Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NationZoom, Ads by !!compareitapplication!! and possibly other viruses


  • This topic is locked This topic is locked
15 replies to this topic

#1 double_r2

double_r2

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 31 May 2015 - 01:03 PM

Hello,

I think that my computer is infected with viruses. On Google chrome and Internet Explorer, NationZoom has taken over and I am not aware of how to remove it. Also on Mozilla Firefox,Ads by !!compareitapplication!! keeps on popping up and I do not know how to get rid of that. I think that there might be other viruses on my computer. Please advise me on how I can fix this problem. Also, if I back up all of my information on my computer onto a hard drive, will resetting it to factory settings remove these types of viruse? Thanks.

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:58 AM

Posted 31 May 2015 - 03:47 PM

Hello 

double_r2

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 double_r2

double_r2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 31 May 2015 - 05:13 PM

1. AdwCleaner Logfile

 

# AdwCleaner v4.206 - Logfile created 31/05/2015 at 18:07:24
# Updated 01/06/2015 by Xplode
# Database : 2015-05-31.5 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Reanna - REANNA-PC
# Running from : C:\Users\Reanna\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\8599881755514593194
Folder Deleted : C:\ProgramData\{12a100bb-9249-43fd-12a1-100bb92402ee}
Folder Deleted : C:\ProgramData\{45d3368e-c588-a692-45d3-3368ec58da3b}
Folder Deleted : C:\ProgramData\{4e06aac4-d08a-10e4-4e06-6aac4d08ab13}
Folder Deleted : C:\ProgramData\{7707e34a-516f-7e41-7707-7e34a5168d29}
Folder Deleted : C:\ProgramData\{c8cf4fce-74a5-4d6d-c8cf-f4fce74a3f39}
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
[/!\] Not Deleted ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
[/!\] Not Deleted ( Junction ) : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
Folder Deleted : C:\Users\Guest.Reanna-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmmopahfebclodkepfhnlmjmgmcnojkn
Folder Deleted : C:\Users\Guest.Reanna-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cocjmancioaffbkjaicocmkginhhkkok
Folder Deleted : C:\Users\Guest.Reanna-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpjcckiomfihfabiojpaagpbhphjhjn
Folder Deleted : C:\Users\Guest.Reanna-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniabgbbmccaomaocmhcfioahgipigbh
Folder Deleted : C:\Users\Guest.Reanna-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdebdllgnemmnjjhjjndfiaamdhonjlk
Folder Deleted : C:\Users\Guest.Reanna-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajnjaghjodocddaglgghffgacnoepgf
Folder Deleted : C:\Users\Guest.Reanna-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhafcnoogohlcmnefjlacnmhgjopnfl
[/!\] Not Deleted ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
[/!\] Not Deleted ( Junction ) : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
Folder Deleted : C:\ProgramData\dgkninkcdlfmjjaabdbeamkbifjdhleg
Folder Deleted : C:\ProgramData\pocdneehjignaigicbkjffpglejmnpoa
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
Folder Deleted : C:\Users\Reanna\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
Folder Deleted : C:\Users\Reanna\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
File Deleted : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
File Deleted : C:\Program Files (x86)\Common Files\config\uninstinethnfd.exe

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53B21E29-3967-C332-57EB-C02631658584}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v37.0.1 (x86 en-US)


-\\ Google Chrome v43.0.2357.81

[C:\Users\Guest.Reanna-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : hdpjcckiomfihfabiojpaagpbhphjhjn
[C:\Users\Guest.Reanna-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : iniabgbbmccaomaocmhcfioahgipigbh
[C:\Users\Guest.Reanna-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : jdebdllgnemmnjjhjjndfiaamdhonjlk
[C:\Users\Guest.Reanna-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : lajnjaghjodocddaglgghffgacnoepgf
[C:\Users\Guest.Reanna-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : dgkninkcdlfmjjaabdbeamkbifjdhleg
[C:\Users\Reanna\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Reanna\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v


-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R1].txt - [22885 bytes] - [22/04/2015 18:23:45]
AdwCleaner[R2].txt - [22948 bytes] - [22/04/2015 18:30:30]
AdwCleaner[R3].txt - [8324 bytes] - [31/05/2015 18:04:41]
AdwCleaner[S1].txt - [19380 bytes] - [22/04/2015 18:31:32]
AdwCleaner[S2].txt - [6005 bytes] - [31/05/2015 18:07:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [6064  bytes] ##########
 



#4 double_r2

double_r2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 31 May 2015 - 05:26 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Reanna (administrator) on REANNA-PC on 31-05-2015 18:17:22
Running from C:\Users\Reanna\Downloads
Loaded Profiles: Reanna (Available Profiles: Reanna & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(ooVoo LLC) C:\Program Files (x86)\oovoo\ooVoo.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Reanna\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 4.1\EMET_Agent.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\widimon\widimon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Freecorder FLV Service] => "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-30] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [EMET 4.1 Agent] => C:\Program Files (x86)\EMET 4.1\EMET_agent.exe [78992 2013-11-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [ospd_us_80] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\...\Run: [LightShot] => C:\Users\Reanna\AppData\Local\Skillbrains\lightshot\Lightshot.exe
HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\...\Run: [DW7] => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\...\Run: [ooVoo.exe] => C:\program files (x86)\oovoo\oovoo.exe [36207136 2015-02-08] (ooVoo LLC)
HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\...\MountPoints2: {4f3e2f8c-52e5-11e2-bb97-b870f4c5fce3} - E:\Startme.exe
HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\...\MountPoints2: {78d7b74d-056b-11e4-9fe7-b870f4c5fce3} - E:\Startme.exe
HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-10-02]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-11-25]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-11-25]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Guest.Reanna-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2014-03-19]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Reanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chris Brown & Tyga - Fan of A Fan The Album (Deluxe Version).zip.lnk [2015-02-24]
ShortcutTarget: Chris Brown & Tyga - Fan of A Fan The Album (Deluxe Version).zip.lnk -> C:\ProgramData\{45d3368e-c588-a692-45d3-3368ec58da3b}\Chris Brown & Tyga - Fan of A Fan The Album (Deluxe Version).zip.exe (No File)
Startup: C:\Users\Reanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Reanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-30] (Symantec Corporation)
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:
========
FF ProfilePath: C:\Users\Reanna\AppData\Roaming\Mozilla\Firefox\Profiles\5utrig49.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-02-25] (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-02-25] (Best Buy)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-04-30] (Alcatel-Lucent)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-01-10] (Pando Networks)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2011-08-03] (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2012-08-02] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3038019527-4010738560-2751345668-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-01-10] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-09-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-09-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-09-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-09-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-09-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn [2012-06-25]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2015-05-31]
FF HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://start.toshiba.com/?cid=C001B2Y
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.google.com/"
CHR Profile: C:\Users\Reanna\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Flow Colors) - C:\Users\Reanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnmelddedlommnmllmfhoephaidddmk [2014-05-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120804.001\BHDrvx64.sys [1161376 2012-06-19] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120808.001\IDSvia64.sys [509088 2012-07-28] (Symantec Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120808.019\ENG64.SYS [120440 2012-06-25] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120808.019\EX64.SYS [2068600 2012-06-25] (Symantec Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-06-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 X6va005; \??\C:\Users\Reanna\AppData\Local\Temp\00542C9.tmp [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 18:17 - 2015-05-31 18:18 - 00026807 _____ () C:\Users\Reanna\Downloads\FRST.txt
2015-05-31 18:17 - 2015-05-31 18:17 - 00000000 ____D () C:\FRST
2015-05-31 18:14 - 2015-05-31 18:14 - 02108928 _____ (Farbar) C:\Users\Reanna\Downloads\FRST64.exe
2015-05-31 18:14 - 2015-05-31 18:14 - 01147392 _____ (Farbar) C:\Users\Reanna\Downloads\FRST.exe
2015-05-31 18:04 - 2015-05-31 18:04 - 02231296 _____ () C:\Users\Reanna\Downloads\AdwCleaner.exe
2015-05-25 20:51 - 2015-05-25 20:51 - 00000000 _____ () C:\autoexec.bat
2015-05-25 20:50 - 2015-05-25 20:50 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Reanna\Downloads\SpyHunter-Installer.exe
2015-05-25 16:19 - 2015-05-25 16:19 - 03435294 _____ () C:\Users\Reanna\Downloads\AnimalProject.pptx
2015-05-17 14:57 - 2015-05-26 21:59 - 00000000 ____D () C:\Users\Reanna\Documents\AnimalProject
2015-05-17 14:31 - 2015-05-31 18:08 - 00000728 _____ () C:\windows\setupact.log
2015-05-17 14:31 - 2015-05-17 14:31 - 00000000 _____ () C:\windows\setuperr.log
2015-05-16 19:34 - 2015-05-16 20:31 - 00000000 ____D () C:\Users\Reanna\Documents\SantoroMixtape
2015-05-12 20:57 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 20:57 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 19:42 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-12 19:42 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-05-12 19:42 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-12 19:42 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-05-12 19:42 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-12 19:42 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-05-12 19:42 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-05-12 19:42 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-05-12 19:42 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-12 19:42 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-12 19:42 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-05-12 19:42 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-12 19:42 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-05-12 19:42 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-05-12 19:42 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-05-12 19:42 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-12 19:42 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-12 19:42 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-05-12 19:42 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-05-12 19:42 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-05-12 19:42 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-12 19:42 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-05-12 19:42 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-05-12 19:42 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-05-12 19:42 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-05-12 19:42 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 19:42 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-05-12 19:42 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-05-12 19:42 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-05-12 19:42 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-05-12 19:42 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-05-12 19:42 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-12 19:42 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-05-12 19:42 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-12 19:42 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-05-12 19:42 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-05-12 19:42 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-05-12 19:42 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-05-12 19:42 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-05-12 19:42 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-05-12 19:42 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-05-12 19:42 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-12 19:42 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-12 19:42 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-05-12 19:42 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-05-12 19:42 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-12 19:42 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 19:42 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-12 19:42 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-05-12 19:42 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-05-12 19:42 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-05-12 19:42 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-05-12 19:42 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-12 19:42 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-05-12 19:42 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-05-12 19:42 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-05-12 19:42 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-05-12 19:42 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-12 19:42 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-12 19:42 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-05-12 19:42 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-05-12 19:42 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-05-12 19:42 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-12 19:42 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-12 19:42 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-12 19:41 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-12 19:41 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-12 19:41 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-12 19:41 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-05-12 19:41 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-05-12 19:41 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-05-12 19:41 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-12 19:41 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-12 19:41 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-05-12 19:41 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-05-12 19:41 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-05-12 19:41 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-12 19:41 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-05-12 19:41 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-12 19:41 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-12 19:41 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-05-12 19:41 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-05-12 19:41 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-05-12 19:41 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-05-12 19:41 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-05-12 19:41 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-05-12 19:41 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-05-12 19:41 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-05-12 19:41 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-05-12 19:41 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-05-12 19:41 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-05-12 19:41 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-05-12 19:41 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-05-12 19:41 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-05-12 19:41 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-05-12 19:41 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-05-12 19:41 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-05-12 19:41 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-05-12 19:41 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-05-12 19:41 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-05-12 19:41 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-05-12 19:41 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-05-12 19:41 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-05-12 19:41 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-05-12 19:41 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-05-12 19:41 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-05-12 19:41 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-05-12 19:41 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-12 19:41 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-05-12 19:41 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-05-12 19:41 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 19:41 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-12 19:41 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-12 19:41 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-12 19:41 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-12 19:41 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-12 19:41 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-12 19:41 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-05-12 19:41 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-12 19:41 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-12 19:41 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-12 19:41 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-12 19:41 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-05-12 19:41 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-05-12 19:41 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-05-12 19:41 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2015-05-12 19:41 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-05-12 19:41 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-12 19:41 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-06 22:17 - 2015-05-06 22:25 - 00000000 ____D () C:\Users\Reanna\Documents\My Smilebox Creations
2015-05-06 22:16 - 2015-05-06 22:16 - 00791472 _____ (Smilebox, Inc.) C:\Users\Reanna\Downloads\SmileboxInstaller.exe
2015-05-06 21:18 - 2015-05-06 21:26 - 01985612 _____ () C:\Users\Reanna\Documents\santoroappreciation.pptx
2015-05-06 21:16 - 2015-05-06 22:58 - 01989200 _____ () C:\Users\Reanna\Downloads\santoroappreciation.pptx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 18:15 - 2011-11-25 09:03 - 01724618 _____ () C:\windows\WindowsUpdate.log
2015-05-31 18:13 - 2011-11-25 09:20 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-31 18:09 - 2014-08-02 04:16 - 00000000 ___RD () C:\Users\Reanna\Dropbox
2015-05-31 18:09 - 2014-08-02 04:15 - 00000000 ____D () C:\Users\Reanna\AppData\Roaming\Dropbox
2015-05-31 18:08 - 2011-11-25 09:20 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-31 18:08 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-31 18:07 - 2015-04-22 18:23 - 00000000 ____D () C:\AdwCleaner
2015-05-31 18:07 - 2015-04-05 03:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-31 17:20 - 2012-12-30 21:41 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-31 17:14 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-31 17:14 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-29 23:23 - 2013-12-07 19:33 - 00007891 _____ () C:\windows\BRRBCOM.INI
2015-05-29 20:19 - 2009-07-14 01:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-25 20:57 - 2012-01-04 11:38 - 00000000 ____D () C:\Users\Reanna\AppData\Local\CrashDumps
2015-05-23 01:10 - 2014-03-11 17:09 - 02514432 ___SH () C:\Users\Reanna\Downloads\Thumbs.db
2015-05-20 22:56 - 2015-04-05 03:01 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-05-20 22:56 - 2015-04-05 03:01 - 00000000 ___SD () C:\windows\system32\GWX
2015-05-16 21:11 - 2014-01-13 20:16 - 00000000 ____D () C:\Users\Reanna\AppData\Roaming\Audacity
2015-05-16 19:08 - 2011-11-25 09:20 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 19:08 - 2011-11-25 09:20 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-13 20:48 - 2014-10-02 21:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 17:54 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2015-05-13 17:03 - 2009-07-14 00:45 - 00406464 _____ () C:\windows\system32\FNTCACHE.DAT
2015-05-13 17:00 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 17:00 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-05-13 16:59 - 2013-03-12 23:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 16:59 - 2013-03-12 23:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 21:06 - 2012-01-04 11:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-12 21:05 - 2013-08-13 23:14 - 00000000 ____D () C:\windows\system32\MRT
2015-05-12 21:00 - 2012-01-07 12:22 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-12 20:57 - 2013-03-12 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-11 18:52 - 2014-08-02 04:16 - 00001033 _____ () C:\Users\Reanna\Desktop\Dropbox.lnk
2015-05-11 18:52 - 2014-08-02 04:15 - 00000000 ____D () C:\Users\Reanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-07 17:39 - 2012-01-05 19:02 - 11032064 ___SH () C:\Users\Reanna\Documents\Thumbs.db
2015-05-06 20:13 - 2012-02-11 00:30 - 00000000 ____D () C:\Users\Reanna\AppData\Local\Windows Live
2015-05-06 18:21 - 2015-04-27 21:56 - 00000000 ____D () C:\Users\Reanna\Documents\Romeo and Juliet Project

==================== Files in the root of some directories =======

2012-01-04 12:48 - 2012-01-04 12:48 - 0025210 _____ () C:\Program Files (x86)\CrossFire_1082.dlbt
2015-03-02 21:33 - 2015-04-22 18:43 - 0000020 _____ () C:\Users\Reanna\AppData\Roaming\appdataFr3.bin
2014-02-13 19:55 - 2014-02-13 19:55 - 0000043 _____ () C:\Users\Reanna\AppData\Roaming\WB.CFG
2012-02-17 22:02 - 2015-04-29 20:28 - 0005632 _____ () C:\Users\Reanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-21 17:18 - 2015-04-22 18:20 - 0011708 _____ () C:\Users\Reanna\AppData\Local\Temp-log.txt
2012-11-06 13:42 - 2012-11-06 13:42 - 0000003 _____ () C:\Users\Reanna\AppData\Local\updater.log
2012-11-06 13:42 - 2014-12-29 00:21 - 0000658 _____ () C:\Users\Reanna\AppData\Local\UserProducts.xml
2013-06-21 23:02 - 2013-06-24 21:14 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
C:\Users\Guest.Reanna-PC\AppData\Local\Temp\7pyahn2f.dll
C:\Users\Reanna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjwad_a.dll
C:\Users\Reanna\AppData\Local\Temp\Quarantine.exe
C:\Users\Reanna\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 20:25

==================== End of log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Reanna (administrator) on REANNA-PC on 31-05-2015 18:17:22
Running from C:\Users\Reanna\Downloads
Loaded Profiles: Reanna (Available Profiles: Reanna & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(ooVoo LLC) C:\Program Files (x86)\oovoo\ooVoo.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Reanna\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 4.1\EMET_Agent.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\widimon\widimon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Freecorder FLV Service] => "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-30] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [EMET 4.1 Agent] => C:\Program Files (x86)\EMET 4.1\EMET_agent.exe [78992 2013-11-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [ospd_us_80] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\...\Run: [LightShot] => C:\Users\Reanna\AppData\Local\Skillbrains\lightshot\Lightshot.exe
HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\...\Run: [DW7] => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\...\Run: [ooVoo.exe] => C:\program files (x86)\oovoo\oovoo.exe [36207136 2015-02-08] (ooVoo LLC)
HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\...\MountPoints2: {4f3e2f8c-52e5-11e2-bb97-b870f4c5fce3} - E:\Startme.exe
HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\...\MountPoints2: {78d7b74d-056b-11e4-9fe7-b870f4c5fce3} - E:\Startme.exe
HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-10-02]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-11-25]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-11-25]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Guest.Reanna-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2014-03-19]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Reanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chris Brown & Tyga - Fan of A Fan The Album (Deluxe Version).zip.lnk [2015-02-24]
ShortcutTarget: Chris Brown & Tyga - Fan of A Fan The Album (Deluxe Version).zip.lnk -> C:\ProgramData\{45d3368e-c588-a692-45d3-3368ec58da3b}\Chris Brown & Tyga - Fan of A Fan The Album (Deluxe Version).zip.exe (No File)
Startup: C:\Users\Reanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Reanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-30] (Symantec Corporation)
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:
========
FF ProfilePath: C:\Users\Reanna\AppData\Roaming\Mozilla\Firefox\Profiles\5utrig49.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-02-25] (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-02-25] (Best Buy)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-04-30] (Alcatel-Lucent)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-01-10] (Pando Networks)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2011-08-03] (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2012-08-02] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3038019527-4010738560-2751345668-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-01-10] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-09-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-09-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-09-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-09-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-09-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn [2012-06-25]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2015-05-31]
FF HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://start.toshiba.com/?cid=C001B2Y
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.google.com/"
CHR Profile: C:\Users\Reanna\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Flow Colors) - C:\Users\Reanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnmelddedlommnmllmfhoephaidddmk [2014-05-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120804.001\BHDrvx64.sys [1161376 2012-06-19] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120808.001\IDSvia64.sys [509088 2012-07-28] (Symantec Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120808.019\ENG64.SYS [120440 2012-06-25] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120808.019\EX64.SYS [2068600 2012-06-25] (Symantec Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-06-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 X6va005; \??\C:\Users\Reanna\AppData\Local\Temp\00542C9.tmp [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 18:17 - 2015-05-31 18:18 - 00026807 _____ () C:\Users\Reanna\Downloads\FRST.txt
2015-05-31 18:17 - 2015-05-31 18:17 - 00000000 ____D () C:\FRST
2015-05-31 18:14 - 2015-05-31 18:14 - 02108928 _____ (Farbar) C:\Users\Reanna\Downloads\FRST64.exe
2015-05-31 18:14 - 2015-05-31 18:14 - 01147392 _____ (Farbar) C:\Users\Reanna\Downloads\FRST.exe
2015-05-31 18:04 - 2015-05-31 18:04 - 02231296 _____ () C:\Users\Reanna\Downloads\AdwCleaner.exe
2015-05-25 20:51 - 2015-05-25 20:51 - 00000000 _____ () C:\autoexec.bat
2015-05-25 20:50 - 2015-05-25 20:50 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Reanna\Downloads\SpyHunter-Installer.exe
2015-05-25 16:19 - 2015-05-25 16:19 - 03435294 _____ () C:\Users\Reanna\Downloads\AnimalProject.pptx
2015-05-17 14:57 - 2015-05-26 21:59 - 00000000 ____D () C:\Users\Reanna\Documents\AnimalProject
2015-05-17 14:31 - 2015-05-31 18:08 - 00000728 _____ () C:\windows\setupact.log
2015-05-17 14:31 - 2015-05-17 14:31 - 00000000 _____ () C:\windows\setuperr.log
2015-05-16 19:34 - 2015-05-16 20:31 - 00000000 ____D () C:\Users\Reanna\Documents\SantoroMixtape
2015-05-12 20:57 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 20:57 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 19:42 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-12 19:42 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-05-12 19:42 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-12 19:42 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-05-12 19:42 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-12 19:42 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-05-12 19:42 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-05-12 19:42 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-05-12 19:42 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-12 19:42 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-12 19:42 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-05-12 19:42 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-12 19:42 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-05-12 19:42 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-05-12 19:42 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-05-12 19:42 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-12 19:42 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-12 19:42 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-05-12 19:42 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-05-12 19:42 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-05-12 19:42 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-12 19:42 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-05-12 19:42 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-05-12 19:42 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-05-12 19:42 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-05-12 19:42 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 19:42 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-05-12 19:42 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-05-12 19:42 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-05-12 19:42 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-05-12 19:42 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-05-12 19:42 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-12 19:42 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-05-12 19:42 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-12 19:42 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-05-12 19:42 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-05-12 19:42 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-05-12 19:42 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-05-12 19:42 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-05-12 19:42 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-05-12 19:42 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-05-12 19:42 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-12 19:42 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-12 19:42 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-05-12 19:42 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-05-12 19:42 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-12 19:42 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 19:42 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-12 19:42 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-05-12 19:42 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-05-12 19:42 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-05-12 19:42 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-05-12 19:42 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-12 19:42 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-05-12 19:42 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-05-12 19:42 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-05-12 19:42 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-05-12 19:42 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-12 19:42 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-12 19:42 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-05-12 19:42 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-05-12 19:42 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-05-12 19:42 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-12 19:42 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-12 19:42 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-12 19:41 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-12 19:41 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-12 19:41 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-12 19:41 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-05-12 19:41 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-05-12 19:41 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-05-12 19:41 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-05-12 19:41 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-12 19:41 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-12 19:41 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-05-12 19:41 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-05-12 19:41 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-05-12 19:41 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-12 19:41 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-05-12 19:41 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-12 19:41 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-12 19:41 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-05-12 19:41 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-05-12 19:41 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-05-12 19:41 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-05-12 19:41 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-05-12 19:41 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-05-12 19:41 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-05-12 19:41 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-05-12 19:41 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-05-12 19:41 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-05-12 19:41 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-05-12 19:41 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-05-12 19:41 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-05-12 19:41 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-05-12 19:41 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-05-12 19:41 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-05-12 19:41 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-05-12 19:41 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-05-12 19:41 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-05-12 19:41 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-05-12 19:41 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-05-12 19:41 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-05-12 19:41 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-05-12 19:41 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-05-12 19:41 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-05-12 19:41 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-05-12 19:41 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-05-12 19:41 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-12 19:41 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-05-12 19:41 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-05-12 19:41 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 19:41 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 19:41 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-12 19:41 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-12 19:41 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-12 19:41 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-12 19:41 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-12 19:41 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-12 19:41 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-05-12 19:41 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-12 19:41 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-12 19:41 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-12 19:41 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-12 19:41 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-05-12 19:41 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-05-12 19:41 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-05-12 19:41 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2015-05-12 19:41 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-05-12 19:41 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-12 19:41 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-06 22:17 - 2015-05-06 22:25 - 00000000 ____D () C:\Users\Reanna\Documents\My Smilebox Creations
2015-05-06 22:16 - 2015-05-06 22:16 - 00791472 _____ (Smilebox, Inc.) C:\Users\Reanna\Downloads\SmileboxInstaller.exe
2015-05-06 21:18 - 2015-05-06 21:26 - 01985612 _____ () C:\Users\Reanna\Documents\santoroappreciation.pptx
2015-05-06 21:16 - 2015-05-06 22:58 - 01989200 _____ () C:\Users\Reanna\Downloads\santoroappreciation.pptx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 18:15 - 2011-11-25 09:03 - 01724618 _____ () C:\windows\WindowsUpdate.log
2015-05-31 18:13 - 2011-11-25 09:20 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-31 18:09 - 2014-08-02 04:16 - 00000000 ___RD () C:\Users\Reanna\Dropbox
2015-05-31 18:09 - 2014-08-02 04:15 - 00000000 ____D () C:\Users\Reanna\AppData\Roaming\Dropbox
2015-05-31 18:08 - 2011-11-25 09:20 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-31 18:08 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-31 18:07 - 2015-04-22 18:23 - 00000000 ____D () C:\AdwCleaner
2015-05-31 18:07 - 2015-04-05 03:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-31 17:20 - 2012-12-30 21:41 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-31 17:14 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-31 17:14 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-29 23:23 - 2013-12-07 19:33 - 00007891 _____ () C:\windows\BRRBCOM.INI
2015-05-29 20:19 - 2009-07-14 01:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-25 20:57 - 2012-01-04 11:38 - 00000000 ____D () C:\Users\Reanna\AppData\Local\CrashDumps
2015-05-23 01:10 - 2014-03-11 17:09 - 02514432 ___SH () C:\Users\Reanna\Downloads\Thumbs.db
2015-05-20 22:56 - 2015-04-05 03:01 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-05-20 22:56 - 2015-04-05 03:01 - 00000000 ___SD () C:\windows\system32\GWX
2015-05-16 21:11 - 2014-01-13 20:16 - 00000000 ____D () C:\Users\Reanna\AppData\Roaming\Audacity
2015-05-16 19:08 - 2011-11-25 09:20 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 19:08 - 2011-11-25 09:20 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-13 20:48 - 2014-10-02 21:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 17:54 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2015-05-13 17:03 - 2009-07-14 00:45 - 00406464 _____ () C:\windows\system32\FNTCACHE.DAT
2015-05-13 17:00 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 17:00 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-05-13 16:59 - 2013-03-12 23:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 16:59 - 2013-03-12 23:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 21:06 - 2012-01-04 11:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-12 21:05 - 2013-08-13 23:14 - 00000000 ____D () C:\windows\system32\MRT
2015-05-12 21:00 - 2012-01-07 12:22 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-12 20:57 - 2013-03-12 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-11 18:52 - 2014-08-02 04:16 - 00001033 _____ () C:\Users\Reanna\Desktop\Dropbox.lnk
2015-05-11 18:52 - 2014-08-02 04:15 - 00000000 ____D () C:\Users\Reanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-07 17:39 - 2012-01-05 19:02 - 11032064 ___SH () C:\Users\Reanna\Documents\Thumbs.db
2015-05-06 20:13 - 2012-02-11 00:30 - 00000000 ____D () C:\Users\Reanna\AppData\Local\Windows Live
2015-05-06 18:21 - 2015-04-27 21:56 - 00000000 ____D () C:\Users\Reanna\Documents\Romeo and Juliet Project

==================== Files in the root of some directories =======

2012-01-04 12:48 - 2012-01-04 12:48 - 0025210 _____ () C:\Program Files (x86)\CrossFire_1082.dlbt
2015-03-02 21:33 - 2015-04-22 18:43 - 0000020 _____ () C:\Users\Reanna\AppData\Roaming\appdataFr3.bin
2014-02-13 19:55 - 2014-02-13 19:55 - 0000043 _____ () C:\Users\Reanna\AppData\Roaming\WB.CFG
2012-02-17 22:02 - 2015-04-29 20:28 - 0005632 _____ () C:\Users\Reanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-21 17:18 - 2015-04-22 18:20 - 0011708 _____ () C:\Users\Reanna\AppData\Local\Temp-log.txt
2012-11-06 13:42 - 2012-11-06 13:42 - 0000003 _____ () C:\Users\Reanna\AppData\Local\updater.log
2012-11-06 13:42 - 2014-12-29 00:21 - 0000658 _____ () C:\Users\Reanna\AppData\Local\UserProducts.xml
2013-06-21 23:02 - 2013-06-24 21:14 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
C:\Users\Guest.Reanna-PC\AppData\Local\Temp\7pyahn2f.dll
C:\Users\Reanna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjwad_a.dll
C:\Users\Reanna\AppData\Local\Temp\Quarantine.exe
C:\Users\Reanna\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 20:25

==================== End of log ============================



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:58 AM

Posted 01 June 2015 - 09:30 PM

Hello, You posted the FRST.txt twice can you please post the Additon.txt for my review. is the computer still acting up?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:58 AM

Posted 03 June 2015 - 06:40 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 double_r2

double_r2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 03 June 2015 - 11:14 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Reanna at 2015-06-04 00:12:53
Running from C:\Users\Reanna\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3038019527-4010738560-2751345668-500 - Administrator - Disabled)
Guest (S-1-5-21-3038019527-4010738560-2751345668-501 - Limited - Disabled) => C:\Users\Guest.Reanna-PC
HomeGroupUser$ (S-1-5-21-3038019527-4010738560-2751345668-1004 - Limited - Enabled)
Reanna (S-1-5-21-3038019527-4010738560-2751345668-1001 - Administrator - Enabled) => C:\Users\Reanna

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
att.net Internet Mail (HKLM-x32\...\Yahoo! Mail) (Version:  - )
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Best Buy Connect (HKLM-x32\...\{B435FD87-CA14-45E3-9D0B-A30F1F9F3866}) (Version: 3.00.68 - Best Buy)
Best Buy pc app (HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\...\48e4cff94f039634) (Version: 3.2.420.5 - Best Buy)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J875DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
EMET 4.1 (HKLM-x32\...\{65BC2BDA-D828-4596-99E4-A8799C45C84C}) (Version: 4.1 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Idle~_~Crawler (HKLM-x32\...\Idle~_~Crawler) (Version: 84.0.0.432 - web research foundation) <==== ATTENTION
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lightshot-5.2.0.17 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.0.17 - Skillbrains)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Media Go (HKLM-x32\...\{7A6C3344-5CF9-4B83-959C-6576C5B27D09}) (Version: 2.3.255 - Sony)
Media Go Video Playback Engine 1.96.121.08270 (HKLM-x32\...\{065DBB54-6E55-A609-2E1E-F0617E827D53}) (Version: 1.96.121.08270 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.7001 - ooVoo LLC.)
Oovoo Toolbar (HKLM-x32\...\{4F564F32-5637-006A-76A7-A758B70C0700}) (Version: 12.7.0.2447 - APN, LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.1 - Pando Networks Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PlayStation®Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation®Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.12.6.14870 - Sony Computer Entertainment Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.30 - TOSHIBA Corporation)
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3038019527-4010738560-2751345668-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Reanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3038019527-4010738560-2751345668-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3038019527-4010738560-2751345668-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3038019527-4010738560-2751345668-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3038019527-4010738560-2751345668-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3038019527-4010738560-2751345668-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3038019527-4010738560-2751345668-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3038019527-4010738560-2751345668-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3038019527-4010738560-2751345668-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3038019527-4010738560-2751345668-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reanna\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

06-05-2015 17:15:26 Scheduled Checkpoint
12-05-2015 20:54:33 Windows Update
20-05-2015 21:38:44 Scheduled Checkpoint
20-05-2015 22:56:15 Windows Update
31-05-2015 19:02:17 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0226D0EF-38AB-4432-B323-D61C30AC5A3A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {064FD4F8-5E26-44F1-8F77-A69DD319B9F7} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {08B5B2C6-386F-4BF6-9174-5725EDE5F4ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {0DF4FDC7-A902-469D-B10A-3D94708116BE} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {109BF24D-802A-42B5-81F4-98737369CB4A} - System32\Tasks\{3AE7CE5F-F3E5-4548-BC2D-D3E36D1F7D6E} => pcalua.exe -a "C:\Program Files (x86)\DiscountMan\DiscountMan.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {2DB1EDA8-29C1-47EF-A31D-393D73E73B81} - System32\Tasks\Microsoft\Windows\Maintenance\Idle~_~Crawler Update => %LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe <==== ATTENTION
Task: {2FEFECD1-7AB9-465B-B4BF-7671D4513BBA} - System32\Tasks\{1BC13BAA-CCEC-4D2C-9C3B-56DE8A6AC2D6} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.10.0.116.259&amp;LastError=12002
Task: {4E50541A-590A-4246-8C49-8DD66ECEEF16} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {55F2EA96-34EF-4EE8-8E87-D4AECB27D0E8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {80338726-B120-460A-8715-FA64809EBECC} - System32\Tasks\{CE82C4F6-9AB8-4BB3-87C4-5B1016348F10} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.116.259/en/abandoninstall?page=tsProgressBar
Task: {9AABAF1E-2854-423A-9042-7F296A0128AB} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-19] (Adobe Systems Incorporated)
Task: {9DD70182-DEDF-440C-8B0A-3D8B11EE3FB9} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {A3F79790-9D8C-4532-BD5A-6635159C5AE6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {B4C3B872-07E0-4EFF-B595-876466DC7290} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {C1AF6DED-A2DB-4862-B5D5-E8BEC7FEB7E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {C7A7C5DC-FF17-4BC5-AC30-D73BFB63BB71} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {D36C8D4E-E4B6-4D40-965D-A790571151B4} - System32\Tasks\{E086D9AB-3B48-4CFF-9587-56272B213100} => C:\Program Files (x86)\oovoo\ooVoo.exe [2015-02-08] (ooVoo LLC)
Task: {DF2A2170-2C7F-41D2-BB9F-76546D660E2A} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-06] (Microsoft Corporation)
Task: {FBBCA6CF-84EA-4ABF-9B2A-D95ABBB0624B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-11-21 10:14 - 2013-11-21 10:14 - 00089232 _____ () C:\Program Files (x86)\EMET 4.1\EMET_CE64.DLL
2011-05-31 21:32 - 2011-05-31 21:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-12-07 19:32 - 2005-04-22 00:36 - 00143360 ____R () C:\windows\system32\BrSNMP64.dll
2011-06-27 13:16 - 2011-06-27 13:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 21:18 - 2010-11-18 21:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-12-15 19:19 - 2010-12-15 19:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-05-31 21:32 - 2011-05-31 21:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-02-22 23:22 - 2011-02-22 23:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2012-12-30 21:23 - 2014-06-23 09:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2013-11-21 10:14 - 2013-11-21 10:14 - 00114176 _____ () C:\Program Files (x86)\EMET 4.1\HelperLib.dll
2013-11-12 09:22 - 2013-11-12 09:22 - 00028672 _____ () C:\Program Files (x86)\EMET 4.1\ReportingSubsystem.dll
2013-11-21 10:14 - 2013-11-21 10:14 - 00348160 _____ () C:\Program Files (x86)\EMET 4.1\DevExpress.UserSkins.HighContrast.dll
2013-11-21 10:14 - 2013-11-21 10:14 - 00023040 _____ () C:\Program Files (x86)\EMET 4.1\TrayIconSubsystem.dll
2013-11-21 10:14 - 2013-11-21 10:14 - 00042496 _____ () C:\Program Files (x86)\EMET 4.1\PKIPinningSubsystem.dll
2011-06-10 01:09 - 2011-06-10 01:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-21 10:14 - 2013-11-21 10:14 - 00080528 _____ () C:\Program Files (x86)\EMET 4.1\EMET_CE.DLL
2012-12-30 21:23 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2012-12-30 21:23 - 2014-12-04 15:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 15:54 - 2011-07-07 15:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2013-01-09 14:11 - 2013-01-09 14:11 - 00599040 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2015-06-03 23:58 - 2015-06-03 23:58 - 00043008 _____ () c:\users\reanna\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuiu6jd.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00750080 _____ () C:\Users\Reanna\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00047616 _____ () C:\Users\Reanna\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00865280 _____ () C:\Users\Reanna\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00200704 _____ () C:\Users\Reanna\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-12-07 19:31 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-05-10 23:34 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3038019527-4010738560-2751345668-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Reanna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 65.32.5.111 - 65.32.5.112

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F6D6C150-8F47-4EBA-ADF6-9AE99F171F4A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2FE35D91-7946-49AB-88AF-94D56CF67EB7}] => (Allow) LPort=2869
FirewallRules: [{7D7FA6BE-7A95-43E9-B8CC-D280F7962032}] => (Allow) LPort=1900
FirewallRules: [{0F06A401-4AA4-40D1-BD26-3E1EB1598DD4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{31ACAB09-CAE3-4949-90FA-57B642168D36}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{3F5FF34D-2CEB-4851-8739-A19307753C76}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{47533926-9F5D-4663-A315-8B41A8CB7F25}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{E850A8AD-7106-4C9E-AA2E-8978E8665D3B}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{D7B0F274-0D5E-4C83-9C36-8606AAA72E0D}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{B372549B-5C9A-4E02-BCC3-F1EFDCD1FABC}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{D19F926D-B56B-4C69-B0F6-9D9F93DB81CC}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{FEBA97FA-7963-40C7-B287-FD119B23223E}] => (Allow) C:\Users\Reanna\AppData\Local\Temp\CF_Downloader.exe
FirewallRules: [{2E08F532-4E04-4762-93ED-D27412EA6663}] => (Allow) C:\Users\Reanna\AppData\Local\Temp\CF_Downloader.exe
FirewallRules: [{8084B6F6-B1A6-41EB-BEE3-2AA632C54599}] => (Allow) C:\Program Files (x86)\Z8Games\CrossFire\CF_G4box.exe
FirewallRules: [{CC5B5C63-B52E-4810-A75D-26974AB72B9C}] => (Allow) C:\Program Files (x86)\Z8Games\CrossFire\CF_G4box.exe
FirewallRules: [{B7A5706B-E9EB-4FE5-B372-0E87492150D4}] => (Allow) LPort=443
FirewallRules: [{0F0AEF8F-1C43-4E6E-9CBD-55707D6D58BE}] => (Allow) LPort=443
FirewallRules: [{A5882DB0-A6CF-40C7-A707-C3EC7A8FC945}] => (Allow) LPort=37674
FirewallRules: [{6D92BCD3-B075-4737-995B-96492A850D09}] => (Allow) LPort=37674
FirewallRules: [{A866472F-44EA-490F-AB3D-822B253387CF}] => (Allow) LPort=37675
FirewallRules: [{2C5E2EE9-5C7F-40B0-8A5F-18BB0B5E691F}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{CD1A73BA-6208-4C14-90B1-0E71D491FD50}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{08A835F5-B1FD-4FF1-8662-C9EEA3735412}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{755B9637-6E14-48B1-9F12-C4EE1F0D2754}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{703ADB04-B13F-46B3-B66E-141984752351}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{76946624-AD55-4083-89C5-C57FCD55B870}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{E451EC73-EF30-492B-983A-DA0A4F49B7E5}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{7410558D-F0D9-4A80-B67D-FBE7F73A620B}] => (Allow) C:\Nexon\Combat Arms\NMService.exe
FirewallRules: [{A9511683-6975-4E89-A5BF-A4200D6CF3DA}] => (Allow) C:\Nexon\Combat Arms\NMService.exe
FirewallRules: [{DB84866B-41F0-41BF-B6A3-3F3649AE96FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{785E3CED-A2FA-4227-93BC-F0647E630160}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0D466526-6C86-43F9-8055-4AB69479CFC3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{960B32DB-E690-4584-AC98-1203EA8D0E73}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F1D15476-BBA9-4749-A480-FB669C5CA6C3}] => (Allow) C:\Program Files (x86)\War Inc Battlezone\WarInc.exe
FirewallRules: [TCP Query User{53B925CD-1812-48D7-BCEE-5F15BF4354C3}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{99A8D6A1-E331-47B7-9CA2-A8633E191E03}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{479D4552-FC6C-4DE5-8AB9-8D77D5AB315D}] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{A525506A-B29A-46E9-88E6-3C887415CE12}] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{4AF68A7C-D204-4B11-84CF-B7979F16BC2C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F212F275-5206-49F4-A5F9-43A876AC7D36}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{AA7D2CA3-EBC9-450A-BD66-011CEAE2A21E}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{C76B93EC-D127-481A-B4DF-0ECDAE0561E5}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [{B32ABE09-4EF8-405C-BC93-082121F55C4E}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE
FirewallRules: [{94D8AD13-B9D3-4C11-899E-450EC09D14F9}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{FCF07264-1213-42E4-B0FD-72125FBD55F3}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{F3E80E0C-5238-403A-B29A-FA2E372F9439}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{EA5C2C52-CA57-45F9-A563-66A2CB43EEE2}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{924A547A-1D1C-40CC-A84F-25F8401EF57B}] => (Allow) C:\Users\Reanna\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E25384E1-31F6-440A-8667-79C05B1D7D69}] => (Allow) C:\Users\Reanna\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B1AED3A7-221F-4297-A9A3-01B1D0B13CFB}] => (Allow) C:\Users\Reanna\Downloads\FLVS-DRIVERS-ED-DBA_downloader.exe
FirewallRules: [{B7237044-4015-4E6F-A396-763B8D21127E}] => (Allow) C:\Users\Reanna\Downloads\FLVS-DRIVERS-ED-DBA_downloader.exe
FirewallRules: [TCP Query User{B3632E9A-72A0-413E-AE27-E1286CE269C1}C:\users\reanna\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\reanna\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{7C178DB2-385E-46BB-9983-77793F323134}C:\users\reanna\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\reanna\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{5966CCF7-D848-4014-ABBB-5619591A004C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{69AA289D-2B45-40DB-9FD5-554E6808332B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F3B6A6E5-F170-4AE8-B5B6-F409DD8340FC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{798B091B-B93C-4784-B835-55E515D12559}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{6D47D450-5373-4BC1-B16E-D68F3C0F4E9A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2015 11:58:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 09:58:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2015 06:08:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2015 05:05:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/29/2015 10:57:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/29/2015 08:12:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 02:52:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2015 09:06:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2015 08:57:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.1.5570, time stamp: 0x551e23ee
Faulting module name: mozalloc.dll, version: 37.0.1.5570, time stamp: 0x551e1536
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1264
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/25/2015 03:46:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/03/2015 11:59:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/02/2015 09:59:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/31/2015 06:09:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/31/2015 06:07:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (05/31/2015 06:07:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (05/31/2015 06:07:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (05/31/2015 06:07:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (05/31/2015 06:07:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/31/2015 06:07:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 2 time(s).

Error: (05/31/2015 06:07:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TMachInfo service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office:
=========================
Error: (03/17/2014 02:29:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 37 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-06-25 00:18:22.473
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-25 00:18:22.409
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-25 00:18:22.344
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-25 00:18:22.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-25 00:18:22.167
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-25 00:18:22.071
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-25 00:18:21.992
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-25 00:18:21.916
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-25 00:18:21.831
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-25 00:18:21.686
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 40%
Total physical RAM: 6050.69 MB
Available physical RAM: 3577.58 MB
Total Pagefile: 12099.58 MB
Available Pagefile: 9402.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (TI106240W0D) (Fixed) (Total:682.1 GB) (Free:499.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 1F0FF995)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=682.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.1 GB) - (Type=17)

==================== End of log ============================



#8 double_r2

double_r2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 03 June 2015 - 11:19 PM

I'm sorry I posted the wrong one. No, my computer isn't acting up again but I'm not sure that everything is okay with my computer still. I will also be out of town this weekend and will be back on Monday. I will follow further instructions at that time.



#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:58 AM

Posted 04 June 2015 - 06:47 PM

1.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   3.48KB   3 downloads

 

2.

ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 double_r2

double_r2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 09 June 2015 - 11:43 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Reanna at 2015-06-09 12:42:22 Run:1
Running from C:\Users\Reanna\Downloads
Loaded Profiles: Reanna (Available Profiles: Reanna & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
HKLM-x32\...\Run: [Freecorder FLV Service] => "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
HKLM\...\Run: [] => [X]
Task: {2DB1EDA8-29C1-47EF-A31D-393D73E73B81} - System32\Tasks\Microsoft\Windows\Maintenance\Idle~_~Crawler Update => %LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe <==== ATTENTION
C:\Users\Guest.Reanna-PC\AppData\Local\Temp\7pyahn2f.dll
C:\Users\Reanna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjwad_a.dll
C:\Users\Reanna\AppData\Local\Temp\Quarantine.exe
C:\Users\Reanna\AppData\Local\Temp\sqlite3.dll
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 X6va005; \??\C:\Users\Reanna\AppData\Local\Temp\00542C9.tmp [X]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKLM-x32\...\Run: [ospd_us_80] => [X]
C:\Program Files (x86)\Freecorder
*****************

C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Freecorder FLV Service => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DB1EDA8-29C1-47EF-A31D-393D73E73B81}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DB1EDA8-29C1-47EF-A31D-393D73E73B81}" => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\Idle~_~Crawler Update => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Idle~_~Crawler Update" => key removed successfully
C:\Users\Guest.Reanna-PC\AppData\Local\Temp\7pyahn2f.dll => moved successfully.
"C:\Users\Reanna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjwad_a.dll" => File/Folder not found.
C:\Users\Reanna\AppData\Local\Temp\Quarantine.exe => moved successfully.
C:\Users\Reanna\AppData\Local\Temp\sqlite3.dll => moved successfully.
SymNetS => Unable to stop service.
SymNetS => Service could not remove
EagleX64 => Service removed successfully
IntcAzAudAddService => Service removed successfully
MREMP50a64 => Service removed successfully
MREMPR5 => Service removed successfully
MRENDIS5 => Service removed successfully
MRESP50a64 => Service removed successfully
X6va005 => Service removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_80 => value removed successfully
"C:\Program Files (x86)\Freecorder" => File/Folder not found.

==== End of Fixlog 12:42:32 ====



#11 double_r2

double_r2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 09 June 2015 - 03:50 PM

C:\Users\All Users\DowniLoWApp\51d78065b888d.dll    a variant of Win32/Adware.MultiPlug.I application    
C:\Users\All Users\InstallMate\{83F7A44B-154D-49F2-AB19-5D6F581486BD}\Custom.dll    Win32/InstalleRex.M potentially unwanted application    
C:\Users\All Users\InstallMate\{A4BFA547-44D4-44A5-A64E-0CF67F5C87B1}\Custom.dll    Win32/InstalleRex.M potentially unwanted application    
C:\Users\All Users\InstallMate\{B0C621B9-EB6C-466A-A481-A34E6B25034F}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application    
C:\Users\All Users\InstallMate\{DB198539-ED88-4E7D-AC96-A5AA00FAA7CF}\Custom.dll    Win32/InstalleRex.M potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CheaPMe\EePTN4uWFssAa4.dll.vir    a variant of Win32/Adware.MultiPlug.FL application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CheaPMe\EePTN4uWFssAa4.exe.vir    Win32/Adware.MultiPlug.KG application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CheaPMe\EePTN4uWFssAa4.x64.dll.vir    a variant of Win64/Adware.MultiPlug.G application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mozilla firefox\dbghelp.dll.vir    a variant of Win32/Adware.MultiPlug.IY application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\dgkninkcdlfmjjaabdbeamkbifjdhleg\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\dgkninkcdlfmjjaabdbeamkbifjdhleg\T9Ex.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\pocdneehjignaigicbkjffpglejmnpoa\GjAm.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\pocdneehjignaigicbkjffpglejmnpoa\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\{45d3368e-c588-a692-45d3-3368ec58da3b}\Chris Brown & Tyga - Fan of A Fan The Album (Deluxe Version).zip.exe.vir    a variant of Win32/Adware.MultiPlug.FC application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\{4e06aac4-d08a-10e4-4e06-6aac4d08ab13}\Chris Brown & Tyga - Fan of A Fan The Album (Deluxe Version).zip.exe.vir    a variant of Win32/Adware.MultiPlug.FC application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\{7707e34a-516f-7e41-7707-7e34a5168d29}\Chris Brown & Tyga - Fan of A Fan The Album (Deluxe Version).zip.exe.vir    a variant of Win32/Adware.MultiPlug.FC application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\{c8cf4fce-74a5-4d6d-c8cf-f4fce74a3f39}\Chris Brown & Tyga - Fan of A Fan The Album (Deluxe Version).zip.exe.vir    a variant of Win32/Adware.MultiPlug.FC application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\105\UOhPJSKGy.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llacmbghkihifbablghpmpiciggdjoop\3.7\Aj0RWVrh4h4.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mmbdkcgleabcodjfdodijhcplangfbli\2.1\m6hnfTzT8u.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\poaecklgbjhljpjkcffkabkjbbcgkmof\1.0\anQDpQ.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\105\UOhPJSKGy.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgnmfifobgmeggmpbgmggonchhfoogdn\5.14\rQXW37.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\llacmbghkihifbablghpmpiciggdjoop\3.7\Aj0RWVrh4h4.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbdkcgleabcodjfdodijhcplangfbli\2.1\m6hnfTzT8u.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\poaecklgbjhljpjkcffkabkjbbcgkmof\1.0\anQDpQ.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\105\UOhPJSKGy.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llacmbghkihifbablghpmpiciggdjoop\3.7\Aj0RWVrh4h4.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mmbdkcgleabcodjfdodijhcplangfbli\2.1\m6hnfTzT8u.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\poaecklgbjhljpjkcffkabkjbbcgkmof\1.0\anQDpQ.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\105\UOhPJSKGy.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\llacmbghkihifbablghpmpiciggdjoop\3.7\Aj0RWVrh4h4.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\mmbdkcgleabcodjfdodijhcplangfbli\2.1\m6hnfTzT8u.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\poaecklgbjhljpjkcffkabkjbbcgkmof\1.0\anQDpQ.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\105\UOhPJSKGy.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llacmbghkihifbablghpmpiciggdjoop\3.7\Aj0RWVrh4h4.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mmbdkcgleabcodjfdodijhcplangfbli\2.1\m6hnfTzT8u.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\poaecklgbjhljpjkcffkabkjbbcgkmof\1.0\anQDpQ.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\105\UOhPJSKGy.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\llacmbghkihifbablghpmpiciggdjoop\3.7\Aj0RWVrh4h4.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbdkcgleabcodjfdodijhcplangfbli\2.1\m6hnfTzT8u.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\poaecklgbjhljpjkcffkabkjbbcgkmof\1.0\anQDpQ.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\105\UOhPJSKGy.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llacmbghkihifbablghpmpiciggdjoop\3.7\Aj0RWVrh4h4.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mmbdkcgleabcodjfdodijhcplangfbli\2.1\m6hnfTzT8u.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\poaecklgbjhljpjkcffkabkjbbcgkmof\1.0\anQDpQ.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\105\UOhPJSKGy.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\llacmbghkihifbablghpmpiciggdjoop\3.7\Aj0RWVrh4h4.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\mmbdkcgleabcodjfdodijhcplangfbli\2.1\m6hnfTzT8u.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\poaecklgbjhljpjkcffkabkjbbcgkmof\1.0\anQDpQ.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest.Reanna-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmmopahfebclodkepfhnlmjmgmcnojkn\6.1\qexnh.js.vir    Win32/Adware.MultiPlug.EB application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest.Reanna-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cocjmancioaffbkjaicocmkginhhkkok\7.0\kQjS.js.vir    Win32/Adware.MultiPlug.EB application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest.Reanna-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgnmfifobgmeggmpbgmggonchhfoogdn\5.14\rQXW37.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest.Reanna-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhafcnoogohlcmnefjlacnmhgjopnfl\6.1\uQ_XW0lxUw.js.vir    Win32/Adware.MultiPlug.EB application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\105\UOhPJSKGy.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llacmbghkihifbablghpmpiciggdjoop\3.7\Aj0RWVrh4h4.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mmbdkcgleabcodjfdodijhcplangfbli\2.1\m6hnfTzT8u.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\poaecklgbjhljpjkcffkabkjbbcgkmof\1.0\anQDpQ.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\105\UOhPJSKGy.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgnmfifobgmeggmpbgmggonchhfoogdn\5.14\rQXW37.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\llacmbghkihifbablghpmpiciggdjoop\3.7\Aj0RWVrh4h4.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbdkcgleabcodjfdodijhcplangfbli\2.1\m6hnfTzT8u.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\poaecklgbjhljpjkcffkabkjbbcgkmof\1.0\anQDpQ.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\105\UOhPJSKGy.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llacmbghkihifbablghpmpiciggdjoop\3.7\Aj0RWVrh4h4.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mmbdkcgleabcodjfdodijhcplangfbli\2.1\m6hnfTzT8u.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\poaecklgbjhljpjkcffkabkjbbcgkmof\1.0\anQDpQ.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\105\UOhPJSKGy.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\llacmbghkihifbablghpmpiciggdjoop\3.7\Aj0RWVrh4h4.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\mmbdkcgleabcodjfdodijhcplangfbli\2.1\m6hnfTzT8u.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\poaecklgbjhljpjkcffkabkjbbcgkmof\1.0\anQDpQ.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\105\UOhPJSKGy.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llacmbghkihifbablghpmpiciggdjoop\3.7\Aj0RWVrh4h4.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mmbdkcgleabcodjfdodijhcplangfbli\2.1\m6hnfTzT8u.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\poaecklgbjhljpjkcffkabkjbbcgkmof\1.0\anQDpQ.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\105\UOhPJSKGy.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llacmbghkihifbablghpmpiciggdjoop\3.7\Aj0RWVrh4h4.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mmbdkcgleabcodjfdodijhcplangfbli\2.1\m6hnfTzT8u.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\poaecklgbjhljpjkcffkabkjbbcgkmof\1.0\anQDpQ.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\Idle~_~Crawler\Idle~_~Crawler.exe.vir    a variant of Win32/GigaClicks.AL potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\Idle~_~Crawler\Modules\CmdProc.dll.vir    a variant of Win32/GigaClicks.AK potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\Idle~_~Crawler\Modules\CmnUtls.dll.vir    a variant of Win32/GigaClicks.AK potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\Idle~_~Crawler\Modules\InSes.dll.vir    a variant of Win32/GigaClicks.AJ potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\Idle~_~Crawler\Modules\ManXec.dll.vir    a variant of Win32/GigaClicks.AK potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\Idle~_~Crawler\Modules\PrfIns.dll.vir    a variant of Win32/GigaClicks.AK potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\Idle~_~Crawler\Modules\WblSupp.dll.vir    a variant of Win32/GigaClicks.AK potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\Smartbar\Application\Muvic.exe.unused.vir    a variant of MSIL/Toolbar.Linkury.A potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir    a variant of MSIL/Toolbar.Linkury.E potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir    a variant of MSIL/Toolbar.Linkury.E potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir    a variant of MSIL/Toolbar.Linkury.D potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir    a variant of MSIL/Toolbar.Linkury.D potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\torch\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi\105\UOhPJSKGy.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\torch\User Data\Default\Extensions\llacmbghkihifbablghpmpiciggdjoop\3.7\Aj0RWVrh4h4.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\torch\User Data\Default\Extensions\mmbdkcgleabcodjfdodijhcplangfbli\2.1\m6hnfTzT8u.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Local\torch\User Data\Default\Extensions\poaecklgbjhljpjkcffkabkjbbcgkmof\1.0\anQDpQ.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Reanna\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir    Win32/Systweak.G potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\windows\SysWOW64\installd.exe.vir    a variant of Win32/Amonetize.AZ potentially unwanted application    cleaned by deleting - quarantined
C:\Program Files (x86)\Google\Chrome\Application\GoogleUpdate.dll    Win32/ExtenBro.AZ trojan    cleaned by deleting - quarantined
C:\ProgramData\DowniLoWApp\51d78065b888d.dll    a variant of Win32/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\ProgramData\InstallMate\{83F7A44B-154D-49F2-AB19-5D6F581486BD}\Custom.dll    Win32/InstalleRex.M potentially unwanted application    cleaned by deleting - quarantined
C:\ProgramData\InstallMate\{A4BFA547-44D4-44A5-A64E-0CF67F5C87B1}\Custom.dll    Win32/InstalleRex.M potentially unwanted application    cleaned by deleting - quarantined
C:\ProgramData\InstallMate\{B0C621B9-EB6C-466A-A481-A34E6B25034F}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application    cleaned by deleting - quarantined
C:\ProgramData\InstallMate\{DB198539-ED88-4E7D-AC96-A5AA00FAA7CF}\Custom.dll    Win32/InstalleRex.M potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\devdas-eng-60316.exe    Win32/InstalleRex.M potentially unwanted application    deleted - quarantined
C:\Users\Reanna\Downloads\Kid Ink feat. Usher & Tinashe - Body Language (Audio).mp3 (1).exe    a variant of Win32/Adware.MultiPlug.DV application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Kid Ink feat. Usher & Tinashe - Body Language (Audio).mp3.exe    a variant of Win32/Adware.MultiPlug.DV application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\romo.exe    a variant of Win32/Adware.MultiPlug.LH application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 100438.crdownload    Win32/TrojanDropper.Addrop.C trojan    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 14252.crdownload    a variant of Win32/DownloadAdmin.H potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 186568.crdownload    a variant of Win32/InstallCore.ZC potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 189836.crdownload    a variant of Win32/InstallCore.YN potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 196485.crdownload    a variant of Win32/Bundlore.S potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 201084.crdownload    Win32/TrojanDropper.Addrop.C trojan    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 213478.crdownload    a variant of Win32/InstallCore.YN potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 226363.crdownload    a variant of Win32/Bundlore.S potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 236592.crdownload    Win32/Toolbar.SearchSuite potentially unwanted application    deleted - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 242919.crdownload    a variant of Win32/InstallCore.YN potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 244443.crdownload    Win32/TrojanDropper.Addrop.C trojan    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 245780.crdownload    a variant of Win32/InstallCore.YN potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 263558.crdownload    a variant of Win32/DownloadAdmin.H potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 264568.crdownload    a variant of Win32/InstallCore.YN potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 351281.crdownload    a variant of Win32/InstallCore.ZC potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 454173.crdownload    a variant of Win32/Bundlore.S potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 463243.crdownload    a variant of Win32/InstallCore.YN potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 480021.crdownload    a variant of Win32/InstallCore.YN potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 571254.crdownload    Win32/TrojanDropper.Addrop.C trojan    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 58803.crdownload    Win32/TrojanDropper.Addrop.C trojan    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 590960.crdownload    a variant of Win32/Toolbar.SearchSuite.J potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 63977.crdownload    a variant of Win32/InstallCore.YK potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 724935.crdownload    a variant of Win32/InstallCore.ZC potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 774226.crdownload    a variant of Win32/InstallCore.YM potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 778753.crdownload    a variant of Win32/InstallCore.YN potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 781348.crdownload    a variant of Win32/Bundlore.S potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 793303.crdownload    Win32/TrojanDropper.Addrop.C trojan    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 794521.crdownload    Win32/TrojanDropper.Addrop.C trojan    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 853485.crdownload    a variant of Win32/InstallCore.YN potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 859198.crdownload    Win32/TrojanDropper.Addrop.C trojan    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 884175.crdownload    a variant of Win32/InstallCore.YN potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 892601.crdownload    Win32/OutBrowse.BU potentially unwanted application    deleted - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 894123.crdownload    a variant of Win32/InstallCore.YM potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 965457.crdownload    Win32/TrojanDropper.Addrop.C trojan    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 966405.crdownload    a variant of Win32/InstallCore.ZC potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 972668.crdownload    a variant of Win32/Bundlore.S potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Reanna\Downloads\Unconfirmed 994404.crdownload    a variant of Win32/Bundlore.S potentially unwanted application    cleaned by deleting - quarantined
C:\Windows\Installer\MSIBE4A.tmp-\Smartbar.Installer.CustomActions.dll    a variant of MSIL/Toolbar.Linkury.I potentially unwanted application    cleaned by deleting - quarantined
C:\Windows\Installer\MSIBE4A.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll    a variant of MSIL/Toolbar.Linkury.I potentially unwanted application    cleaned by deleting - quarantined
C:\Windows\Installer\MSIBE4A.tmp-\Smartbar.Resources.LanguageSettings.resources.dll    a variant of MSIL/Toolbar.Linkury.E potentially unwanted application    cleaned by deleting - quarantined
C:\Windows\Installer\MSIBE4A.tmp-\spbe.dll    a variant of MSIL/Toolbar.Linkury.I potentially unwanted application    cleaned by deleting - quarantined
C:\Windows\Installer\MSIBE4A.tmp-\spbl.dll    a variant of MSIL/Toolbar.Linkury.G potentially unwanted application    cleaned by deleting - quarantined
C:\Windows\Installer\MSIBE4A.tmp-\sppsm.dll    a variant of MSIL/Toolbar.Linkury.G potentially unwanted application    cleaned by deleting - quarantined
C:\Windows\Installer\MSIBE4A.tmp-\spusm.dll    a variant of MSIL/Toolbar.Linkury.G potentially unwanted application    cleaned by deleting - quarantined
C:\Windows\Installer\MSIBE4A.tmp-\srbs.dll    a variant of MSIL/Toolbar.Linkury.C potentially unwanted application    cleaned by deleting - quarantined
C:\Windows\Installer\MSIBE4A.tmp-\srbu.dll    a variant of MSIL/Toolbar.Linkury.F potentially unwanted application    cleaned by deleting - quarantined
C:\Windows\Installer\MSIBE4A.tmp-\srptc.dll    a variant of MSIL/Toolbar.Linkury.G potentially unwanted application    cleaned by deleting - quarantined
C:\Windows\Installer\MSIBE4A.tmp-\srpu.dll    a variant of MSIL/Toolbar.Linkury.I potentially unwanted application    cleaned by deleting - quarantined
C:\Windows\Installer\MSIBE4A.tmp-\srut.dll    a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application    cleaned by deleting - quarantined
 



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:58 AM

Posted 14 June 2015 - 03:17 PM

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 double_r2

double_r2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 14 June 2015 - 03:24 PM

It is now working fine.
Thanks for the help.

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:58 AM

Posted 14 June 2015 - 03:58 PM

Hello,

double_r2

.
Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

 

Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.


Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

 

 

One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest.  It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on.  Whether these things are files or sites it doesn't really matter.  If something is out to get you, and you click on it, it most likely will. 

Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that.  Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean.  For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is.  The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!.  These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software.  For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message  or alert.  When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge.  You can check to see if it's a real alert by right-clicking on the window.  If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites.  I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites.  I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you.  It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection.  Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money.  By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.


Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here



Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:


Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running.  This alone can save you a lot of trouble with malware in the future. 
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish).  If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.  If you use a commercial antivirus program you must make sure you keep renewing your subscription.  Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java).  You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 double_r2

double_r2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 14 June 2015 - 04:07 PM

# DelFix v1.010 - Logfile created 14/06/2015 at 17:03:26
# Updated 26/04/2015 by Xplode
# Username : Reanna - REANNA-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\Users\Reanna\Downloads\Addition.txt
Deleted : C:\Users\Reanna\Downloads\adwcleaner_4.201(1).exe
Deleted : C:\Users\Reanna\Downloads\adwcleaner_4.201.exe
Deleted : C:\Users\Reanna\Downloads\Fixlog.txt
Deleted : C:\Users\Reanna\Downloads\FRST.exe
Deleted : C:\Users\Reanna\Downloads\FRST.txt
Deleted : C:\Users\Reanna\Downloads\FRST64(1).exe
Deleted : C:\Users\Reanna\Downloads\FRST64(2).exe
Deleted : C:\Users\Reanna\Downloads\FRST64.exe
Deleted : C:\Users\Reanna\Downloads\JRT.exe
 
~ Cleaning system restore ...
 
Deleted : RP #225 [Windows Update | 05/13/2015 00:54:33]
Deleted : RP #226 [Scheduled Checkpoint | 05/21/2015 01:38:44]
Deleted : RP #227 [Windows Update | 05/21/2015 02:56:15]
Deleted : RP #228 [Scheduled Checkpoint | 05/31/2015 23:02:17]
Deleted : RP #229 [Scheduled Checkpoint | 06/09/2015 21:16:20]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users