Corporation)
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Norton Download Manager{NF2805-PROD-FSD3202}] => C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe /m
HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-04-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-04-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-04-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-04-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-04-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-04-10] (Microsoft Corporation)
CHR HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3021046642-3450732640-4103114356-1000 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3021046642-3450732640-4103114356-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2015-04-15] (F-Secure Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2015-04-15] (F-Secure Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-25] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-3021046642-3450732640-4103114356-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3021046642-3450732640-4103114356-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
Tcpip\..\Interfaces\{19939083-6582-4C13-AEA1-006C46B07701}: [NameServer] 8.26.56.26,156.154.70.22
Tcpip\..\Interfaces\{74034E90-8A2B-4D03-885B-6C552D1E3D7D}: [NameServer] 8.26.56.26,156.154.70.22
 
FireFox:
========
FF ProfilePath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default
FF Homepage: msm.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: AdBlock for Firefox - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2015-02-24]
FF Extension: Flash Control - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi [2015-02-24]
FF Extension: Autofill IRCTC Tatkal Form-Plugin & Extension - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\Extensions\jid2-l8SPBzHJWBIiHQ@jetpack.xpi [2015-02-24]
FF Extension: Max Tabs - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\Extensions\maxtabs@cheeaun.xpi [2015-02-24]
FF Extension: YouTube Flash Video Player - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2015-02-24]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.5\coFFFw
FF HKLM-x32\...\Firefox\Extensions: [{1043b5a0-0578-4aa4-8648-31ce07b39c76}] - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Browsing Protection - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2015-03-27]
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [Not Found]
FF Extension: No Name - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\zuwj7tpa.default\extensions\iobitascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/
CHR StartupUrls: Default -> "hxxp://www.msn.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Chrome PDF Viewer) - chrome-extension://mhjfbmdgcfjbbpaeojofohoefgiehjai/ No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - internal-pdf-viewer No File
CHR Profile: C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Candy Match) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpgdfngkiaibbgkilmngidgmbjdjbji [2014-03-14]
CHR Extension: (Angry Birds) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-03-14]
CHR Extension: (Mahjong Words 2) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\akoaibgodkfmengiiainfdbjmmamfall [2014-03-14]
CHR Extension: (App Kid ) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\amgpkhhebbdpmdfkjeabhdhlognbbihn [2014-07-17]
CHR Extension: (Google Drive) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-19]
CHR Extension: (TV) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2014-03-14]
CHR Extension: (YouTube) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-14]
CHR Extension: (eBay) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom [2015-02-23]
CHR Extension: (Dirt Farmer's Farmville Toolbar) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncmkflkdcckehapobbkeijklnapnpg [2014-03-14]
CHR Extension: (Video Poker) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cikdcpagdgnihikinbpjjaajjpcjcdlo [2014-03-14]
CHR Extension: (Christmas Mahjong) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coconnhpdpfcoglmhjniaoipnmklkmhf [2014-03-14]
CHR Extension: (Facebook one click login) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\confmkfbghmjiogjgafolpgoalpojmkb [2014-07-17]
CHR Extension: (Google Search) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-14]
CHR Extension: (Catch The Candy Halloween) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\daglghcncenbabpilbehfdigmfndokah [2014-03-14]
CHR Extension: (Email this page (by Google)) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2014-03-14]
CHR Extension: (Box Office) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbbohlkjglcppclgngklojecglglinl [2014-07-17]
CHR Extension: (Deuces Wild Video Poker) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebbblhehiobpccacljhmjifbplfemldh [2014-03-14]
CHR Extension: (Mahjongg) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop [2014-03-14]
CHR Extension: (Share link via email) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdbkikfbnnhmachnnomjfgjbgkcnjkb [2014-07-17]
CHR Extension: (Classic for Facebook) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad [2014-11-25]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2014-07-17]
CHR Extension: (Candy Mahjong) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbeaamkeeefhgfcmbnjmffohnahademp [2014-03-14]
CHR Extension: (Click&Clean) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2014-04-04]
CHR Extension: (AdBlock) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-23]
CHR Extension: (Halloween Mahjong) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpakeodedigoifepmiljaacocfcpgcf [2014-03-14]
CHR Extension: (Pin It Button) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-09-09]
CHR Extension: (PageSpeed Insights (by Google)) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli [2014-07-29]
CHR Extension: (Summer Mahjong) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhebamddpnanijapgpghgalikpipdlaf [2014-03-14]
CHR Extension: (Facebook Emoticons) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkdlcejbjnnmjgajjjfenejacioiimpp [2014-07-17]
CHR Extension: (Fruit Connect) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmikpcdpocppkfklafbajehobcoijegf [2014-03-14]
CHR Extension: (TLRemove) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hneieddeibpcngeljjkdpcajfcgelalk [2014-08-10]
CHR Extension: (Crackle) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-07-17]
CHR Extension: (Dirt Farmer's Click Trap Remover) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\icgpkdoghndaeolkpcikaieakkfjnall [2014-03-14]
CHR Extension: (Memory Bug) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifdfhkbomhmpieanlgonlgjhckibmail [2014-03-14]
CHR Extension: (Cookies) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2015-01-23]
CHR Extension: (Five-O Poker) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jajjdppmldkodfjppfhfhmgnefjipbph [2014-03-14]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2015-03-27]
CHR Extension: (Hao TV) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhpmjfnlelbbbimnhhhnnmmfdpeffkj [2014-07-17]
CHR Extension: (Online Movies) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ladmdajlenfamcedgfipcecmdmgfpdhc [2014-07-17]
CHR Extension: (Mahjong Solitaire for Kids - Duckie Deck) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcbdikccblkaigboagkfeopedidbbjg [2014-03-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-07]
CHR Extension: (Word Ruffle) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lemfhebbbpeknpobpdlngjecnidoafbg [2014-03-14]
CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2014-03-14]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2014-04-16]
CHR Extension: (Kids Love Puzzles) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfphmjghemcgmbekijcajniphlcflbjm [2014-03-14]
CHR Extension: (ScootPad) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjchkacpbjppajjghmohegkkcikmeef [2014-07-17]
CHR Extension: (Faster Chrome Pro) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncfebkjhppaffifdkonhpmgeijcjleln [2014-04-03]
CHR Extension: (Google Wallet) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Barnyard Match) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\obbpofjmecckjelpfbpapjadpekijbhm [2014-03-14]
CHR Extension: (Make Photo Gallery) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcejpbljkjnljdjckjclmeoekieilokj [2014-07-17]
CHR Extension: (Click&Clean App) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-03-14]
CHR Extension: (Outlook.com) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-02-23]
CHR Extension: (Valentines Day Mahjong) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgamjkpppddoomaiaoepbobjmeojblce [2014-03-14]
CHR Extension: (Gmail) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]
CHR Extension: (Whitelist for Chrome) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pocjkchlmhkjafdpmkklknmjhokobgmh [2014-03-14]
CHR HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Linda\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [Not Found]
CHR HKU\S-1-5-21-3021046642-3450732640-4103114356-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lfoibgciimcbjkngfcdkebkgbecoeimf] - C:\Users\Linda\AppData\Local\CRE\lfoibgciimcbjkngfcdkebkgbecoeimf.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Linda\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/Charter Security Suite/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-09-08]
CHR HKLM-x32\...\Chrome\Extension: [lfoibgciimcbjkngfcdkebkgbecoeimf] - C:\Users\Linda\AppData\Local\CRE\lfoibgciimcbjkngfcdkebkgbecoeimf.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 fshoster; C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [187432 2014-10-06] (F-Secure Corporation)
R2 FSMA; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-09-18] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [60456 2015-03-15] (F-Secure Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
U2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
S4 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2013-08-23] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [126392 2011-11-30] (Symantec Corporation)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [208424 2015-03-27] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71080 2015-04-14] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2015-03-27] ()
R3 fsni; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\fsni64.sys [90152 2015-04-15] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2014-09-18] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-21] (Anchorfree Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdhub30.sys C17BAFA60F941A1AF5C2B10D8632C409
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 0468FB7AE99626524F9BDE3E1E030F63
C:\Windows\System32\DRIVERS\atikmpag.sys 41DF60B783AF496C93AB22B3B30518E1
C:\Windows\System32\DRIVERS\amdkmpfd.sys 554FB0F28C411FB1EAFD4EA46A8CAAA4
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\amdxhc.sys 3DC51308F5E7A4BB8020D16E64E9D882
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 2B3B05C0A7768BF033217EB8F33F9C35
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys 476F455E9ACD598FD2D82A7F2896F040
C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys 91E3FB44FD00648B026CE6EE5C5414FB
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fsbts.sys F59F2C574AA5D84477EB89F87C938F16
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\fsni64.sys D3B6995B7D1CD9481AA54ECB8B8DF595
C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys CE9F24B67CCADE6AD5B9FFE3DB3F79A7
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\System32\DRIVERS\FwLnk.sys 60ACB128E64C35C2B4E4AAB1B0A5C293
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 112A84BD9A31C59826AC2979D451F0DA
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 3CE6A9BEF066BF9488E6BC4D6C62F77E
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pgeffect.sys 91111CEBBDE8015E822C46120ED9537C
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpdispm.sys BDF2DB2F19945AFAF102A2C03062EFB1
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys A115F49BEA840A5F049BC6310F35F776
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUVStor.sys 36FCA0C67BCDC0DA047F5F36743B5CB9
C:\Windows\System32\DRIVERS\rtl8192Ce.sys F33E70E48A54A7A1BFBEEB4F3B273E4A
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 92F4AFC1FDE7A4CA0C88F9143F4DD323
C:\Windows\System32\DRIVERS\taphss6.sys FA08663E58C3B856CD9A83F3279337FE
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZ_O.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZFL.sys 9C7191F4B2E49BFF47A6C1144B5923FA
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbfilter.sys 33A58C5630200E17B51C8D73DD64181B
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\DRIVERS\WSDScan.sys 4A2A5C50DD1A63577D3ACA94269FBC7F
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== Three Months Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-23 07:57 - 2015-04-23 07:58 - 00052160 _____ () C:\Users\Linda\Documents\FRST.txt
2015-04-23 07:56 - 2015-04-23 07:56 - 00000000 ____D () C:\Users\Linda\Documents\FRST-OlderVersion
2015-04-22 15:42 - 2015-04-22 15:42 - 00283200 _____ () C:\windows\Minidump\042215-73726-01.dmp
2015-04-22 07:49 - 2015-04-22 07:49 - 02218632 _____ (Microsoft Corporation) C:\Users\Linda\Downloads\DefaultPack (1).EXE
2015-04-22 07:28 - 2015-04-22 07:28 - 17258952 _____ (Bitdefender LLC) C:\Users\Linda\Downloads\RemovalToolUnifiedLauncher_sirefef.exe
2015-04-22 07:28 - 2015-04-22 07:28 - 00390776 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\TrufosAlt.sys
2015-04-22 07:01 - 2015-04-22 07:01 - 00000000 ___HD () C:\OneDriveTemp
2015-04-22 06:56 - 2015-04-22 06:56 - 16090224 _____ (SUPERAdBlocker.com and SUPERAntiSpyware.com) C:\Users\Linda\Downloads\SASDEFINITIONS (1).EXE
2015-04-22 06:54 - 2015-04-22 06:54 - 16090224 _____ (SUPERAdBlocker.com and SUPERAntiSpyware.com) C:\Users\Linda\Downloads\SASDEFINITIONS.EXE
2015-04-21 07:59 - 2015-04-22 18:36 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-04-21 07:59 - 2015-04-21 07:59 - 02931056 _____ () C:\Users\Linda\Downloads\SecurityTaskManager_Setup.exe
2015-04-21 07:59 - 2015-04-21 07:59 - 00000000 ____D () C:\Users\Linda\AppData\Local\SecTaskMan
2015-04-19 09:31 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe
2015-04-19 09:31 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe
2015-04-19 09:31 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-04-19 09:31 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-04-19 09:31 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-04-19 09:31 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe
2015-04-19 09:31 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe
2015-04-19 09:31 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe
2015-04-19 09:30 - 2015-04-19 11:03 - 00000000 ____D () C:\ComboFix
2015-04-19 09:29 - 2015-04-19 09:30 - 00000000 ____D () C:\Qoobox
2015-04-19 09:28 - 2015-04-19 10:34 - 00000000 ____D () C:\windows\erdnt
2015-04-19 08:28 - 2015-04-19 08:29 - 02217984 _____ () C:\Users\Linda\Downloads\adwcleaner_4.201 (1).exe
2015-04-19 08:27 - 2015-04-19 08:27 - 02217984 _____ () C:\Users\Linda\Downloads\adwcleaner_4.201.exe
2015-04-19 08:22 - 2015-04-19 08:22 - 00004429 _____ () C:\Users\Linda\Desktop\JRT.txt
2015-04-19 08:12 - 2015-04-19 08:12 - 00000207 _____ () C:\windows\tweaking.com-regbackup-LINDA-TOSHIBA-Windows-7-Home-Premium-(64-bit).dat
2015-04-19 08:12 - 2015-04-19 08:12 - 00000000 ____D () C:\RegBackup
2015-04-19 08:11 - 2015-04-19 08:11 - 02686254 _____ (Thisisu) C:\Users\Linda\Downloads\JRT.exe
2015-04-18 13:02 - 2015-04-22 15:42 - 553180866 _____ () C:\windows\MEMORY.DMP
2015-04-18 13:02 - 2015-04-18 13:02 - 00283200 _____ () C:\windows\Minidump\041815-74786-01.dmp
2015-04-18 09:01 - 2015-04-18 09:01 - 02098176 _____ (Farbar) C:\Users\Linda\Downloads\FRST64 (1).exe
2015-04-18 08:51 - 2015-04-23 07:56 - 02099712 _____ (Farbar) C:\Users\Linda\Documents\FRST64.exe
2015-04-18 08:22 - 2015-04-18 09:03 - 00038586 _____ () C:\Users\Linda\Downloads\Addition.txt
2015-04-18 08:21 - 2015-04-18 09:05 - 00049874 _____ () C:\Users\Linda\Downloads\FRST.txt
2015-04-18 08:20 - 2015-04-23 07:57 - 00000000 ____D () C:\FRST
2015-04-18 08:19 - 2015-04-18 08:19 - 02098176 _____ (Farbar) C:\Users\Linda\Downloads\FRST64.exe
2015-04-17 07:09 - 2015-04-17 07:09 - 00000000 ___HD () C:\ProgramData\CanonIJMyPrinter
2015-04-16 18:03 - 2015-04-16 18:03 - 00002051 _____ () C:\Users\Linda\Desktop\Canon MG2900 series Printer (Copy 1) - Shortcut.lnk
2015-04-16 14:04 - 2015-04-16 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2900 series User Registration
2015-04-16 13:56 - 2015-04-16 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2900 series Manual
2015-04-16 13:49 - 2015-04-17 07:09 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-04-16 13:44 - 2015-04-16 13:45 - 51285592 _____ () C:\Users\Linda\Downloads\win-mg2900-1_1-ucd (1).exe
2015-04-16 11:45 - 2015-04-16 11:45 - 00017440 _____ () C:\Users\Linda\Documents\local port
2015-04-16 06:49 - 2015-04-16 06:49 - 00000915 _____ () C:\Users\Linda\Desktop\MG2900 series (UPnP)_0FA27B000000 - Shortcut.lnk
2015-04-16 06:27 - 2015-04-16 06:27 - 00000000 ____H () C:\Users\Linda\Documents\Default.rdp
2015-04-15 17:45 - 2015-04-15 17:45 - 18178736 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-04-14 16:59 - 2015-04-14 16:59 - 00910000 _____ () C:\Users\Linda\Downloads\MicrosoftSystemScan_08b63aa3-66e5-415b-b158-8ac33be52770.exe
2015-04-14 07:29 - 2015-04-14 07:29 - 00000000 ____D () C:\Users\Linda\AppData\Local\Microsoft_Corporation
2015-04-13 16:28 - 2015-04-23 07:21 - 00000510 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task ccc395ff-2b56-4db5-a6f2-9b61e0dbacf3.job
2015-04-13 16:28 - 2015-04-23 06:52 - 00000510 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1b483962-ffe0-402a-9cf2-fa8d2820b407.job
2015-04-13 16:28 - 2015-04-14 07:36 - 00003594 _____ () C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 1b483962-ffe0-402a-9cf2-fa8d2820b407
2015-04-13 16:28 - 2015-04-13 16:28 - 00003520 _____ () C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ccc395ff-2b56-4db5-a6f2-9b61e0dbacf3
2015-04-13 16:27 - 2015-04-13 16:27 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\SUPERAntiSpyware.com
2015-04-13 16:26 - 2015-04-23 07:23 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-13 16:26 - 2015-04-13 16:26 - 00001819 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-04-13 16:26 - 2015-04-13 16:26 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-13 16:26 - 2015-04-13 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-13 16:25 - 2015-04-13 16:25 - 21654912 _____ (SUPERAntiSpyware) C:\Users\Linda\Downloads\SUPERAntiSpyware.exe
2015-04-11 19:16 - 2011-02-25 01:19 - 02871808 _____ (Microsoft Corporation) C:\windows\explorer - Copy.exe
2015-04-11 11:55 - 2015-04-11 11:55 - 00000000 ____D () C:\ProgramData\SetupTemp
2015-04-11 11:40 - 2015-04-11 11:40 - 51285592 _____ () C:\Users\Linda\Downloads\win-mg2900-1_1-ucd.exe
2015-04-10 20:37 - 2015-04-10 20:37 - 00985600 _____ () C:\Users\Linda\Downloads\MicrosoftFixit50123 (1).msi
2015-04-10 20:22 - 2015-04-10 20:22 - 00985600 _____ () C:\Users\Linda\Downloads\MicrosoftFixit50123.msi
2015-04-10 09:00 - 2015-04-10 09:00 - 00652930 _____ () C:\Users\Linda\Downloads\HealthSummary20150410.zip
2015-04-10 08:45 - 2015-04-10 08:45 - 00347816 _____ (Microsoft Corporation) C:\Users\Linda\Downloads\MicrosoftFixit.Printing.Run.exe
2015-03-27 21:10 - 2015-03-27 21:38 - 00056016 _____ () C:\windows\system32\Drivers\fsbts.sys
2015-03-27 21:10 - 2015-03-27 21:10 - 00000685 _____ () C:\windows\fsav_db_setup.log
2015-03-27 21:07 - 2015-03-27 21:10 - 04168131 _____ () C:\windows\FSISU.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00873387 _____ () C:\windows\FSSFM.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00748694 _____ () C:\windows\FSSETUP.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00136091 _____ () C:\windows\FSPROD.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00088551 _____ () C:\windows\RunSetup.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00073840 _____ () C:\windows\FSAVINST.LOG
2015-03-27 21:07 - 2015-03-27 21:10 - 00009972 _____ () C:\windows\FSAVCSIN.LOG
2015-03-27 21:07 - 2015-03-27 21:10 - 00004429 _____ () C:\windows\FSGKIAIN.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00004370 _____ () C:\windows\fstnbins.LOG
2015-03-27 21:07 - 2015-03-27 21:10 - 00003519 _____ () C:\windows\fsavunin.log
2015-03-27 21:07 - 2015-03-27 21:10 - 00001869 _____ () C:\windows\FSLDIN.LOG
2015-03-27 21:07 - 2015-03-27 21:07 - 00140799 _____ () C:\windows\FSDEPH.log
2015-03-27 21:07 - 2015-03-27 21:07 - 00020588 _____ () C:\windows\prodsett_copy.ini
2015-03-27 21:07 - 2015-03-27 21:07 - 00019318 _____ () C:\windows\fspplugin.log
2015-03-27 14:17 - 2015-03-27 14:15 - 00000022 _____ () C:\Users\Linda\Documents\[bcc-talk] FW [sugarlandcivicassociation] Shooting Behind Sub..zip
2015-03-26 20:15 - 2015-03-26 20:17 - 00000022 _____ () C:\Users\Linda\Downloads\[sugarlandcivicassociation] Shooting Behind Sub..zip
2015-03-15 15:29 - 2015-03-15 15:29 - 00007601 _____ () C:\Users\Linda\AppData\Local\Resmon.ResmonCfg
2015-03-05 07:58 - 2015-03-05 11:00 - 00000000 ____D () C:\Users\Linda\AppData\Local\Microsoft Games
2015-03-05 07:56 - 2015-04-06 03:41 - 00000000 ____D () C:\windows\System32\Tasks\Games
2015-03-03 15:16 - 2015-04-19 10:25 - 00005540 _____ () C:\windows\PFRO.log
2015-02-26 19:47 - 2015-02-26 19:47 - 00002136 _____ () C:\Users\Public\Desktop\Charter Security Suite.lnk
2015-02-26 19:47 - 2015-02-26 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Charter Security Suite
2015-02-26 19:46 - 2015-04-18 07:55 - 00000000 ____D () C:\Program Files (x86)\Charter Security Suite
2015-02-26 19:34 - 2015-03-27 21:11 - 00000000 ____D () C:\ProgramData\F-Secure
2015-02-26 19:34 - 2015-02-26 19:49 - 00000000 ____D () C:\Users\Linda\AppData\Local\F-Secure
2015-02-26 19:34 - 2015-02-26 19:34 - 00838184 _____ (F-Secure Corporation) C:\Users\Linda\Downloads\CharterNetworkInstaller_C-WKBRV-FF9HD-NF47E-VYUU3_ (1).exe
2015-02-26 09:08 - 2015-04-23 07:21 - 00002768 _____ () C:\windows\setupact.log
2015-02-26 09:08 - 2015-02-26 09:08 - 00000000 _____ () C:\windows\setuperr.log
2015-02-25 10:23 - 2015-02-25 10:23 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-02-24 17:26 - 2015-02-24 17:26 - 00000000 ____D () C:\Users\Linda\AppData\Local\Macromedia
2015-02-24 17:21 - 2015-02-24 17:21 - 00243424 _____ () C:\Users\Linda\Downloads\Firefox Setup Stub 36.0 (1).exe
2015-02-24 17:14 - 2015-02-24 17:14 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Mozilla
2015-02-24 17:14 - 2015-02-24 17:14 - 00000000 ____D () C:\Users\Linda\AppData\Local\Mozilla
2015-02-24 17:13 - 2015-02-24 17:13 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-24 17:09 - 2015-02-24 17:09 - 00243424 _____ () C:\Users\Linda\Downloads\Firefox Setup Stub 36.0.exe
2015-02-08 18:59 - 2015-04-19 08:40 - 00000000 ____D () C:\AdwCleaner
2015-02-08 18:58 - 2015-02-08 18:58 - 02112512 _____ () C:\Users\Linda\Downloads\adwcleaner_4.110.exe
2015-02-08 10:04 - 2015-02-08 10:04 - 00838184 _____ (F-Secure Corporation) C:\Users\Linda\Downloads\CharterNetworkInstaller_C-WKBRV-FF9HD-NF47E-VYUU3_.exe
2015-02-04 12:23 - 2015-02-04 12:23 - 00875688 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2015-02-04 12:13 - 2015-02-04 12:13 - 00869536 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-23 07:58 - 2014-11-27 20:49 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-23 07:45 - 2013-09-11 13:31 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-23 07:45 - 2013-04-29 13:37 - 01867978 _____ () C:\windows\WindowsUpdate.log
2015-04-23 07:34 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-23 07:34 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-23 07:27 - 2009-07-14 00:13 - 00867358 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-23 07:24 - 2013-05-14 22:58 - 00000438 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-04-23 07:23 - 2014-10-12 06:31 - 00000000 ___RD () C:\Users\Linda\OneDrive
2015-04-23 07:21 - 2014-11-27 20:49 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-23 07:21 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-22 15:42 - 2014-08-01 18:46 - 00000000 ____D () C:\windows\Minidump
2015-04-22 15:37 - 2009-07-14 00:08 - 00032558 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-04-20 18:44 - 2014-02-06 14:11 - 00000000 ____D () C:\Users\Linda\AppData\Local\CrashDumps
2015-04-19 10:29 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini
2015-04-19 10:23 - 2013-08-03 13:11 - 00000000 ____D () C:\windows\system32\MRT
2015-04-19 10:05 - 2013-04-30 16:56 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-18 18:04 - 2013-04-29 16:10 - 00000000 ____D () C:\Users\Linda
2015-04-18 18:02 - 2014-03-12 17:26 - 00000000 ____D () C:\Users\DefaultAppPool
2015-04-18 18:02 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2015-04-18 08:27 - 2014-02-05 18:41 - 01138176 ___SH () C:\Users\Linda\Downloads\Thumbs.db
2015-04-17 07:32 - 2009-07-14 00:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2015-04-16 14:18 - 2014-09-12 08:08 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-04-16 14:06 - 2014-09-12 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-04-16 14:05 - 2009-07-13 22:20 - 00000000 __RSD () C:\windows\Media
2015-04-16 14:04 - 2014-09-12 08:51 - 00002036 _____ () C:\Users\Public\Desktop\Canon Quick Menu.lnk
2015-04-16 14:04 - 2014-09-12 08:51 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2015-04-16 13:56 - 2014-09-12 08:46 - 00000000 ____D () C:\Program Files\Canon
2015-04-16 13:56 - 2014-09-12 08:45 - 00002373 _____ () C:\Users\Public\Desktop\Canon MG2900 series On-screen Manual.lnk
2015-04-15 19:41 - 2014-11-27 20:50 - 00002270 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 17:45 - 2013-09-11 13:31 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 17:45 - 2013-09-11 13:31 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 17:45 - 2013-09-11 13:31 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 09:17 - 2013-04-29 15:00 - 00859972 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-04-13 16:45 - 2014-07-31 12:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-10 18:08 - 2014-10-12 06:31 - 00002177 _____ () C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
 
==================== Files in the root of some directories =======
 
2013-09-28 18:02 - 2013-09-28 18:02 - 50053120 _____ () C:\Program Files (x86)\GUTA7B0.tmp
2015-03-15 15:29 - 2015-03-15 15:29 - 0007601 _____ () C:\Users\Linda\AppData\Local\Resmon.ResmonCfg
2014-01-01 09:51 - 2014-01-01 09:51 - 0000003 _____ () C:\Users\Linda\AppData\Local\updater.log
2014-01-01 09:51 - 2015-01-16 16:30 - 0000425 _____ () C:\Users\Linda\AppData\Local\UserProducts.xml
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {3e9af1b9-b103-11e2-a99d-85737e88d19a}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {2ee545f7-b111-11e2-bfae-00266c19c9cf}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{2ee545f8-b111-11e2-bfae-00266c19c9cf}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{2ee545f8-b111-11e2-bfae-00266c19c9cf}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {2ee545f7-b111-11e2-bfae-00266c19c9cf}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \windows
resumeobject            {3e9af1b9-b103-11e2-a99d-85737e88d19a}
nx                      OptIn
 
Resume from Hibernate
---------------------
identifier              {3e9af1b9-b103-11e2-a99d-85737e88d19a}
device                  partition=C:
path                    \windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {2ee545f8-b111-11e2-bfae-00266c19c9cf}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
 
LastRegBack: 2015-04-14 06:58
 
==================== End Of Log ============================


#13 lindaalleman

lindaalleman
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:08 AM

Posted 23 April 2015 - 08:32 AM

I have to log off computer for a while........hope what I sent helps you.

I will be back later.

Thank you



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:08 AM

Posted 23 April 2015 - 11:55 AM

Hi,
the Addition.txt is missing. Please re-run FRST with the following settings and post the logs:

frstscanparameters.PNG

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 lindaalleman

lindaalleman
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:08 AM

Posted 23 April 2015 - 04:45 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.8 (04.17.2015:1)
OS: Windows 7 Home Premium x64
Ran by Linda on Sun 04/19/2015 at  8:12:18.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Linda\desktop\live pc help.lnk
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\Linda\AppData\Roaming\drivercure
Successfully deleted: [Folder] C:\Users\Linda\AppData\Roaming\pccustubinstaller
Successfully deleted: [Folder] C:\Users\Linda\AppData\Roaming\systweak
Successfully deleted: [Folder] C:\Users\Linda\appdata\local\conduit
Successfully deleted: [Folder] C:\Users\Linda\appdata\local\cre
Successfully deleted: [Folder] C:\Users\Linda\appdata\locallow\conduit
Successfully deleted: [Folder] C:\Program Files (x86)\conduit
Successfully deleted: [Folder] C:\Users\Linda\documents\optimizer pro
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{01B6B40B-C157-403E-AE79-4F0E283A8CA0}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{158A8AF2-6DBE-4B6D-B4BD-99F71E6A0073}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{17B65F80-93C2-4540-95BD-011068106D05}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{24AD58D5-DC3D-440C-8160-D647F26ADE6E}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{474DC4A5-1230-4EF6-8AA8-B4C394D87E29}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{589FE891-1759-46E3-B8FC-C7B93A1F728E}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{7A3C4E69-5A7E-42FC-9679-79B9CE1F8BE0}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{89B192E0-EB77-4071-A9DB-9F45F1E5F5D0}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{96A12C6C-A79D-4F07-9BEE-4E9C256237C2}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{A3FBF751-BDDA-4C1D-A471-40667C6FE035}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{B2005AA3-0FB7-4560-AFB6-7CFD7EFCC4AA}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{B7F548FF-E2A4-450B-8607-FC3D211B7F8A}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{CAAB1D34-2764-4C5A-8DBF-F216502580BD}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{CADB2B2C-ED02-49B2-B260-8855C80CC50D}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{CAE145D5-D0B5-4D9C-86F4-78D09F55CF43}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{CB75D537-6D52-41C3-AFE8-E5A6C324422A}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{D4E2C750-F7EF-4498-8CF0-123DDFC22B80}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{D6AD3A89-7A2C-4EF6-8A3A-3C08794BC35B}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{E81E2330-F58C-4C07-9EC7-AB18B8ABCA2D}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{ECD2EB5A-37B0-4F90-87A0-C25E437AF04A}
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Linda\appdata\local\Google\Chrome\User Data\Default\Extensions\mkmomflkhdooajekmffpilpoenndjppk
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/19/2015 at  8:22:11.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users