Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio ads playing in background 2


  • This topic is locked This topic is locked
22 replies to this topic

#1 Sternritter-A

Sternritter-A

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 13 August 2015 - 07:15 PM

Hi everyone, I'm having the issue now that whilie I'm surfing the internet I'm getting these audio ads that can't be stopped, and some play in specfic tabs that you have to go to and press on the X buttom to cancel them, and on top of that there are these box ads all around the webpages now. How can this malware be eliminated? Thanks



BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:20 PM

Posted 14 August 2015 - 12:24 PM

Greetings Sternritter-A and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Zoek by Smeenk

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Copy and paste the following into the main box

createsrpoint;
autoclean;
ipconfig /flushdns

  • Verify Scan All Users is selected then click Run Script
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • zoek log
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Sternritter-A

Sternritter-A
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 14 August 2015 - 07:29 PM

AdwCleaner log

 

# AdwCleaner v5.000 - Logfile created 14/08/2015 at 18:26:28
# Updated 14/08/2015 by Xplode
# Database : 2015-08-14.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Anthony Espinosa - ANTHONYESPINOSA
# Running from : C:\Users\Anthony Espinosa\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Blasteroids
[-] Folder Deleted : C:\Program Files (x86)\ExstraSavings
[-] Folder Deleted : C:\Program Files (x86)\DeltaFix
[-] Folder Deleted : C:\Program Files (x86)\Instair
[-] Folder Deleted : C:\Program Files (x86)\50COupons
[-] Folder Deleted : C:\Program Files (x86)\50COuPOnsi
[-] Folder Deleted : C:\Program Files (x86)\50CouPOnss
[-] Folder Deleted : C:\Program Files (x86)\AllCheiaappPriuce
[-] Folder Deleted : C:\Program Files (x86)\DisscOuuntExtensi
[-] Folder Deleted : C:\Program Files (x86)\ExstrAASaVInngs
[!] Folder Not Deleted : C:\Program Files (x86)\ExstRaSavings
[-] Folder Deleted : C:\Program Files (x86)\Fuen2Save
[-] Folder Deleted : C:\Program Files (x86)\Fun2SaVie
[-] Folder Deleted : C:\Program Files (x86)\Fuon22SaVe
[-] Folder Deleted : C:\Program Files (x86)\GireaatSAve4U
[-] Folder Deleted : C:\Program Files (x86)\Haippy2SavE
[-] Folder Deleted : C:\Program Files (x86)\NEtoaCooupon
[-] Folder Deleted : C:\Program Files (x86)\RouboSaver
[-] Folder Deleted : C:\Program Files (x86)\SAveNewaApppz
[-] Folder Deleted : C:\Program Files (x86)\SaveurExtEnisioni
[-] Folder Deleted : C:\Program Files (x86)\TakeTheeCouupOn
[-] Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
[-] Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
[-] Folder Deleted : C:\ProgramData\ExstraSavings
[-] Folder Deleted : C:\ProgramData\FreeWorldApp
[-] Folder Deleted : C:\ProgramData\Block The Ads
[-] Folder Deleted : C:\ProgramData\AdBlocker Manger
[!] Folder Not Deleted : C:\ProgramData\ExstRaSavings
[-] Folder Deleted : C:\ProgramData\RouboSaver
[-] Folder Deleted : C:\ProgramData\669ffe7cf9b90ae1
[-] Folder Deleted : C:\ProgramData\7394908925884697313
[-] Folder Deleted : C:\ProgramData\{0be9c9d6-bba6-01c2-0be9-9c9d6bba275a}
[-] Folder Deleted : C:\ProgramData\{6fbf8bfa-3321-b83c-6fbf-f8bfa3322fe8}
[-] Folder Deleted : C:\ProgramData\{9991525f-b116-4ef9-9991-1525fb11497e}
[-] Folder Deleted : C:\ProgramData\{9e17a0c9-fd95-c1f9-9e17-7a0c9fd98327}
[-] Folder Deleted : C:\ProgramData\jgfiekjbplbnephckkppgllfomgalddl
[-] Folder Deleted : C:\ProgramData\ojpdmimmhojknlmaadheldfmlnmmdikd
[-] Folder Deleted : C:\ProgramData\ppdmmofhbgafgpielpedcicidnpllkfg
[-] Folder Deleted : C:\Users\Anthony Espinosa\AppData\Local\Blasteroids
[-] Folder Deleted : C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\agfjdflmdlnffhlfmjdpbcoccaeamikk
[-] Folder Deleted : C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcppdfelojakeahklfgkjegnpbgndoch
[-] Folder Deleted : C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaonpiemcjiihedemhopdoefaohcjoch
[-] Folder Deleted : C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilkcldncbeimlimfgladkcpingihdeea
[-] Folder Deleted : C:\Users\Anthony Espinosa\AppData\Roaming\EZDownloader
[-] Folder Deleted : C:\Users\Anthony Espinosa\AppData\Roaming\OpenCandy
[-] Folder Deleted : C:\Users\Anthony Espinosa\AppData\Roaming\RHEng
[-] Folder Deleted : C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\Extensions\o@iFQt.net
[!] Folder Not Deleted : C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\Extensions\o@iFQt.net
[-] Folder Deleted : C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\Extensions\sDQO@M.edu
[!] Folder Not Deleted : C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\Extensions\sDQO@M.edu
[!] Folder Not Deleted : C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\Extensions\o@iFQt.net
[!] Folder Not Deleted : C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\Extensions\o@iFQt.net
[!] Folder Not Deleted : C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\Extensions\sDQO@M.edu
[!] Folder Not Deleted : C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\Extensions\sDQO@M.edu
[-] Folder Deleted : C:\Users\Familia\AppData\Local\Blasteroids
[-] Folder Deleted : C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
[-] Folder Deleted : C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\Extensions\o@iFQt.net
[!] Folder Not Deleted : C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\Extensions\o@iFQt.net
[-] Folder Deleted : C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\Extensions\sDQO@M.edu
[!] Folder Not Deleted : C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\Extensions\sDQO@M.edu
[!] Folder Not Deleted : C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\Extensions\o@iFQt.net
[!] Folder Not Deleted : C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\Extensions\o@iFQt.net
[!] Folder Not Deleted : C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\Extensions\sDQO@M.edu
[!] Folder Not Deleted : C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\Extensions\sDQO@M.edu
[-] Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect

***** [ Files ] *****

[-] File Deleted : C:\user.js
[-] File Deleted : C:\user.js
[-] File Deleted : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_agfjdflmdlnffhlfmjdpbcoccaeamikk_0.localstorage
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_agfjdflmdlnffhlfmjdpbcoccaeamikk_0.localstorage-journal
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fcppdfelojakeahklfgkjegnpbgndoch_0.localstorage
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fcppdfelojakeahklfgkjegnpbgndoch_0.localstorage-journal
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gaonpiemcjiihedemhopdoefaohcjoch_0.localstorage
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gaonpiemcjiihedemhopdoefaohcjoch_0.localstorage-journal
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorage
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorage-journal
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.calcitapp.info_0.localstorage-journal
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\1ywx5ee6.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\1ywx5ee6.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\1ywx5ee6.default\user.js
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\1ywx5ee6.default\user.js
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\searchplugins\trovi-search.xml
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\searchplugins\WebSearch.xml
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\user.js
[-] File Deleted : C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\user.js

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\P2c617866_d07a_4938_bdfd_e2cb11bf6f58_.P2c617866_d07a_4938_bdfd_e2cb11bf6f58_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P2c617866_d07a_4938_bdfd_e2cb11bf6f58_.P2c617866_d07a_4938_bdfd_e2cb11bf6f58_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\P44c9f6b0_4a73_4bed_9d69_9cfe826deb9e_.P44c9f6b0_4a73_4bed_9d69_9cfe826deb9e_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P44c9f6b0_4a73_4bed_9d69_9cfe826deb9e_.P44c9f6b0_4a73_4bed_9d69_9cfe826deb9e_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\P4AEF65F8_0C53_4584_9AEA_4D26FB0B19FB_.P4AEF65F8_0C53_4584_9AEA_4D26FB0B19FB_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P4AEF65F8_0C53_4584_9AEA_4D26FB0B19FB_.P4AEF65F8_0C53_4584_9AEA_4D26FB0B19FB_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\P5E4344B9_F35D_4789_8851_C4D345A2A589_.P5E4344B9_F35D_4789_8851_C4D345A2A589_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P5E4344B9_F35D_4789_8851_C4D345A2A589_.P5E4344B9_F35D_4789_8851_C4D345A2A589_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\P5e50def0_0d8b_434b_abd0_db8d3aa94226_.P5e50def0_0d8b_434b_abd0_db8d3aa94226_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P5e50def0_0d8b_434b_abd0_db8d3aa94226_.P5e50def0_0d8b_434b_abd0_db8d3aa94226_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\P7a920344_60d5_4971_adb9_cdc73a997458_.P7a920344_60d5_4971_adb9_cdc73a997458_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P7a920344_60d5_4971_adb9_cdc73a997458_.P7a920344_60d5_4971_adb9_cdc73a997458_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\PF102E6E2_1124_4067_838D_A49C3D0C807A_.PF102E6E2_1124_4067_838D_A49C3D0C807A_
[-] Key Deleted : HKLM\SOFTWARE\Classes\PF102E6E2_1124_4067_838D_A49C3D0C807A_.PF102E6E2_1124_4067_838D_A49C3D0C807A_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\PF37563D3_27EE_450E_803A_A1859E59DCBA_.PF37563D3_27EE_450E_803A_A1859E59DCBA_
[-] Key Deleted : HKLM\SOFTWARE\Classes\PF37563D3_27EE_450E_803A_A1859E59DCBA_.PF37563D3_27EE_450E_803A_A1859E59DCBA_.9
[-] Key Deleted : HKLM\SOFTWARE\301a77c9-76dc-3840-1b91-8b8bd3349687
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2c617866-d07a-4938-bdfd-e2cb11bf6f58}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44c9f6b0-4a73-4bed-9d69-9cfe826deb9e}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AEF65F8-0C53-4584-9AEA-4D26FB0B19FB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E4344B9-F35D-4789-8851-C4D345A2A589}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5e50def0-0d8b-434b-abd0-db8d3aa94226}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7a920344-60d5-4971-adb9-cdc73a997458}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F102E6E2-1124-4067-838D-A49C3D0C807A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F37563D3-27EE-450E-803A-A1859E59DCBA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{318C7F13-3498-459E-BF35-12865E6D005C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{33B8CF8E-1B37-40DD-A652-F97EDFCA9565}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{40951615-F2E2-4855-9BB0-68F80D247514}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5D9FB48A-5CE2-4118-B19F-F88ADDB0F814}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8BB736A5-5657-4B96-9CFF-4F19318E6F05}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0B55F99-F893-4F84-AE82-CAE0E70DFDFA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A6918429-4197-42E6-A4AC-742073A9BCBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C584409B-751E-4C22-902C-DB987E6189BC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FCE74B5F-13A9-47C3-B69E-5210C1EECBEF}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4AEF65F8-0C53-4584-9AEA-4D26FB0B19FB}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F37563D3-27EE-450E-803A-A1859E59DCBA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2c617866-d07a-4938-bdfd-e2cb11bf6f58}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44c9f6b0-4a73-4bed-9d69-9cfe826deb9e}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4AEF65F8-0C53-4584-9AEA-4D26FB0B19FB}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5E4344B9-F35D-4789-8851-C4D345A2A589}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5e50def0-0d8b-434b-abd0-db8d3aa94226}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7a920344-60d5-4971-adb9-cdc73a997458}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F102E6E2-1124-4067-838D-A49C3D0C807A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F37563D3-27EE-450E-803A-A1859E59DCBA}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{6492E171-2427-4932-B414-33574A089F5E}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{2c617866-d07a-4938-bdfd-e2cb11bf6f58}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{44c9f6b0-4a73-4bed-9d69-9cfe826deb9e}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{4AEF65F8-0C53-4584-9AEA-4D26FB0B19FB}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{5E4344B9-F35D-4789-8851-C4D345A2A589}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{5e50def0-0d8b-434b-abd0-db8d3aa94226}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{7a920344-60d5-4971-adb9-cdc73a997458}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{F102E6E2-1124-4067-838D-A49C3D0C807A}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{F37563D3-27EE-450E-803A-A1859E59DCBA}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2c617866-d07a-4938-bdfd-e2cb11bf6f58}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{44c9f6b0-4a73-4bed-9d69-9cfe826deb9e}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AEF65F8-0C53-4584-9AEA-4D26FB0B19FB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5E4344B9-F35D-4789-8851-C4D345A2A589}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5e50def0-0d8b-434b-abd0-db8d3aa94226}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7a920344-60d5-4971-adb9-cdc73a997458}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F102E6E2-1124-4067-838D-A49C3D0C807A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F37563D3-27EE-450E-803A-A1859E59DCBA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4AEF65F8-0C53-4584-9AEA-4D26FB0B19FB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F37563D3-27EE-450E-803A-A1859E59DCBA}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
[-] Key Deleted : HKU\.DEFAULT\Software\DealPly
[-] Key Deleted : HKU\.DEFAULT\Software\IM
[-] Key Deleted : HKU\.DEFAULT\Software\ImInstaller
[-] Key Deleted : HKU\.DEFAULT\Software\WNLT
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\video MediaPlay-Air
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\Condut
[-] Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-C31474E3C170}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A1D3F9E-73B5-95EC-1233-6646E1358965}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA1838EF-A497-194E-3850-37A62CEE398B}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{274E3C5C-178E-EAE2-A52F-2863C0EECD46}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{317D8BB4-16C3-CFBD-3777-AED69667DA46}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A1D3F9E-73B5-95EC-1233-6646E1358965}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEE3DC-2B8B-E212-2126-D31D9E73DFE4}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B696F285-F54E-2524-58B1-E06A70ABE6BE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-C31474E3C170}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6C44C71-2CFE-8176-3A4D-CBD0DCE5AEFA}
[!] Key Not Deleted : [x64] HKCU\Software\APN PIP
[!] Key Not Deleted : [x64] HKCU\Software\InstallCore
[!] Key Not Deleted : [x64] HKCU\Software\Condut
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF987D06-1DCF-7B36-5B43-13BC8699C44C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7304C9D1-98AD-55F0-636E-22D8DD57F176}
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
[-] Data Restored : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Web browsers ] *****

[-] [C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\1ywx5ee6.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.coolsearches.info/?pid=22597&r=2015/03/22&hid=14599343737324593539&lg=XX&cc=US&unqvl=85");
[-] [C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
[-] [C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[-] [C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.coolsearches.info/?pid=22597&r=2015/03/22&hid=14599343737324593539&lg=XX&cc=US&unqvl=85&l=1&q=");
[-] [C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1", "WebSearch");
[-] [C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[-] [C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
[-] [C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[-] [C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\prefs.js] [Preference] Deleted : user_pref("extensions.3yyIXy2wfcz6pNWb.scode", "(function(){try{if(window.location.href.indexOf(\"rjn8pjUHqdr6rHCHrTn8pjr8rHU\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]
[-] [C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\prefs.js] [Preference] Deleted : user_pref("extensions.8lnZ94wdis2potzi.scode", "(function(){try{if(window.location.href.indexOf(\"rjn8pjUHqdr6rHCHrTn8pjr8rHU\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\prefs.js] [Preference] Deleted : user_pref("extensions.BEqTYIl7F0fLUbHy.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[-] [C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\prefs.js] [Preference] Deleted : user_pref("extensions.DYPTzg2e40QQaTen.scode", "(function(){try{if(window.location.href.indexOf(\"rjn8pjUHqdr6rHCHrTn8pjr8rHU\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\",\"f[...]
[-] [C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\prefs.js] [Preference] Deleted : user_pref("extensions.LaqjDmM5kHPR10QV.scode", "(function(){try{if(window.location.href.indexOf(\"rjn8pjUHqdr6rHCHrTn8pjr8rHU\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\prefs.js] [Preference] Deleted : user_pref("extensions.RTIdDntVBHPRPJSN.scode", "(function(){try{if(window.location.href.indexOf(\"rjn8pjUHqdr6rHCHrTn8pjr8rHU\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]
[-] [C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\prefs.js] [Preference] Deleted : user_pref("extensions.cD9fI2rpyBFkcam7.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[-] [C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\prefs.js] [Preference] Deleted : user_pref("extensions.gAf2qhknCGl91CfP.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[-] [C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\prefs.js] [Preference] Deleted : user_pref("extensions.jHrv0NUBo5SIq8Dq.scode", "(function(){try{if(window.location.href.indexOf(\"rjn8pjUHqdr6rHCHrTn8pjr8rHU\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\prefs.js] [Preference] Deleted : user_pref("extensions.n7oWZP3k54pXwblR.scode", "(function(){try{if(window.location.href.indexOf(\"rjn8pjUHqdr6rHCHrTn8pjr8rHU\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\",\"f[...]
[-] [C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\prefs.js] [Preference] Deleted : user_pref("extensions.x8nmQ2ur4KFPDdQv.scode", "(function(){try{if(window.location.href.indexOf(\"rjn8pjUHqdr6rHCHrTn8pjr8rHU\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\",\"f[...]
[-] [C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\prefs.js] [Preference] Deleted : user_pref("extensions.xODDYXsLaMXq4HEn.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[-] [C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxp://websearch.coolsearches.info/?pid=22597&r=2015/03/22&hid=14599343737324593539&lg=XX&cc=US&unqvl=85&l=1&q=");
[-] [C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\prefs.js] [Preference] Deleted : user_pref("extensions.8lnZ94wdis2potzi.scode", "(function(){try{if(window.location.href.indexOf(\"rjn8pjUHqdr6rHCHrTn8pjr8rHU\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\prefs.js] [Preference] Deleted : user_pref("extensions.BEqTYIl7F0fLUbHy.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn8pjUHqdr6rHCHrTn8pjr8rHU\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[-] [C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\prefs.js] [Preference] Deleted : user_pref("extensions.DYPTzg2e40QQaTen.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn8pjUHqdr6rHCHrTn8pjr8rHU\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[-] [C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\prefs.js] [Preference] Deleted : user_pref("extensions.LaqjDmM5kHPR10QV.scode", "(function(){try{if(window.location.href.indexOf(\"rjn8pjUHqdr6rHCHrTn8pjr8rHU\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\prefs.js] [Preference] Deleted : user_pref("extensions.cD9fI2rpyBFkcam7.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn8pjUHqdr6rHCHrTn8pjr8rHU\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[-] [C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\prefs.js] [Preference] Deleted : user_pref("extensions.gAf2qhknCGl91CfP.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn8pjUHqdr6rHCHrTn8pjr8rHU\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[-] [C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\prefs.js] [Preference] Deleted : user_pref("extensions.jHrv0NUBo5SIq8Dq.scode", "(function(){try{if(window.location.href.indexOf(\"rjn8pjUHqdr6rHCHrTn8pjr8rHU\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\prefs.js] [Preference] Deleted : user_pref("extensions.n7oWZP3k54pXwblR.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn8pjUHqdr6rHCHrTn8pjr8rHU\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[-] [C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\prefs.js] [Preference] Deleted : user_pref("extensions.x8nmQ2ur4KFPDdQv.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn8pjUHqdr6rHCHrTn8pjr8rHU\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[-] [C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\prefs.js] [Preference] Deleted : user_pref("extensions.xODDYXsLaMXq4HEn.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn8pjUHqdr6rHCHrTn8pjr8rHU\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[-] [C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : trovi.search
[-] [C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch
[-] [C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : ","id":"7","image_url":"","image_url_post_params":"","input_encodings":[],"instant_url":"","instant_url_post_params":"","keyword":"trovi.search","last_modified":"13064653385759028","new_tab_url":"","originating_url":"","prepopulate_id":0,"safe_for_autoreplace":false,"search_terms_replacement_key":"","search_url_post_params":"","short_name":"Trovi search","suggestions_url":"hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}","suggestions_url_post_params":"","synced_guid":"BFFD9B08-C30F-4EA4-AC03-5AFD316CB981","url":"hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=I5B5C6072-80D6-4B7F-B1B2-954E6B259331&SearchSource=58&CUI=&UM=8&UP=SP3B26F4AD-105A-453D-AF3B-349E105EE12A&q={searchTerms}&SSPV=
[-] [C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=I5B5C6072-80D6-4B7F-B1B2-954E6B259331&SearchSource=58&CUI=&UM=8&UP=SP3B26F4AD-105A-453D-AF3B-349E105EE12A&q={searchTerms}&SSPV=
[-] [C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted :
[-] [C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=I5B5C6072-80D6-4B7F-B1B2-954E6B259331&SearchSource=55&CUI=&UM=8&UP=SP3B26F4AD-105A-453D-AF3B-349E105EE12A&SSPV=

*************************

:: Proxy settings cleared
:: Winsock settings cleared

*************************

C:\AdwCleaner[C3].txt - [34805 octets] - [14/08/2015 18:26:28]
C:\AdwCleaner[S5].txt - [40002 octets] - [14/08/2015 18:24:07]

########## EOF - C:\AdwCleaner[C3].txt - [34933 octets] ##########
 

 

Junkware log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.6 (08.10.2015:1)
OS: Windows 7 Home Premium x64
Ran by Anthony Espinosa on Fri 08/14/2015 at 18:44:16.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621176}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621176}



~~~ Files

Successfully deleted: [File] C:\Users\Anthony Espinosa\AppData\Roaming\appdataFr25.bin
Successfully deleted: [File] C:\Users\Anthony Espinosa\AppData\Roaming\appdataFr3.bin
Successfully deleted: [File] C:\Users\Anthony Espinosa\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.superfish.com_0.localstorage
Successfully deleted: [File] C:\Users\Anthony Espinosa\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.superfish.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Anthony Espinosa\Appdata\Local\google\chrome\user data\default\local storage\hxxps_www.superfish.com_0.localstorage
Successfully deleted: [File] C:\Users\Anthony Espinosa\Appdata\Local\google\chrome\user data\default\local storage\hxxps_www.superfish.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Anthony Espinosa\desktop\search.lnk



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Anthony Espinosa\Appdata\Local\{0AD04610-38AA-43BA-BC48-FE3AE6E9FB03}
Successfully deleted: [Empty Folder] C:\Users\Anthony Espinosa\Appdata\Local\{223951B4-A66C-4420-911B-713612BCFCE1}
Successfully deleted: [Empty Folder] C:\Users\Anthony Espinosa\Appdata\Local\{89687E29-78AA-459C-9E95-E0DE5E4E35E2}
Successfully deleted: [Empty Folder] C:\Users\Anthony Espinosa\Appdata\Local\{984DDA45-0F9B-4DEF-8A2F-2DFA23A0CC37}
Successfully deleted: [Empty Folder] C:\Users\Anthony Espinosa\Appdata\Local\{BE5253D4-97C1-4ADF-BF3B-909847024374}
Successfully deleted: [Folder] C:\Program Files (x86)\AutoDuealsAapp
Successfully deleted: [Folder] C:\Program Files (x86)\convert audio free
Successfully deleted: [Folder] C:\Program Files (x86)\OptOOn
Successfully deleted: [Folder] C:\ProgramData\best buy pc app
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\ProgramData\summersoft
Successfully deleted: [Folder] C:\Users\Anthony Espinosa\Appdata\Local\best buy pc app
Successfully deleted: [Folder] C:\Users\Anthony Espinosa\Appdata\Local\com
Successfully deleted: [Folder] C:\Users\Anthony Espinosa\Appdata\Local\cre
Successfully deleted: [Folder] C:\Users\Anthony Espinosa\AppData\Roaming\convert audio free
Successfully deleted: [Folder] C:\Users\Anthony Espinosa\AppData\Roaming\getrighttogo
Successfully deleted: [Folder] C:\Users\Anthony Espinosa\AppData\Roaming\new version available
Successfully deleted: [Folder] C:\Users\Anthony Espinosa\AppData\Roaming\nico mak computing
Successfully deleted: [Folder] C:\Users\Anthony Espinosa\Documents\add-in express
Successfully deleted: [Folder] C:\ProgramData\CCheapMe
Successfully deleted: [Folder] C:\ProgramData\ExstRRaCooupOn
Successfully deleted: [Folder] C:\Users\Anthony Espinosa\AppData\Roaming\0G1L1H1E0S1M1F1E



~~~ FireFox

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{c4cfc0de-134f-4466-b2a2-ff7c59a8bfad}
Successfully deleted the following from C:\Users\Anthony Espinosa\AppData\Roaming\mozilla\firefox\profiles\mg8he5j6.default\prefs.js

user_pref(extensions.8lnZ94wdis2potzi.scode, (function(){try{if(window.location.href.indexOf(\rjn8pjUHqdr6rHCHrTn8pjr8rHU\)>-1){return;}}catch(e){}try{var d=[[\www.ewoss
user_pref(extensions.RTIdDntVBHPRPJSN.url, hxxp://neutral-level.net/sync2/?q=hfZ9ofDVCNnMCyVUojsGqjU6tMqLDe49CNU0llrMCMlNhd9Fqja8rTYErHw9qjYMBzqUojw8rdkGpdaHrTr8rch7hfs0pih
Emptied folder: C:\Users\Anthony Espinosa\AppData\Roaming\mozilla\firefox\profiles\mg8he5j6.default\minidumps [227 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff

[C:\Users\Anthony Espinosa\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Anthony Espinosa\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Anthony Espinosa\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Anthony Espinosa\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  banjjklfojcdbofbhbgiedekefohoaff
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/14/2015 at 18:47:23.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

zoek log

 

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Anthony Espinosa on Fri 08/14/2015 at 19:10:47.77.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Anthony Espinosa\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

8/14/2015 7:14:43 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\SystemAide deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\4shared Desktop deleted successfully
C:\PROGRA~3\Freemake deleted successfully
C:\PROGRA~3\IDM deleted successfully
C:\Users\Anthony Espinosa\AppData\Roaming\Panda Security deleted successfully
C:\Users\Anthony Espinosa\AppData\Roaming\uTorrent deleted successfully
C:\Users\Familia\AppData\Roaming\Apple Computer deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Microsoft\Internet Explorer\SearchScopes\{36BCFFEF-A49F-4E0D-B13A-20CE173AE3F1} deleted successfully
HKEY_USERS\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{282DA9E5-FAE4-4A1C-9B75-1E60B171816F} deleted successfully
HKEY_USERS\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3DC0D937-A016-4C5E-9C31-7D58F5271157} deleted successfully
HKEY_USERS\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5178D71E-5A65-4663-AE26-2252F27B79} deleted successfully
HKEY_USERS\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully
HKEY_USERS\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B14507D3-A6DE-44DC-9D3D-DC1DF7CA5D9E} deleted successfully
HKEY_USERS\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D92ED405-D6-468B-91B0-635625D4D946} deleted successfully
HKEY_USERS\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F137122C-64F9-4415-B63E-61AC2160FCA0} deleted successfully
HKEY_USERS\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F154A9A4-1C11-4FDA-843D-183DE338DE94} deleted successfully
HKEY_USERS\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF94DD13-5E0D-4064-AA39-8C63AC97625} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\ANTHON~1\AppData\Roaming\Mozilla\Firefox\Profiles\1ywx5ee6.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20150814_0729_.backup

ProfilePath: C:\Users\ANTHON~1\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default

user.js not found
---- Lines extensions.3yyIXy2wfcz6pNWb removed from prefs.js ----
user_pref("extensions.3yyIXy2wfcz6pNWb.epoch", "1433943340");
user_pref("extensions.3yyIXy2wfcz6pNWb.url", "http://shrinevalue.net/sync2/?q=hfZ9ojn8h7gMCyVUojsGqjU6tMqLDe49CNU0llrMCMlNhd9Fqja8rjaFrdkEqdaMBzqUojw8
---- Lines extensions.8lnZ94wdis2potzi removed from prefs.js ----
user_pref("extensions.8lnZ94wdis2potzi.epoch", "1439677776");
user_pref("extensions.8lnZ94wdis2potzi.url", "http://terminalukusaa.us/sync2/?q=hfZ9oex8Dy0UhihEAen0rTs8pjCMg708BNmGWj8lkGhGheDUojw8rdgFrdaHrTgGqShIC7
---- Lines extensions.9js removed from prefs.js ----
user_pref("extensions.9js.epoch", "1408586469");
user_pref("extensions.9js.url", "http://toolkitcard.in/sync2/?q=hfZ9oeV8hfa7tNbPhd9FrTr4tMqLDe49CNU0llrMCMlNhd9Fqda6rTYErTwHrdrMBzqUojw9rdYGrdaGrdwFrc
---- Lines extensions.BEqTYIl7F0fLUbHy removed from prefs.js ----
user_pref("extensions.BEqTYIl7F0fLUbHy.epoch", "1421021766");
user_pref("extensions.BEqTYIl7F0fLUbHy.url", "http://astrajobsecure.com/sync2/?q=hfZ9oeFEAHnMCyVUojsEpjg7tMqLDe49CNU0llrMCMlNhd9FqjaFrdYEqdw4rTgMBzqUo
---- Lines extensions.BzN removed from prefs.js ----
user_pref("extensions.BzN.epoch", "1408499119");
user_pref("extensions.BzN.url", "http://webterminall.in/sync2/?q=hfZ9oeZNAdkMCyVUojwGrHUMg708BNmGWj8lkGhGheDUojw9rdYFrjaErjnEqGhIC7n0rjnEpdw4rdw9qdsEt
---- Lines extensions.DVvlTkcPsk4jRUvB removed from prefs.js ----
user_pref("extensions.DVvlTkcPsk4jRUvB.epoch", "1417286378");
user_pref("extensions.DVvlTkcPsk4jRUvB.url", "http://onionbarstar.info/sync2/?q=hfZ9ofbLDGhEAen0rjsHpihTB6lKDzt4olljtNtVh7n0rjnFrjsGrdCGqdrEtMFHhd9Fqd
---- Lines extensions.DYPTzg2e40QQaTen removed from prefs.js ----
user_pref("extensions.DYPTzg2e40QQaTen.epoch", "1431051391");
user_pref("extensions.DYPTzg2e40QQaTen.url", "http://superiend.info/sync2/?q=hfZ9oflRCM9HtNbPhd9GrTk4qGhTB6lKDzt4olljtNtVh7n0rjkEqdw5rjrErTr6tMFHhd9Fq
---- Lines extensions.LaqjDmM5kHPR10QV removed from prefs.js ----
user_pref("extensions.LaqjDmM5kHPR10QV.epoch", "1439653230");
user_pref("extensions.LaqjDmM5kHPR10QV.url", "http://homewebbnew.us/sync2/?q=hfZ9oeZNAdkMCyVUojsGqjU6tMqLDe49CNU0llrMCMlNhd9Fqja7rjCErHnFrHwMBzqUojw8r
---- Lines extensions.LkAxar removed from prefs.js ----
user_pref("extensions.LkAxar.epoch", "1406019344");
user_pref("extensions.LkAxar.url", "http://toolkitfun.in/sync2/?q=hfZ9ofV9CShEAen0rjsHpihTB6lKDzt4olljtNtVh7n0rjnEqHsFrdY8qdwHtMFHhd9Fqda6rTwEpdk8rHYM
---- Lines extensions.RTIdDntVBHPRPJSN removed from prefs.js ----
user_pref("extensions.RTIdDntVBHPRPJSN.epoch", "1433943342");
---- Lines extensions.Ts3IS removed from prefs.js ----
user_pref("extensions.Ts3IS.epoch", "1408586469");
user_pref("extensions.Ts3IS.url", "http://fastgroupchinayour.net/sync2/?q=hfZ9oeZNATCMCyVUojwGrHUMg708BNmGWj8lkGhGheDUojw9rdYEqdaFqdg8qGhIC7n0rjnEpdsE
---- Lines extensions.Z7XL5bWXndAeRhoU removed from prefs.js ----
user_pref("extensions.Z7XL5bWXndAeRhoU.epoch", "1411471464");
user_pref("extensions.Z7XL5bWXndAeRhoU.url", "http://getjpit.info/sync2/?q=hfZ9oemMhyg4rGhEAen0rjsHpihTB6lKDzt4olljtNtVh7n0rjnEpjsErjsGqTr7tMFHhd9Fqda
---- Lines extensions.cD9fI2rpyBFkcam7 removed from prefs.js ----
user_pref("extensions.cD9fI2rpyBFkcam7.epoch", "1420700870");
user_pref("extensions.cD9fI2rpyBFkcam7.url", "http://syncservice.info/sync2/?q=hfZ9ojY5hMk6tNbPhd9GrdU7qShTB6lKDzt4olljtNtVh7n0rjkErjaFrdk9rdkHtMFHhd9
---- Lines extensions.gAf2qhknCGl91CfP removed from prefs.js ----
user_pref("extensions.gAf2qhknCGl91CfP.epoch", "1421570856");
user_pref("extensions.gAf2qhknCGl91CfP.url", "http://toolkitjob.in/sync2/?q=hfZ9oeDOh7OMCyVUojsEpjg7tMqLDe49CNU0llrMCMlNhd9FqjaFrjkEqTa5rHYMBzqUojw8rd
---- Lines extensions.jHrv0NUBo5SIq8Dq removed from prefs.js ----
user_pref("extensions.jHrv0NUBo5SIq8Dq.epoch", "1439653232");
user_pref("extensions.jHrv0NUBo5SIq8Dq.url", "http://jpisyncer.info/sync2/?q=hfZ9ofbLDGhEAen0rTs8pjCMg708BNmGWj8lkGhGheDUojw8rdCEqHaHrHw8qGhIC7n0rjkEq
---- Lines extensions.k89W4SccBj removed from prefs.js ----
user_pref("extensions.k89W4SccBj.epoch", "1406163206");
user_pref("extensions.k89W4SccBj.url", "http://getjpi2.info/sync2/?q=hfZ9ojY5hMk6tNbPhd9FrTr4tMqLDe49CNU0llrMCMlNhd9Fqda6rTwEpdkEqjkMBzqUojw9rdCGrHaEq
---- Lines extensions.mebLMDf removed from prefs.js ----
user_pref("extensions.mebLMDf.epoch", "1406163206");
user_pref("extensions.mebLMDf.url", "http://webdriiver.in/sync2/?q=hfZ9ofhUWchEAen0rjsHpihTB6lKDzt4olljtNtVh7n0rjnEqHsFrdY8qda5tMFHhd9Fqda6rTrErdkHrjU
---- Lines extensions.n7oWZP3k54pXwblR removed from prefs.js ----
user_pref("extensions.n7oWZP3k54pXwblR.epoch", "1431051389");
user_pref("extensions.n7oWZP3k54pXwblR.url", "http://film-racer.com/sync2/?q=hfZ9ofV9CShEAen0rTs8pjCMg708BNmGWj8lkGhGheDUojw8rdrGrTaGqjgEqShIC7n0rjkEr
---- Lines extensions.x8nmQ2ur4KFPDdQv removed from prefs.js ----
user_pref("extensions.x8nmQ2ur4KFPDdQv.epoch", "1431051390");
user_pref("extensions.x8nmQ2ur4KFPDdQv.url", "http://readermultiple.info/sync2/?q=hfZ9oemMC7n5hShEAen0rTs8pjCMg708BNmGWj8lkGhGheDUojw8rdrGrTaGqjkGpihI
---- Lines extensions.xODDYXsLaMXq4HEn removed from prefs.js ----
user_pref("extensions.xODDYXsLaMXq4HEn.epoch", "1421570856");
user_pref("extensions.xODDYXsLaMXq4HEn.url", "http://downloadnicesuperguru.in/sync2/?q=hfZ9oeZNAdkMCyVUojsEpjg7tMqLDe49CNU0llrMCMlNhd9FqjaFrjrFqHrFqjC
---- FireFox user.js and prefs.js backups ----

prefs_20150814_0729_.backup

ProfilePath: C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default

user.js not found
---- Lines Sweet removed from prefs.js ----
user_pref("extensions.DYPTzg2e40QQaTen.url", "http://sweetdiaryset.info/sync2/?q=hfZ9oflRCM9HtNbPhd9GrTk4qGhTB6lKDzt4olljtNtVh7n0rjkEqdw5rjrErTr6tMFHh
user_pref("extensions.LaqjDmM5kHPR10QV.url", "http://film-racer.com/sync2/?q=hfZ9oeZNAdkMCyVUojsGqjU6tMqLDe49CNU0llrMCMlNhd9Fqja7rjCErHnFrHwMBzqUojw8r
---- Lines extensions.8lnZ94wdis2potzi removed from prefs.js ----
user_pref("extensions.8lnZ94wdis2potzi.epoch", "1439215210");
user_pref("extensions.8lnZ94wdis2potzi.url", "http://webdriiver.in/sync2/?q=hfZ9oex8Dy0UhihEAen0rTs8pjCMg708BNmGWj8lkGhGheDUojw8rdgFrdaHrTgGqShIC7n0rj
---- Lines extensions.BEqTYIl7F0fLUbHy removed from prefs.js ----
user_pref("extensions.BEqTYIl7F0fLUbHy.epoch", "1429544981");
user_pref("extensions.BEqTYIl7F0fLUbHy.url", "http://epicbookalls.info/sync2/?q=hfZ9oeFEAHnMCyVUojsEpjg7tMqLDe49CNU0llrMCMlNhd9FqjaFrdYEqdw4rTgMBzqUoj
---- Lines extensions.BzN removed from prefs.js ----
user_pref("extensions.BzN.epoch", "1416591088");
user_pref("extensions.BzN.url", "http://winnerspy.eu/sync2/?q=hfZ9oeZNAdkMCyVUojwGrHUMg708BNmGWj8lkGhGheDUojw9rdYFrjaErjnEqGhIC7n0rjnFrdaHrTaGqjw8tNhV
---- Lines extensions.DVvlTkcPsk4jRUvB removed from prefs.js ----
user_pref("extensions.DVvlTkcPsk4jRUvB.epoch", "1419020615");
user_pref("extensions.DVvlTkcPsk4jRUvB.url", "http://progget.com/sync2/?q=hfZ9ofbLDGhEAen0rjsHpihTB6lKDzt4olljtNtVh7n0rjnFrjsGrdCGqdrEtMFHhd9FqdwGrdsF
---- Lines extensions.DYPTzg2e40QQaTen removed from prefs.js ----
user_pref("extensions.DYPTzg2e40QQaTen.epoch", "1429544949");
---- Lines extensions.LaqjDmM5kHPR10QV removed from prefs.js ----
user_pref("extensions.LaqjDmM5kHPR10QV.epoch", "1439215210");
---- Lines extensions.Z7XL5bWXndAeRhoU removed from prefs.js ----
user_pref("extensions.Z7XL5bWXndAeRhoU.epoch", "1416591089");
---- Lines extensions.cD9fI2rpyBFkcam7 removed from prefs.js ----
user_pref("extensions.cD9fI2rpyBFkcam7.epoch", "1429544982");
user_pref("extensions.cD9fI2rpyBFkcam7.url", "http://safe-easy.com/sync2/?q=hfZ9ojY5hMk6tNbPhd9GrdU7qShTB6lKDzt4olljtNtVh7n0rjkErjaFrdk9rdkHtMFHhd9Fqj
---- Lines extensions.gAf2qhknCGl91CfP removed from prefs.js ----
user_pref("extensions.gAf2qhknCGl91CfP.epoch", "1429544982");
user_pref("extensions.gAf2qhknCGl91CfP.url", "http://superimes.info/sync2/?q=hfZ9oeDOh7OMCyVUojsEpjg7tMqLDe49CNU0llrMCMlNhd9FqjaFrjkEqTa5rHYMBzqUojw8r
---- Lines extensions.jHrv0NUBo5SIq8Dq removed from prefs.js ----
user_pref("extensions.jHrv0NUBo5SIq8Dq.epoch", "1439215209");
user_pref("extensions.jHrv0NUBo5SIq8Dq.url", "http://syncer-jpi.info/sync2/?q=hfZ9ofbLDGhEAen0rTs8pjCMg708BNmGWj8lkGhGheDUojw8rdCEqHaHrHw8qGhIC7n0rjkE
---- Lines extensions.n7oWZP3k54pXwblR removed from prefs.js ----
user_pref("extensions.n7oWZP3k54pXwblR.epoch", "1429544980");
user_pref("extensions.n7oWZP3k54pXwblR.url", "http://superie.org/sync2/?q=hfZ9ofV9CShEAen0rTs8pjCMg708BNmGWj8lkGhGheDUojw8rdrGrTaGqjgEqShIC7n0rjkErHs8
---- Lines extensions.x8nmQ2ur4KFPDdQv removed from prefs.js ----
user_pref("extensions.x8nmQ2ur4KFPDdQv.epoch", "1429544950");
user_pref("extensions.x8nmQ2ur4KFPDdQv.url", "http://webdriiver.in/sync2/?q=hfZ9oemMC7n5hShEAen0rTs8pjCMg708BNmGWj8lkGhGheDUojw8rdrGrTaGqjkGpihIC7n0rj
---- Lines extensions.xODDYXsLaMXq4HEn removed from prefs.js ----
user_pref("extensions.xODDYXsLaMXq4HEn.epoch", "1429544983");
user_pref("extensions.xODDYXsLaMXq4HEn.url", "http://toolkitjob.in/sync2/?q=hfZ9oeZNAdkMCyVUojsEpjg7tMqLDe49CNU0llrMCMlNhd9FqjaFrjrFqHrFqjCMBzqUojw8rd
---- FireFox user.js and prefs.js backups ----

prefs_20150814_0729_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\AV Vcs 7.0 DIAMOND not found
C:\PROGRA~2\SystemAide not found
C:\PROGRA~3\VsUlOo deleted
C:\PROGRA~2\Ss_Helper deleted
C:\PROGRA~2\Internet Download Manager deleted
C:\PROGRA~2\Grieving Deposit deleted
C:\PROGRA~2\Mah Jong Connect deleted
C:\PROGRA~2\Radioplayer deleted
C:\PROGRA~2\Twitch Stream deleted
C:\PROGRA~2\UpDown page without arrows deleted
C:\PROGRA~2\Website IP deleted
C:\Users\Anthony Espinosa\AppData\Roaming\AtomPark deleted
C:\Users\Anthony Espinosa\AppData\LocalLow\{0F4D3F5A-3716-46B5-9769-94996D5DDD4C} deleted
C:\Users\Anthony Espinosa\AppData\LocalLow\{4DE274B8-9A85-EC41-561E-30F4C1B7B0B2} deleted
C:\Users\Anthony Espinosa\AppData\LocalLow\{740EC8E6-0221-B09D-6856-3653BDB7D942} deleted
C:\Users\Anthony Espinosa\AppData\LocalLow\{7767350F-88AB-6B5F-4D81-85E83F75BBB1} deleted
C:\Users\Anthony Espinosa\AppData\LocalLow\{ADC19757-0BE7-0B46-B2D8-E79C309BAE7D} deleted
C:\Users\Anthony Espinosa\AppData\LocalLow\{F7932880-F9D8-613C-75BC-C5349761474B} deleted
C:\Users\Familia\AppData\LocalLow\{0F4D3F5A-3716-46B5-9769-94996D5DDD4C} deleted
C:\Users\Familia\AppData\LocalLow\{4DE274B8-9A85-EC41-561E-30F4C1B7B0B2} deleted
C:\Users\Familia\AppData\LocalLow\{740EC8E6-0221-B09D-6856-3653BDB7D942} deleted
C:\Users\Familia\AppData\LocalLow\{7767350F-88AB-6B5F-4D81-85E83F75BBB1} deleted
C:\Users\Familia\AppData\LocalLow\{F7932880-F9D8-613C-75BC-C5349761474B} deleted
C:\Users\Anthony Espinosa\AppData\Local\Packages\windows_ie_ac_001\AC\{0F4D3F5A-3716-46B5-9769-94996D5DDD4C} deleted
C:\Users\Anthony Espinosa\AppData\Local\Packages\windows_ie_ac_001\AC\{4DE274B8-9A85-EC41-561E-30F4C1B7B0B2} deleted
C:\Users\Anthony Espinosa\AppData\Local\Packages\windows_ie_ac_001\AC\{740EC8E6-0221-B09D-6856-3653BDB7D942} deleted
C:\Users\Anthony Espinosa\AppData\Local\Packages\windows_ie_ac_001\AC\{7767350F-88AB-6B5F-4D81-85E83F75BBB1} deleted
C:\Users\Anthony Espinosa\AppData\Local\Packages\windows_ie_ac_001\AC\{ADC19757-0BE7-0B46-B2D8-E79C309BAE7D} deleted
C:\Users\Anthony Espinosa\AppData\Local\Packages\windows_ie_ac_001\AC\{F7932880-F9D8-613C-75BC-C5349761474B} deleted
C:\Users\Anthony Espinosa\.android deleted
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~2\OpenDownloaderManager deleted
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\Users\Anthony Espinosa\AppData\Roaming\Open Download Manager deleted
C:\Users\Anthony Espinosa\AppData\Roaming\mp3trimmerdirectorys.txt deleted
C:\Users\Anthony Espinosa\AppData\Roaming\Yahoo! deleted
C:\PROGRA~3\GreenBay App deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\Anthony Espinosa\AppData\Local\Wondershare deleted
C:\Users\Familia\AppData\Local\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\Users\Anthony Espinosa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Anthony Espinosa\AppData\LocalLow\EbOokBrowiSe deleted
C:\Users\Anthony Espinosa\AppData\LocalLow\Yahoo! deleted
C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\Yahoo! deleted
C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion deleted
C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\windows\RAVTC.TMP deleted
C:\windows\wininit.ini deleted
C:\windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\ANTHON~1\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\jetpack deleted
C:\Users\Anthony Espinosa\Desktop\Bulk Downloader.lnk deleted
C:\Users\ANTHON~1\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\extensions\pTfZblg@n.com deleted
C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\extensions\pTfZblg@n.com deleted
"C:\Users\Anthony Espinosa\AppData\Roaming\.ettercap_gtk" deleted
"C:\Users\ANTHON~1\AppData\Roaming\Mozilla\Firefox\Profiles\1ywx5ee6.default\extensions\vuze@mybrowserbar.com" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\ANTHON~1\AppData\Roaming\Mozilla\Firefox\Profiles\1ywx5ee6.default
user_pref("browser.search.defaultenginename", "Yahoo!");

ProfilePath: C:\Users\ANTHON~1\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default
user_pref("browser.startup.homepage", "http://homepage.aol.com/?mtmhp=txtlnkusaolp00000800");
user_pref("browser.search.defaultenginename.US", "Google");

ProfilePath: C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default
user_pref("browser.startup.homepage", "http://homepage.aol.com/?mtmhp=txtlnkusaolp00000800");
user_pref("browser.search.defaultenginename", "Bing");
user_pref("browser.search.defaultenginename.US", "Bing");
user_pref("browser.search.selectedEngine", "Bing");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}"="C:\Program Files\Updater By SweetPacks\Firefox" []
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"webrootsecure@webroot.com"="C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer" [08/06/2015 07:05 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\ANTHON~1\AppData\Roaming\Mozilla\Firefox\Profiles\1ywx5ee6.default
- Video Downloader - %ProfilePath%\extensions\bbtwjxkolu@bbtwjxkolu.org.xpi

ProfilePath: C:\Users\ANTHON~1\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default
- DealNoDeal - C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\extensions\rvjukxfpuybey@xareavxkmkut.net
- BranderApp - C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\extensions\_qacmf_xdjqegm@gffknphco_eotyhxi.edu
- Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
- DealNoDeal - %ProfilePath%\extensions\rvjukxfpuybey@xareavxkmkut.net
- BranderApp - %ProfilePath%\extensions\_qacmf_xdjqegm@gffknphco_eotyhxi.edu

ProfilePath: C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default
- AwsomeExt - %ProfilePath%\extensions\w__fukdfrqzmwoe@jkzfvnrvillhpega.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default
F8CB60A5ACA5D73807ECBD9942A8BCB7    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll -    RealDownloader Plugin
96B3689320E9B16EDF38B7A5001C35F0    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll -    RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll -    RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)
BE126CB7049E89ED6F3038016668B502    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll -    RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)
DCB0BCEF594E2C410793C4A823C318F3    - C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll -    Shockwave for Director / Shockwave for Director
EC55112EDB2CE5BC2BFCACDB9C2150F4    - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll -    Shockwave Flash
E3B4EA121F7BDEB0F6366E2BA9608CB5    - C:\Users\Anthony Espinosa\AppData\Local\Citrix\Plugins\104\npappdetector.dll -    Citrix Online Web Deployment Plugin 1.0.0.104


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Anthony Espinosa\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted
Fake profile C:\windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

Google Chrome Version: 43.0.2357.81

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[09/23/2012 09:43 PM]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[08/14/2013 03:24 PM]
kjeghcllfecehndceplomkocgfbklffd - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.1.0.59.crx[08/06/2015 07:05 PM]
noebaifjopccondbkcieccphcpijhdne - C:\Users\Anthony Espinosa\AppData\Local\CRE\noebaifjopccondbkcieccphcpijhdne.crx[]
oajgghejjpgkmpgbchgjieahoefimdle - C:\Users\Anthony Espinosa\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
noebaifjopccondbkcieccphcpijhdne - C:\Users\Anthony Espinosa\AppData\Local\CRE\noebaifjopccondbkcieccphcpijhdne.crx[]
oajgghejjpgkmpgbchgjieahoefimdle - C:\Users\Anthony Espinosa\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx[]

Webroot Filtering Extension - Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd
Chrome Hotword Shared Module - Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
MixiDJ V8 - Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajgghejjpgkmpgbchgjieahoefimdle
RealDownloader - Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
MixiDJ V8 - Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajgghejjpgkmpgbchgjieahoefimdle

==== Chromium Fix ======================

C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopping.arcadewizardgames.com_0.localstorage-journal deleted successfully
C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage deleted successfully
C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully
C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajgghejjpgkmpgbchgjieahoefimdle deleted successfully
C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajgghejjpgkmpgbchgjieahoefimdle deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://homepage.aol.com/?mtmhp=txtlnkusaolp00000800"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://homepage.aol.com/?mtmhp=txtlnkusaolp00000800"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://homepage.aol.com/?mtmhp=txtlnkusaolp00000800"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://homepage.aol.com/?mtmhp=txtlnkusaolp00000800"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B} deleted successfully
HKEY_USERS\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} deleted successfully
HKEY_USERS\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\3fad61b5-1c20-4d81-964e-5dbb1eedb95b deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\4cea76c9-05ea-4ae8-8d5f-10f7858fb248 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2FB28BC5-9C9A-186B-BA93-585252C85D42} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{31D3586C-A908-E896-BB3D-F8FAF1D80B35} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F2B6C36-BF05-475C-FC1B-692ACCCA9E7C} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{82199E13-9497-5395-3502-C52C3255B388} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B0C9590A-509E-A2F4-4CF1-752F2E0BB9DB} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E18DA7DC-D3EC-3D45-9EF0-603536278405} deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\noebaifjopccondbkcieccphcpijhdne deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\noebaifjopccondbkcieccphcpijhdne deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6A08B379-76FB-B4CF-0C70-CAFCD3635A77} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F5853CDF-2C63-6D1D-B286-CBB1CD5DFD62} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{44E4311D-BA06-FD43-505E-17DC53F4C22F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OpenDownloaderManager deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Foxit Software Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{89687E29-78AA-459C-9E95-E0DE5E4E35E2} deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Anthony Espinosa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Anthony Espinosa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Anthony Espinosa\AppData\Roaming\Mozenda\InternetCache\Content.IE5 emptied successfully
C:\Users\Familia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Anthony Espinosa\AppData\Local\Mozilla\Firefox\Profiles\mg8he5j6.default\cache2 emptied successfully
C:\Users\Familia\AppData\Local\Mozilla\Firefox\Profiles\o1gpwfkg.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3232 folders=528 309252195 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\temp emptied successfully
C:\Users\Anthony Espinosa\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Familia\AppData\Local\temp emptied successfully
C:\Users\Guest\AppData\Local\temp emptied successfully
C:\Users\HomeGroupUser$\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
 

 

FRST results

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01
Ran by Anthony Espinosa (administrator) on ANTHONYESPINOSA (14-08-2015 19:52:25)
Running from C:\Users\Anthony Espinosa\Downloads
Loaded Profiles: Anthony Espinosa (Available Profiles: Anthony Espinosa & Familia)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Users\Anthony Espinosa\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Users\Anthony Espinosa\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Anthony Espinosa\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-05-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-07-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [822728 2015-08-06] (Webroot)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\Users\Anthony Espinosa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-08-30]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-05-15]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-05-15]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3429040505-1488993759-2191824837-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Fun2SaVie -> {8EB4C641-83A2-4A9B-90E6-E572FB3CD488} -> C:\Program Files (x86)\Fun2SaVie\KHz5gCNY7D6WXr.x64.dll No File
BHO: AutoDuealsAapp -> {B1A134AE-630A-4171-9154-A6FF7CA3DEC2} -> C:\Program Files (x86)\AutoDuealsAapp\rxolbG9utF0xUk.x64.dll No File
BHO: 50COuPOnsi -> {C8F50CD4-DACC-4745-A4AE-8DF0287C1C8D} -> C:\Program Files (x86)\50COuPOnsi\R1dSzAPp0lnnDj.x64.dll No File
BHO: Fuon22SaVe -> {C9868A05-51BF-4383-8436-F7D4B3CD2866} -> C:\Program Files (x86)\Fuon22SaVe\Zcxu743smnXCij.x64.dll No File
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-08-06] (Webroot)
BHO: 50CouPOnss -> {FE6C40C9-7C45-4F81-9BEA-7921AC48A2CC} -> C:\Program Files (x86)\50CouPOnss\Vg9RFgEjKWBTJc.x64.dll No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-08-06] (Webroot)
Toolbar: HKU\S-1-5-21-3429040505-1488993759-2191824837-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://linksyssupport.webex.com/client/T27L10NSP32EP12-14988-PSOLINKSYS/support/ieatgpc1.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{49672A48-30C4-415A-96C5-46710B94DEDE}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{DC1F987B-2B56-4660-878A-EB75E29D3358}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-07-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-07-21] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-12] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3429040505-1488993759-2191824837-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Anthony Espinosa\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-09-01] (Citrix Online)
FF Plugin HKU\S-1-5-21-3429040505-1488993759-2191824837-1001: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli)
FF Plugin HKU\S-1-5-21-3429040505-1488993759-2191824837-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2014-07-21] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-07-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-07-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-07-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-07-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-07-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2014-07-21] (RealPlayer)
FF Extension: DealNoDeal - C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\Extensions\rvjukxfpuybey@xareavxkmkut.net [2015-06-09]
FF Extension: BranderApp - C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\Extensions\_qacmf_xdjqegm@gffknphco_eotyhxi.edu [2015-08-06]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-03-06]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-21]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-08-06]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-05-15] <==== ATTENTION

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-21]
CHR Extension: (Google Drive) - C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-21]
CHR Extension: (YouTube) - C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-21]
CHR Extension: (\n<ol>\n    <li>\n        Subject of the Agreement<br />\n        Subject of the Agreement is the computer program \) - C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\clagbfpdfojpoondfdloibkiaipdeibm [2014-12-22]
CHR Extension: (Google Search) - C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-21]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-07-21]
CHR Extension: (Bulk Download Images(ZIG)) - C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjhimhkjmipphnaminnnnjpnlneeplk [2014-12-31]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-08-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Google Wallet) - C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-21]
CHR Extension: (Gmail) - C:\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-21]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.1.0.59.crx [2015-08-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 M4-Service; C:\Users\Anthony Espinosa\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe [1008968 2013-05-06] ()
S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [36352 2012-11-19] () [File not signed]
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [126392 2011-11-30] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [822728 2015-08-06] (Webroot)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [6656 2011-03-09] (Windows ® Win 7 DDK provider)
R3 nuvotonhidcir; C:\Windows\System32\DRIVERS\nuvotonhidcir.sys [32256 2011-03-09] (Nuvoton Technology Corporation)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [21096 2012-01-05] (Realtek Microelectronics)
S3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [1082472 2012-01-16] (Realtek Semiconductor Corporation                           )
S3 Tosrfcom; no ImagePath
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116224 2015-08-06] (Webroot)
S3 wrUrlFlt; C:\windows\system32\DRIVERS\wrUrlFlt.sys [41040 2015-08-06] (Webroot)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 RSUSBVSTOR; System32\Drivers\RtsUVStor.sys [X]
S1 SABKUTIL; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
S3 SABProcEnum; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-14 19:50 - 2015-08-14 19:50 - 02173952 _____ (Farbar) C:\Users\Anthony Espinosa\Downloads\FRST64(1).exe
2015-08-14 19:39 - 2015-08-14 19:39 - 00000008 __RSH C:\Users\Anthony Espinosa\ntuser.pol
2015-08-14 19:38 - 2015-08-14 19:38 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-08-14 19:37 - 2015-08-14 19:10 - 00024064 _____ C:\windows\zoek-delete.exe
2015-08-14 19:28 - 2015-08-14 19:37 - 00000179 _____ C:\folders.log
2015-08-14 19:28 - 2015-08-14 19:37 - 00000000 ____D C:\zoek
2015-08-14 19:14 - 2015-08-14 19:37 - 00033305 _____ C:\zoek-results.log
2015-08-14 19:10 - 2015-08-14 19:33 - 00000000 ____D C:\zoek_backup
2015-08-14 19:08 - 2015-08-14 19:09 - 01308672 _____ C:\Users\Anthony Espinosa\Downloads\zoek.exe
2015-08-14 19:07 - 2015-08-14 19:07 - 00005601 _____ C:\Users\Anthony Espinosa\Documents\JRT.txt
2015-08-14 18:47 - 2015-08-14 18:47 - 00005601 _____ C:\Users\Anthony Espinosa\Desktop\JRT.txt
2015-08-14 18:30 - 2015-08-14 18:30 - 01791580 _____ (Malwarebytes Corporation) C:\Users\Anthony Espinosa\Downloads\JRT(2).exe
2015-08-14 18:26 - 2015-08-14 18:26 - 00035115 _____ C:\AdwCleaner[C3].txt
2015-08-14 18:24 - 2015-08-14 18:25 - 00040002 _____ C:\AdwCleaner[S5].txt
2015-08-14 18:23 - 2015-08-14 18:23 - 01563648 _____ C:\Users\Anthony Espinosa\Downloads\AdwCleaner.exe
2015-08-13 17:27 - 2015-08-13 17:27 - 00000000 ____D C:\Users\Anthony Espinosa\AppData\Roaming\BANDISOFT
2015-08-13 17:26 - 2015-08-14 11:48 - 00000000 ____D C:\Users\Anthony Espinosa\Documents\Bandicam
2015-08-13 17:25 - 2015-08-13 17:25 - 00000963 _____ C:\Users\Familia\Desktop\Bandicam.lnk
2015-08-13 17:25 - 2015-08-13 17:25 - 00000963 _____ C:\Users\Anthony Espinosa\Desktop\Bandicam.lnk
2015-08-13 17:25 - 2015-08-13 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2015-08-13 17:25 - 2015-08-13 17:25 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2015-08-13 17:25 - 2015-08-13 17:25 - 00000000 ____D C:\Program Files (x86)\Bandicam
2015-08-13 17:23 - 2015-08-13 17:23 - 12750520 _____ (Bandisoft) C:\Users\Anthony Espinosa\Downloads\bdcamsetup.exe
2015-08-13 15:01 - 2015-08-13 15:03 - 00055170 _____ C:\Users\Anthony Espinosa\Downloads\Addition.txt
2015-08-13 15:00 - 2015-08-14 19:52 - 00025399 _____ C:\Users\Anthony Espinosa\Downloads\FRST.txt
2015-08-13 15:00 - 2015-08-14 19:52 - 00000000 ____D C:\FRST
2015-08-13 14:59 - 2015-08-13 14:59 - 02173952 _____ (Farbar) C:\Users\Anthony Espinosa\Downloads\FRST64.exe
2015-08-13 11:56 - 2015-08-13 14:57 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-08-13 11:56 - 2015-08-13 11:56 - 64326088 _____ C:\Users\Anthony Espinosa\Downloads\FREEAV.exe
2015-08-13 11:55 - 2015-08-13 14:57 - 00000000 ____D C:\ProgramData\Panda Security
2015-08-13 11:55 - 2015-08-13 11:55 - 02113144 _____ C:\Users\Anthony Espinosa\Downloads\PANDAFREEAV.exe
2015-08-12 03:11 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 03:11 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 00:10 - 2015-07-28 16:09 - 00017344 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-08-12 00:10 - 2015-07-28 16:05 - 01116672 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-08-12 00:10 - 2015-07-28 16:05 - 00774656 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-08-12 00:10 - 2015-07-28 16:05 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-08-12 00:10 - 2015-07-28 16:05 - 00437760 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-08-12 00:10 - 2015-07-28 16:05 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-08-12 00:10 - 2015-07-28 16:05 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-08-12 00:10 - 2015-07-28 15:55 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-08-12 00:10 - 2015-07-15 14:15 - 05568960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-12 00:10 - 2015-07-15 14:15 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-08-12 00:10 - 2015-07-15 14:15 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-08-12 00:10 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-12 00:10 - 2015-07-15 14:12 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-12 00:10 - 2015-07-15 14:11 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-08-12 00:10 - 2015-07-15 14:11 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-08-12 00:10 - 2015-07-15 14:11 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-08-12 00:10 - 2015-07-15 14:11 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-08-12 00:10 - 2015-07-15 14:11 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-08-12 00:10 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-12 00:10 - 2015-07-15 14:10 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-08-12 00:10 - 2015-07-15 14:10 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-08-12 00:10 - 2015-07-15 14:10 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-08-12 00:10 - 2015-07-15 14:10 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-08-12 00:10 - 2015-07-15 14:10 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-08-12 00:10 - 2015-07-15 14:10 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-08-12 00:10 - 2015-07-15 14:10 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-08-12 00:10 - 2015-07-15 14:10 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-08-12 00:10 - 2015-07-15 14:10 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-08-12 00:10 - 2015-07-15 14:10 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-08-12 00:10 - 2015-07-15 14:10 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-08-12 00:10 - 2015-07-15 14:10 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-08-12 00:10 - 2015-07-15 14:10 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-08-12 00:10 - 2015-07-15 14:10 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-08-12 00:10 - 2015-07-15 14:10 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-08-12 00:10 - 2015-07-15 14:10 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-12 00:10 - 2015-07-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-08-12 00:10 - 2015-07-15 14:10 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-08-12 00:10 - 2015-07-15 14:10 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-08-12 00:10 - 2015-07-15 14:10 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-08-12 00:10 - 2015-07-15 14:10 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-08-12 00:10 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-08-12 00:10 - 2015-07-15 14:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-08-12 00:10 - 2015-07-15 14:09 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-08-12 00:10 - 2015-07-15 14:05 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-08-12 00:10 - 2015-07-15 14:05 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-08-12 00:10 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-08-12 00:10 - 2015-07-15 13:56 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-08-12 00:10 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-08-12 00:10 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-08-12 00:10 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-08-12 00:10 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-08-12 00:10 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-08-12 00:10 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-08-12 00:10 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-08-12 00:10 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-08-12 00:10 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-08-12 00:10 - 2015-07-15 13:54 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-08-12 00:10 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-08-12 00:10 - 2015-07-15 13:54 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-08-12 00:10 - 2015-07-15 13:53 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-08-12 00:10 - 2015-07-15 13:53 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-08-12 00:10 - 2015-07-15 13:53 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-08-12 00:10 - 2015-07-15 13:53 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-08-12 00:10 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-08-12 00:10 - 2015-07-15 13:53 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-08-12 00:10 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-08-12 00:10 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 12:46 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-08-12 00:10 - 2015-07-15 12:46 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-08-12 00:10 - 2015-07-15 12:46 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-08-12 00:10 - 2015-07-15 12:37 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-08-12 00:10 - 2015-07-15 12:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-08-12 00:10 - 2015-07-15 12:34 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 12:34 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 12:34 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 00:10 - 2015-07-15 12:34 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 00:09 - 2015-07-20 20:39 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-08-12 00:09 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-08-12 00:09 - 2015-07-16 17:14 - 25192448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-12 00:09 - 2015-07-16 16:54 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-08-12 00:09 - 2015-07-16 16:54 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-08-12 00:09 - 2015-07-16 16:37 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-08-12 00:09 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-12 00:09 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-08-12 00:09 - 2015-07-16 16:36 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-08-12 00:09 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-12 00:09 - 2015-07-16 16:35 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-08-12 00:09 - 2015-07-16 16:27 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-08-12 00:09 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-12 00:09 - 2015-07-16 16:26 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-08-12 00:09 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-08-12 00:09 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-12 00:09 - 2015-07-16 16:21 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-08-12 00:09 - 2015-07-16 16:21 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-08-12 00:09 - 2015-07-16 16:21 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-08-12 00:09 - 2015-07-16 16:20 - 19870208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-08-12 00:09 - 2015-07-16 16:12 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-08-12 00:09 - 2015-07-16 16:08 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-08-12 00:09 - 2015-07-16 16:06 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-08-12 00:09 - 2015-07-16 16:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 00:09 - 2015-07-16 15:55 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-08-12 00:09 - 2015-07-16 15:54 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-08-12 00:09 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-08-12 00:09 - 2015-07-16 15:51 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-08-12 00:09 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-08-12 00:09 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-08-12 00:09 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-08-12 00:09 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-08-12 00:09 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-08-12 00:09 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-08-12 00:09 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-08-12 00:09 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-08-12 00:09 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-08-12 00:09 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-08-12 00:09 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-08-12 00:09 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-12 00:09 - 2015-07-16 15:35 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-08-12 00:09 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-12 00:09 - 2015-07-16 15:33 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-08-12 00:09 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-12 00:09 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-08-12 00:09 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 00:09 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-08-12 00:09 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-08-12 00:09 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-08-12 00:09 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-08-12 00:09 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-12 00:09 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-08-12 00:09 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-08-12 00:09 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-08-12 00:09 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-08-12 00:09 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-12 00:09 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-08-12 00:09 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-08-12 00:09 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-08-12 00:09 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-08-12 00:09 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-12 00:09 - 2015-07-10 13:51 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-12 00:09 - 2015-07-10 13:51 - 00158720 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2015-08-12 00:09 - 2015-07-10 13:51 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-08-12 00:09 - 2015-07-10 13:34 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-08-12 00:09 - 2015-07-10 13:34 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-08-12 00:09 - 2015-07-10 13:33 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-08-12 00:08 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-08-12 00:08 - 2015-07-30 14:06 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-12 00:08 - 2015-07-30 14:06 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-12 00:08 - 2015-07-30 14:06 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-08-12 00:08 - 2015-07-30 14:06 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-12 00:08 - 2015-07-30 14:06 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-08-12 00:08 - 2015-07-30 14:06 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-08-12 00:08 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-08-12 00:08 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-08-12 00:08 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-08-12 00:08 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-08-12 00:08 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-08-12 00:08 - 2015-07-30 13:55 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-08-12 00:08 - 2015-07-30 12:56 - 03208192 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-12 00:08 - 2015-07-30 12:52 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-12 00:08 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-08-12 00:08 - 2015-07-20 14:12 - 03154944 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-08-12 00:08 - 2015-07-20 14:12 - 02606080 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-08-12 00:08 - 2015-07-20 14:12 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-08-12 00:08 - 2015-07-20 14:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-08-12 00:08 - 2015-07-20 14:12 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-08-12 00:08 - 2015-07-20 14:12 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-08-12 00:08 - 2015-07-20 14:12 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-08-12 00:08 - 2015-07-20 14:12 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-08-12 00:08 - 2015-07-20 14:12 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-08-12 00:08 - 2015-07-20 14:12 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-08-12 00:08 - 2015-07-20 14:12 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-08-12 00:08 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-08-12 00:08 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-08-12 00:08 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-08-12 00:08 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-08-12 00:08 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-08-12 00:08 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-12 00:08 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-12 00:08 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-08-12 00:08 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-08-12 00:08 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-08-12 00:08 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-08-12 00:08 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2015-08-12 00:08 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-08-12 00:08 - 2015-07-10 13:51 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-08-12 00:08 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-08-12 00:08 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-12 00:08 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-12 00:08 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-08-12 00:08 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-12 00:08 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-12 00:08 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-08-12 00:08 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-08-12 00:08 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-09 10:00 - 2015-08-09 10:00 - 00000000 ____D C:\Users\Familia\AppData\Local\GWX
2015-08-06 19:05 - 2015-08-14 19:52 - 00000000 ____D C:\ProgramData\WRData
2015-08-06 19:05 - 2015-08-14 19:38 - 00000758 _____ C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2015-08-06 19:05 - 2015-08-06 19:05 - 00166128 _____ (Webroot) C:\windows\SysWOW64\WRusr.dll
2015-08-06 19:05 - 2015-08-06 19:05 - 00116224 _____ (Webroot) C:\windows\system32\Drivers\WRkrn.sys
2015-08-06 19:05 - 2015-08-06 19:05 - 00103816 _____ (Webroot) C:\windows\system32\WRusr.dll
2015-08-06 19:05 - 2015-08-06 19:05 - 00041040 ____T (Webroot) C:\windows\system32\Drivers\wrUrlFlt.sys
2015-08-06 19:05 - 2015-08-06 19:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2015-08-06 19:05 - 2015-08-06 19:05 - 00000000 ____D C:\Program Files\Webroot
2015-08-04 01:01 - 2015-08-04 01:02 - 10129317 _____ C:\Users\Anthony Espinosa\Downloads\11535565_685302108282734_825729577_n.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-14 19:52 - 2013-06-04 07:06 - 01223740 _____ C:\windows\WindowsUpdate.log
2015-08-14 19:49 - 2012-11-09 14:48 - 00000000 ____D C:\Users\Anthony Espinosa\AppData\Roaming\Skype
2015-08-14 19:46 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-14 19:46 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-14 19:39 - 2012-10-02 02:58 - 00000000 ____D C:\Users\Anthony Espinosa
2015-08-14 19:39 - 2012-05-15 06:37 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-08-14 19:38 - 2015-01-08 12:20 - 00398852 _____ C:\windows\PFRO.log
2015-08-14 19:38 - 2015-01-02 14:37 - 00006136 _____ C:\windows\setupact.log
2015-08-14 19:38 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-14 19:32 - 2014-07-21 04:50 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Google
2015-08-14 19:32 - 2014-07-21 04:50 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Comodo
2015-08-14 19:32 - 2014-07-21 04:50 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2015-08-14 19:32 - 2014-07-21 04:50 - 00000000 ____D C:\Users\Guest\AppData\Local\Comodo
2015-08-14 19:32 - 2014-07-21 04:50 - 00000000 ____D C:\Users\Anthony Espinosa\AppData\Local\Comodo
2015-08-14 19:32 - 2014-07-21 04:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2015-08-14 19:32 - 2014-07-21 04:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo
2015-08-14 19:32 - 2012-10-02 07:03 - 00000000 ____D C:\Users\Anthony Espinosa\AppData\Local\Google
2015-08-14 19:30 - 2009-07-13 23:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2015-08-14 19:30 - 2009-07-13 23:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2015-08-14 19:16 - 2012-10-05 00:59 - 00000000 ____D C:\Users\Anthony Espinosa\AppData\Local\CrashDumps
2015-08-14 19:06 - 2012-04-16 03:15 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-08-14 18:26 - 2015-05-15 11:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-14 18:26 - 2014-08-11 18:51 - 00000000 ____D C:\AdwCleaner
2015-08-14 12:02 - 2012-05-15 06:37 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-08-14 04:54 - 2015-01-02 14:52 - 00110184 _____ C:\Users\Anthony Espinosa\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-14 04:54 - 2015-01-02 14:37 - 00412472 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-12 04:07 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2015-08-12 03:28 - 2014-12-10 04:19 - 00000000 ____D C:\windows\system32\appraiser
2015-08-12 03:28 - 2014-05-06 09:27 - 00000000 ___SD C:\windows\system32\CompatTel
2015-08-12 03:09 - 2013-01-06 23:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 03:03 - 2009-07-13 22:34 - 00000583 _____ C:\windows\win.ini
2015-08-11 15:06 - 2012-04-16 03:15 - 00778440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 15:06 - 2012-04-16 03:15 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 15:06 - 2012-04-16 03:15 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-08-09 09:59 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-07 06:53 - 2013-01-13 21:43 - 00000000 ____D C:\Users\Anthony Espinosa\Documents\Patch
2015-08-07 06:49 - 2013-01-13 21:31 - 00000000 ____D C:\Program Files (x86)\Captcha Sniper
2015-08-05 12:04 - 2015-03-22 07:11 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2015-08-04 13:20 - 2014-08-05 04:34 - 00009216 _____ C:\Users\Anthony Espinosa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-02 02:56 - 2012-04-16 03:32 - 00000000 ____D C:\windows\Panther
2015-08-02 02:47 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
2015-07-28 10:37 - 2015-03-21 23:04 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-07-25 01:59 - 2015-04-05 03:00 - 00000000 ___SD C:\windows\system32\GWX
2015-07-17 03:01 - 2015-04-05 03:00 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-07-15 08:56 - 2013-03-06 23:26 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-15 03:26 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions

==================== Files in the root of some directories =======

2015-04-17 23:43 - 2015-04-17 23:43 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2014-08-05 04:34 - 2015-08-04 13:20 - 0009216 _____ () C:\Users\Anthony Espinosa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-05 03:51 - 2015-01-05 03:51 - 0000789 _____ () C:\Users\Anthony Espinosa\AppData\Local\recently-used.xbel

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-12 04:00

==================== End of log ============================

 

 

 

 


Addition log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Anthony Espinosa (2015-08-14 19:53:04)
Running from C:\Users\Anthony Espinosa\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3429040505-1488993759-2191824837-500 - Administrator - Disabled)
Anthony Espinosa (S-1-5-21-3429040505-1488993759-2191824837-1001 - Administrator - Enabled) => C:\Users\Anthony Espinosa
Familia (S-1-5-21-3429040505-1488993759-2191824837-1007 - Administrator - Enabled) => C:\Users\Familia
Guest (S-1-5-21-3429040505-1488993759-2191824837-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3429040505-1488993759-2191824837-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.12.13 - Atheros Communications Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AutoClickExtreme 6.11 (HKLM-x32\...\{9119A44D-E936-4BD3-B973-26152118876F}_is1) (Version:  - AutoClicker Lab)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.3.0.834 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Best Buy pc app (HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\...\e55b814e55744b76) (Version: 3.5.752.2 - Best Buy)
Best Buy pc app (Version: 3.3.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.3.0.0 - Best Buy) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{4FCF716C-CEB4-499D-AFB8-A5375105EC2A}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
Business Contact Manager for Microsoft Outlook 2010 (HKLM-x32\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation)
Business Contact Manager for Microsoft Outlook 2010 (x32 Version: 4.0.11308.0 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Ccleaner Business Edition x64 x86 Tom_Da_Man (HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\...\Ccleaner Business Edition x64 x86 Tom_Da_Man) (Version:  - )
Cisco WebEx Meetings (HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy Calendar 3.6 (HKLM-x32\...\Easy Calendar_is1) (Version:  - )
Extreme Picture Finder 3.26.1.1 (HKLM-x32\...\Extreme Picture Finder_is1) (Version: 3.26.1.1 - Extreme Internet Software)
Fast MP3 Cutter Joiner v3.2 build 1628 (HKLM-x32\...\{246C9716-CB18-492E-8679-5A88B9F73C68}_is1) (Version:  - MP3-CUTTER.NET)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Free MP3 Trimmer (HKLM-x32\...\{68535AC5-7E2D-42B0-BB2D-0B60EECE24CB}) (Version: 1.0.0 - Convert Audio Free)
FreeTrim MP3 4.5.6 (HKLM-x32\...\FreeTrim MP3_is1) (Version:  - FreeTrimMP3 Co., Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 5.8.0.1189 (HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\...\GoToMeeting) (Version: 5.8.0.1189 - CitrixOnline)
GSA Captcha Breaker v1.70 (HKLM-x32\...\GSA Captcha Breaker_is1) (Version: 1.70 - GSA Software)
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
HMA! Pro VPN 2.7.1.7 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.7.1.7 - )
ICQ 8.0 (build 6008, for the current user) (HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\...\ICQ) (Version: 8.0.6008.0 - Mail.Ru)
Intel® Integrated Performance Primitives Run-Time Installer 5.1 for Windows* on IA-32 Intel® Architecture (x32 Version: 5.1.0.0 - Intel Corporation) Hidden
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Mass Video Generator 4.5 (HKLM-x32\...\{F0A6AAD4-2485-4195-AQ91-93QJB9380F9E}_is1) (Version:  - Mass Video Generator)
Mass Video Generator 4.6b (HKLM-x32\...\{F0A6AAD4-2485-4195-AQ11-QWQJB9380FHE}_is1) (Version:  - Mass Video Generator)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{BA4DA261-CB60-4690-B202-44998DFC6986}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MP3 Cutter 10.1.1.a (HKLM-x32\...\0ADABB9A-40B8-47BE-B6E3-6B8384E0BBF9_is1) (Version:  - Accmeware Corporation)
mp3splt (HKLM-x32\...\mp3splt) (Version:  - )
mp3splt-gtk (HKLM-x32\...\mp3splt-gtk) (Version:  - )
Nuvoton CIR Device Drivers (HKLM-x32\...\{EE0C0DA3-DA7E-4EF6-BE23-25BA396E06C3}) (Version: 8.60.3006 - Nuvoton Technology Corporation)
Panda Security URL Filtering (HKLM-x32\...\Panda Security URL Filtering) (Version: 2.0.3.0 - )
PDFlite 1.2.0.0 (HKLM-x32\...\PDFlite) (Version: 1.2.0.0 - Amnis Technology Ltd)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
RtkClassFilter (HKLM-x32\...\InstallShield_{8220FCF2-A57F-4236-BFCC-C6C2268E851E}) (Version: 1.2.1.4 - REALTEK Semiconductor Corp)
RtkClassFilter (x32 Version: 1.2.1.4 - REALTEK Semiconductor Corp) Hidden
Service Pack 1 for SQL Server 2008 (KB968369) (HKLM-x32\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sql Server Customer Experience Improvement Program (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38843 - TeamViewer)
TI Connect™ CE (HKLM-x32\...\{F599EDCC-DA21-4A0A-8990-79BD23DCAAE8}) (Version: 5.0.0.182 - Texas Instruments Inc.)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C9C56642-9AAB-4267-9454-36FF1CC59168}) (Version: 1.3.11.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.21.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.10 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.12 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.17.38 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.7.52020010 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Remote Control Manager (HKLM-x32\...\{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}) (Version: 3.0.1010.1 - TOSHIBA CORPORATION)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.4.01 - TOSHIBA Corporation)
Toshiba Security Dashboard (HKLM-x32\...\ToshibaSD) (Version: 1.0.0.48 - Symantec Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.3.0 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0024.000101 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.5 - TOSHIBA Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0027.640202 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
Traffik Buster (HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\...\Traffik Buster) (Version:  - )
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.1.4 - Tweaking.com)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.1.35 - Webroot)
WhiteHatBox version 2.0 (HKLM-x32\...\{A964F9F1-B238-4893-915A-E2E3AF4EA3A1}_is1) (Version: 2.0 - WhiteHatBox.com)
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (12/02/2011 2.3.8.1) (HKLM\...\EA90D42054890B3938D0BEF1E8A316D20C6D6003) (Version: 12/02/2011 2.3.8.1 - Realtek Semiconductor Corp.)
Windows Essentials Media Codec Pack 4.7 [64-Bit] (HKLM-x32\...\Windows Essentials Media Codec Pack) (Version: 4.7 - Media Codec)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Wondershare Video Editor(Build 4.9.1) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3429040505-1488993759-2191824837-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1189\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

09-08-2015 02:17:07 Windows Update
12-08-2015 03:01:19 Windows Update
14-08-2015 18:44:17 JRT Pre-Junkware Removal
14-08-2015 19:14:36 zoek.exe restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-05-07 08:59 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0129CDFB-4FD0-4C22-9218-E1ACEFF7CB07} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {03DD76ED-79BB-42E7-9315-F9C6BB615C65} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-3429040505-1488993759-2191824837-1001 -> No File <==== ATTENTION
Task: {053B5BBC-101C-467F-BCE2-56C3F688CC80} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {064592E6-131B-4386-B716-5B77ACDB75A9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {0A1AAFC8-2F76-4577-B639-1CCAEE844B05} - \Poppet -> No File <==== ATTENTION
Task: {1D181946-8198-4A9A-A779-79E6D70AABBE} - \{851A1D83-B8B0-49E4-A50D-C31317303EBC} -> No File <==== ATTENTION
Task: {26CE7153-29FA-4986-A914-148A2829720D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {48A60DD6-3CDF-4900-AA26-78E36B2445A3} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-3429040505-1488993759-2191824837-1001 -> No File <==== ATTENTION
Task: {4B398016-BEC5-4DAD-815D-302AB66A162A} - \{86DA9236-BAFE-49B2-9F6D-C9FD46DDE2F6} -> No File <==== ATTENTION
Task: {4C29DDB9-7625-4BA3-9A9A-5E129A49B8A2} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {4FD8D6FE-6A76-4AA1-9EDD-B43A1F0EDE64} - \{62120009-438F-4B2A-ABCC-2EFA09EF02DA} -> No File <==== ATTENTION
Task: {5AEEAAEE-801C-463F-A07A-783413E0E811} - \{D13A9D5D-A295-448D-A05F-E16C39C4557E} -> No File <==== ATTENTION
Task: {7B7CBD1F-4E73-4359-BE94-B6DCEBD66D38} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-3429040505-1488993759-2191824837-1001 -> No File <==== ATTENTION
Task: {7DA22FB8-8074-4BBD-B1C2-2D5EBADF6893} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-3429040505-1488993759-2191824837-1001 -> No File <==== ATTENTION
Task: {90C9E8A6-1BB9-4B8D-95FD-786FC71EAEE9} - \Test TimeTrigger -> No File <==== ATTENTION
Task: {A6DE4610-3FE0-43FC-AE9D-67148E9C2F32} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {A6EF8034-3516-4546-B706-1E7A909D7123} - \Tweaking.com - Windows Repair Tray Icon -> No File <==== ATTENTION
Task: {B8B905AC-28C8-474C-86A1-74B4466E3B98} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {C38496F4-1374-4B67-B376-322C774E3D85} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {C8D5D854-8F1B-4194-8F43-2F207AE51CB4} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {D212A4DB-A7FE-4CA0-941C-3C9D34494FB0} - \{402413DF-E5DD-430F-AB15-20A23CC850B2} -> No File <==== ATTENTION
Task: {FD54477B-255C-4D98-B183-D37A94FA954E} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3429040505-1488993759-2191824837-1001 -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (Whitelisted) ==============

2013-05-09 06:22 - 2005-03-11 14:07 - 00087040 _____ () C:\windows\System32\redmonnt.dll
2012-05-15 06:37 - 2012-02-21 15:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2013-05-06 21:17 - 2013-05-06 21:17 - 01008968 _____ () C:\Users\Anthony Espinosa\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-08-14 04:54 - 2015-08-14 04:54 - 01592632 _____ () C:\Users\Anthony Espinosa\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-05-15 06:37 - 2012-02-21 15:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7686 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Anthony Espinosa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe"
MSCONFIG\startupreg: DelayTSS => "C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe"
MSCONFIG\startupreg: icq => C:\Users\Anthony Espinosa\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosTogKeyMon => %ProgramFiles%\TOSHIBA\FlashCards\TosTogKeyMon.exe /4
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TRCMan => C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
MSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: WRSVC => "C:\Program Files\Webroot\WRSA.exe" -ul

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A40C5147-E66A-4A73-A7EE-B38DB6FB4690}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{45A60D95-BE3B-4C59-9C43-26C47458DA80}] => (Allow) LPort=2869
FirewallRules: [{2EF72914-2400-411F-937C-1445A59C02BE}] => (Allow) LPort=1900
FirewallRules: [{BCAF2287-67CF-4465-9B6B-38809B28B61C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C1C23C2C-6FFF-48B4-85B6-84454E801A44}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{05695051-ACD6-4EB0-91A8-04A1C9BD43A8}] => (Allow) C:\AutoClickExtreme\AutoClicker.exe
FirewallRules: [{95D7F409-F2C0-4FD4-97C8-EBFCA7E1B558}] => (Allow) C:\AutoClickExtreme\AutoClicker.exe
FirewallRules: [{7E467519-AB21-44CD-BCF8-CA4627160893}] => (Allow) C:\AutoClickExtreme\AutoClicker.exe
FirewallRules: [{B54D21CC-C996-4EC2-BC4D-F9CD39D118B5}] => (Allow) C:\AutoClickExtreme\AutoClicker.exe
FirewallRules: [{24F77C16-1D07-4139-977F-6D076F44E618}] => (Allow) C:\Program Files (x86)\HMA! Pro VPN\bin\HMA! Pro VPN.exe
FirewallRules: [{805C581D-AB31-4863-A570-1D3FBDFFF23E}] => (Allow) C:\Program Files (x86)\HMA! Pro VPN\bin\HMA! Pro VPN.exe
FirewallRules: [{5ED349E0-4482-4A26-8F6E-14083B21A2FE}] => (Allow) C:\Program Files (x86)\HMA! Pro VPN\bin\HMA! Pro VPN.exe
FirewallRules: [{0119C5CD-FDC2-4353-AE15-C7A4E405CE41}] => (Allow) C:\Program Files (x86)\HMA! Pro VPN\bin\HMA! Pro VPN.exe
FirewallRules: [{939B92F5-EF60-4961-BE24-0C3F83A1A7D1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0C8357B2-6A9D-4DA1-9AB5-B28020FC3E7B}] => (Allow) C:\Program Files (x86)\GSA Captcha Breaker\GSA_CapBreak.exe
FirewallRules: [{A52FCF5B-EE56-4921-A612-3AD12E9894E9}] => (Allow) C:\Program Files (x86)\GSA Captcha Breaker\GSA_CapBreak.exe
FirewallRules: [{02A82C5A-141A-48C5-8C87-E5251BAD3373}] => (Allow) C:\Program Files (x86)\GSA Captcha Breaker\GSA_CapBreak.exe
FirewallRules: [{4477DD99-6CF4-4F7A-B7BB-09B20C0D32D1}] => (Allow) C:\Program Files (x86)\GSA Captcha Breaker\GSA_CapBreak.exe
FirewallRules: [{F9943E9E-CB01-4C03-B11A-1C4B8B9DD46C}] => (Allow) C:\Program Files (x86)\GSA Captcha Breaker\GSA_CapBreak.exe
FirewallRules: [{D005E8A4-F116-47BA-B298-4081DE7DB1B5}] => (Allow) C:\Users\Anthony Espinosa\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{143D2A72-E11C-457F-B4B6-E6E315586EF3}] => (Allow) C:\Users\Anthony Espinosa\AppData\Roaming\ICQM\icq.exe
FirewallRules: [TCP Query User{497578E1-33FA-4A10-86E3-5086256F70BC}C:\users\anthony espinosa\appdata\roaming\vip72 socks client\vip72socks.exe] => (Allow) C:\users\anthony espinosa\appdata\roaming\vip72 socks client\vip72socks.exe
FirewallRules: [UDP Query User{974DFE99-81D4-489A-A009-26A8F3E67896}C:\users\anthony espinosa\appdata\roaming\vip72 socks client\vip72socks.exe] => (Allow) C:\users\anthony espinosa\appdata\roaming\vip72 socks client\vip72socks.exe
FirewallRules: [TCP Query User{99E0A20A-9AD3-4FAB-BF0F-93A73433CB21}C:\users\anthony espinosa\appdata\roaming\vip72 socks client\vip72socks.exe] => (Allow) C:\users\anthony espinosa\appdata\roaming\vip72 socks client\vip72socks.exe
FirewallRules: [UDP Query User{0276A72D-46F4-4045-843A-6EFAC928D70A}C:\users\anthony espinosa\appdata\roaming\vip72 socks client\vip72socks.exe] => (Allow) C:\users\anthony espinosa\appdata\roaming\vip72 socks client\vip72socks.exe
FirewallRules: [{3D976F79-BD84-4F99-A3D7-F3FFD6EC198A}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [{EA25EDEC-92D5-4DFB-947C-94478FC95B2A}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [{FAEC2632-5FF4-41C2-9FFF-6AB219B5E36C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4C62FC8F-5082-4B70-B4EA-EE2B19F30C7A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1B48E9E7-9651-4C3C-915B-2DFA9A35802B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1BBD44A7-4691-4EDC-908F-C345A90D804E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A8205F1B-C740-4583-AD4C-A5F583EE73D9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5ED4D163-D023-4AF5-BE01-673BA077BBFE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{92A8495B-48AE-4CFF-B25B-8A13C5750F2D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E63650DA-5097-4BB6-B612-CDADF70C28DA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{3E12D8E6-FD3E-4E60-805C-1F61A2ABCB10}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC
Description: Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8192Ce
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: LGE Android Phone
Description: LGE Android Phone
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2015 07:14:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DaS_21.exe, version: 2.1.0.4, time stamp: 0x540c90b2
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18933, time stamp: 0x55a6a16f
Exception code: 0xe0434352
Fault offset: 0x000000000000b3dd
Faulting process id: 0x1c08
Faulting application start time: 0xDaS_21.exe0
Faulting application path: DaS_21.exe1
Faulting module path: DaS_21.exe2
Report Id: DaS_21.exe3

Error: (08/14/2015 07:14:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentOutOfRangeException
Stack:
   at System.String.InternalSubStringWithChecks(Int32, Int32, Boolean)
   at DriverAndServicesOut.GetProcess.GetPathName(System.String)
   at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
   at DriverAndServicesOut.Program.Main(System.String[])

Error: (08/14/2015 07:14:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 38.0.5.5623, time stamp: 0x5563c49a
Faulting module name: mozalloc.dll, version: 38.0.5.5623, time stamp: 0x5563b229
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x165c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (08/14/2015 07:14:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 38.0.5.5623 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a1c

Start Time: 01d0d6e6baf244f4

Termination Time: 55

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id:

Error: (08/14/2015 07:10:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 38.0.5.5623 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 120c

Start Time: 01d0d6e6190facfe

Termination Time: 50

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id:

Error: (08/14/2015 07:10:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 38.0.5.5623, time stamp: 0x5563c49a
Faulting module name: mozalloc.dll, version: 38.0.5.5623, time stamp: 0x5563b229
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1044
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (08/14/2015 06:40:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 38.0.5.5623, time stamp: 0x5563c49a
Faulting module name: mozalloc.dll, version: 38.0.5.5623, time stamp: 0x5563b229
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x160c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (08/14/2015 06:23:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 38.0.5.5623, time stamp: 0x5563c49a
Faulting module name: mozalloc.dll, version: 38.0.5.5623, time stamp: 0x5563b229
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x2748
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (08/14/2015 02:27:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HD-Frontend.exe, version: 0.9.30.4239, time stamp: 0x5580570b
Faulting module name: HD-OpenGl-Native.dll, version: 0.9.30.4239, time stamp: 0x558056f2
Exception code: 0xc0000005
Fault offset: 0x000513da
Faulting process id: 0x%9
Faulting application start time: 0xHD-Frontend.exe0
Faulting application path: HD-Frontend.exe1
Faulting module path: HD-Frontend.exe2
Report Id: HD-Frontend.exe3

Error: (08/14/2015 02:23:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 38.0.5.5623, time stamp: 0x5563c49a
Faulting module name: mozalloc.dll, version: 38.0.5.5623, time stamp: 0x5563b229
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x17e4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============
Error: (08/14/2015 07:52:40 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (08/14/2015 07:40:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (08/14/2015 07:38:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SABKUTIL

Error: (08/14/2015 07:38:25 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (08/14/2015 07:29:29 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/14/2015 07:29:29 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/14/2015 07:29:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/14/2015 07:29:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/14/2015 07:29:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/14/2015 07:29:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.


Microsoft Office:
=========================
Error: (08/14/2015 07:14:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DaS_21.exe2.1.0.4540c90b2KERNELBASE.dll6.1.7601.1893355a6a16fe0434352000000000000b3dd1c0801d0d6e702ecd93eC:\Users\ANTHON~1\AppData\Local\Temp\DaS_21.exeC:\windows\system32\KERNELBASE.dll44d938fb-42da-11e5-9a5a-00266c16835c

Error: (08/14/2015 07:14:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentOutOfRangeException
Stack:
   at System.String.InternalSubStringWithChecks(Int32, Int32, Boolean)
   at DriverAndServicesOut.GetProcess.GetPathName(System.String)
   at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
   at DriverAndServicesOut.Program.Main(System.String[])

Error: (08/14/2015 07:14:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.5.56235563c49amozalloc.dll38.0.5.56235563b2298000000300001aa1165c01d0d6e6cb35b2c4C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll2a743125-42da-11e5-9a5a-00266c16835c

Error: (08/14/2015 07:14:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe38.0.5.56231a1c01d0d6e6baf244f455C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Error: (08/14/2015 07:10:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe38.0.5.5623120c01d0d6e6190facfe50C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Error: (08/14/2015 07:10:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.5.56235563c49amozalloc.dll38.0.5.56235563b2298000000300001aa1104401d0d6e628828ce6C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla8410ba8-42d9-11e5-9a5a-00266c16835c

Error: (08/14/2015 06:40:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.5.56235563c49amozalloc.dll38.0.5.56235563b2298000000300001aa1160c01d0d6e211d4d761C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll7e5a6ed3-42d5-11e5-9a5a-00266c16835c

Error: (08/14/2015 06:23:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.5.56235563c49amozalloc.dll38.0.5.56235563b2298000000300001aa1274801d0d6bec65c1c30C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll1d38c650-42d3-11e5-9082-00266c16835c

Error: (08/14/2015 02:27:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HD-Frontend.exe0.9.30.42395580570bHD-OpenGl-Native.dll0.9.30.4239558056f2c0000005000513da

Error: (08/14/2015 02:23:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.5.56235563c49amozalloc.dll38.0.5.56235563b2298000000300001aa117e401d0d66efd62ed32C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll9eea603f-42b1-11e5-9082-00266c16835c


CodeIntegrity:
===================================
  Date: 2015-05-07 08:58:40.900
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-07 08:58:40.854
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-11 11:36:36.958
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-11 11:36:36.942
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-11 11:36:36.927
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-11 11:36:36.911
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-11 09:49:21.593
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-11 09:49:21.577
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-11 09:49:21.577
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-11 09:49:21.562
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 37%
Total physical RAM: 6061.32 MB
Available physical RAM: 3810.7 MB
Total Virtual: 12120.85 MB
Available Virtual: 9754.61 MB

==================== Drives ================================

Drive c: (TI106420W0E) (Fixed) (Total:916.05 GB) (Free:794.87 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 7DD71F1D)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=916.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=17)

==================== End of log ============================

 

 

System Summary Information

 

 

Summary

You aren't permitted to upload this kind of file



#4 Sternritter-A

Sternritter-A
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 14 August 2015 - 07:43 PM

file:///C:/Users/Anthony Espinosa/Documents/Summary

<?xml version="1.0"?>
<MsInfo>
<Metadata>
<Version>8.0</Version>
<CreationUTC>08/15/15 00:00:25</CreationUTC>
</Metadata>
<Category name="System Summary">
<Data>
<Item><![CDATA[OS Name]]></Item>
<Value><![CDATA[Microsoft Windows 7 Home Premium]]></Value>
</Data>
<Data>
<Item><![CDATA[Version]]></Item>
<Value><![CDATA[6.1.7601 Service Pack 1 Build 7601]]></Value>
</Data>
<Data>
<Item><![CDATA[Other OS Description ]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[OS Manufacturer]]></Item>
<Value><![CDATA[Microsoft Corporation]]></Value>
</Data>
<Data>
<Item><![CDATA[System Name]]></Item>
<Value><![CDATA[ANTHONYESPINOSA]]></Value>
</Data>
<Data>
<Item><![CDATA[System Manufacturer]]></Item>
<Value><![CDATA[TOSHIBA]]></Value>
</Data>
<Data>
<Item><![CDATA[System Model]]></Item>
<Value><![CDATA[TOSHIBA LX835]]></Value>
</Data>
<Data>
<Item><![CDATA[System Type]]></Item>
<Value><![CDATA[x64-based PC]]></Value>
</Data>
<Data>
<Item><![CDATA[Processor]]></Item>
<Value><![CDATA[Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz, 2400 Mhz, 2 Core(s), 4 Logical Processor(s)]]></Value>
</Data>
<Data>
<Item><![CDATA[BIOS Version/Date]]></Item>
<Value><![CDATA[Insyde Corp. 1.10, 4/18/2012]]></Value>
</Data>
<Data>
<Item><![CDATA[SMBIOS Version]]></Item>
<Value><![CDATA[2.7]]></Value>
</Data>
<Data>
<Item><![CDATA[Windows Directory]]></Item>
<Value><![CDATA[C:\windows]]></Value>
</Data>
<Data>
<Item><![CDATA[System Directory]]></Item>
<Value><![CDATA[C:\windows\system32]]></Value>
</Data>
<Data>
<Item><![CDATA[Boot Device]]></Item>
<Value><![CDATA[\Device\HarddiskVolume1]]></Value>
</Data>
<Data>
<Item><![CDATA[Locale]]></Item>
<Value><![CDATA[United States]]></Value>
</Data>
<Data>
<Item><![CDATA[Hardware Abstraction Layer]]></Item>
<Value><![CDATA[Version = "6.1.7601.17514"]]></Value>
</Data>
<Data>
<Item><![CDATA[User Name]]></Item>
<Value><![CDATA[AnthonyEspinosa\Anthony Espinosa]]></Value>
</Data>
<Data>
<Item><![CDATA[Time Zone]]></Item>
<Value><![CDATA[Eastern Daylight Time]]></Value>
</Data>
<Data>
<Item><![CDATA[Installed Physical Memory (RAM)]]></Item>
<Value><![CDATA[6.00 GB]]></Value>
</Data>
<Data>
<Item><![CDATA[Total Physical Memory]]></Item>
<Value><![CDATA[5.92 GB]]></Value>
</Data>
<Data>
<Item><![CDATA[Available Physical Memory]]></Item>
<Value><![CDATA[3.96 GB]]></Value>
</Data>
<Data>
<Item><![CDATA[Total Virtual Memory]]></Item>
<Value><![CDATA[11.8 GB]]></Value>
</Data>
<Data>
<Item><![CDATA[Available Virtual Memory]]></Item>
<Value><![CDATA[9.67 GB]]></Value>
</Data>
<Data>
<Item><![CDATA[Page File Space]]></Item>
<Value><![CDATA[5.92 GB]]></Value>
</Data>
<Data>
<Item><![CDATA[Page File]]></Item>
<Value><![CDATA[C:\pagefile.sys]]></Value>
</Data>
<Category name="Hardware Resources">
<Category name="Conflicts/Sharing">
<Data>
<Resource><![CDATA[I/O Port 0x00000000-0x0000001F]]></Resource>
<Device><![CDATA[Direct memory access controller]]></Device>
</Data>
<Data>
<Resource><![CDATA[I/O Port 0x00000000-0x0000001F]]></Resource>
<Device><![CDATA[PCI bus]]></Device>
</Data>
<Data>
<Resource><![CDATA[]]></Resource>
<Device><![CDATA[]]></Device>
</Data>
<Data>
<Resource><![CDATA[I/O Port 0x00000070-0x00000077]]></Resource>
<Device><![CDATA[System CMOS/real time clock]]></Device>
</Data>
<Data>
<Resource><![CDATA[I/O Port 0x00000070-0x00000077]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
</Data>
<Data>
<Resource><![CDATA[]]></Resource>
<Device><![CDATA[]]></Device>
</Data>
<Data>
<Resource><![CDATA[Memory Address 0xAFA00000-0xFEAFFFFF]]></Resource>
<Device><![CDATA[PCI bus]]></Device>
</Data>
<Data>
<Resource><![CDATA[Memory Address 0xAFA00000-0xFEAFFFFF]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
</Data>
<Data>
<Resource><![CDATA[]]></Resource>
<Device><![CDATA[]]></Device>
</Data>
<Data>
<Resource><![CDATA[I/O Port 0x00003000-0x0000307F]]></Resource>
<Device><![CDATA[Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20)]]></Device>
</Data>
<Data>
<Resource><![CDATA[I/O Port 0x00003000-0x0000307F]]></Resource>
<Device><![CDATA[Intel(R) 7 Series/C216 Chipset Family PCI Express Root Port 1 - 1E10]]></Device>
</Data>
<Data>
<Resource><![CDATA[]]></Resource>
<Device><![CDATA[]]></Device>
</Data>
<Data>
<Resource><![CDATA[Memory Address 0xFF000000-0xFFFFFFFF]]></Resource>
<Device><![CDATA[Intel(R) 82802 Firmware Hub Device]]></Device>
</Data>
<Data>
<Resource><![CDATA[Memory Address 0xFF000000-0xFFFFFFFF]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
</Data>
<Data>
<Resource><![CDATA[]]></Resource>
<Device><![CDATA[]]></Device>
</Data>
<Data>
<Resource><![CDATA[IRQ 16]]></Resource>
<Device><![CDATA[Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20)]]></Device>
</Data>
<Data>
<Resource><![CDATA[IRQ 16]]></Resource>
<Device><![CDATA[Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D]]></Device>
</Data>
<Data>
<Resource><![CDATA[IRQ 16]]></Resource>
<Device><![CDATA[Intel(R) Management Engine Interface ]]></Device>
</Data>
<Data>
<Resource><![CDATA[IRQ 16]]></Resource>
<Device><![CDATA[Intel(R) 7 Series/C216 Chipset Family PCI Express Root Port 2 - 1E12]]></Device>
</Data>
<Data>
<Resource><![CDATA[]]></Resource>
<Device><![CDATA[]]></Device>
</Data>
<Data>
<Resource><![CDATA[Memory Address 0xA0000-0xBFFFF]]></Resource>
<Device><![CDATA[PCI bus]]></Device>
</Data>
<Data>
<Resource><![CDATA[Memory Address 0xA0000-0xBFFFF]]></Resource>
<Device><![CDATA[Intel(R) HD Graphics 3000]]></Device>
</Data>
<Data>
<Resource><![CDATA[]]></Resource>
<Device><![CDATA[]]></Device>
</Data>
<Data>
<Resource><![CDATA[I/O Port 0x0000FFFF-0x0000FFFF]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
</Data>
<Data>
<Resource><![CDATA[I/O Port 0x0000FFFF-0x0000FFFF]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
</Data>
<Data>
<Resource><![CDATA[]]></Resource>
<Device><![CDATA[]]></Device>
</Data>
<Data>
<Resource><![CDATA[Memory Address 0xB8500000-0xB853FFFF]]></Resource>
<Device><![CDATA[Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20)]]></Device>
</Data>
<Data>
<Resource><![CDATA[Memory Address 0xB8500000-0xB853FFFF]]></Resource>
<Device><![CDATA[Intel(R) 7 Series/C216 Chipset Family PCI Express Root Port 1 - 1E10]]></Device>
</Data>
<Data>
<Resource><![CDATA[]]></Resource>
<Device><![CDATA[]]></Device>
</Data>
</Category>
<Category name="DMA">
<Data>
<Resource><![CDATA[Channel 4]]></Resource>
<Device><![CDATA[Direct memory access controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
</Category>
<Category name="Forced Hardware">
<Data>
<Device></Device>
<PNP_Device_ID></PNP_Device_ID>
</Data>
</Category>
<Category name="I/O">
<Data>
<Resource><![CDATA[0x00000620-0x0000063F]]></Resource>
<Device><![CDATA[Nuvoton HID CIR Receiver]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00004040-0x0000405F]]></Resource>
<Device><![CDATA[Intel(R) 7 Series/C216 Chipset Family SMBus Host Controller - 1E22]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000454-0x00000457]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000020-0x00000021]]></Resource>
<Device><![CDATA[Programmable interrupt controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000024-0x00000025]]></Resource>
<Device><![CDATA[Programmable interrupt controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000028-0x00000029]]></Resource>
<Device><![CDATA[Programmable interrupt controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x0000002C-0x0000002D]]></Resource>
<Device><![CDATA[Programmable interrupt controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000030-0x00000031]]></Resource>
<Device><![CDATA[Programmable interrupt controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000034-0x00000035]]></Resource>
<Device><![CDATA[Programmable interrupt controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000038-0x00000039]]></Resource>
<Device><![CDATA[Programmable interrupt controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x0000003C-0x0000003D]]></Resource>
<Device><![CDATA[Programmable interrupt controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x000000A0-0x000000A1]]></Resource>
<Device><![CDATA[Programmable interrupt controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x000000A4-0x000000A5]]></Resource>
<Device><![CDATA[Programmable interrupt controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x000000A8-0x000000A9]]></Resource>
<Device><![CDATA[Programmable interrupt controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x000000AC-0x000000AD]]></Resource>
<Device><![CDATA[Programmable interrupt controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x000000B0-0x000000B1]]></Resource>
<Device><![CDATA[Programmable interrupt controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x000000B4-0x000000B5]]></Resource>
<Device><![CDATA[Programmable interrupt controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x000000B8-0x000000B9]]></Resource>
<Device><![CDATA[Programmable interrupt controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x000000BC-0x000000BD]]></Resource>
<Device><![CDATA[Programmable interrupt controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x000004D0-0x000004D1]]></Resource>
<Device><![CDATA[Programmable interrupt controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00003000-0x0000307F]]></Resource>
<Device><![CDATA[Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20)]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00003000-0x0000307F]]></Resource>
<Device><![CDATA[Intel(R) 7 Series/C216 Chipset Family PCI Express Root Port 1 - 1E10]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000040-0x00000043]]></Resource>
<Device><![CDATA[System timer]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000050-0x00000053]]></Resource>
<Device><![CDATA[System timer]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000000-0x0000001F]]></Resource>
<Device><![CDATA[Direct memory access controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000000-0x0000001F]]></Resource>
<Device><![CDATA[PCI bus]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000081-0x00000091]]></Resource>
<Device><![CDATA[Direct memory access controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000093-0x0000009F]]></Resource>
<Device><![CDATA[Direct memory access controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x000000C0-0x000000DF]]></Resource>
<Device><![CDATA[Direct memory access controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000060-0x00000060]]></Resource>
<Device><![CDATA[Standard PS/2 Keyboard]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000064-0x00000064]]></Resource>
<Device><![CDATA[Standard PS/2 Keyboard]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000D00-0x0000FFFF]]></Resource>
<Device><![CDATA[PCI bus]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000070-0x00000077]]></Resource>
<Device><![CDATA[System CMOS/real time clock]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000070-0x00000077]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00004000-0x0000403F]]></Resource>
<Device><![CDATA[Intel(R) HD Graphics 3000]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x000003B0-0x000003BB]]></Resource>
<Device><![CDATA[Intel(R) HD Graphics 3000]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x000003C0-0x000003DF]]></Resource>
<Device><![CDATA[Intel(R) HD Graphics 3000]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x0000002E-0x0000002F]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x0000004E-0x0000004F]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000061-0x00000061]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000063-0x00000063]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000062-0x00000062]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000065-0x00000065]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000066-0x00000066]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000067-0x00000067]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000068-0x00000068]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x0000006C-0x0000006C]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000080-0x00000080]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000092-0x00000092]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x000000B2-0x000000B3]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000680-0x0000069F]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00001000-0x0000100F]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x0000FFFF-0x0000FFFF]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x0000FFFF-0x0000FFFF]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000400-0x00000453]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000458-0x0000047F]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00000500-0x0000057F]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x0000164E-0x0000164F]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00004088-0x0000408F]]></Resource>
<Device><![CDATA[Intel(R) 7 Series Chipset Family SATA AHCI Controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00004094-0x00004097]]></Resource>
<Device><![CDATA[Intel(R) 7 Series Chipset Family SATA AHCI Controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00004080-0x00004087]]></Resource>
<Device><![CDATA[Intel(R) 7 Series Chipset Family SATA AHCI Controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00004090-0x00004093]]></Resource>
<Device><![CDATA[Intel(R) 7 Series Chipset Family SATA AHCI Controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00004060-0x0000407F]]></Resource>
<Device><![CDATA[Intel(R) 7 Series Chipset Family SATA AHCI Controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x000000F0-0x000000F0]]></Resource>
<Device><![CDATA[Numeric data processor]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x00002000-0x00002FFF]]></Resource>
<Device><![CDATA[Intel(R) 7 Series/C216 Chipset Family PCI Express Root Port 2 - 1E12]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
</Category>
<Category name="IRQs">
<Data>
<Resource><![CDATA[IRQ 22]]></Resource>
<Device><![CDATA[High Definition Audio Controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 4]]></Resource>
<Device><![CDATA[Nuvoton HID CIR Receiver]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 81]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 82]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 83]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 84]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 85]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 86]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 87]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 88]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 89]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 90]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 91]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 92]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 93]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 94]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 95]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 96]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 97]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 98]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 99]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 100]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 101]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 102]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 103]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 104]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 105]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 106]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 107]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 108]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 109]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 110]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 111]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 112]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 113]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 114]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 115]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 116]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 117]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 118]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 119]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 120]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 121]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 122]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 123]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 124]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 125]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 126]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 127]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 128]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 129]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 130]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 131]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 132]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 133]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 134]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 135]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 136]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 137]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 138]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 139]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 140]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 141]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 142]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 143]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 144]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 145]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 146]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 147]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 148]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 149]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 150]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 151]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 152]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 153]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 154]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 155]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 156]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 157]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 158]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 159]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 160]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 161]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 162]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 163]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 164]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 165]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 166]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 167]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 168]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 169]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 170]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 171]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 172]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 173]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 174]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 175]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 176]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 177]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 178]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 179]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 180]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 181]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 182]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 183]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 184]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 185]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 186]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 187]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 188]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 189]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 190]]></Resource>
<Device><![CDATA[Microsoft ACPI-Compliant System]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 10]]></Resource>
<Device><![CDATA[Intel(R) 7 Series/C216 Chipset Family SMBus Host Controller - 1E22]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 16]]></Resource>
<Device><![CDATA[Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20)]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 16]]></Resource>
<Device><![CDATA[Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 16]]></Resource>
<Device><![CDATA[Intel(R) Management Engine Interface ]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 16]]></Resource>
<Device><![CDATA[Intel(R) 7 Series/C216 Chipset Family PCI Express Root Port 2 - 1E12]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 23]]></Resource>
<Device><![CDATA[Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 0]]></Resource>
<Device><![CDATA[System timer]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 1]]></Resource>
<Device><![CDATA[Standard PS/2 Keyboard]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 8]]></Resource>
<Device><![CDATA[System CMOS/real time clock]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 4294967294]]></Resource>
<Device><![CDATA[Intel(R) HD Graphics 3000]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 4294967293]]></Resource>
<Device><![CDATA[Intel(R) USB 3.0 eXtensible Host Controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 19]]></Resource>
<Device><![CDATA[Intel(R) 7 Series Chipset Family SATA AHCI Controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 13]]></Resource>
<Device><![CDATA[Numeric data processor]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[IRQ 17]]></Resource>
<Device><![CDATA[Intel(R) 7 Series/C216 Chipset Family PCI Express Root Port 1 - 1E10]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
</Category>
<Category name="Memory">
<Data>
<Resource><![CDATA[0xB8610000-0xB8613FFF]]></Resource>
<Device><![CDATA[High Definition Audio Controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xFF000000-0xFFFFFFFF]]></Resource>
<Device><![CDATA[Intel(R) 82802 Firmware Hub Device]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xFF000000-0xFFFFFFFF]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xB8615000-0xB86150FF]]></Resource>
<Device><![CDATA[Intel(R) 7 Series/C216 Chipset Family SMBus Host Controller - 1E22]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xB8500000-0xB853FFFF]]></Resource>
<Device><![CDATA[Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20)]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xB8500000-0xB853FFFF]]></Resource>
<Device><![CDATA[Intel(R) 7 Series/C216 Chipset Family PCI Express Root Port 1 - 1E10]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xB8618000-0xB86183FF]]></Resource>
<Device><![CDATA[Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xFED00000-0xFED003FF]]></Resource>
<Device><![CDATA[High precision event timer]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xB8619000-0xB86193FF]]></Resource>
<Device><![CDATA[Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xA0000-0xBFFFF]]></Resource>
<Device><![CDATA[PCI bus]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xA0000-0xBFFFF]]></Resource>
<Device><![CDATA[Intel(R) HD Graphics 3000]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xAFA00000-0xFEAFFFFF]]></Resource>
<Device><![CDATA[PCI bus]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xAFA00000-0xFEAFFFFF]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xB8000000-0xB83FFFFF]]></Resource>
<Device><![CDATA[Intel(R) HD Graphics 3000]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xB0000000-0xB7FFFFFF]]></Resource>
<Device><![CDATA[Intel(R) HD Graphics 3000]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xB8600000-0xB860FFFF]]></Resource>
<Device><![CDATA[Intel(R) USB 3.0 eXtensible Host Controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x20000000-0x201FFFFF]]></Resource>
<Device><![CDATA[System board]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0x40000000-0x401FFFFF]]></Resource>
<Device><![CDATA[System board]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xFED1C000-0xFED1FFFF]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xFED10000-0xFED17FFF]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xFED18000-0xFED18FFF]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xFED19000-0xFED19FFF]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xE0000000-0xEFFFFFFF]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xFED20000-0xFED3FFFF]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xFED90000-0xFED93FFF]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xFEE00000-0xFEEFFFFF]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xFF700000-0xFF7001FF]]></Resource>
<Device><![CDATA[Motherboard resources]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xB8617000-0xB86177FF]]></Resource>
<Device><![CDATA[Intel(R) 7 Series Chipset Family SATA AHCI Controller]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xB8614000-0xB861400F]]></Resource>
<Device><![CDATA[Intel(R) Management Engine Interface ]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
<Data>
<Resource><![CDATA[0xB8400000-0xB84FFFFF]]></Resource>
<Device><![CDATA[Intel(R) 7 Series/C216 Chipset Family PCI Express Root Port 2 - 1E12]]></Device>
<Status><![CDATA[OK]]></Status>
</Data>
</Category>
</Category>
<Category name="Components">
<Category name="Multimedia">
<Category name="Audio Codecs">
<Data>
<CODEC><![CDATA[c:\windows\system32\msadp32.acm]]></CODEC>
<Manufacturer><![CDATA[Microsoft Corporation]]></Manufacturer>
<Description><![CDATA[]]></Description>
<Status><![CDATA[OK]]></Status>
<File><![CDATA[C:\windows\system32\MSADP32.ACM]]></File>
<Version><![CDATA[6.1.7600.16385]]></Version>
<Size><![CDATA[23.50 KB (24,064 bytes)]]></Size>
<Creation_Date><![CDATA[7/13/2009 8:18 PM]]></Creation_Date>
</Data>
<Data>
<CODEC><![CDATA[c:\windows\system32\msgsm32.acm]]></CODEC>
<Manufacturer><![CDATA[Microsoft Corporation]]></Manufacturer>
<Description><![CDATA[]]></Description>
<Status><![CDATA[OK]]></Status>
<File><![CDATA[C:\windows\system32\MSGSM32.ACM]]></File>
<Version><![CDATA[6.1.7600.16385]]></Version>
<Size><![CDATA[28.50 KB (29,184 bytes)]]></Size>
<Creation_Date><![CDATA[7/13/2009 8:18 PM]]></Creation_Date>
</Data>
<Data>
<CODEC><![CDATA[c:\windows\system32\msg711.acm]]></CODEC>
<Manufacturer><![CDATA[Microsoft Corporation]]></Manufacturer>
<Description><![CDATA[]]></Description>
<Status><![CDATA[OK]]></Status>
<File><![CDATA[C:\windows\system32\MSG711.ACM]]></File>
<Version><![CDATA[6.1.7600.16385]]></Version>
<Size><![CDATA[14.50 KB (14,848 bytes)]]></Size>
<Creation_Date><![CDATA[7/13/2009 8:18 PM]]></Creation_Date>
</Data>
<Data>
<CODEC><![CDATA[c:\windows\system32\imaadp32.acm]]></CODEC>
<Manufacturer><![CDATA[Microsoft Corporation]]></Manufacturer>
<Description><![CDATA[]]></Description>
<Status><![CDATA[OK]]></Status>
<File><![CDATA[C:\windows\system32\IMAADP32.ACM]]></File>
<Version><![CDATA[6.1.7600.16385]]></Version>
<Size><![CDATA[21.50 KB (22,016 bytes)]]></Size>
<Creation_Date><![CDATA[7/13/2009 8:18 PM]]></Creation_Date>
</Data>
<Data>
<CODEC><![CDATA[c:\windows\system32\l3codeca.acm]]></CODEC>
<Manufacturer><![CDATA[Fraunhofer Institut Integrierte Schaltungen IIS]]></Manufacturer>
<Description><![CDATA[Fraunhofer IIS MPEG Layer-3 Codec]]></Description>
<Status><![CDATA[OK]]></Status>
<File><![CDATA[C:\windows\system32\L3CODECA.ACM]]></File>
<Version><![CDATA[1.9.0.401]]></Version>
<Size><![CDATA[79.50 KB (81,408 bytes)]]></Size>
<Creation_Date><![CDATA[7/13/2009 8:22 PM]]></Creation_Date>
</Data>
<Data>
<CODEC><![CDATA[c:\windows\system32\bdmpeg~1.acm]]></CODEC>
<Manufacturer><![CDATA[Not Available]]></Manufacturer>
<Description><![CDATA[Bandi MPEG-1 Audio]]></Description>
<Status><![CDATA[OK]]></Status>
<File><![CDATA[C:\windows\system32\BDMPEGA64.ACM]]></File>
<Version><![CDATA[Not Available]]></Version>
<Size><![CDATA[69.05 KB (70,712 bytes)]]></Size>
<Creation_Date><![CDATA[8/5/2013 2:15 AM]]></Creation_Date>
</Data>
</Category>
<Category name="Video Codecs">
<Data>
<CODEC><![CDATA[c:\windows\system32\tsbyuv.dll]]></CODEC>
<Manufacturer><![CDATA[Microsoft Corporation]]></Manufacturer>
<Description><![CDATA[]]></Description>
<Status><![CDATA[OK]]></Status>
<File><![CDATA[C:\windows\system32\TSBYUV.DLL]]></File>
<Version><![CDATA[6.1.7601.17514]]></Version>
<Size><![CDATA[14.50 KB (14,848 bytes)]]></Size>
<Creation_Date><![CDATA[11/20/2010 10:24 PM]]></Creation_Date>
</Data>
<Data>
<CODEC><![CDATA[c:\windows\system32\msvidc32.dll]]></CODEC>
<Manufacturer><![CDATA[Microsoft Corporation]]></Manufacturer>
<Description><![CDATA[]]></Description>
<Status><![CDATA[OK]]></Status>
<File><![CDATA[C:\windows\system32\MSVIDC32.DLL]]></File>
<Version><![CDATA[6.1.7601.17514]]></Version>
<Size><![CDATA[38.00 KB (38,912 bytes)]]></Size>
<Creation_Date><![CDATA[11/20/2010 10:24 PM]]></Creation_Date>
</Data>
<Data>
<CODEC><![CDATA[c:\windows\system32\iyuv_32.dll]]></CODEC>
<Manufacturer><![CDATA[Microsoft Corporation]]></Manufacturer>
<Description><![CDATA[]]></Description>
<Status><![CDATA[OK]]></Status>
<File><![CDATA[C:\windows\system32\IYUV_32.DLL]]></File>
<Version><![CDATA[6.1.7601.17514]]></Version>
<Size><![CDATA[53.00 KB (54,272 bytes)]]></Size>
<Creation_Date><![CDATA[11/20/2010 10:24 PM]]></Creation_Date>
</Data>
<Data>
<CODEC><![CDATA[c:\windows\system32\msyuv.dll]]></CODEC>
<Manufacturer><![CDATA[Microsoft Corporation]]></Manufacturer>
<Description><![CDATA[]]></Description>
<Status><![CDATA[OK]]></Status>
<File><![CDATA[C:\windows\system32\MSYUV.DLL]]></File>
<Version><![CDATA[6.1.7601.17514]]></Version>
<Size><![CDATA[25.00 KB (25,600 bytes)]]></Size>
<Creation_Date><![CDATA[11/20/2010 10:24 PM]]></Creation_Date>
</Data>
<Data>
<CODEC><![CDATA[c:\windows\system32\msrle32.dll]]></CODEC>
<Manufacturer><![CDATA[Microsoft Corporation]]></Manufacturer>
<Description><![CDATA[]]></Description>
<Status><![CDATA[OK]]></Status>
<File><![CDATA[C:\windows\system32\MSRLE32.DLL]]></File>
<Version><![CDATA[6.1.7601.17514]]></Version>
<Size><![CDATA[16.00 KB (16,384 bytes)]]></Size>
<Creation_Date><![CDATA[11/20/2010 10:24 PM]]></Creation_Date>
</Data>
<Data>
<CODEC><![CDATA[c:\windows\system32\xvidvfw.dll]]></CODEC>
<Manufacturer><![CDATA[Not Available]]></Manufacturer>
<Description><![CDATA[Xvid MPEG-4 Video Codec]]></Description>
<Status><![CDATA[OK]]></Status>
<File><![CDATA[C:\windows\system32\XVIDVFW.DLL]]></File>
<Version><![CDATA[Not Available]]></Version>
<Size><![CDATA[245.50 KB (251,392 bytes)]]></Size>
<Creation_Date><![CDATA[12/31/2014 5:21 PM]]></Creation_Date>
</Data>
<Data>
<CODEC><![CDATA[c:\windows\system32\bdmjpe~1.dll]]></CODEC>
<Manufacturer><![CDATA[Not Available]]></Manufacturer>
<Description><![CDATA[Bandi Motion Jpeg]]></Description>
<Status><![CDATA[OK]]></Status>
<File><![CDATA[C:\windows\system32\BDMJPEG64.DLL]]></File>
<Version><![CDATA[Not Available]]></Version>
<Size><![CDATA[25.04 KB (25,640 bytes)]]></Size>
<Creation_Date><![CDATA[8/5/2013 2:15 AM]]></Creation_Date>
</Data>
<Data>
<CODEC><![CDATA[c:\windows\system32\bdmpeg~1.dll]]></CODEC>
<Manufacturer><![CDATA[Not Available]]></Manufacturer>
<Description><![CDATA[Bandi MPEG-1 Video]]></Description>
<Status><![CDATA[OK]]></Status>
<File><![CDATA[C:\windows\system32\BDMPEGV64.DLL]]></File>
<Version><![CDATA[Not Available]]></Version>
<Size><![CDATA[68.55 KB (70,200 bytes)]]></Size>
<Creation_Date><![CDATA[8/5/2013 2:15 AM]]></Creation_Date>
</Data>
</Category>
</Category>
<Category name="CD-ROM">
<Data>
<Item><![CDATA[Drive]]></Item>
<Value><![CDATA[D:]]></Value>
</Data>
<Data>
<Item><![CDATA[Description]]></Item>
<Value><![CDATA[CD-ROM Drive]]></Value>
</Data>
<Data>
<Item><![CDATA[Media Loaded]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Media Type]]></Item>
<Value><![CDATA[DVD Writer]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[TSSTcorp CDDVDW SN-208AB]]></Value>
</Data>
<Data>
<Item><![CDATA[Manufacturer]]></Item>
<Value><![CDATA[(Standard CD-ROM drives)]]></Value>
</Data>
<Data>
<Item><![CDATA[Status]]></Item>
<Value><![CDATA[OK]]></Value>
</Data>
<Data>
<Item><![CDATA[Transfer Rate]]></Item>
<Value><![CDATA[-1.00 kbytes/sec]]></Value>
</Data>
<Data>
<Item><![CDATA[SCSI Target ID]]></Item>
<Value><![CDATA[1]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[IDE\CDROMTSSTCORP_CDDVDW_SN-208AB________________TO03____\4&14833066&0&0.1.0]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\cdrom.sys (6.1.7601.17514, 144.00 KB (147,456 bytes), 11/20/2010 10:23 PM)]]></Value>
</Data>
</Category>
<Category name="Sound Device">
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[Screaming Bee Audio]]></Value>
</Data>
<Data>
<Item><![CDATA[Manufacturer]]></Item>
<Value><![CDATA[Screaming Bee LLC]]></Value>
</Data>
<Data>
<Item><![CDATA[Status]]></Item>
<Value><![CDATA[OK]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[ROOT\MEDIA\0000]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\screamingbaudio64.sys (2.0.3.0, 38.08 KB (38,992 bytes), 7/31/2012 10:45 AM)]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[High Definition Audio Device]]></Value>
</Data>
<Data>
<Item><![CDATA[Manufacturer]]></Item>
<Value><![CDATA[Microsoft]]></Value>
</Data>
<Data>
<Item><![CDATA[Status]]></Item>
<Value><![CDATA[OK]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[HDAUDIO\FUNC_01&VEN_10EC&DEV_0269&SUBSYS_1179FB69&REV_1001\4&2DFD6C82&0&0001]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\hdaudio.sys (6.1.7601.17514, 342.00 KB (350,208 bytes), 11/20/2010 10:23 PM)]]></Value>
</Data>
</Category>
<Category name="Display">
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[Intel(R) HD Graphics 3000]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[PCI\VEN_8086&DEV_0116&SUBSYS_FB681179&REV_09\3&11583659&1&10]]></Value>
</Data>
<Data>
<Item><![CDATA[Adapter Type]]></Item>
<Value><![CDATA[Intel(R) HD Graphics Family, Intel Corporation compatible]]></Value>
</Data>
<Data>
<Item><![CDATA[Adapter Description]]></Item>
<Value><![CDATA[Intel(R) HD Graphics 3000]]></Value>
</Data>
<Data>
<Item><![CDATA[Adapter RAM]]></Item>
<Value><![CDATA[(2,084,569,088) bytes]]></Value>
</Data>
<Data>
<Item><![CDATA[Installed Drivers]]></Item>
<Value><![CDATA[igdumd64.dll,igd10umd64.dll,igd10umd64.dll,igdumd32,igd10umd32,igd10umd32]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver Version]]></Item>
<Value><![CDATA[8.15.10.2712]]></Value>
</Data>
<Data>
<Item><![CDATA[INF File]]></Item>
<Value><![CDATA[oem8.inf (iSNBM0_I4 section)]]></Value>
</Data>
<Data>
<Item><![CDATA[Color Planes]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Color Table Entries]]></Item>
<Value><![CDATA[4294967296]]></Value>
</Data>
<Data>
<Item><![CDATA[Resolution]]></Item>
<Value><![CDATA[1920 x 1080 x 60 hertz]]></Value>
</Data>
<Data>
<Item><![CDATA[Bits/Pixel]]></Item>
<Value><![CDATA[32]]></Value>
</Data>
<Data>
<Item><![CDATA[Memory Address]]></Item>
<Value><![CDATA[0xB8000000-0xB83FFFFF]]></Value>
</Data>
<Data>
<Item><![CDATA[Memory Address]]></Item>
<Value><![CDATA[0xB0000000-0xB7FFFFFF]]></Value>
</Data>
<Data>
<Item><![CDATA[I/O Port]]></Item>
<Value><![CDATA[0x00004000-0x0000403F]]></Value>
</Data>
<Data>
<Item><![CDATA[IRQ Channel]]></Item>
<Value><![CDATA[IRQ 4294967294]]></Value>
</Data>
<Data>
<Item><![CDATA[I/O Port]]></Item>
<Value><![CDATA[0x000003B0-0x000003BB]]></Value>
</Data>
<Data>
<Item><![CDATA[I/O Port]]></Item>
<Value><![CDATA[0x000003C0-0x000003DF]]></Value>
</Data>
<Data>
<Item><![CDATA[Memory Address]]></Item>
<Value><![CDATA[0xA0000-0xBFFFF]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\igdkmd64.sys (8.15.10.2712, 14.07 MB (14,748,416 bytes), 3/26/2012 10:09 PM)]]></Value>
</Data>
</Category>
<Category name="Infrared">
<Data>
<Item></Item>
<Value></Value>
</Data>
</Category>
<Category name="Input">
<Category name="Keyboard">
<Data>
<Item><![CDATA[Description]]></Item>
<Value><![CDATA[HID Keyboard Device]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[Enhanced (101- or 102-key)]]></Value>
</Data>
<Data>
<Item><![CDATA[Layout]]></Item>
<Value><![CDATA[00000409]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[HID\WINBONDHIDIRDEVICE&COL04\5&156EC745&0&0003]]></Value>
</Data>
<Data>
<Item><![CDATA[Number of Function Keys]]></Item>
<Value><![CDATA[12]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\kbdhid.sys (6.1.7601.17514, 32.50 KB (33,280 bytes), 11/20/2010 10:23 PM)]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Description]]></Item>
<Value><![CDATA[USB Input Device]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[Enhanced (101- or 102-key)]]></Value>
</Data>
<Data>
<Item><![CDATA[Layout]]></Item>
<Value><![CDATA[00000409]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[USB\VID_04F2&PID_1179&MI_00\7&36A136F0&0&0000]]></Value>
</Data>
<Data>
<Item><![CDATA[Number of Function Keys]]></Item>
<Value><![CDATA[12]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\hidusb.sys (6.1.7601.17514, 29.50 KB (30,208 bytes), 11/20/2010 10:23 PM)]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Description]]></Item>
<Value><![CDATA[Standard PS/2 Keyboard]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[Enhanced (101- or 102-key)]]></Value>
</Data>
<Data>
<Item><![CDATA[Layout]]></Item>
<Value><![CDATA[00000409]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[ACPI\PNP0303\4&2C18FA54&0]]></Value>
</Data>
<Data>
<Item><![CDATA[Number of Function Keys]]></Item>
<Value><![CDATA[12]]></Value>
</Data>
<Data>
<Item><![CDATA[I/O Port]]></Item>
<Value><![CDATA[0x00000060-0x00000060]]></Value>
</Data>
<Data>
<Item><![CDATA[I/O Port]]></Item>
<Value><![CDATA[0x00000064-0x00000064]]></Value>
</Data>
<Data>
<Item><![CDATA[IRQ Channel]]></Item>
<Value><![CDATA[IRQ 1]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\i8042prt.sys (6.1.7600.16385, 103.00 KB (105,472 bytes), 7/13/2009 7:19 PM)]]></Value>
</Data>
</Category>
<Category name="Pointing Device">
<Data>
<Item><![CDATA[Hardware Type]]></Item>
<Value><![CDATA[USB Input Device]]></Value>
</Data>
<Data>
<Item><![CDATA[Number of Buttons]]></Item>
<Value><![CDATA[0]]></Value>
</Data>
<Data>
<Item><![CDATA[Status]]></Item>
<Value><![CDATA[OK]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[USB\VID_04F2&PID_1179&MI_02\7&36A136F0&0&0002]]></Value>
</Data>
<Data>
<Item><![CDATA[Power Management Supported]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Double Click Threshold]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Handedness]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\hidusb.sys (6.1.7601.17514, 29.50 KB (30,208 bytes), 11/20/2010 10:23 PM)]]></Value>
</Data>
</Category>
</Category>
<Category name="Modem">
<Data>
<Item></Item>
<Value></Value>
</Data>
</Category>
<Category name="Network">
<Category name="Adapter">
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[[00000000] WAN Miniport (SSTP)]]></Value>
</Data>
<Data>
<Item><![CDATA[Adapter Type]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Product Type]]></Item>
<Value><![CDATA[WAN Miniport (SSTP)]]></Value>
</Data>
<Data>
<Item><![CDATA[Installed]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[ROOT\MS_SSTPMINIPORT\0000]]></Value>
</Data>
<Data>
<Item><![CDATA[Last Reset]]></Item>
<Value><![CDATA[8/14/2015 7:38 PM]]></Value>
</Data>
<Data>
<Item><![CDATA[Index]]></Item>
<Value><![CDATA[0]]></Value>
</Data>
<Data>
<Item><![CDATA[Service Name]]></Item>
<Value><![CDATA[RasSstp]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Subnet]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Default IP Gateway]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Enabled]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Server]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Expires]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Obtained]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[MAC Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\rassstp.sys (6.1.7600.16385, 82.00 KB (83,968 bytes), 7/13/2009 8:10 PM)]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[[00000001] WAN Miniport (IKEv2)]]></Value>
</Data>
<Data>
<Item><![CDATA[Adapter Type]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Product Type]]></Item>
<Value><![CDATA[WAN Miniport (IKEv2)]]></Value>
</Data>
<Data>
<Item><![CDATA[Installed]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[ROOT\MS_AGILEVPNMINIPORT\0000]]></Value>
</Data>
<Data>
<Item><![CDATA[Last Reset]]></Item>
<Value><![CDATA[8/14/2015 7:38 PM]]></Value>
</Data>
<Data>
<Item><![CDATA[Index]]></Item>
<Value><![CDATA[1]]></Value>
</Data>
<Data>
<Item><![CDATA[Service Name]]></Item>
<Value><![CDATA[RasAgileVpn]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Subnet]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Default IP Gateway]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Enabled]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Server]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Expires]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Obtained]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[MAC Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\agilevpn.sys (6.1.7600.16385, 59.00 KB (60,416 bytes), 7/13/2009 8:10 PM)]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[[00000002] WAN Miniport (L2TP)]]></Value>
</Data>
<Data>
<Item><![CDATA[Adapter Type]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Product Type]]></Item>
<Value><![CDATA[WAN Miniport (L2TP)]]></Value>
</Data>
<Data>
<Item><![CDATA[Installed]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[ROOT\MS_L2TPMINIPORT\0000]]></Value>
</Data>
<Data>
<Item><![CDATA[Last Reset]]></Item>
<Value><![CDATA[8/14/2015 7:38 PM]]></Value>
</Data>
<Data>
<Item><![CDATA[Index]]></Item>
<Value><![CDATA[2]]></Value>
</Data>
<Data>
<Item><![CDATA[Service Name]]></Item>
<Value><![CDATA[Rasl2tp]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Subnet]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Default IP Gateway]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Enabled]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Server]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Expires]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Obtained]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[MAC Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\rasl2tp.sys (6.1.7601.17514, 126.50 KB (129,536 bytes), 11/20/2010 10:24 PM)]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[[00000003] WAN Miniport (PPTP)]]></Value>
</Data>
<Data>
<Item><![CDATA[Adapter Type]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Product Type]]></Item>
<Value><![CDATA[WAN Miniport (PPTP)]]></Value>
</Data>
<Data>
<Item><![CDATA[Installed]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[ROOT\MS_PPTPMINIPORT\0000]]></Value>
</Data>
<Data>
<Item><![CDATA[Last Reset]]></Item>
<Value><![CDATA[8/14/2015 7:38 PM]]></Value>
</Data>
<Data>
<Item><![CDATA[Index]]></Item>
<Value><![CDATA[3]]></Value>
</Data>
<Data>
<Item><![CDATA[Service Name]]></Item>
<Value><![CDATA[PptpMiniport]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Subnet]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Default IP Gateway]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Enabled]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Server]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Expires]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Obtained]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[MAC Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\raspptp.sys (6.1.7601.17514, 108.50 KB (111,104 bytes), 11/20/2010 10:24 PM)]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[[00000004] WAN Miniport (PPPOE)]]></Value>
</Data>
<Data>
<Item><![CDATA[Adapter Type]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Product Type]]></Item>
<Value><![CDATA[WAN Miniport (PPPOE)]]></Value>
</Data>
<Data>
<Item><![CDATA[Installed]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[ROOT\MS_PPPOEMINIPORT\0000]]></Value>
</Data>
<Data>
<Item><![CDATA[Last Reset]]></Item>
<Value><![CDATA[8/14/2015 7:38 PM]]></Value>
</Data>
<Data>
<Item><![CDATA[Index]]></Item>
<Value><![CDATA[4]]></Value>
</Data>
<Data>
<Item><![CDATA[Service Name]]></Item>
<Value><![CDATA[RasPppoe]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Subnet]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Default IP Gateway]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Enabled]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Server]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Expires]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Obtained]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[MAC Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\raspppoe.sys (6.1.7600.16385, 90.50 KB (92,672 bytes), 7/13/2009 8:10 PM)]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[[00000005] WAN Miniport (IPv6)]]></Value>
</Data>
<Data>
<Item><![CDATA[Adapter Type]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Product Type]]></Item>
<Value><![CDATA[WAN Miniport (IPv6)]]></Value>
</Data>
<Data>
<Item><![CDATA[Installed]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[ROOT\MS_NDISWANIPV6\0000]]></Value>
</Data>
<Data>
<Item><![CDATA[Last Reset]]></Item>
<Value><![CDATA[8/14/2015 7:38 PM]]></Value>
</Data>
<Data>
<Item><![CDATA[Index]]></Item>
<Value><![CDATA[5]]></Value>
</Data>
<Data>
<Item><![CDATA[Service Name]]></Item>
<Value><![CDATA[NdisWan]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Subnet]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Default IP Gateway]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Enabled]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Server]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Expires]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Obtained]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[MAC Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\ndiswan.sys (6.1.7601.17514, 160.50 KB (164,352 bytes), 11/20/2010 10:24 PM)]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[[00000006] WAN Miniport (Network Monitor)]]></Value>
</Data>
<Data>
<Item><![CDATA[Adapter Type]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Product Type]]></Item>
<Value><![CDATA[WAN Miniport (Network Monitor)]]></Value>
</Data>
<Data>
<Item><![CDATA[Installed]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[ROOT\MS_NDISWANBH\0000]]></Value>
</Data>
<Data>
<Item><![CDATA[Last Reset]]></Item>
<Value><![CDATA[8/14/2015 7:38 PM]]></Value>
</Data>
<Data>
<Item><![CDATA[Index]]></Item>
<Value><![CDATA[6]]></Value>
</Data>
<Data>
<Item><![CDATA[Service Name]]></Item>
<Value><![CDATA[NdisWan]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Subnet]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Default IP Gateway]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Enabled]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Server]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Expires]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Obtained]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[MAC Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\ndiswan.sys (6.1.7601.17514, 160.50 KB (164,352 bytes), 11/20/2010 10:24 PM)]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[[00000007] Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC]]></Value>
</Data>
<Data>
<Item><![CDATA[Adapter Type]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Product Type]]></Item>
<Value><![CDATA[Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC]]></Value>
</Data>
<Data>
<Item><![CDATA[Installed]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[PCI\VEN_10EC&DEV_8723&SUBSYS_072410EC&REV_00\4&C4DC970&0&00E1]]></Value>
</Data>
<Data>
<Item><![CDATA[Last Reset]]></Item>
<Value><![CDATA[8/14/2015 7:38 PM]]></Value>
</Data>
<Data>
<Item><![CDATA[Index]]></Item>
<Value><![CDATA[7]]></Value>
</Data>
<Data>
<Item><![CDATA[Service Name]]></Item>
<Value><![CDATA[RTL8192Ce]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Subnet]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Default IP Gateway]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Enabled]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Server]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Expires]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Obtained]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[MAC Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\rtwlane.sys (2002.2.110.2012, 1.03 MB (1,082,472 bytes), 5/15/2012 6:44 AM)]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[[00000008] WAN Miniport (IP)]]></Value>
</Data>
<Data>
<Item><![CDATA[Adapter Type]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Product Type]]></Item>
<Value><![CDATA[WAN Miniport (IP)]]></Value>
</Data>
<Data>
<Item><![CDATA[Installed]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[ROOT\MS_NDISWANIP\0000]]></Value>
</Data>
<Data>
<Item><![CDATA[Last Reset]]></Item>
<Value><![CDATA[8/14/2015 7:38 PM]]></Value>
</Data>
<Data>
<Item><![CDATA[Index]]></Item>
<Value><![CDATA[8]]></Value>
</Data>
<Data>
<Item><![CDATA[Service Name]]></Item>
<Value><![CDATA[NdisWan]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Subnet]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Default IP Gateway]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Enabled]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Server]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Expires]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Obtained]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[MAC Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\ndiswan.sys (6.1.7601.17514, 160.50 KB (164,352 bytes), 11/20/2010 10:24 PM)]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[[00000009] Microsoft ISATAP Adapter]]></Value>
</Data>
<Data>
<Item><![CDATA[Adapter Type]]></Item>
<Value><![CDATA[Tunnel]]></Value>
</Data>
<Data>
<Item><![CDATA[Product Type]]></Item>
<Value><![CDATA[Microsoft ISATAP Adapter]]></Value>
</Data>
<Data>
<Item><![CDATA[Installed]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[ROOT\*ISATAP\0000]]></Value>
</Data>
<Data>
<Item><![CDATA[Last Reset]]></Item>
<Value><![CDATA[8/14/2015 7:38 PM]]></Value>
</Data>
<Data>
<Item><![CDATA[Index]]></Item>
<Value><![CDATA[9]]></Value>
</Data>
<Data>
<Item><![CDATA[Service Name]]></Item>
<Value><![CDATA[tunnel]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Subnet]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Default IP Gateway]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Enabled]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Server]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Expires]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Obtained]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[MAC Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\tunnel.sys (6.1.7601.17514, 122.50 KB (125,440 bytes), 11/20/2010 10:24 PM)]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[[00000010] RAS Async Adapter]]></Value>
</Data>
<Data>
<Item><![CDATA[Adapter Type]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Product Type]]></Item>
<Value><![CDATA[RAS Async Adapter]]></Value>
</Data>
<Data>
<Item><![CDATA[Installed]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Last Reset]]></Item>
<Value><![CDATA[8/14/2015 7:38 PM]]></Value>
</Data>
<Data>
<Item><![CDATA[Index]]></Item>
<Value><![CDATA[10]]></Value>
</Data>
<Data>
<Item><![CDATA[Service Name]]></Item>
<Value><![CDATA[AsyncMac]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Subnet]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Default IP Gateway]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Enabled]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Server]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Expires]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Obtained]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[MAC Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[[00000011] Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20)]]></Value>
</Data>
<Data>
<Item><![CDATA[Adapter Type]]></Item>
<Value><![CDATA[Ethernet 802.3]]></Value>
</Data>
<Data>
<Item><![CDATA[Product Type]]></Item>
<Value><![CDATA[Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20)]]></Value>
</Data>
<Data>
<Item><![CDATA[Installed]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[PCI\VEN_1969&DEV_1091&SUBSYS_FF1E1179&REV_10\4&34996F0&0&00E0]]></Value>
</Data>
<Data>
<Item><![CDATA[Last Reset]]></Item>
<Value><![CDATA[8/14/2015 7:38 PM]]></Value>
</Data>
<Data>
<Item><![CDATA[Index]]></Item>
<Value><![CDATA[11]]></Value>
</Data>
<Data>
<Item><![CDATA[Service Name]]></Item>
<Value><![CDATA[L1C]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Address]]></Item>
<Value><![CDATA[192.168.1.65, fe80::ec66:191a:9c9a:6d76, 2602:306:cd13:5670:55b7:57f9:1265:f323, 2602:306:cd13:5670:ec66:191a:9c9a:6d76, 2602:306:cd13:5670::48]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Subnet]]></Item>
<Value><![CDATA[255.255.255.0, 64, 128, 64, 128]]></Value>
</Data>
<Data>
<Item><![CDATA[Default IP Gateway]]></Item>
<Value><![CDATA[192.168.1.254, fe80::6655:b1ff:fea9:c270]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Enabled]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Server]]></Item>
<Value><![CDATA[192.168.1.254]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Expires]]></Item>
<Value><![CDATA[8/15/2015 7:38 PM]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Obtained]]></Item>
<Value><![CDATA[8/14/2015 7:38 PM]]></Value>
</Data>
<Data>
<Item><![CDATA[MAC Address]]></Item>
<Value><![CDATA[00:26:6C:16:83:5C]]></Value>
</Data>
<Data>
<Item><![CDATA[Memory Address]]></Item>
<Value><![CDATA[0xB8500000-0xB853FFFF]]></Value>
</Data>
<Data>
<Item><![CDATA[I/O Port]]></Item>
<Value><![CDATA[0x00003000-0x0000307F]]></Value>
</Data>
<Data>
<Item><![CDATA[IRQ Channel]]></Item>
<Value><![CDATA[IRQ 16]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\l1c62x64.sys (2.0.12.13, 101.11 KB (103,536 bytes), 1/16/2012 5:49 PM)]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[[00000012] Microsoft ISATAP Adapter]]></Value>
</Data>
<Data>
<Item><![CDATA[Adapter Type]]></Item>
<Value><![CDATA[Tunnel]]></Value>
</Data>
<Data>
<Item><![CDATA[Product Type]]></Item>
<Value><![CDATA[Microsoft ISATAP Adapter]]></Value>
</Data>
<Data>
<Item><![CDATA[Installed]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[ROOT\*ISATAP\0001]]></Value>
</Data>
<Data>
<Item><![CDATA[Last Reset]]></Item>
<Value><![CDATA[8/14/2015 7:38 PM]]></Value>
</Data>
<Data>
<Item><![CDATA[Index]]></Item>
<Value><![CDATA[12]]></Value>
</Data>
<Data>
<Item><![CDATA[Service Name]]></Item>
<Value><![CDATA[tunnel]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Subnet]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Default IP Gateway]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Enabled]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Server]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Expires]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Obtained]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[MAC Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\tunnel.sys (6.1.7601.17514, 122.50 KB (125,440 bytes), 11/20/2010 10:24 PM)]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[[00000013] Microsoft 6to4 Adapter]]></Value>
</Data>
<Data>
<Item><![CDATA[Adapter Type]]></Item>
<Value><![CDATA[Tunnel]]></Value>
</Data>
<Data>
<Item><![CDATA[Product Type]]></Item>
<Value><![CDATA[Microsoft 6to4 Adapter]]></Value>
</Data>
<Data>
<Item><![CDATA[Installed]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[ROOT\*6TO4MP\0000]]></Value>
</Data>
<Data>
<Item><![CDATA[Last Reset]]></Item>
<Value><![CDATA[8/14/2015 7:38 PM]]></Value>
</Data>
<Data>
<Item><![CDATA[Index]]></Item>
<Value><![CDATA[13]]></Value>
</Data>
<Data>
<Item><![CDATA[Service Name]]></Item>
<Value><![CDATA[tunnel]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Subnet]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Default IP Gateway]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Enabled]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Server]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Expires]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Obtained]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[MAC Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\tunnel.sys (6.1.7601.17514, 122.50 KB (125,440 bytes), 11/20/2010 10:24 PM)]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[[00000014] Microsoft Teredo Tunneling Adapter]]></Value>
</Data>
<Data>
<Item><![CDATA[Adapter Type]]></Item>
<Value><![CDATA[Tunnel]]></Value>
</Data>
<Data>
<Item><![CDATA[Product Type]]></Item>
<Value><![CDATA[Microsoft Teredo Tunneling Adapter]]></Value>
</Data>
<Data>
<Item><![CDATA[Installed]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[ROOT\*TEREDO\0000]]></Value>
</Data>
<Data>
<Item><![CDATA[Last Reset]]></Item>
<Value><![CDATA[8/14/2015 7:38 PM]]></Value>
</Data>
<Data>
<Item><![CDATA[Index]]></Item>
<Value><![CDATA[14]]></Value>
</Data>
<Data>
<Item><![CDATA[Service Name]]></Item>
<Value><![CDATA[tunnel]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Subnet]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Default IP Gateway]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Enabled]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Server]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Expires]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Obtained]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[MAC Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Driver]]></Item>
<Value><![CDATA[c:\windows\system32\drivers\tunnel.sys (6.1.7601.17514, 122.50 KB (125,440 bytes), 11/20/2010 10:24 PM)]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[[00000018] Microsoft Virtual WiFi Miniport Adapter]]></Value>
</Data>
<Data>
<Item><![CDATA[Adapter Type]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Product Type]]></Item>
<Value><![CDATA[Microsoft Virtual WiFi Miniport Adapter]]></Value>
</Data>
<Data>
<Item><![CDATA[Installed]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[PNP Device ID]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Last Reset]]></Item>
<Value><![CDATA[8/14/2015 7:38 PM]]></Value>
</Data>
<Data>
<Item><![CDATA[Index]]></Item>
<Value><![CDATA[18]]></Value>
</Data>
<Data>
<Item><![CDATA[Service Name]]></Item>
<Value><![CDATA[vwifimp]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[IP Subnet]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[Default IP Gateway]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Enabled]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Server]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Expires]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[DHCP Lease Obtained]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
<Data>
<Item><![CDATA[MAC Address]]></Item>
<Value><![CDATA[Not Available]]></Value>
</Data>
</Category>
<Category name="Protocol">
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[MSAFD Tcpip [TCP/IPv6]]]></Value>
</Data>
<Data>
<Item><![CDATA[Connectionless Service]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Guarantees Delivery]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Guarantees Sequencing]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Maximum Address Size]]></Item>
<Value><![CDATA[28 bytes]]></Value>
</Data>
<Data>
<Item><![CDATA[Maximum Message Size]]></Item>
<Value><![CDATA[0 bytes]]></Value>
</Data>
<Data>
<Item><![CDATA[Message Oriented]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Minimum Address Size]]></Item>
<Value><![CDATA[28 bytes]]></Value>
</Data>
<Data>
<Item><![CDATA[Pseudo Stream Oriented]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Broadcasting]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Connect Data]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Disconnect Data]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Encryption]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Expedited Data]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Graceful Closing]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Guaranteed Bandwidth]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Multicasting]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[MSAFD Tcpip [UDP/IPv6]]]></Value>
</Data>
<Data>
<Item><![CDATA[Connectionless Service]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Guarantees Delivery]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Guarantees Sequencing]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Maximum Address Size]]></Item>
<Value><![CDATA[28 bytes]]></Value>
</Data>
<Data>
<Item><![CDATA[Maximum Message Size]]></Item>
<Value><![CDATA[63.99 KB (65,527 bytes)]]></Value>
</Data>
<Data>
<Item><![CDATA[Message Oriented]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Minimum Address Size]]></Item>
<Value><![CDATA[28 bytes]]></Value>
</Data>
<Data>
<Item><![CDATA[Pseudo Stream Oriented]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Broadcasting]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Connect Data]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Disconnect Data]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Encryption]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Expedited Data]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Graceful Closing]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Guaranteed Bandwidth]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Multicasting]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[MSAFD Tcpip [TCP/IP]]]></Value>
</Data>
<Data>
<Item><![CDATA[Connectionless Service]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Guarantees Delivery]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Guarantees Sequencing]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Maximum Address Size]]></Item>
<Value><![CDATA[16 bytes]]></Value>
</Data>
<Data>
<Item><![CDATA[Maximum Message Size]]></Item>
<Value><![CDATA[0 bytes]]></Value>
</Data>
<Data>
<Item><![CDATA[Message Oriented]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Minimum Address Size]]></Item>
<Value><![CDATA[16 bytes]]></Value>
</Data>
<Data>
<Item><![CDATA[Pseudo Stream Oriented]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Broadcasting]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Connect Data]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Disconnect Data]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Encryption]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Expedited Data]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Graceful Closing]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Guaranteed Bandwidth]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Multicasting]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[MSAFD Tcpip [UDP/IP]]]></Value>
</Data>
<Data>
<Item><![CDATA[Connectionless Service]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Guarantees Delivery]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Guarantees Sequencing]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Maximum Address Size]]></Item>
<Value><![CDATA[16 bytes]]></Value>
</Data>
<Data>
<Item><![CDATA[Maximum Message Size]]></Item>
<Value><![CDATA[63.99 KB (65,527 bytes)]]></Value>
</Data>
<Data>
<Item><![CDATA[Message Oriented]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Minimum Address Size]]></Item>
<Value><![CDATA[16 bytes]]></Value>
</Data>
<Data>
<Item><![CDATA[Pseudo Stream Oriented]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Broadcasting]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Connect Data]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Disconnect Data]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Encryption]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Expedited Data]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Graceful Closing]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Guaranteed Bandwidth]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Multicasting]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[RSVP TCPv6 Service Provider]]></Value>
</Data>
<Data>
<Item><![CDATA[Connectionless Service]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Guarantees Delivery]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Guarantees Sequencing]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Maximum Address Size]]></Item>
<Value><![CDATA[28 bytes]]></Value>
</Data>
<Data>
<Item><![CDATA[Maximum Message Size]]></Item>
<Value><![CDATA[0 bytes]]></Value>
</Data>
<Data>
<Item><![CDATA[Message Oriented]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Minimum Address Size]]></Item>
<Value><![CDATA[28 bytes]]></Value>
</Data>
<Data>
<Item><![CDATA[Pseudo Stream Oriented]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Broadcasting]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Connect Data]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Disconnect Data]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Encryption]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Expedited Data]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Graceful Closing]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Guaranteed Bandwidth]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Supports Multicasting]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[]]></Item>
<Value><![CDATA[]]></Value>
</Data>
<Data>
<Item><![CDATA[Name]]></Item>
<Value><![CDATA[RSVP TCP Service Provider]]></Value>
</Data>
<Data>
<Item><![CDATA[Connectionless Service]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Guarantees Delivery]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Guarantees Sequencing]]></Item>
<Value><![CDATA[Yes]]></Value>
</Data>
<Data>
<Item><![CDATA[Maximum Address Size]]></Item>
<Value><![CDATA[16 bytes]]></Value>
</Data>
<Data>
<Item><![CDATA[Maximum Message Size]]></Item>
<Value><![CDATA[0 bytes]]></Value>
</Data>
<Data>
<Item><![CDATA[Message Oriented]]></Item>
<Value><![CDATA[No]]></Value>
</Data>
<Data>
<Item><![CDATA[Minimum Address Size]]></Item>
<Value><![CDATA[16 bytes]]></Value>
</Data>


#5 Sternritter-A

Sternritter-A
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 14 August 2015 - 07:58 PM

Here is the System Summary Information file. On the last email I try to copy and it paste it, but it kept on saying that it is to long, so I came up with the idea of uploading it in the website filedropper, and then to post the link here for you to access it. Let me know if this idea did the trick, or what I should intstead. Thanks, here is the link for the file! -

 

http://www.filedropper.com/summary



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:20 PM

Posted 14 August 2015 - 08:15 PM

Thank you, please do this now.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
  • Verify FRST.exe is on your Desktop
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
BHO: Fun2SaVie -> {8EB4C641-83A2-4A9B-90E6-E572FB3CD488} -> C:\Program Files (x86)\Fun2SaVie\KHz5gCNY7D6WXr.x64.dll No File
BHO: AutoDuealsAapp -> {B1A134AE-630A-4171-9154-A6FF7CA3DEC2} -> C:\Program Files (x86)\AutoDuealsAapp\rxolbG9utF0xUk.x64.dll No File
BHO: 50COuPOnsi -> {C8F50CD4-DACC-4745-A4AE-8DF0287C1C8D} -> C:\Program Files (x86)\50COuPOnsi\R1dSzAPp0lnnDj.x64.dll No File
BHO: Fuon22SaVe -> {C9868A05-51BF-4383-8436-F7D4B3CD2866} -> C:\Program Files (x86)\Fuon22SaVe\Zcxu743smnXCij.x64.dll No File
BHO: 50CouPOnss -> {FE6C40C9-7C45-4F81-9BEA-7921AC48A2CC} -> C:\Program Files (x86)\50CouPOnss\Vg9RFgEjKWBTJc.x64.dll No File
Toolbar: HKU\S-1-5-21-3429040505-1488993759-2191824837-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin HKU\S-1-5-21-3429040505-1488993759-2191824837-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Extension: DealNoDeal - C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\Extensions\rvjukxfpuybey@xareavxkmkut.net [2015-06-09]
FF Extension: BranderApp - C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\Extensions\_qacmf_xdjqegm@gffknphco_eotyhxi.edu [2015-08-06]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-05-15] <==== ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 Tosrfcom; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 RSUSBVSTOR; System32\Drivers\RtsUVStor.sys [X]
S1 SABKUTIL; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
S3 SABProcEnum; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
Task: {0129CDFB-4FD0-4C22-9218-E1ACEFF7CB07} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {03DD76ED-79BB-42E7-9315-F9C6BB615C65} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-3429040505-1488993759-2191824837-1001 -> No File <==== ATTENTION
Task: {0A1AAFC8-2F76-4577-B639-1CCAEE844B05} - \Poppet -> No File <==== ATTENTION
Task: {1D181946-8198-4A9A-A779-79E6D70AABBE} - \{851A1D83-B8B0-49E4-A50D-C31317303EBC} -> No File <==== ATTENTION
Task: {48A60DD6-3CDF-4900-AA26-78E36B2445A3} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-3429040505-1488993759-2191824837-1001 -> No File <==== ATTENTION
Task: {4B398016-BEC5-4DAD-815D-302AB66A162A} - \{86DA9236-BAFE-49B2-9F6D-C9FD46DDE2F6} -> No File <==== ATTENTION
Task: {48A60DD6-3CDF-4900-AA26-78E36B2445A3} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-3429040505-1488993759-2191824837-1001 -> No File <==== ATTENTION
Task: {4B398016-BEC5-4DAD-815D-302AB66A162A} - \{86DA9236-BAFE-49B2-9F6D-C9FD46DDE2F6} -> No File <==== ATTENTION
Task: {4C29DDB9-7625-4BA3-9A9A-5E129A49B8A2} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {4FD8D6FE-6A76-4AA1-9EDD-B43A1F0EDE64} - \{62120009-438F-4B2A-ABCC-2EFA09EF02DA} -> No File <==== ATTENTION
Task: {5AEEAAEE-801C-463F-A07A-783413E0E811} - \{D13A9D5D-A295-448D-A05F-E16C39C4557E} -> No File <==== ATTENTION
Task: {7B7CBD1F-4E73-4359-BE94-B6DCEBD66D38} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-3429040505-1488993759-2191824837-1001 -> No File <==== ATTENTION
Task: {7DA22FB8-8074-4BBD-B1C2-2D5EBADF6893} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-3429040505-1488993759-2191824837-1001 -> No File <==== ATTENTION
Task: {90C9E8A6-1BB9-4B8D-95FD-786FC71EAEE9} - \Test TimeTrigger -> No File <==== ATTENTION
Task: {A6EF8034-3516-4546-B706-1E7A909D7123} - \Tweaking.com - Windows Repair Tray Icon -> No File <==== ATTENTION
Task: {C8D5D854-8F1B-4194-8F43-2F207AE51CB4} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {D212A4DB-A7FE-4CA0-941C-3C9D34494FB0} - \{402413DF-E5DD-430F-AB15-20A23CC850B2} -> No File <==== ATTENTION
Task: {FD54477B-255C-4D98-B183-D37A94FA954E} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3429040505-1488993759-2191824837-1001 -> No File <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
C:\Users\Owner\AppData\Local\Temp\DaS_21.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ListParts by Farbar for 64 bit Systems

--------------------
  • Please download ListParts64.exe (for 64 bit systems), or and save it to your desktop
  • Double click the icon to launch the program
  • Select Run
  • Select Scan
  • Select OK and wait for a Result - Notepad document to open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Result log
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:20 PM

Posted 14 August 2015 - 08:17 PM

Thanks for trying the upload but it didn't work properly. Hold off for now, if we need it I will give you other instructions.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Sternritter-A

Sternritter-A
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 14 August 2015 - 09:01 PM

Fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Anthony Espinosa (2015-08-14 21:39:24) Run:1
Running from C:\Users\Anthony Espinosa\Desktop
Loaded Profiles: Anthony Espinosa (Available Profiles: Anthony Espinosa & Familia)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
BHO: Fun2SaVie -> {8EB4C641-83A2-4A9B-90E6-E572FB3CD488} -> C:\Program Files (x86)\Fun2SaVie\KHz5gCNY7D6WXr.x64.dll No File
BHO: AutoDuealsAapp -> {B1A134AE-630A-4171-9154-A6FF7CA3DEC2} -> C:\Program Files (x86)\AutoDuealsAapp\rxolbG9utF0xUk.x64.dll No File
BHO: 50COuPOnsi -> {C8F50CD4-DACC-4745-A4AE-8DF0287C1C8D} -> C:\Program Files (x86)\50COuPOnsi\R1dSzAPp0lnnDj.x64.dll No File
BHO: Fuon22SaVe -> {C9868A05-51BF-4383-8436-F7D4B3CD2866} -> C:\Program Files (x86)\Fuon22SaVe\Zcxu743smnXCij.x64.dll No File
BHO: 50CouPOnss -> {FE6C40C9-7C45-4F81-9BEA-7921AC48A2CC} -> C:\Program Files (x86)\50CouPOnss\Vg9RFgEjKWBTJc.x64.dll No File
Toolbar: HKU\S-1-5-21-3429040505-1488993759-2191824837-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin HKU\S-1-5-21-3429040505-1488993759-2191824837-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Extension: DealNoDeal - C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\Extensions\rvjukxfpuybey@xareavxkmkut.net [2015-06-09]
FF Extension: BranderApp - C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\Extensions\_qacmf_xdjqegm@gffknphco_eotyhxi.edu [2015-08-06]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-05-15] <==== ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 Tosrfcom; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 RSUSBVSTOR; System32\Drivers\RtsUVStor.sys [X]
S1 SABKUTIL; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
S3 SABProcEnum; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
Task: {0129CDFB-4FD0-4C22-9218-E1ACEFF7CB07} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {03DD76ED-79BB-42E7-9315-F9C6BB615C65} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-3429040505-1488993759-2191824837-1001 -> No File <==== ATTENTION
Task: {0A1AAFC8-2F76-4577-B639-1CCAEE844B05} - \Poppet -> No File <==== ATTENTION
Task: {1D181946-8198-4A9A-A779-79E6D70AABBE} - \{851A1D83-B8B0-49E4-A50D-C31317303EBC} -> No File <==== ATTENTION
Task: {48A60DD6-3CDF-4900-AA26-78E36B2445A3} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-3429040505-1488993759-2191824837-1001 -> No File <==== ATTENTION
Task: {4B398016-BEC5-4DAD-815D-302AB66A162A} - \{86DA9236-BAFE-49B2-9F6D-C9FD46DDE2F6} -> No File <==== ATTENTION
Task: {48A60DD6-3CDF-4900-AA26-78E36B2445A3} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-3429040505-1488993759-2191824837-1001 -> No File <==== ATTENTION
Task: {4B398016-BEC5-4DAD-815D-302AB66A162A} - \{86DA9236-BAFE-49B2-9F6D-C9FD46DDE2F6} -> No File <==== ATTENTION
Task: {4C29DDB9-7625-4BA3-9A9A-5E129A49B8A2} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {4FD8D6FE-6A76-4AA1-9EDD-B43A1F0EDE64} - \{62120009-438F-4B2A-ABCC-2EFA09EF02DA} -> No File <==== ATTENTION
Task: {5AEEAAEE-801C-463F-A07A-783413E0E811} - \{D13A9D5D-A295-448D-A05F-E16C39C4557E} -> No File <==== ATTENTION
Task: {7B7CBD1F-4E73-4359-BE94-B6DCEBD66D38} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-3429040505-1488993759-2191824837-1001 -> No File <==== ATTENTION
Task: {7DA22FB8-8074-4BBD-B1C2-2D5EBADF6893} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-3429040505-1488993759-2191824837-1001 -> No File <==== ATTENTION
Task: {90C9E8A6-1BB9-4B8D-95FD-786FC71EAEE9} - \Test TimeTrigger -> No File <==== ATTENTION
Task: {A6EF8034-3516-4546-B706-1E7A909D7123} - \Tweaking.com - Windows Repair Tray Icon -> No File <==== ATTENTION
Task: {C8D5D854-8F1B-4194-8F43-2F207AE51CB4} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {D212A4DB-A7FE-4CA0-941C-3C9D34494FB0} - \{402413DF-E5DD-430F-AB15-20A23CC850B2} -> No File <==== ATTENTION
Task: {FD54477B-255C-4D98-B183-D37A94FA954E} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3429040505-1488993759-2191824837-1001 -> No File <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
C:\Users\Owner\AppData\Local\Temp\DaS_21.exe
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => value removed successfully
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8EB4C641-83A2-4A9B-90E6-E572FB3CD488}" => key removed successfully
"HKCR\CLSID\{8EB4C641-83A2-4A9B-90E6-E572FB3CD488}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B1A134AE-630A-4171-9154-A6FF7CA3DEC2}" => key removed successfully
"HKCR\CLSID\{B1A134AE-630A-4171-9154-A6FF7CA3DEC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C8F50CD4-DACC-4745-A4AE-8DF0287C1C8D}" => key removed successfully
"HKCR\CLSID\{C8F50CD4-DACC-4745-A4AE-8DF0287C1C8D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9868A05-51BF-4383-8436-F7D4B3CD2866}" => key removed successfully
"HKCR\CLSID\{C9868A05-51BF-4383-8436-F7D4B3CD2866}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE6C40C9-7C45-4F81-9BEA-7921AC48A2CC}" => key removed successfully
"HKCR\CLSID\{FE6C40C9-7C45-4F81-9BEA-7921AC48A2CC}" => key removed successfully
HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
"HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\MozillaPlugins\wacom.com/WacomTabletPlugin" => key removed successfully
C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll not found.
C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\Extensions\rvjukxfpuybey@xareavxkmkut.net => moved successfully.
C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\Extensions\_qacmf_xdjqegm@gffknphco_eotyhxi.edu => moved successfully.
C:\Program Files (x86)\mozilla firefox\firefox.cfg => moved successfully.
gupdate => service removed successfully
gupdatem => service removed successfully
AppMgmt => service removed successfully
Tosrfcom => service removed successfully
catchme => service removed successfully
IntcAzAudAddService => service removed successfully
RSUSBVSTOR => service removed successfully
SABKUTIL => service removed successfully
SABProcEnum => service removed successfully
SR => service removed successfully
srservice => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0129CDFB-4FD0-4C22-9218-E1ACEFF7CB07}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0129CDFB-4FD0-4C22-9218-E1ACEFF7CB07}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03DD76ED-79BB-42E7-9315-F9C6BB615C65}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03DD76ED-79BB-42E7-9315-F9C6BB615C65}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3429040505-1488993759-2191824837-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A1AAFC8-2F76-4577-B639-1CCAEE844B05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A1AAFC8-2F76-4577-B639-1CCAEE844B05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Poppet" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D181946-8198-4A9A-A779-79E6D70AABBE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D181946-8198-4A9A-A779-79E6D70AABBE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{851A1D83-B8B0-49E4-A50D-C31317303EBC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{48A60DD6-3CDF-4900-AA26-78E36B2445A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48A60DD6-3CDF-4900-AA26-78E36B2445A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeLogonTaskS-1-5-21-3429040505-1488993759-2191824837-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B398016-BEC5-4DAD-815D-302AB66A162A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B398016-BEC5-4DAD-815D-302AB66A162A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{86DA9236-BAFE-49B2-9F6D-C9FD46DDE2F6}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48A60DD6-3CDF-4900-AA26-78E36B2445A3} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeLogonTaskS-1-5-21-3429040505-1488993759-2191824837-1001 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B398016-BEC5-4DAD-815D-302AB66A162A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{86DA9236-BAFE-49B2-9F6D-C9FD46DDE2F6} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C29DDB9-7625-4BA3-9A9A-5E129A49B8A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C29DDB9-7625-4BA3-9A9A-5E129A49B8A2}" => key removed successfully
C:\windows\System32\Tasks\Norton Anti-Theft\Norton Error Processor => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Anti-Theft\Norton Error Processor" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FD8D6FE-6A76-4AA1-9EDD-B43A1F0EDE64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FD8D6FE-6A76-4AA1-9EDD-B43A1F0EDE64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{62120009-438F-4B2A-ABCC-2EFA09EF02DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5AEEAAEE-801C-463F-A07A-783413E0E811}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AEEAAEE-801C-463F-A07A-783413E0E811}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D13A9D5D-A295-448D-A05F-E16C39C4557E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B7CBD1F-4E73-4359-BE94-B6DCEBD66D38}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B7CBD1F-4E73-4359-BE94-B6DCEBD66D38}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderDownloaderScheduledTaskS-1-5-21-3429040505-1488993759-2191824837-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7DA22FB8-8074-4BBD-B1C2-2D5EBADF6893}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DA22FB8-8074-4BBD-B1C2-2D5EBADF6893}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3429040505-1488993759-2191824837-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90C9E8A6-1BB9-4B8D-95FD-786FC71EAEE9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90C9E8A6-1BB9-4B8D-95FD-786FC71EAEE9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A6EF8034-3516-4546-B706-1E7A909D7123}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6EF8034-3516-4546-B706-1E7A909D7123}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tweaking.com - Windows Repair Tray Icon" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8D5D854-8F1B-4194-8F43-2F207AE51CB4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8D5D854-8F1B-4194-8F43-2F207AE51CB4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D212A4DB-A7FE-4CA0-941C-3C9D34494FB0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D212A4DB-A7FE-4CA0-941C-3C9D34494FB0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{402413DF-E5DD-430F-AB15-20A23CC850B2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD54477B-255C-4D98-B183-D37A94FA954E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD54477B-255C-4D98-B183-D37A94FA954E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3429040505-1488993759-2191824837-1001" => key removed successfully
"HKU\.DEFAULT\Software\Classes\exefile" => key removed successfully
"HKU\.DEFAULT\Software\Classes\.exe" => key removed successfully
HKU\.DEFAULT\Software\Classes\exefile => key not found.
"HKU\S-1-5-19\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-19\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-19\Software\Classes\exefile => key not found.
"HKU\S-1-5-20\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-20\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-20\Software\Classes\exefile => key not found.
"HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-21-3429040505-1488993759-2191824837-1001\Software\Classes\exefile => key not found.
"C:\Users\Owner\AppData\Local\Temp\DaS_21.exe" => File/Folder not found.

==== End of Fixlog 21:39:29 ====

 

 

Result log

 

ListParts by Farbar Version: 31-07-2014
Ran by Anthony Espinosa (administrator) on 14-08-2015 at 21:43:42
Windows 7 (X64)
Running From: C:\Users\Anthony Espinosa\Desktop
Language: English (United States)
************************************************************

========================= Memory info ======================

Percentage of memory in use: 65%
Total physical RAM: 6061.32 MB
Available physical RAM: 2086.15 MB
Total Pagefile: 12120.85 MB
Available Pagefile: 7924.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI106420W0E) (Fixed) (Total:916.05 GB) (Free:794.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          931 GB      0 B         
  Disk 1    No Media           0 B      0 B         

Partitions of Disk 0:
===============

Disk ID: 7DD71F1D

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery          1500 MB  1024 KB
  Partition 2    Primary            916 GB  1501 MB
  Partition 3    Primary             13 GB   917 GB

======================================================================================================

Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2         System       NTFS   Partition   1500 MB  Healthy    Hidden  

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   TI106420W0E  NTFS   Partition    916 GB  Healthy    Boot    

======================================================================================================

Disk: 0
Partition 3
Type  : 17
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 7DD71F1D
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=916 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=17)


****** End Of Log ******

 

 

Update on computer behavior

 

After surfing through several websites it seems for now that the computer is back to normal. I do not see the box ads all around every website that you go to, and I do not hear or see the pop up window ads for now.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:20 PM

Posted 14 August 2015 - 09:12 PM

Good to hear. We are going to run a few programs while we monitor your computer.

Please do this.

===================================================

Running a ListParts Fix in Normal Boot

--------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type Notepad and press Enter
  • Copy and paste the below into Notepad.
Disk=0 Partition=3 Type=07
  • Save as Fix.txt on your Desktop
  • Double click ListParts.exe to launch the program
  • Press the Fix button
  • After the program processes Fix.txt click Scan
  • A Result.txt file will open on your Desktop
  • Copy and paste the information in your reply
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Result log
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Sternritter-A

Sternritter-A
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 14 August 2015 - 11:48 PM

Result log

 

ListParts by Farbar Version: 31-07-2014
Ran by Anthony Espinosa (administrator) on 14-08-2015 at 22:27:18
Windows 7 (X64)
Running From: C:\Users\Anthony Espinosa\Desktop
Language: English (United States)
************************************************************

========================= Memory info ======================

Percentage of memory in use: 72%
Total physical RAM: 6061.32 MB
Available physical RAM: 1693.79 MB
Total Pagefile: 12120.85 MB
Available Pagefile: 7439.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (TI106420W0E) (Fixed) (Total:916.05 GB) (Free:794.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (HDDRECOVERY) (Fixed) (Total:14 GB) (Free:0.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          931 GB      0 B         
  Disk 1    No Media           0 B      0 B         

Partitions of Disk 0:
===============

Disk ID: 7DD71F1D

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery          1500 MB  1024 KB
  Partition 2    Primary            916 GB  1501 MB
  Partition 3    Primary             13 GB   917 GB

======================================================================================================

Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3         System       NTFS   Partition   1500 MB  Healthy    Hidden  

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   TI106420W0E  NTFS   Partition    916 GB  Healthy    Boot    

======================================================================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     E   HDDRECOVERY  NTFS   Partition     13 GB  Healthy            

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 7DD71F1D
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=916 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)


****** End Of Log ******

 

ESET log

 

 

C:\AdwCleaner\Quarantine\C\AI_RecycleBin\{1830346A-316A-440B-8064-94A5FE222341}\3\Strongvault\StrongVaultApp.exe.vir    a variant of MSIL/Adware.StrongVault.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\AI_RecycleBin\{A7553915-AFA2-4F82-9F41-B254D5C4F98A}\3\Strongvault\StrongVaultApp.exe.vir    MSIL/Adware.StrongVault.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\AI_RecycleBin\{AAB1E0DC-9821-4F6D-914C-240A718C7C9E}\5\Strongvault\StrongVaultApp.exe.vir    a variant of MSIL/Adware.StrongVault.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Adblocker\an5m.dll.vir    a variant of Win32/AdWare.MultiPlug.AY application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Adblocker\an5m.x64.dll.vir    a variant of Win64/Adware.MultiPlug.D application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3310511\plugins\TBVerifier.dll.vir    Win32/Toolbar.Conduit.AC potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\continuetosave\sprotector.dll.vir    Win32/SProtector.A potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\continuetosave\uninstall.exe.vir    Win32/SProtector.B potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\dbghelp.dll.vir    a variant of Win32/Adware.MultiPlug.IY application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\sw-booster\Assistant.dll.vir    a variant of Win32/SProtector.L potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\sw-booster\Assistant_x64.dll.vir    a variant of Win64/SProtector.B potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VdxCouponApp\wJrLLndr.dll.vir    a variant of Win32/AdWare.MultiPlug.AY application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VdxCouponApp\wJrLLndr.x64.dll.vir    a variant of Win64/Adware.MultiPlug.D application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Vuaudix\pUsi6.dll.vir    a variant of Win32/AdWare.MultiPlug.AY application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Vuaudix\pUsi6.x64.dll.vir    a variant of Win64/Adware.MultiPlug.D application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebSearch\sprotector.dll.vir    a variant of Win32/SProtector.A potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebSearch\uninstall.exe.vir    Win32/SProtector.B potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Adblocker\Cpzgi.exe.vir    a variant of Win32/AdWare.MultiPlug.AY application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Berowisse22save\5141243dc9372.dll.vir    a variant of Win32/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Blasteroids\up\2.7.41\update.exe.vir    a variant of MSIL/Adware.PullUpdate.G.gen application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Broowse2usavE\51412c75e52c1.dll.vir    a variant of Win32/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir    a variant of MSIL/Adware.PullUpdate.H application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\coNtoinauettoosavE\51a2a2af12c2a.dll.vir    a variant of Win32/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\DownLoaad, keeperu\mD.exe.vir    Win32/AdWare.MultiPlug.AA application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\DownLoaad, keeperu\Q.dll.vir    a variant of Win32/AdWare.MultiPlug.BN application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\EbooekBrowwsE\514124a45c287.dll.vir    a variant of Win32/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\jgfiekjbplbnephckkppgllfomgalddl\RMlx7lV8qV.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\ppdmmofhbgafgpielpedcicidnpllkfg\jS.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\ppdmmofhbgafgpielpedcicidnpllkfg\lsdb.js.vir    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\RandomPrIce\i2ugHrTOlFkN4o.exe.vir    a variant of Win32/AdWare.MultiPlug.BN application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll.vir    a variant of Win32/Adware.Yontoo.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Trusted Publisher\SW-Booster\SW-Booster.exe.vir    a variant of Win32/AdWare.MultiPlug.AB application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\VdxCouponApp\Fq97EWZOz.exe.vir    a variant of Win32/AdWare.MultiPlug.AY application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Vuaudix\hocUWd.exe.vir    a variant of Win32/AdWare.MultiPlug.AY application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\IRcz6biB_c.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\Utbvtg5.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\y0lDWmb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\IRcz6biB_c.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\Utbvtg5.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\IRcz6biB_c.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\Utbvtg5.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\IRcz6biB_c.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\Utbvtg5.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\y0lDWmb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\IRcz6biB_c.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\Utbvtg5.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\y0lDWmb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\IRcz6biB_c.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\Utbvtg5.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaonpiemcjiihedemhopdoefaohcjoch\141\H.js.vir    JS/Adware.MultiPlug.C application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilkcldncbeimlimfgladkcpingihdeea\1.1\EqUNuqJ8.js.vir    JS/Adware.MultiPlug.C application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.31.4.510_0\APISupport\APISupport.dll.vir    a variant of Win32/Conduit.SearchProtect.P potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\background.js.vir    JS/Adware.Spigot.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\torch\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\IRcz6biB_c.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\torch\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\torch\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\torch\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\Utbvtg5.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\torch\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Local\torch\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\y0lDWmb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\Extensions\aes6omst@yiaiwjzoyyy.net\content\bg.js.vir    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\Extensions\npXY@f1OeaS.net\content\bg.js.vir    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\Extensions\o@iFQt.net\content\bg.js.vir    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\Extensions\sDQO@M.edu\content\bg.js.vir    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.14.370.126_0\plugins\ConduitChromeApiPlugin.dll.vir    a variant of Win32/Toolbar.Conduit.AL potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\background.js.vir    JS/Adware.Spigot.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\Extensions\cipnzdn@je-.co.uk\content\bg.js.vir    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\Extensions\npXY@f1OeaS.net\content\bg.js.vir    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\Extensions\Nxb@7w8Cm.net\content\bg.js.vir    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\Extensions\o@iFQt.net\content\bg.js.vir    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\Extensions\sDQO@M.edu\content\bg.js.vir    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\IRcz6biB_c.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\Utbvtg5.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\y0lDWmb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\IRcz6biB_c.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\Utbvtg5.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\IRcz6biB_c.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\Utbvtg5.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\IRcz6biB_c.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\Utbvtg5.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\y0lDWmb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\IRcz6biB_c.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\Utbvtg5.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\y0lDWmb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\IRcz6biB_c.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\Utbvtg5.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\IRcz6biB_c.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\Utbvtg5.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\IRcz6biB_c.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\Utbvtg5.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\y0lDWmb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\windows\System32\roboot64.exe.vir    a variant of Win64/Systweak.A potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe.vir    Win32/DealPly.B potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\windows\SysWOW64\config\systemprofile\AppData\Roaming\SearchProtect\ffprotect\application.js.vir    Win32/Conduit.SearchProtect.A potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\windows\SysWOW64\config\systemprofile\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js.vir    Win32/Conduit.SearchProtect.A potentially unwanted application    cleaned by deleting - quarantined
C:\Program Files (x86)\FreeTrim MP3\goup.exe    Win32/Tsingsoft.A potentially unwanted application    cleaned by deleting - quarantined
C:\Program Files (x86)\Google\Chrome\Application\GoogleUpdateHelper.dll    a variant of Win32/ExtenBro.BK trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\ReeggUlArDeaLs\FYWg5Xn4QlBg4S.dll.vir    a variant of Win32/Adware.MultiPlug.FL application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\ReeggUlArDeaLs\FYWg5Xn4QlBg4S.exe.vir    a variant of Win32/AdWare.MultiPlug.BN application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\ReeggUlArDeaLs\FYWg5Xn4QlBg4S.x64.dll.vir    a variant of Win64/Adware.MultiPlug.G application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\y0lDWmb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\y0lDWmb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\IRcz6biB_c.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\Utbvtg5.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\y0lDWmb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\y0lDWmb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfnjfpcmnoabmbhponbioedjceaddaa\111\content.js.vir    JS/Chromex.Agent.L trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfnjfpcmnoabmbhponbioedjceaddaa\111\XvroJ7qpAr.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcgjnifdiefhdmgignhfmecbpjbpplmj\242\PZ3B.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\IRcz6biB_c.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\Utbvtg5.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Anthony Espinosa\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\y0lDWmb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\extensions\5@Z9n.org\content\bg.js.vir    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\extensions\5LIq3l@LfSe8.org\content\bg.js.vir    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\extensions\Ks4Cdf@0667H.com\content\bg.js.vir    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\extensions\nQK@v.net\content\bg.js.vir    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfnjfpcmnoabmbhponbioedjceaddaa\111\content.js.vir    JS/Chromex.Agent.L trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfnjfpcmnoabmbhponbioedjceaddaa\111\XvroJ7qpAr.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fejeknoakjeblidffkajbioncodnmhge\149\content.js.vir    JS/Chromex.Agent.L trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fejeknoakjeblidffkajbioncodnmhge\149\e6.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmchmkecamhbiokiopfpnfgbidieafmd\204\content.js.vir    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmchmkecamhbiokiopfpnfgbidieafmd\204\G1.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmchmkecamhbiokiopfpnfgbidieafmd\204\lsdb.js.vir    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ollfjiihaphmpjemfhmkngaajbdblbkb\103\jXU.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcgjnifdiefhdmgignhfmecbpjbpplmj\242\PZ3B.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcpghjpdhmmddoiipeafngfpkbpnokd\117\lsdb.js.vir    JS/Adware.MultiPlug.B application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcpghjpdhmmddoiipeafngfpkbpnokd\117\qPK.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\extensions\5@Z9n.org\content\bg.js.vir    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\extensions\5LIq3l@LfSe8.org\content\bg.js.vir    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\extensions\HOYmZ@dLnjH.com\content\bg.js.vir    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\extensions\Ks4Cdf@0667H.com\content\bg.js.vir    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\extensions\nQK@v.net\content\bg.js.vir    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\extensions\smv@h.edu\content\bg.js.vir    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\o1gpwfkg.default\extensions\Ux9@1.edu\content\bg.js.vir    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\y0lDWmb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\y0lDWmb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\IRcz6biB_c.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\Utbvtg5.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\y0lDWmb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\y0lDWmb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\y0lDWmb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\IRcz6biB_c.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eajojkpilgfofjoejopadcgpbbebnjfd\3.18\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gpmngcbegkdnpmepdimeglfdgkifooaf\1.3\Utbvtg5.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce\185\y0lDWmb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Anthony Espinosa\AppData\Roaming\Mozilla\Firefox\Profiles\mg8he5j6.default\prefs.js.BAK    Win32/Adware.MultiPlug.DU application    cleaned by deleting - quarantined
C:\Users\Anthony Espinosa\AppData\Roaming\Rainmaker Software Group LLC.​\Pro PC Cleaner 2.5.6\install\A5A8ADA\Helper.dll    a variant of MSIL/Rebrand.LittleRegClean.B potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Anthony Espinosa\AppData\Roaming\Rainmaker Software Group LLC.​\Pro PC Cleaner 2.5.6\install\A5A8ADA\ProPCCleaner.exe    a variant of MSIL/Rebrand.LittleRegClean.E potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Anthony Espinosa\AppData\Roaming\Rainmaker Software Group LLC.​\Pro PC Cleaner 2.5.6\install\A5A8ADA\Splash.exe    a variant of MSIL/Rebrand.LittleRegClean.E potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Anthony Espinosa\AppData\Roaming\Rainmaker Software Group LLC.​\Pro PC Cleaner 2.5.6\install\A5A8ADA\Uninst000.CA.dll    a variant of MSIL/Rebrand.LittleRegClean.B potentially unwanted application    deleted - quarantined
C:\Users\Anthony Espinosa\Desktop\Old Firefox Data\extensions\cca2b8f2-77b0-4282-9533-b31982107a80@ef5174e8-db70-4d61-88df-24b975460bd0.com\chrome\content\core\xhr.js    JS/Toolbar.Crossrider.G potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Anthony Espinosa\Desktop\Old Firefox Data\extensions\dplt@vsec.co.uk\content\bg.js    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\Users\Anthony Espinosa\Desktop\Old Firefox Data\extensions\eau-aapd@kouiyi.com\content\bg.js    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\Users\Anthony Espinosa\Desktop\Old Firefox Data\extensions\plugin@yontoo.com\content\overlay.js    Win32/Adware.Yontoo application    cleaned by deleting - quarantined
C:\Users\Anthony Espinosa\Desktop\Old Firefox Data\extensions\xw60apac@ldaxwlqkz.edu\content\bg.js    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\Users\Anthony Espinosa\Desktop\Old Firefox Data\extensions\zja4r@poexq.org\content\bg.js    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\Users\Anthony Espinosa\Desktop\Old Firefox Data\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\Plugins\npConduitFirefoxPlugin.dll    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Anthony Espinosa\Desktop\Old Firefox Data\extensions\{e4c3a8b6-7724-45d1-a629-17b69118ebcd}\Plugins\npConduitFirefoxPlugin.dll    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Anthony Espinosa\Documents\Harry Gregson - Williams - Life.exe    Win32/InstalleRex.K potentially unwanted application    deleted - quarantined
C:\Users\Anthony Espinosa\Documents\CAPTSNX2\Captcha Sniper X2\setup.exe    a variant of Win32/Packed.Themida suspicious application    cleaned by deleting - quarantined
C:\Users\Anthony Espinosa\Downloads\AV_Voice_Changer_Software_Diamond_7.0.51_[ChingLiu]_downloader_us_99305.exe    a variant of Win32/ExpressFiles.B potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Anthony Espinosa\Downloads\cbsidlm-cbsi145-PicBlock-SEO-10425744.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Anthony Espinosa\Downloads\FREEAV.exe    a variant of Win32/Toolbar.Visicom.A potentially unwanted application    deleted - quarantined
C:\Users\Anthony Espinosa\Downloads\jabber-setup.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
C:\Users\Anthony Espinosa\Downloads\ppadsetup.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\Users\Anthony Espinosa\Downloads\Setup (3).exe    a variant of Win32/SoftPulse.U potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Anthony Espinosa\Downloads\tvshows.exe    a variant of Win32/InstallIQ.A potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Anthony Espinosa\Downloads\WinRAR_TSV16ULP7.exe    Win32/Toolbar.Conduit.AE potentially unwanted application    deleted - quarantined
C:\Users\Anthony Espinosa\Downloads\WinRAR_TSV47AT22.exe    Win32/Toolbar.Conduit.AE potentially unwanted application    deleted - quarantined
C:\Users\Anthony Espinosa\Music\Pergilah Kasih - D'masiv (d Masiv) - Pergilah Kasih - D'masiv (d Masiv) Mp3.exe    a variant of Win32/Adware.MultiPlug.ED application    cleaned by deleting - quarantined
C:\Users\Familia\Downloads\Player_Setup.exe    a variant of Win32/SoftPulse.AA potentially unwanted application    cleaned by deleting - quarantined
C:\zoek\in\USERTEMP\Fb36A8Mm.exe.part    a variant of Win32/SoftPulse.AD potentially unwanted application    cleaned by deleting - quarantined
C:\zoek\in\USERTEMP\{1D5A287E-6A56-4C8D-B415-7500D3117443}.exe    a variant of Win32/Toolbar.Visicom.A potentially unwanted application    deleted - quarantined
C:\zoek\in\WINDOWSTEMP\tmp2ip0vd\GoogleUpdateHelper.dll    a variant of Win32/ExtenBro.BK trojan    cleaned by deleting - quarantined
C:\zoek\in\WINDOWSTEMP\tmp3rk3mj\dbghelp.dll    a variant of Win32/Adware.MultiPlug.IY application    cleaned by deleting - quarantined
C:\zoek\in\WINDOWSTEMP\tmpaglpyx\V@r.co.uk\content\bg.js    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\zoek\in\WINDOWSTEMP\tmpp1jfw_\xa@dj.org\content\bg.js    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\zoek\in\WINDOWSTEMP\tmpu0w_ni\chrome.dll    a variant of Win32/ExtenBro.BK trojan    cleaned by deleting - quarantined
C:\zoek\in\WINDOWSTEMP\tmpu0w_ni\GoogleUpdateHelper.dll    a variant of Win32/ExtenBro.BK trojan    cleaned by deleting - quarantined
C:\zoek\in\WINDOWSTEMP\tmpx39xly\dbghelp.dll    a variant of Win32/Adware.MultiPlug.IY application    cleaned by deleting - quarantined
C:\zoek_backup\C_PROGRA~2_OpenDownloaderManager\DeltaTB.exe    a variant of Win32/Toolbar.Babylon.A potentially unwanted application    cleaned by deleting - quarantined
C:\zoek_backup\C_Users_Anthony Espinosa_AppData_Local_Google_Chrome_User Data_Default_Extensions_oajgghejjpgkmpgbchgjieahoefimdle\10.31.4.510_0\plugins\ChromeApiPlugin.dll    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application    cleaned by deleting - quarantined
C:\zoek_backup\C_Users_ANTHON~1_AppData_Roaming_Mozilla_Firefox_Profiles_mg8he5j6.default_extensions_pTfZblg@n.com\content\bg.js    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\zoek_backup\C_Users_Familia_AppData_Local_Google_Chrome_User Data_Default_Extensions_oajgghejjpgkmpgbchgjieahoefimdle\10.14.370.24_0\plugins\ConduitChromeApiPlugin.dll    a variant of Win32/Toolbar.Conduit.AL potentially unwanted application    cleaned by deleting - quarantined
C:\zoek_backup\C_Users_Familia_AppData_Local_Google_Chrome_User Data_Default_Extensions_oajgghejjpgkmpgbchgjieahoefimdle\10.31.4.510_0\plugins\ChromeApiPlugin.dll    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application    cleaned by deleting - quarantined
C:\zoek_backup\C_Users_Familia_AppData_Roaming_Mozilla_Firefox_Profiles_o1gpwfkg.default_extensions_pTfZblg@n.com\content\bg.js    JS/Adware.MultiPlug.I application    cleaned by deleting - quarantined
 



#11 Sternritter-A

Sternritter-A
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 15 August 2015 - 12:08 AM

Security Check log

 

Results of screen317's Security Check version 1.006  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Webroot SecureAnywhere   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67  
 Java 8 Update 25  
 Java version 32-bit out of Date!
 Adobe Flash Player 18.0.0.232  
 Adobe Reader XI  
 Mozilla Firefox 38.0.5 Firefox out of Date!  
 Google Chrome (43.0.2357.65)
 Google Chrome (43.0.2357.81)
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

 

How is your computer running?

 

My computer has stay running normal like from last things that we did to it that I said that it went back to running to normal before it got hit by this malware, so nothing yet has come back. :)



#12 Sternritter-A

Sternritter-A
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 15 August 2015 - 12:15 AM

Thank you so much for your time, effort, and your ethics of helping me and everyone that you have helped in this forum until the issue has been solved. I greatly appreciate it. :)



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:20 PM

Posted 15 August 2015 - 07:06 AM

Greetings,

It is my pleasure to help. Thank you for your kind words.

Those reports look good. I would like to update Firefox so please do this.

===================================================

Firefox Update

--------------------

I recommend you consider updating Firefox to the newest version. If you desire to do so please click this link to begin the process.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Firefox update properly?
  • Is everything still running well?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Sternritter-A

Sternritter-A
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 15 August 2015 - 06:09 PM

Did Firefox update properly?

 

Yes!

 

Is everything still running well?

 

One thing worth metioning is, that is morning 2 times I hear a sound advertisement coming from the computer, and it wasn't from any open window or tab, so it wasn't a sound from an advertisement from a popup window or within a tab, so I guess something is still hidden, but other than that it has been running normal, no box ads or pop up ad windows with audio.  

Attached Files



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:20 PM

Posted 15 August 2015 - 06:51 PM

Thanks for the update. Please do these things.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Note: If after disabling Combofix warns you an Antivirus program is still running ignore the warning and run Combofix.
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Roguekiller log
  • Combofix log
  • Update on performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users