Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think I may be dealing with W32 worm..?


  • This topic is locked This topic is locked
24 replies to this topic

#1 telecomladyj

telecomladyj

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 12 September 2015 - 11:27 PM

Hi everybody!

 

I have been computing for a long time and I have never seen something like this. I'm hoping someone else is burning the midnight oil too and I would appreciate some help.  :-)

After clearing temp files, history, cookies, etc any webpage I try to load errors out like there is no internet connection but ipconfig shows a valid IP, and I can ping google.com, 8.8.8.8 and yahoo.com with no problem from the command prompt.

Also a rundll32 error keeps popping up.

A Stinger scan quarantined a file named Explorer.EXE:NTDLL.KiUserExceptionDispatcher::3d80000 in the Windows folder, which I'm hoping is not going to end up being a rootkit infection.

Windows Updates will not complete, MalwareBytes would not complete and HijackThis scan would not complete but I was able to complete an OTL scan. After checking the welcome instructions, I see that you all prefer an FRST scan which did complete. See below, and attached.

I greatly appreciate any assistance you can offer to get this cleaned up. As a disclaimer, let me just say this has all kinds of garbage-ware on it that I would not have on mine, but it's someone else's computer who asked me to look at it so unless something is malicious I'm not inclined to remove it just off the cuff.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-09-2015
Ran by MARY (administrator) on MARY-LT (12-09-2015 22:57:19)
Running from C:\Users\MARY\Desktop
Loaded Profiles: MARY (Available Profiles: MARY & Baby & Guest)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\ProgramData\Uealjikiapa\1.0.5.1\roahihod.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(                                                                                                    ) C:\Windows\Temp\mrtD1CF.tmp\stdrt.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(WebEx Communications, Inc.) C:\Windows\System32\atashost.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
() C:\Program Files\shopperz\csrcc.exe
(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
() C:\ProgramData\FlashBeat\FlashBeat.exe
(Infonaut) C:\Program Files\Infonaut_1.10.0.14\Service\insvc.exe
(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAO.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
(PastaLeads) C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exe
() C:\TOSHIBA\IVP\ISM\pinger.exe
() C:\Users\MARY\AppData\Local\20DBA2CD-1429710305-DD11-BBA9-001E339EBF80\cnsa4.tmp
() C:\Users\MARY\AppData\Roaming\20DBA2CD-1429728048-DD11-BBA9-001E339EBF80\jnse7129.tmp
() C:\Program Files\shopperz\nseven.exe
() C:\Program Files\StormWatch\StormWatchSrv.exe
(Weather Protector LLC) C:\Program Files\StormWatch\SWUpdaterSvc.exe
() C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(WebWatcher) C:\Program Files\SysFiles\WebWatcherProxy.exe
(WinZip Computing, S.L. (WinZip Computing)) C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
() C:\Users\MARY\AppData\Local\20DBA2CD-1429710329-DD11-BBA9-001E339EBF80\snsv57F1.tmp
(Time Lapse Solutions) C:\ProgramData\OEGUQbEfDfc\gynCCr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
() C:\Program Files\Steel Cut\bin\utilSteelCut.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
() C:\Program Files\Steel Cut\updateSteelCut.exe
(globalUpdate) C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(PC Drivers Headquarters) C:\Program Files\Driver Support\DriverSupport.exe
(Cinema_Plus_i2V22.04) C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-1-6.exe
() C:\ProgramData\Uealjikiapa\1.0.5.1\roahihod.exe
(Cinema PlusV22.04) C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-6.exe
(Cinema_Plus_i2V22.04) C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-6.exe
(Cinema PlusV22.04) C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-1-6.exe
() C:\Users\MARY\AppData\Local\ospd_us_1029\upospd_us_1029.exe
() C:\Program Files\version42BlockAndSurf\BlockAndSurf.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Teleca Sweden AB) C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(SoftBrain Technologies Ltd.) C:\Users\MARY\AppData\Local\SmartWeb\SmartWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(SUPER PC TOOLS LIMITED) C:\Program Files\Super Optimizer\SupOptReminder.exe
() C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe
() C:\Program Files\Optimizer Pro 3.84\OptProSmartScan.exe
() C:\Program Files\Optimizer Pro 3.84\OptProReminder.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Teleca Sweden AB) C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Popwire AB) C:\Program Files\Common Files\Teleca Shared\logger.exe
(Teleca AB) C:\Program Files\Common Files\Teleca Shared\Generic.exe
(SoftBrain Technologies Ltd.) C:\Users\MARY\AppData\Local\SmartWeb\SmartWebApp.exe
(Teleca) C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
(Teleca Sweden AB) C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
(Teleca AB) C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
(Microsoft Corporation) C:\Windows\System32\mcbuilder.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-11-01] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [448080 2007-06-16] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-05-05] (Google)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [cfFncEnabler.exe] => cfFncEnabler.exe
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [76304 2008-12-18] (Logitech, Inc.)
HKLM\...\Run: [Mobile Connectivity Suite] => C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe [598016 2009-11-19] (Teleca Sweden AB)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [LTCM Client] => C:\Program Files\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM\...\Run: [WinCheck] => C:\Users\MARY\AppData\Local\20DBA2CD-1429710126-DD11-BBA9-001E339EBF80\bnse3CF3.exe [365056 2015-04-22] ()
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [337440 2013-06-25] (McAfee, Inc.)
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.)
HKLM\...\RunOnce: [upospd_us_1029.exe] => C:\Users\MARY\AppData\Local\ospd_us_1029\upospd_us_1029.exe [3307464 2015-04-17] ()
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [112128 2008-05-05] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2009-07-05]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\MARY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-04-22]
ShortcutTarget: SmartWeb.lnk -> C:\Users\MARY\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\system32\WebWatcherLSP.dll [347832 2015-04-22] (WebWatcher)
Winsock: Catalog9 02 C:\Windows\system32\WebWatcherLSP.dll [347832 2015-04-22] (WebWatcher)
Winsock: Catalog9 03 C:\Windows\system32\WebWatcherLSP.dll [347832 2015-04-22] (WebWatcher)
Winsock: Catalog9 04 C:\Windows\system32\WebWatcherLSP.dll [347832 2015-04-22] (WebWatcher)
Winsock: Catalog9 15 C:\Windows\system32\WebWatcherLSP.dll [347832 2015-04-22] (WebWatcher)
Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50
Tcpip\..\Interfaces\{4905BA70-DFD9-4CB9-9E67-3A0F36D65178}: [DhcpNameServer] 192.168.100.254
Tcpip\..\Interfaces\{8FBCCC07-2F34-4DD1-B98C-4023EB418FA5}: [DhcpNameServer] 24.116.0.53 24.116.2.50

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://www.yahoo.com
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: ExstraCooupoon -> {14110491-580c-4662-bb4a-4c80ee7d281d} -> C:\Program Files\ExstraCooupoon\3AZOmXmIxyop6c.dll [2015-04-29] ()
BHO: AskBar BHO -> {201f27d4-3704-41d6-89c1-aa35e39143ed} -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-07-17] (Ask.com)
BHO: Freecause Toolbar BHO -> {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} -> C:\Program Files\Dogpile Toolbar\Toolbar.dll [2009-05-26] ()
BHO: HealthcareGovTool -> {4A373FEB-19AF-41E0-949B-40A8EF5F0D3B} -> C:\Program Files\HealthcareGovTool\ScriptHost.dll [2015-03-31] (healthcaregovtool)
BHO: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff32.dll [2015-03-25] ()
BHO: Steel Cut 1.0.0.7 -> {581f8d6b-754f-4b80-88f6-6037771c0a44} -> C:\Program Files\Steel Cut\SteelCutbho.dll [2015-04-22] (Steel Cut)
BHO: PriceLoEoss -> {5e5d0c3c-bfb1-4ac2-b981-8e9312e1a409} -> C:\Program Files\PriceLoEoss\U4cPPcwKiWF5b1.dll [2015-04-22] ()
BHO: BlockAndSurf -> {79AAD48C-7658-E566-0E71-9D097E9E899C} -> C:\Program Files\version42BlockAndSurf\192.dll [2015-04-22] ()
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20150819105854.dll [2015-08-19] (McAfee, Inc.)
BHO: 50Coupoonsa -> {81a5b9ae-377c-4d5d-8458-5221819c752a} -> C:\Program Files\50Coupoonsa\j5U9krLFGJcUUu.dll [2015-04-29] ()
BHO: PriceeLess -> {915884d9-02a3-4190-b327-a4e29332d7eb} -> C:\Program Files\PriceeLess\RnEOFr8Tvmw3rC.dll [2015-04-22] ()
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-19] (Google Inc.)
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files\Consumer Input\InternetExplorer\dca-bho.dll [2015-07-14] (Compete, Inc.)
BHO: PriceLeSs -> {c50b981a-add9-4b87-8992-f8ce28281432} -> C:\Program Files\PriceLeSs\WUgyqI3OHbPPYJ.dll [2015-04-22] ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-04] (Sun Microsystems, Inc.)
BHO: kikin Plugin -> {E601996F-E400-41CA-804B-CD6373A7EEE2} -> C:\Program Files\kikin\ie_kikin.dll [2011-04-11] (kikin)
Toolbar: HKLM - Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-07-17] (Ask.com)
Toolbar: HKLM - Dogpile Toolbar - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll [2009-05-26] ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000 -> No Name - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} -  No File
Toolbar: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000 -> Ask Toolbar - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-07-17] (Ask.com)
Toolbar: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000 -> Dogpile Toolbar - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll [2009-05-26] ()
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default
FF Homepage: hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2009-04-28] (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-04-22] (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-04-22] (globalUpdate)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-12] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-12] (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin: @worldwinner.com/Launcher2,version=1.9.0.23 -> C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll [2010-03-16] (WorldWinner.com, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\user.js [2015-04-22]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Extension: PriceeLess - C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\5lP4GwiZ@H.edu [2015-04-22]
FF Extension: Lights Cinema 1.3betaV22.04 - C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\973ba634716b4639a1c150b40c@5afc24a09e55466bb60878000.com [2015-04-22]
FF Extension: Cinema_Plus_i2V22.04 - C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\AVJYFVOD75109374@HCDE39471360.com [2015-04-22]
FF Extension: MinimuMPuricee - C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\nAMONZ@l.org [2015-05-01]
FF Extension: PriceLeSs - C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\pHgpJa@Yk.org [2015-04-22]
FF Extension: AllChEappPoriece - C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\VuLRk9Fga@P.org [2015-08-19]
FF Extension: PriceLoEoss - C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\zut6L@3B.net [2015-04-22]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-16]
FF Extension: Yahoo! Toolbar - C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-09-29]
FF Extension: Zynga  - C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2014-05-14]
FF Extension: kikin plugin - C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2011-12-21]
FF Extension: No Name - C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\59D317DB041748fdB89B47E6F96058F3@jetpack.xpi [2015-04-22]
FF Extension: Steel Cut 1.0.1 - C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\{7929dd67-6f70-43ee-9cc7-c3b1ebca3d6c}.xpi [2015-04-22]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-08-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-08-26]
FF Extension: Healthcare Gov Tool - C:\Program Files\Mozilla Firefox\extensions\healthcare@healthcaregovtool.com.xpi [2015-03-31]
FF Extension: Healthcare Gov Tool - C:\Program Files\Mozilla Firefox\browser\extensions\healthcare@healthcaregovtool.com.xpi [2015-03-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-02]
FF HKLM\...\Firefox\Extensions: [myspacefftb@myspace.com] - C:\Program Files\MySpace\Toolbar\1.0.72.0
FF Extension: MySpace Toolbar for Windows - C:\Program Files\MySpace\Toolbar\1.0.72.0 [2010-05-16]
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF Extension: shopperz - C:\Program Files\shopperz\Firefox [2015-04-22]
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files\Common Files\McAfee\SystemCore [2015-08-19]
FF HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files\Consumer Input\Firefox\ciff-3.2.0-12099.xpi
FF HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\Firefox\Extensions: [{EDFB8DAF-FFDE-A9DE-F341-F0A7EC5530DB}] - C:\Program Files\version42BlockAndSurf\192.xpi
FF Extension: BlockAndSurf - C:\Program Files\version42BlockAndSurf\192.xpi [2015-04-22]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Steel Cut) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnmnjlidlhicjbeaidocohikobfelhp [2015-04-22]
CHR Extension: (Google Docs) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-06]
CHR Extension: (Google Drive) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-06]
CHR Extension: (BlockAndSurf) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdheabnbdelbnhkennpakjhjjknaanab [2015-04-22]
CHR Extension: (Online SpongeBob Games) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blkommpkadaihnagjpjpjbhkgfoekldk [2015-04-29]
CHR Extension: (YouTube) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-06]
CHR Extension: (Lights Cinema 1.3betaV22.04) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceaohckoegdncfpojeiehjkaffbdahli [2015-04-22]
CHR Extension: (Google Search) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-07]
CHR Extension: (Cinema_Plus_i2V22.04) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-04-22]
CHR Extension: (Announcify) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiolkcfamcbpoandjpnefiegkcpeoan [2015-05-20]
CHR Extension: (Google Wallet) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-06]
CHR Extension: (Gmail) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-06]
CHR Extension: (PriceLoEoss) - C:\ProgramData\ifghpihfgkcbgimcjaimkigiahnfocih\ []
CHR Extension: (PriceeLess) - C:\ProgramData\jkpceaeehiaeaaoejlhpcbilolhghhhl\ []
CHR Extension: (PriceLeSs) - C:\ProgramData\ohkndbbikeadpbbpfobcabhdhekgpcmo\ []

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 22134214; c:\Program Files\Super Optimizer\SupOptStats.dll [1822768 2015-04-22] ()
R2 40030ae4; c:\Program Files\Supporter\Supporter.dll [1574400 2015-04-22] () [File not signed]
R2 67b32930; c:\Program Files\Optimizer Pro 3.84\OptProMon.dll [1752104 2015-04-22] () <==== ATTENTION
S4 70F4EEDB-1367-4b4f-8247-3133551A7415; C:\Program Files\shopperz\grunt.exe [282488 2015-03-25] ()
S2 Adobe Licensing Console; C:\Windows\System32\lnsecsl.exe [1202396 2015-04-22] (                                                                                                    ) [File not signed] <==== ATTENTION
S4 AppMgr1.26.3056825; C:\ProgramData\AppMgr1.26.3056825\appmgr.exe [488688 2015-08-19] ()
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) [File not signed]
S2 consumerinput_update; C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2015-04-22] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2015-04-22] (ConsumerInput)
R2 csrcc; C:\Program Files\shopperz\csrcc.exe [1446264 2015-03-25] ()
R2 DSAO; C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe [1684944 2015-04-20] (PC Drivers HeadQuarters LP)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 FlashBeat; C:\ProgramData\FlashBeat\FlashBeat.exe [300032 2015-04-22] () [File not signed]
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-11] (WildTangent)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2015-04-22] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2015-04-22] (globalUpdate) [File not signed] <==== ATTENTION
S3 GoogleDesktopManager-022208-143751; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-05-05] (Google)
R2 gynCCr; C:\ProgramData\OEGUQbEfDfc\gynCCr.exe [2730984 2015-04-22] (Time Lapse Solutions)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 insvc_1.10.0.14; C:\Program Files\Infonaut_1.10.0.14\Service\insvc.exe [278600 2015-04-10] (Infonaut)
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [130080 2013-06-25] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [204320 2015-08-19] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [208416 2014-01-15] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [174968 2015-08-19] (McAfee, Inc.)
R2 pastaleadsupd; C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exe [798720 2015-05-17] (PastaLeads) [File not signed]
R2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 pyteqisi; C:\Users\MARY\AppData\Local\20DBA2CD-1429710305-DD11-BBA9-001E339EBF80\cnsa4.tmp [84480 2015-04-22] () [File not signed]
R2 ryvyrife; C:\Users\MARY\AppData\Roaming\20DBA2CD-1429728048-DD11-BBA9-001E339EBF80\jnse7129.tmp [180224 2015-04-22] () [File not signed]
R2 shopperz Updater; C:\Program Files\shopperz\nseven.exe [170360 2015-03-25] ()
R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba) [File not signed]
R2 StormWatch Update Service; C:\Program Files\StormWatch\StormWatchSrv.exe [586264 2015-04-10] ()
R2 SWUpdater; C:\Program Files\StormWatch\SWUpdaterSvc.exe [17584 2014-11-22] (Weather Protector LLC)
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 Update Steel Cut; C:\Program Files\Steel Cut\updateSteelCut.exe [475376 2015-09-12] ()
R2 Util Steel Cut; C:\Program Files\Steel Cut\bin\utilSteelCut.exe [475376 2015-09-12] ()
R2 WebWatcherProxy; C:\Program Files\SysFiles\WebWatcherProxy.exe [1856832 2015-04-07] (WebWatcher)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 WINZIPSSDiskOptimizer; C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe [268072 2013-02-13] (WinZip Computing, S.L. (WinZip Computing))
R2 xihyqumu; C:\Users\MARY\AppData\Local\20DBA2CD-1429710329-DD11-BBA9-001E339EBF80\snsv57F1.tmp [262656 2015-04-22] () [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CDRPDACC; C:\Program Files\321Studios\DVDXTREME\Shared\CDRPDACC.SYS [5273 2003-10-30] (Arrowkey) [File not signed]
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [51160 2015-01-06] (Cherimoya Ltd)
R1 innfd_1_10_0_14; C:\Windows\System32\drivers\innfd_1_10_0_14.sys [52720 2015-04-10] (Infonaut)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [134472 2015-08-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236480 2015-08-19] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [66408 2015-08-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [573136 2015-08-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [93144 2015-08-19] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [213872 2015-08-19] (McAfee, Inc.)
R1 PastaLUpdd; C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaldrw.sys [46800 2015-05-17] ()
S3 SQTECH9051; C:\Windows\System32\Drivers\Capt9051.sys [41216 2008-04-11] (Service & Quality Technology.) [File not signed]
S3 SVRPEDRV; C:\Windows\System32\sysprep\PEDrv.sys [9216 2008-01-18] (Inventec Corporation) [File not signed]
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
R2 webTinstMKTN84; C:\Windows\system32\Drivers\webTinstMKTN84.sys [43512 2015-04-22] () <==== ATTENTION
R1 wwwd; C:\Windows\system32\Drivers\wwwd.sys [28312 2015-04-07] () [File not signed]
R1 {62bf0628-5809-49d1-9eee-14fa45047c7b}t; C:\Windows\System32\drivers\{62bf0628-5809-49d1-9eee-14fa45047c7b}t.sys [55816 2015-05-25] (StdLib)
R1 {6dfc5aca-15d7-49c9-89a5-7df5102d7909}t; C:\Windows\System32\drivers\{6dfc5aca-15d7-49c9-89a5-7df5102d7909}t.sys [55816 2015-05-27] (StdLib)
R1 {6eab28b9-4079-4e33-afb7-c332c7d8e930}Gt; C:\Windows\System32\drivers\{6eab28b9-4079-4e33-afb7-c332c7d8e930}Gt.sys [55816 2015-04-23] (StdLib)
R1 {7929dd67-6f70-43ee-9cc7-c3b1ebca3d6c}Gt; C:\Windows\System32\drivers\{7929dd67-6f70-43ee-9cc7-c3b1ebca3d6c}Gt.sys [55816 2015-04-22] (StdLib)
R1 {8a6c5cb0-8029-45d5-81ec-3d760f3f2e68}t; C:\Windows\System32\drivers\{8a6c5cb0-8029-45d5-81ec-3d760f3f2e68}t.sys [55816 2015-04-28] (StdLib)
R1 {b75bf4f2-b9e7-4446-be16-8fafc15eb88d}t; C:\Windows\System32\drivers\{b75bf4f2-b9e7-4446-be16-8fafc15eb88d}t.sys [55816 2015-04-29] (StdLib)
R1 {c979301f-1894-4c06-9f58-e9aca8d65afc}t; C:\Windows\System32\drivers\{c979301f-1894-4c06-9f58-e9aca8d65afc}t.sys [55816 2015-07-23] (StdLib)
S3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U3 mfeavfk01; no ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-12 22:57 - 2015-09-12 22:58 - 00033954 _____ C:\Users\MARY\Desktop\FRST.txt
2015-09-12 22:56 - 2015-09-12 22:57 - 00000000 ____D C:\FRST
2015-09-12 22:56 - 2015-09-12 12:24 - 01692160 _____ (Farbar) C:\Users\MARY\Desktop\FRST.exe
2015-09-12 19:40 - 2015-07-21 15:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-12 19:40 - 2015-07-21 11:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-09-12 19:40 - 2015-07-21 11:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-09-12 19:40 - 2015-07-21 11:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-09-12 19:40 - 2015-07-21 11:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-09-12 19:40 - 2015-07-21 11:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-12 19:40 - 2015-07-21 11:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-09-12 19:39 - 2015-07-21 11:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-12 19:39 - 2015-07-03 11:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-09-12 19:35 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-12 19:21 - 2009-08-04 03:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2015-09-12 19:18 - 2015-06-17 11:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-09-12 19:18 - 2015-06-17 10:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-09-12 19:17 - 2015-06-12 11:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-12 19:16 - 2015-07-09 09:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-09-12 19:11 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-09-12 19:11 - 2015-04-24 10:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-09-12 19:05 - 2015-07-11 10:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-09-12 18:37 - 2015-09-12 18:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01007.Wdf
2015-09-12 18:34 - 2015-07-18 11:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-09-12 18:31 - 2015-07-10 14:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-12 18:31 - 2015-07-10 14:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-12 18:29 - 2015-05-31 03:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-09-12 18:28 - 2015-07-31 17:08 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-12 18:28 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-09-12 18:28 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-09-12 18:28 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-09-12 18:28 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-09-12 18:28 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-09-12 18:28 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-09-12 18:28 - 2015-07-31 15:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-12 18:27 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-09-12 18:27 - 2015-07-31 15:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-12 18:27 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-09-12 18:27 - 2015-07-31 15:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-09-12 18:24 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-09-12 18:24 - 2015-06-27 11:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-12 18:24 - 2015-06-27 11:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-12 18:24 - 2015-06-27 11:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-12 18:24 - 2015-06-27 11:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-12 18:24 - 2015-06-27 09:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-12 18:24 - 2015-06-27 09:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-12 18:24 - 2015-06-12 08:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-12 18:24 - 2015-05-08 18:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-12 18:24 - 2015-01-08 19:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-12 18:23 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-09-12 18:23 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-09-12 18:21 - 2015-05-04 17:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-09-12 18:21 - 2015-05-04 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-09-12 18:21 - 2015-05-04 17:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-09-12 18:21 - 2015-05-04 17:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-09-12 18:21 - 2015-05-04 16:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-09-12 16:46 - 2015-09-12 16:46 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-12 16:46 - 2015-09-12 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-12 16:46 - 2015-09-12 16:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-12 16:46 - 2015-09-12 16:46 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-12 16:46 - 2015-07-16 04:19 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-12 16:46 - 2015-07-16 04:19 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-12 16:46 - 2015-07-16 04:18 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-12 16:46 - 2015-07-16 04:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-09-12 16:46 - 2015-07-16 04:14 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-12 16:46 - 2015-07-16 04:13 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-12 16:46 - 2015-07-16 04:13 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-09-12 16:46 - 2015-07-16 04:12 - 02006016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-12 16:46 - 2015-07-16 04:12 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-12 16:46 - 2015-07-16 04:12 - 00727552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-12 16:46 - 2015-07-16 04:12 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-12 16:46 - 2015-07-16 04:12 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-12 16:46 - 2015-07-16 04:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-12 16:46 - 2015-07-16 01:48 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-12 16:46 - 2015-07-16 01:48 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-12 16:46 - 2015-07-16 01:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-09-12 16:46 - 2015-07-16 01:45 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-12 16:46 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-12 16:46 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-12 16:46 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-12 16:45 - 2015-07-16 04:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-12 16:45 - 2015-07-16 04:18 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-09-12 16:45 - 2015-07-16 04:14 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-09-12 16:45 - 2015-07-16 04:13 - 06010368 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-12 16:45 - 2015-07-16 04:13 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-12 16:45 - 2015-07-16 04:12 - 11085824 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-12 16:45 - 2015-07-16 04:12 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-09-12 16:45 - 2015-07-16 04:12 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-12 16:45 - 2015-07-16 04:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-09-12 16:45 - 2015-07-16 04:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-12 16:45 - 2015-07-16 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-09-12 16:45 - 2015-07-16 04:10 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-12 16:45 - 2015-07-16 04:10 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-12 16:45 - 2015-07-16 04:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-09-12 16:45 - 2015-07-16 03:00 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-12 13:58 - 2015-09-12 14:21 - 00000000 ____D C:\Users\MARY\Desktop\AJ
2015-08-19 23:13 - 2015-09-12 15:17 - 00000000 ____D C:\Windows\pss
2015-08-19 18:28 - 2015-08-19 18:28 - 00000000 ____D C:\ProgramData\WindowsSearch
2015-08-19 13:51 - 2015-09-12 14:23 - 00000108 ___RH C:\Users\MARY\Desktop\Stinger.opt
2015-08-19 13:01 - 2015-08-19 13:01 - 00000000 ____D C:\Quarantine
2015-08-19 12:41 - 2015-08-19 13:33 - 00001088 _____ C:\Users\MARY\Desktop\Stinger_19082015_124110.html
2015-08-19 12:38 - 2015-08-19 12:26 - 14501232 _____ (McAfee Inc) C:\Users\MARY\Desktop\stinger32.exe
2015-08-19 11:01 - 2015-08-19 11:01 - 00000000 ____D C:\Users\MARY\AppData\Roaming\McAfee
2015-08-19 11:00 - 2015-09-12 22:45 - 00262144 _____ C:\Windows\system32\config\ELAM
2015-08-19 10:59 - 2015-08-19 10:55 - 00094080 _____ (McAfee, Inc.) C:\Windows\system32\MfeOtlkAddin.dll
2015-08-19 10:59 - 2015-08-19 10:55 - 00025088 _____ (McAfee, Inc.) C:\Windows\system32\MFEOtlk.dll
2015-08-19 10:58 - 2015-08-19 10:55 - 00573136 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2015-08-19 10:58 - 2015-08-19 10:55 - 00236480 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2015-08-19 10:58 - 2015-08-19 10:55 - 00134472 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
2015-08-19 10:58 - 2015-08-19 10:55 - 00093144 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys
2015-08-19 10:58 - 2015-08-19 10:55 - 00066408 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfebopk.sys
2015-08-19 10:58 - 2015-08-19 10:55 - 00010568 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeclnk.sys
2015-08-19 10:57 - 2015-08-19 10:55 - 00213872 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
2015-08-19 10:57 - 2015-08-19 10:55 - 00174968 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-08-19 10:56 - 2015-08-19 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-08-19 10:52 - 2015-08-19 10:57 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-08-19 10:52 - 2015-08-19 10:52 - 00000000 ____D C:\Program Files\McAfee
2015-08-19 10:49 - 2015-08-19 10:50 - 00000000 ____D C:\Users\MARY\Desktop\New Folder

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-12 22:59 - 2015-04-22 14:03 - 00001022 _____ C:\Windows\Tasks\UsA3Y3DGWI8lU6Vg050nkIYOo3C.job
2015-09-12 22:59 - 2015-04-22 13:51 - 00000432 _____ C:\Windows\Tasks\CIMT_S-1-5-21-1063116495-4114681664-2467881189-1000.job
2015-09-12 22:56 - 2006-11-02 05:33 - 00763670 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-12 22:55 - 2015-04-22 14:55 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-09-12 22:55 - 2015-04-22 13:55 - 00002102 _____ C:\Windows\Tasks\20d13ed4-3ff8-43fa-b399-700ada086a92-10_user.job
2015-09-12 22:54 - 2015-04-22 16:23 - 00000418 _____ C:\Windows\Tasks\BlockAndSurf Update.job
2015-09-12 22:53 - 2006-11-02 07:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-12 22:53 - 2006-11-02 07:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-12 22:52 - 2010-02-03 18:52 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-12 22:52 - 2010-02-03 18:52 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-12 22:51 - 2015-04-22 16:23 - 00002178 _____ C:\Windows\patsearch.bin
2015-09-12 22:51 - 2015-04-22 14:12 - 00000998 _____ C:\Windows\Tasks\lZYVDvAe7GlknGA.job
2015-09-12 22:51 - 2015-04-22 14:12 - 00000994 _____ C:\Windows\Tasks\smmDQbZEFSzBQ.job
2015-09-12 22:51 - 2015-04-22 14:05 - 00002430 _____ C:\Windows\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-5_user.job
2015-09-12 22:51 - 2015-04-22 14:05 - 00002430 _____ C:\Windows\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-5.job
2015-09-12 22:51 - 2015-04-22 14:05 - 00001016 _____ C:\Windows\Tasks\klJfmcRT9KGJYtK7B2C6UoSz.job
2015-09-12 22:51 - 2015-04-22 14:05 - 00000990 _____ C:\Windows\Tasks\rCiNBy3auXo.job
2015-09-12 22:51 - 2015-04-22 14:04 - 00004478 _____ C:\Windows\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-4.job
2015-09-12 22:51 - 2015-04-22 14:04 - 00003458 _____ C:\Windows\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-1-7.job
2015-09-12 22:51 - 2015-04-22 14:04 - 00003122 _____ C:\Windows\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-1-6.job
2015-09-12 22:51 - 2015-04-22 14:03 - 00005502 _____ C:\Windows\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-6.job
2015-09-12 22:51 - 2015-04-22 14:03 - 00005166 _____ C:\Windows\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-7.job
2015-09-12 22:51 - 2015-04-22 14:03 - 00002444 _____ C:\Windows\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-5_user.job
2015-09-12 22:51 - 2015-04-22 14:03 - 00002444 _____ C:\Windows\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-5.job
2015-09-12 22:51 - 2015-04-22 14:03 - 00001016 _____ C:\Windows\Tasks\4nWD0DuQtXtajdhhOyIO1Kts.job
2015-09-12 22:51 - 2015-04-22 14:02 - 00004478 _____ C:\Windows\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-3.job
2015-09-12 22:51 - 2015-04-22 14:02 - 00003472 _____ C:\Windows\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-1-7.job
2015-09-12 22:51 - 2015-04-22 14:02 - 00003136 _____ C:\Windows\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-1-6.job
2015-09-12 22:51 - 2015-04-22 14:02 - 00002096 _____ C:\Windows\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-10_user.job
2015-09-12 22:51 - 2015-04-22 14:01 - 00005516 _____ C:\Windows\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-7.job
2015-09-12 22:51 - 2015-04-22 14:01 - 00005516 _____ C:\Windows\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-6.job
2015-09-12 22:51 - 2015-04-22 14:01 - 00004492 _____ C:\Windows\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-4.job
2015-09-12 22:51 - 2015-04-22 14:00 - 00004492 _____ C:\Windows\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-3.job
2015-09-12 22:51 - 2015-04-22 14:00 - 00002110 _____ C:\Windows\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-10_user.job
2015-09-12 22:51 - 2015-04-22 13:55 - 00002436 _____ C:\Windows\Tasks\20d13ed4-3ff8-43fa-b399-700ada086a92-5_user.job
2015-09-12 22:51 - 2015-04-22 13:55 - 00002436 _____ C:\Windows\Tasks\20d13ed4-3ff8-43fa-b399-700ada086a92-5.job
2015-09-12 22:51 - 2015-04-22 13:55 - 00001682 _____ C:\Windows\Tasks\AUSAMRFZ.job
2015-09-12 22:51 - 2015-04-22 13:55 - 00000956 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-09-12 22:51 - 2015-04-22 13:40 - 00000950 _____ C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job
2015-09-12 22:51 - 2009-01-13 07:21 - 01954289 _____ C:\Windows\WindowsUpdate.log
2015-09-12 22:50 - 2015-04-22 13:51 - 00000466 _____ C:\Windows\Tasks\CIMT_daily_S-1-5-21-1063116495-4114681664-2467881189-1000.job
2015-09-12 22:50 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-12 22:45 - 2015-04-22 13:40 - 00000954 _____ C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job
2015-09-12 22:44 - 2015-04-22 16:59 - 00000105 _____ C:\Windows\system32\get.dat
2015-09-12 22:44 - 2015-04-22 13:35 - 00000000 ____D C:\Program Files\Steel Cut
2015-09-12 22:42 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-12 22:42 - 2006-11-02 07:47 - 00390976 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-12 22:38 - 2015-03-15 09:17 - 00077178 _____ C:\Windows\PFRO.log
2015-09-12 20:08 - 2006-11-02 08:01 - 00032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-12 20:07 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-09-12 19:48 - 2014-03-30 07:09 - 00000000 ____D C:\temp
2015-09-12 19:43 - 2009-01-13 06:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-12 19:39 - 2010-06-12 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-12 19:38 - 2010-01-16 01:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-12 19:34 - 2015-05-20 16:43 - 00000000 ____D C:\ProgramData\Uealjikiapa
2015-09-12 19:14 - 2009-03-02 12:36 - 00000000 ____D C:\Users\MARY
2015-09-12 19:13 - 2013-01-26 20:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-12 19:03 - 2013-07-23 03:01 - 00000000 ____D C:\Windows\system32\MRT
2015-09-12 18:37 - 2015-04-22 16:23 - 00003869 _____ C:\Windows\setupact.log
2015-09-12 15:41 - 2011-10-30 11:23 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-09-12 14:15 - 2015-04-22 13:55 - 00000960 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-08-19 18:28 - 2015-04-22 14:08 - 00000000 ____D C:\ProgramData\AppMgr1.26.3056825
2015-08-19 10:58 - 2009-07-01 11:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-19 10:56 - 2010-08-20 23:24 - 00000000 ____D C:\ProgramData\McAfee
2015-08-19 10:47 - 2014-04-01 20:12 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-08-19 10:45 - 2006-11-02 05:23 - 00000492 _____ C:\Windows\win.ini
2015-08-17 13:04 - 2015-04-26 21:13 - 00000484 _____ C:\Windows\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job

==================== Files in the root of some directories =======

2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\MARY\AppData\Roaming\4nWD0DuQtXtajdhhOyIO1Kts
2015-04-20 08:45 - 2015-04-20 08:45 - 1246720 _____ () C:\Users\MARY\AppData\Roaming\4nWD0DuQtXtajdhhOyIO1Kts.exe
2015-05-25 14:23 - 2015-05-25 14:23 - 0000024 _____ () C:\Users\MARY\AppData\Roaming\appdataFr25.bin
2015-04-28 19:00 - 2015-05-10 05:26 - 0000020 _____ () C:\Users\MARY\AppData\Roaming\appdataFr3.bin
2015-01-25 11:12 - 2015-01-25 11:12 - 0001248 _____ () C:\Users\MARY\AppData\Roaming\AUSAMRFZ
2015-04-22 13:55 - 2015-04-22 13:55 - 1854464 _____ (Com NotificationsV06.03) C:\Users\MARY\AppData\Roaming\AUSAMRFZ.exe
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\MARY\AppData\Roaming\klJfmcRT9KGJYtK7B2C6UoSz
2015-04-20 08:45 - 2015-04-20 08:45 - 1246720 _____ () C:\Users\MARY\AppData\Roaming\klJfmcRT9KGJYtK7B2C6UoSz.exe
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\MARY\AppData\Roaming\lZYVDvAe7GlknGA
2015-04-20 08:45 - 2015-04-20 08:45 - 1579520 _____ () C:\Users\MARY\AppData\Roaming\lZYVDvAe7GlknGA.exe
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\MARY\AppData\Roaming\rCiNBy3auXo
2015-04-20 08:45 - 2015-04-20 08:45 - 1579520 _____ () C:\Users\MARY\AppData\Roaming\rCiNBy3auXo.exe
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\MARY\AppData\Roaming\smmDQbZEFSzBQ
2015-04-20 08:45 - 2015-04-20 08:45 - 1246720 _____ () C:\Users\MARY\AppData\Roaming\smmDQbZEFSzBQ.exe
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\MARY\AppData\Roaming\UsA3Y3DGWI8lU6Vg050nkIYOo3C
2015-04-20 08:45 - 2015-04-20 08:45 - 1579520 _____ () C:\Users\MARY\AppData\Roaming\UsA3Y3DGWI8lU6Vg050nkIYOo3C.exe
2010-05-17 13:38 - 2015-05-27 11:47 - 0000680 _____ () C:\Users\MARY\AppData\Local\d3d9caps.dat
2009-03-02 12:45 - 2015-05-01 01:03 - 0045056 _____ () C:\Users\MARY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-22 16:23 - 2015-04-22 16:23 - 0613255 _____ (CMI Limited) C:\Users\MARY\AppData\Local\nsoCD22.tmp

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.


LastRegBack: 2015-09-12 22:48

==================== End of FRST.txt ============================

Attached File  Addition.txt   80.58KB   10 downloads



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:28 PM

Posted 13 September 2015 - 04:45 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    50Coupoonsa
    AdPunisher
    AnyProtect
    AnySend
    Ask Toolbar
    BlockAndSurf
    BubbleSound
    Cinema_Plus_i2V22.04
    cinemaplus version 2.04
    Com NotificationsV06.03
    Consumer Input
    ExstraCooupoon
    FlashBeat
    GamesDesktop 025.474
    Infonaut 1.10.0.14
    Left Button Laptop Computer
    Lights Cinema 1.3betaV22.04
    Low-tech Tablet PC
    MinimuMPuricee
    MyPC Backup
    Online SpongeBob Games
    Optimizer Pro v3.2
    PriceLoEoss
    shopperz 2.0.0.457
    SmartWeb
    Steel Cut
    StormWatch
    Super Optimizer v3.2
    Support PL 1.1
    Zombie News
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 telecomladyj

telecomladyj
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 14 September 2015 - 12:10 AM

Hello Jürgen, thanks so much for the help! It is most appreciated.

I was not able to run Revo in regular boot so I booted in diagnostic mode. Some of the uninstalls failed, some tried to launch browser but others did not.

Regardless, I did check and delete the ones you told me to once it said the uninstall process was complete.. The Rundll32 error has stopped popping up so that's good.

I can still ping outside servers, but the browser will not go to any website, even after running it with add ons disabled.

Please see the Adwcleaner log below. I apologize for the delayed response but I promise to stick with you and reply as soon as I can. Thanks again!

 

# AdwCleaner v5.007 - Logfile created 13/09/2015 at 19:09:51
# Updated 08/09/2015 by Xplode
# Database : 2015-09-08.2 [Local]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : MARY - MARY-LT
# Running from : C:\Users\MARY\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : cherimoya
[-] Service Deleted : consumerinput_update
[-] Service Deleted : consumerinput_updatem
[-] Service Deleted : globalUpdate
[-] Service Deleted : globalUpdatem
[-] Service Deleted : FlashBeat
[-] Service Deleted : WebWatcherProxy
[-] Service Deleted : PastaLUpdd
[-] Service Deleted : pastaleadsupd
[-] Service Deleted : ryvyrife
[-] Service Deleted : xihyqumu
[-] Service Deleted : innfd_1_10_0_14
[-] Service Deleted : 67b32930
[-] Service Deleted : AppMgr1.26.3056825

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Conduit
[-] Folder Deleted : C:\Program Files\FreeFixer
[-] Folder Deleted : C:\Program Files\globalUpdate
[-] Folder Deleted : C:\Program Files\kikin
[-] Folder Deleted : C:\Program Files\PlayMP3z
[-] Folder Deleted : C:\Program Files\PlaySushi
[-] Folder Deleted : C:\Program Files\predm
[-] Folder Deleted : C:\Program Files\Trymedia
[-] Folder Deleted : C:\Program Files\FlashBeat
[-] Folder Deleted : C:\Program Files\app_setup
[#] Folder Deleted : C:\Program Files\SysFiles
[-] Folder Deleted : C:\Program Files\AllChEappPoriece
[-] Folder Deleted : C:\Program Files\DowwnSave
[-] Folder Deleted : C:\Program Files\PriceeLess
[-] Folder Deleted : C:\Program Files\Priceless
[-] Folder Deleted : C:\Program Files\ospd_us_1029
[!] Folder Not Deleted : C:\Program Files\ospd_us_1029
[-] Folder Deleted : C:\Program Files\Common Files\pastaleads
[-] Folder Deleted : C:\ProgramData\Browser
[-] Folder Deleted : C:\ProgramData\quickclick
[-] Folder Deleted : C:\ProgramData\Trymedia
[-] Folder Deleted : C:\ProgramData\AdPunisher
[-] Folder Deleted : C:\ProgramData\PastaLeadsAgent
[-] Folder Deleted : C:\ProgramData\radio
[-] Folder Deleted : C:\ProgramData\4b181ac000000d80
[-] Folder Deleted : C:\ProgramData\73ce7ab500000b8b
[-] Folder Deleted : C:\ProgramData\87df90d77181458da687fa97a5a2f3c9
[-] Folder Deleted : C:\ProgramData\9282984392524612041
[-] Folder Deleted : C:\ProgramData\d2549d9cd04b487fae3ba03bc40f3fa1
[-] Folder Deleted : C:\ProgramData\{29ec47ed-5079-aa0a-29ec-c47ed5071fb5}
[-] Folder Deleted : C:\ProgramData\{5666ca49-35a9-74d8-5666-6ca4935a2924}
[-] Folder Deleted : C:\ProgramData\{d7e33370-8902-0ac9-d7e3-33370890cdc2}
[-] Folder Deleted : C:\ProgramData\ifghpihfgkcbgimcjaimkigiahnfocih
[-] Folder Deleted : C:\ProgramData\jkpceaeehiaeaaoejlhpcbilolhghhhl
[-] Folder Deleted : C:\ProgramData\ohkndbbikeadpbbpfobcabhdhekgpcmo
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY
[-] Folder Deleted : C:\Users\Baby\AppData\Local\StormWatch
[-] Folder Deleted : C:\Users\Baby\AppData\Local\ospd_us_1029
[-] Folder Deleted : C:\Users\Baby\AppData\Local\gmsd_us_474
[!] Folder Not Deleted : C:\Users\Baby\AppData\Local\ospd_us_1029
[-] Folder Deleted : C:\Users\Baby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceaohckoegdncfpojeiehjkaffbdahli
[-] Folder Deleted : C:\Users\Baby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi
[-] Folder Deleted : C:\Users\Baby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blkommpkadaihnagjpjpjbhkgfoekldk
[!] Folder Not Deleted : C:\Users\Baby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blkommpkadaihnagjpjpjbhkgfoekldk
[!] Folder Not Deleted : C:\Users\Baby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blkommpkadaihnagjpjpjbhkgfoekldk
[!] Folder Not Deleted : C:\Users\Baby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceaohckoegdncfpojeiehjkaffbdahli
[!] Folder Not Deleted : C:\Users\Baby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi
[!] Folder Not Deleted : C:\Users\Baby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceaohckoegdncfpojeiehjkaffbdahli
[!] Folder Not Deleted : C:\Users\Baby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi
[-] Folder Deleted : C:\Users\Baby\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\Users\Baby\AppData\Roaming\kikin
[-] Folder Deleted : C:\Users\Baby\AppData\Roaming\Mozilla\Firefox\Profiles\tnh486s1.default\Extensions\staged\5lP4GwiZ@H.edu
[!] Folder Not Deleted : C:\Users\Baby\AppData\Roaming\Mozilla\Firefox\Profiles\tnh486s1.default\Extensions\staged\5lP4GwiZ@H.edu
[-] Folder Deleted : C:\Users\Baby\AppData\Roaming\Mozilla\Firefox\Profiles\tnh486s1.default\Extensions\staged\nAMONZ@l.org
[!] Folder Not Deleted : C:\Users\Baby\AppData\Roaming\Mozilla\Firefox\Profiles\tnh486s1.default\Extensions\staged\nAMONZ@l.org
[-] Folder Deleted : C:\Users\Baby\AppData\Roaming\Mozilla\Firefox\Profiles\tnh486s1.default\Extensions\staged\pHgpJa@Yk.org
[!] Folder Not Deleted : C:\Users\Baby\AppData\Roaming\Mozilla\Firefox\Profiles\tnh486s1.default\Extensions\staged\pHgpJa@Yk.org
[-] Folder Deleted : C:\Users\Baby\AppData\Roaming\Mozilla\Firefox\Profiles\tnh486s1.default\Extensions\staged\VuLRk9Fga@P.org
[!] Folder Not Deleted : C:\Users\Baby\AppData\Roaming\Mozilla\Firefox\Profiles\tnh486s1.default\Extensions\staged\VuLRk9Fga@P.org
[-] Folder Deleted : C:\Users\Baby\AppData\Roaming\Mozilla\Firefox\Profiles\tnh486s1.default\Extensions\staged\zut6L@3B.net
[!] Folder Not Deleted : C:\Users\Baby\AppData\Roaming\Mozilla\Firefox\Profiles\tnh486s1.default\Extensions\staged\zut6L@3B.net
[-] Folder Deleted : C:\Users\Baby\AppData\Roaming\Mozilla\Firefox\Profiles\tnh486s1.default\Extensions\973ba634716b4639a1c150b40c@5afc24a09e55466bb60878000.com
[!] Folder Not Deleted : C:\Users\Baby\AppData\Roaming\Mozilla\Firefox\Profiles\tnh486s1.default\Extensions\973ba634716b4639a1c150b40c@5afc24a09e55466bb60878000.com
[-] Folder Deleted : C:\Users\Baby\AppData\Roaming\Mozilla\Firefox\Profiles\tnh486s1.default\Extensions\AVJYFVOD75109374@HCDE39471360.com
[!] Folder Not Deleted : C:\Users\Baby\AppData\Roaming\Mozilla\Firefox\Profiles\tnh486s1.default\Extensions\AVJYFVOD75109374@HCDE39471360.com
[!] Folder Not Deleted : C:\Users\Baby\AppData\Roaming\Mozilla\Firefox\Profiles\tnh486s1.default\Extensions\973ba634716b4639a1c150b40c@5afc24a09e55466bb60878000.com
[!] Folder Not Deleted : C:\Users\Baby\AppData\Roaming\Mozilla\Firefox\Profiles\tnh486s1.default\Extensions\973ba634716b4639a1c150b40c@5afc24a09e55466bb60878000.com
[!] Folder Not Deleted : C:\Users\Baby\AppData\Roaming\Mozilla\Firefox\Profiles\tnh486s1.default\Extensions\AVJYFVOD75109374@HCDE39471360.com
[!] Folder Not Deleted : C:\Users\Baby\AppData\Roaming\Mozilla\Firefox\Profiles\tnh486s1.default\Extensions\AVJYFVOD75109374@HCDE39471360.com
[-] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blkommpkadaihnagjpjpjbhkgfoekldk
[!] Folder Not Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blkommpkadaihnagjpjpjbhkgfoekldk
[!] Folder Not Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blkommpkadaihnagjpjpjbhkgfoekldk
[-] Folder Deleted : C:\Users\Guest\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\m38rznh0.default\Extensions\staged\5lP4GwiZ@H.edu
[!] Folder Not Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\m38rznh0.default\Extensions\staged\5lP4GwiZ@H.edu
[-] Folder Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\m38rznh0.default\Extensions\staged\nAMONZ@l.org
[!] Folder Not Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\m38rznh0.default\Extensions\staged\nAMONZ@l.org
[-] Folder Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\m38rznh0.default\Extensions\staged\pHgpJa@Yk.org
[!] Folder Not Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\m38rznh0.default\Extensions\staged\pHgpJa@Yk.org
[-] Folder Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\m38rznh0.default\Extensions\staged\VuLRk9Fga@P.org
[!] Folder Not Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\m38rznh0.default\Extensions\staged\VuLRk9Fga@P.org
[-] Folder Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\m38rznh0.default\Extensions\staged\zut6L@3B.net
[!] Folder Not Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\m38rznh0.default\Extensions\staged\zut6L@3B.net
[-] Folder Deleted : C:\Users\MARY\AppData\Local\FreeFixer
[-] Folder Deleted : C:\Users\MARY\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\MARY\AppData\Local\OpenCandy
[-] Folder Deleted : C:\Users\MARY\AppData\Local\Consumer Input
[-] Folder Deleted : C:\Users\MARY\AppData\Local\ospd_us_1029
[!] Folder Not Deleted : C:\Users\MARY\AppData\Local\ospd_us_1029
[-] Folder Deleted : C:\Users\MARY\AppData\Local\20DBA2CD-1429710329-DD11-BBA9-001E339EBF80
[-] Folder Deleted : C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceaohckoegdncfpojeiehjkaffbdahli
[-] Folder Deleted : C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi
[-] Folder Deleted : C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blkommpkadaihnagjpjpjbhkgfoekldk
[!] Folder Not Deleted : C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blkommpkadaihnagjpjpjbhkgfoekldk
[!] Folder Not Deleted : C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blkommpkadaihnagjpjpjbhkgfoekldk
[!] Folder Not Deleted : C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceaohckoegdncfpojeiehjkaffbdahli
[!] Folder Not Deleted : C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi
[!] Folder Not Deleted : C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceaohckoegdncfpojeiehjkaffbdahli
[!] Folder Not Deleted : C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi
[-] Folder Deleted : C:\Users\MARY\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\MARY\AppData\LocalLow\SmartWeb
[-] Folder Deleted : C:\Users\MARY\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\Users\MARY\AppData\Roaming\AnyProtectEx
[-] Folder Deleted : C:\Users\MARY\AppData\Roaming\FreeFixer
[-] Folder Deleted : C:\Users\MARY\AppData\Roaming\iWin
[-] Folder Deleted : C:\Users\MARY\AppData\Roaming\kikin
[-] Folder Deleted : C:\Users\MARY\AppData\Roaming\Super Optimizer
[-] Folder Deleted : C:\Users\MARY\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\Users\MARY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
[-] Folder Deleted : C:\Users\MARY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
[-] Folder Deleted : C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Conduit
[-] Folder Deleted : C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\ConduitCommon
[-] Folder Deleted : C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Smartbar
[-] Folder Deleted : C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[-] Folder Deleted : C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\{AA994882-F391-4D2E-806F-8908DA4814ED}
[-] Folder Deleted : C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\5lP4GwiZ@H.edu
[-] Folder Deleted : C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\nAMONZ@l.org
[-] Folder Deleted : C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\pHgpJa@Yk.org
[-] Folder Deleted : C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\VuLRk9Fga@P.org
[-] Folder Deleted : C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\zut6L@3B.net
[-] Folder Deleted : C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\973ba634716b4639a1c150b40c@5afc24a09e55466bb60878000.com
[!] Folder Not Deleted : C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\973ba634716b4639a1c150b40c@5afc24a09e55466bb60878000.com
[-] Folder Deleted : C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\AVJYFVOD75109374@HCDE39471360.com
[!] Folder Not Deleted : C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\AVJYFVOD75109374@HCDE39471360.com
[!] Folder Not Deleted : C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\973ba634716b4639a1c150b40c@5afc24a09e55466bb60878000.com
[!] Folder Not Deleted : C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\973ba634716b4639a1c150b40c@5afc24a09e55466bb60878000.com
[!] Folder Not Deleted : C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\AVJYFVOD75109374@HCDE39471360.com
[!] Folder Not Deleted : C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\AVJYFVOD75109374@HCDE39471360.com
[-] Folder Deleted : C:\Windows\SysFilesController
[-] Folder Deleted : C:\Windows\SysHealthController
[-] Folder Deleted : C:\Windows\system32\config\systemprofile\AppData\Local\StormWatch

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Program Files\Mozilla Firefox\components\AskSearch.js
[-] File Deleted : C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\user.js
[-] File Deleted : C:\Windows\patsearch.bin
[-] File Deleted : C:\Windows\system32\Gambali.dll
[-] File Deleted : C:\Windows\system32\roboot.exe
[-] File Deleted : C:\Windows\system32\WebWatcherLSP.dll
[-] File Deleted : C:\Windows\system32\WebWatcherProxyOff.ini
[-] File Deleted : C:\Windows\system32\sasnative32.exe
[-] File Deleted : C:\Windows\system32\drivers\{62bf0628-5809-49d1-9eee-14fa45047c7b}t.sys
[-] File Deleted : C:\Windows\system32\drivers\{6dfc5aca-15d7-49c9-89a5-7df5102d7909}t.sys
[-] File Deleted : C:\Windows\system32\drivers\{6eab28b9-4079-4e33-afb7-c332c7d8e930}Gt.sys
[-] File Deleted : C:\Windows\system32\drivers\{7929dd67-6f70-43ee-9cc7-c3b1ebca3d6c}Gt.sys
[-] File Deleted : C:\Windows\system32\drivers\{8a6c5cb0-8029-45d5-81ec-3d760f3f2e68}t.sys
[-] File Deleted : C:\Windows\system32\drivers\{b75bf4f2-b9e7-4446-be16-8fafc15eb88d}t.sys
[-] File Deleted : C:\Windows\system32\drivers\{c979301f-1894-4c06-9f58-e9aca8d65afc}t.sys
[-] File Deleted : C:\Windows\TEMP\WebWatcherLSP.ini.log
[-] File Deleted : C:\Windows\TEMP\WebWatcherProxyr.log
[-] File Deleted : C:\Windows\TEMP\WebWatcherProxy.log

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : APSnotifierPP1
[-] Task Deleted : APSnotifierPP2
[-] Task Deleted : APSnotifierPP3
[-] Task Deleted : ConsumerInputUpdateTaskMachineCore
[-] Task Deleted : ConsumerInputUpdateTaskMachineUA
[-] Task Deleted : FreeFixer background scan
[-] Task Deleted : globalUpdateUpdateTaskMachineCore
[-] Task Deleted : globalUpdateUpdateTaskMachineUA
[!] Task Not Deleted : gtaUpt
[!] Task Not Deleted : Optimizer Pro Schedule
[!] Task Not Deleted : Super Optimizer Schedule
[!] Task Not Deleted : LaunchPreSignup
[!] Task Not Deleted : BlockAndSurf Update
[!] Task Not Deleted : SysHealth_Controller_Mon
[!] Task Not Deleted : BlockAndSurf Update
[!] Task Not Deleted : BlockAndSurf Update
[!] Task Not Deleted : 040e23e2-399d-4610-be58-a134927bb6d0-1-6
[!] Task Not Deleted : 040e23e2-399d-4610-be58-a134927bb6d0-1-7
[!] Task Not Deleted : 040e23e2-399d-4610-be58-a134927bb6d0-10_user
[!] Task Not Deleted : 040e23e2-399d-4610-be58-a134927bb6d0-3
[!] Task Not Deleted : 040e23e2-399d-4610-be58-a134927bb6d0-4
[!] Task Not Deleted : 040e23e2-399d-4610-be58-a134927bb6d0-5
[!] Task Not Deleted : 040e23e2-399d-4610-be58-a134927bb6d0-5_user
[!] Task Not Deleted : 040e23e2-399d-4610-be58-a134927bb6d0-6
[!] Task Not Deleted : 040e23e2-399d-4610-be58-a134927bb6d0-7
[!] Task Not Deleted : 20d13ed4-3ff8-43fa-b399-700ada086a92-10_user
[!] Task Not Deleted : 20d13ed4-3ff8-43fa-b399-700ada086a92-5
[!] Task Not Deleted : 20d13ed4-3ff8-43fa-b399-700ada086a92-5_user
[!] Task Not Deleted : 38640837-5c4c-4ce3-a864-69d317525fac-1-6
[!] Task Not Deleted : 38640837-5c4c-4ce3-a864-69d317525fac-1-7
[!] Task Not Deleted : 38640837-5c4c-4ce3-a864-69d317525fac-10_user
[!] Task Not Deleted : 38640837-5c4c-4ce3-a864-69d317525fac-3
[!] Task Not Deleted : 38640837-5c4c-4ce3-a864-69d317525fac-4
[!] Task Not Deleted : 38640837-5c4c-4ce3-a864-69d317525fac-5
[!] Task Not Deleted : 38640837-5c4c-4ce3-a864-69d317525fac-5_user
[!] Task Not Deleted : 38640837-5c4c-4ce3-a864-69d317525fac-6
[!] Task Not Deleted : 38640837-5c4c-4ce3-a864-69d317525fac-7
[!] Task Not Deleted : globalUpdateUpdateTaskMachineCore
[!] Task Not Deleted : globalUpdateUpdateTaskMachineUA

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\PremiereAdvertisingPlatform.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\PSText.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
[-] Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\S
[-] Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
[-] Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
[-] Key Deleted : HKLM\SOFTWARE\microsoft\shared tools\msconfig\startupreg\Optimizer Pro
[-] Key Deleted : HKLM\SOFTWARE\Classes\ASO3_JUMP_LIST
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataContainer
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataContainer.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataController
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataController.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTable
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTable.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTableFields
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTableHolder
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTableHolder.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.LSPLogic
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.LSPLogic.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.ReadOnlyManager
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.ReadOnlyManager.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.WatchDog
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.WatchDog.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\APPID\WebWatcherProxy.EXE
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartWeb
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\P915884d9_02a3_4190_b327_a4e29332d7eb_.P915884d9_02a3_4190_b327_a4e29332d7eb_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P915884d9_02a3_4190_b327_a4e29332d7eb_.P915884d9_02a3_4190_b327_a4e29332d7eb_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\Pc50b981a_add9_4b87_8992_f8ce28281432_.Pc50b981a_add9_4b87_8992_f8ce28281432_
[-] Key Deleted : HKLM\SOFTWARE\Classes\Pc50b981a_add9_4b87_8992_f8ce28281432_.Pc50b981a_add9_4b87_8992_f8ce28281432_.9
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_us_474]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [upospd_us_1029.exe]
[-] Key Deleted : HKLM\SOFTWARE\225a9ed3-aee8-96eb-b99b-fe2eab18926e
[-] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.FCTB000060231Pos
[-] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.FCTB000060231Pos.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar.3
[-] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl
[-] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{5081D2D4-1637-404c-B74F-50526718257D}]
[-] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [ConsumerInput@Compete]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{418D86BE-7386-4F1A-83E0-53604ADBDA74}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{915884d9-02a3-4190-b327-a4e29332d7eb}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{c50b981a-add9-4b87-8992-f8ce28281432}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28E46C93-A83E-4D7D-BB00-E5C371E65C8B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{29554878-0746-47A9-9217-B9F57831CE32}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{455B1D78-1FC1-4131-889D-35454FD7BFFC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4A690BA7-0428-4C60-8B64-BD448D90D16D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C7D53D5-33A8-4C92-8C90-D021A7B1217F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{93BE68AB-DE96-4933-92F9-344694EDAD65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFE33A6D-3087-418F-88C8-082B72D803CD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CC513FE0-7232-471B-B300-16780D81CE06}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{260EF2BF-62C5-4313-975E-591A7BFAFB2B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0DE3308-5D5A-470D-81B9-634FC078393B}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0626A63-410B-45E2-99A1-3F2475B2D695}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{915884d9-02a3-4190-b327-a4e29332d7eb}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c50b981a-add9-4b87-8992-f8ce28281432}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0626A63-410B-45E2-99A1-3F2475B2D695}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{915884d9-02a3-4190-b327-a4e29332d7eb}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c50b981a-add9-4b87-8992-f8ce28281432}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{915884d9-02a3-4190-b327-a4e29332d7eb}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c50b981a-add9-4b87-8992-f8ce28281432}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{915884d9-02a3-4190-b327-a4e29332d7eb}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{c50b981a-add9-4b87-8992-f8ce28281432}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKU\.DEFAULT\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[!] Key Not Deleted : HKU\.DEFAULT\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKCU\Software\Compete
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\Optimizer Pro
[-] Key Deleted : HKCU\Software\powerpack
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\StormWatchApp
[-] Key Deleted : HKCU\Software\Super Optimizer
[-] Key Deleted : HKCU\Software\CrossBrowser
[-] Key Deleted : HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[-] Key Deleted : HKCU\Software\PastaLeadsAgent
[-] Key Deleted : HKCU\Software\YorkNewCin
[-] Key Deleted : HKCU\Software\HighDefAction
[-] Key Deleted : HKCU\Software\ArenaHD
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[!] Key Not Deleted : HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[-] Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKCU\Software\AppDataLow\PlaySushi
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Compete
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
[-] Key Deleted : HKCU\Software\AppDataLow\Software\PremiereAdvertisingPlatform
[-] Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
[-] Key Deleted : HKCU\Software\AppDataLow\Software\PastaLeadsAgent
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Key Deleted : HKLM\SOFTWARE\CompeteInc
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\Trymedia Systems
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\StormWatchApp
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\PastaLeadsAgent
[-] Key Deleted : HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : HKLM\SOFTWARE\WinPrograms
[-] Key Deleted : HKLM\SOFTWARE\ONESOFTPERDAY
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{365C5DC2-679A-4A5D-B40B-5096A49087A8}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PastaLeads Client
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A23B547D-36B0-4B85-B68A-AADF6C9A723B}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF987D06-1DCF-7B36-5B43-13BC8699C44C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPrograms
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebWatcherInstall
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ospd_us_1029_is1
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ospd_us_1029_is1
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AnyProtect
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlayMP3
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PremiereAdvertisingPlatform
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdater
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZombieNews
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ConvertAd
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StormWatch
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SmartWeb
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Super Optimizer_is1
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5A1D3F9E-73B5-95EC-1233-6646E1358965}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wincheck
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Consumer Input Installer
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FlashBeat
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ASPackage
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5081D2D4-1637-404c-B74F-50526718257D}_is1
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{59680D1A-6A49-4E85-BB42-6886773DF589}_is1
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CA1838EF-A497-194E-3850-37A62CEE398B}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{365C5DC2-679A-4A5D-B40B-5096A49087A8}_is1
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PastaLeads Client
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OLBPre
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7D7D6742-5B49-4454-9E9B-748E731E741A}_is1
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A23B547D-36B0-4B85-B68A-AADF6C9A723B}_is1
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CF987D06-1DCF-7B36-5B43-13BC8699C44C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinPrograms
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ospd_us_1029_is1
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\gmsd_us_474_is1
[!] Key Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ospd_us_1029_is1
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[!] Key Not Deleted : HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\Software\AppDataLow\Software\Compete
[!] Key Not Deleted : HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\Software\AppDataLow\Software\Crossrider
[!] Key Not Deleted : HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\Software\AppDataLow\Software\DynConIE
[!] Key Not Deleted : HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\Software\AppDataLow\Software\Freecause
[!] Key Not Deleted : HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\Software\AppDataLow\Software\PremiereAdvertisingPlatform
[!] Key Not Deleted : HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\Software\AppDataLow\Software\SmartWeb
[!] Key Not Deleted : HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\Software\AppDataLow\Software\PastaLeadsAgent
[!] Key Not Deleted : HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\Software\AppDataLow\Software\Yahoo\Companion
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\Compete
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_

***** [ Web browsers ] *****

[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727..clientLogIsEnabled", false);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/default.aspx");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.CT2438727.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT2438727&octid=CT2438727&ISID=ISID_ID&SearchSource=15&CUI=SB_CUI&SSPV=EB_[...]
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.CTID", "CT2438727");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.CommunitiesChangesLastCheckTime", "0");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.ConfigurationLastCheckTime", "Mon Mar 24 2014 17:35:35 GMT-0500 (Central Daylight Time)");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.CurrentServerDate", "25-3-2014");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.DialogsAlignMode", "LTR");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.DialogsGetterLastCheckTime", "Mon Mar 24 2014 17:35:37 GMT-0500 (Central Daylight Time)");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.DownloadReferralCookieData", "");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.FirstServerDate", "17-5-2010");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.FirstTime", true);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.FirstTimeFF3", true);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.GroupingInvalidateCache", false);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.GroupingLastCheckTime", "0");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.GroupingLastServerUpdateTime", "0");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.HasUserGlobalKeys", true);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.Initialize", true);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.InitializeCommonPrefs", true);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.InstallationType", "Unknown");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.InstalledDate", "Sun May 16 2010 16:57:23 GMT-0500 (Central Daylight Time)");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.InvalidateCache", false);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.IsGrouping", false);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.IsMulticommunity", false);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.IsOpenThankYouPage", true);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.IsOpenUninstallPage", true);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.LanguagePackLastCheckTime", "Mon Mar 24 2014 17:35:37 GMT-0500 (Central Daylight Time)");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.LastLogin_2.5.8.6", "Fri Feb 18 2011 23:49:05 GMT-0600 (Central Standard Time)");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.LastLogin_3.13.0.6", "Fri Mar 08 2013 15:00:04 GMT-0600 (Central Standard Time)");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.LastLogin_3.18.0.7", "Wed Sep 25 2013 17:18:59 GMT-0500 (Central Daylight Time)");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.LastLogin_3.20.0.4", "Mon Mar 24 2014 17:35:36 GMT-0500 (Central Daylight Time)");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.LatestVersion", "3.20.0.4");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.Locale", "en");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.LoginCache", 4);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.MCDetectTooltipHeight", "83");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.MCDetectTooltipWidth", "295");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.MyStuffEnabledAtInstallation", true);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.RadioLastCheckTime", "0");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.RadioLastUpdateIPServer", "0");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.RadioLastUpdateServer", "0");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.SHRINK_TOOLBAR", 1);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.SearchAPILastCheckTime", "Mon Mar 24 2014 17:35:35 GMT-0500 (Central Daylight Time)");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.SearchEngine", "Searchhxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID&SearchSource=1");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.SearchInNewTabEnabled", true);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Wed Sep 25 2013 17:18:35 GMT-0500 (Central Daylight Time)");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.SearchInNewTabURLFromSearchAPI", "hxxp://search.conduit.com/?gd=&ctid=CT2438727&octid=CT2438727&ISID=ISID_ID&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_ID");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.SearchInNewTabUserEnabled", false);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.ServiceMapLastCheckTime", "Mon Mar 24 2014 17:35:34 GMT-0500 (Central Daylight Time)");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.SettingsCheckIntervalMin", 120);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.SettingsLastCheckTime", "Mon Mar 24 2014 17:35:32 GMT-0500 (Central Daylight Time)");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.SettingsLastUpdate", "1395657259");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Mon Jan 31 2011 23:46:32 GMT-0600 (Central Standard Time)");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1275607866");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,codefuel.com,tbccint.com,trovi.com,seccint.com,OurToolbar.com,CommunityToolbar[...]
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.UserID", "UN43332775718063876");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.ValidationData_Toolbar", 2);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.alertChannelId", "832836");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.clientLogIsEnabled", false);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.countryCode", "US");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.firstTimeDialogOpened", true);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.fullUserID", "UN43332775718063876.UP.20140514082611");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.homepageProtectorEnableByLogin", true);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.initDone", true);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.installType", "Unknown");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.isCheckedStartAsHidden", true);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.isPerformedSmartBarTransition", "true");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.lastVersion", "10.20.101.5");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.myStuffEnabled", true);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.originalSearchAddressUrl", "chrome://browser-region/locale/region.properties");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.revertSettingsEnabled", true);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.searchFromAddressBarEnabledByUser", "false");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.searchInNewTabEnabledByUser", "false");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.searchProtectorDialogDelayInSec", 10);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.searchProtectorEnableByLogin", true);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":3}");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.serviceLayer_services_serviceMap_lastUpdate", "1442186087227");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.settingsINI", true);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.smartbar.CTID", "CT2438727");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.smartbar.Uninstall", "0");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.smartbar.toolbarName", "Zynga ");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.testingCtid", "");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.toolbarAppMetaDataLastCheckTime", "Mon Mar 24 2014 17:35:37 GMT-0500 (Central Daylight Time)");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.toolbarBornServerTime", "17-5-2010");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1442186085983,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727", "\"c4e7e542e065a75b8375c3b8ae7450723\"");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", "\"0\"");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0343677cfb1cd1:0\"");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\"");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.20.0.4", "\"f414eeaa6bece1:0\"");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://ip2location.conduit-services.com/ip/?ctid=CT2438727&ver=3.20.0.4&client=ToolbarConfiguration", "\"0da6c10137692797fd78ac35dcc4e49c\"");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727", "\"7097fd37277b6a1b754b125bd11d0197\"");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"27f9ceb6f365cb1:0\"");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/7/176/CT1764407/Images/634219899986281250.gif", "\"14819e877b65cb1:0\"");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/images/skins/zynga/seperator.gif", "\"461a8601461ca1:0\"");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"6e25fa5c6d0c7ea34ee7d6ca70b1548c\"");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.globalUserId", "55409f60-d0a4-4a32-9292-b89d3678b2c8");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("extensions.a973ba634716b4639a1c150b40c5afc24a09e55466bb60878000com72897.72897.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5[...]
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("extensions.aAVJYFVOD75109374HCDE39471360com72895.72895.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%[...]
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossrider.bic", "14fc8e63c2ee7d613533219be5651c4e");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=");
[-] [C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : toolbar.ask.com
[-] [C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : fastbrowsersearch.com
[-] [C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : blkommpkadaihnagjpjpjbhkgfoekldk
[-] [C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : blkommpkadaihnagjpjpjbhkgfoekldk
[-] [C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : blkommpkadaihnagjpjpjbhkgfoekldk
[-] [C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ceaohckoegdncfpojeiehjkaffbdahli
[-] [C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ceaohckoegdncfpojeiehjkaffbdahli
[-] [C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ceaohckoegdncfpojeiehjkaffbdahli
[-] [C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ifghpihfgkcbgimcjaimkigiahnfocih
[-] [C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jkpceaeehiaeaaoejlhpcbilolhghhhl
[-] [C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lkadffjmnaiokkdncgdlecdegajoiemi
[-] [C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lkadffjmnaiokkdncgdlecdegajoiemi
[-] [C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lkadffjmnaiokkdncgdlecdegajoiemi
[-] [C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ohkndbbikeadpbbpfobcabhdhekgpcmo
[-] [C:\Users\Baby\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Baby\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : blkommpkadaihnagjpjpjbhkgfoekldk
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : blkommpkadaihnagjpjpjbhkgfoekldk
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : blkommpkadaihnagjpjpjbhkgfoekldk
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ifghpihfgkcbgimcjaimkigiahnfocih
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jkpceaeehiaeaaoejlhpcbilolhghhhl
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ohkndbbikeadpbbpfobcabhdhekgpcmo

*************************


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [70207 bytes] ##########
 



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:28 PM

Posted 14 September 2015 - 09:40 AM

Hi there,

 

Step 1

Please download combofix.png Combofix (by sUBs) and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 telecomladyj

telecomladyj
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 14 September 2015 - 11:45 PM

Hi again,

I'm pretty sure I've waited long enough to be sure that Combofix is not going to complete. Once I ran install, all seemed to be well at first but after extracting streamtools.zip, its next step is to create output folders. At the second output folder, it never progressed further. It has been at least 30 minutes and no further progress. Since I was disabling AV/protection software to run it, I turned off the wifi before running Combofix just to be sure no malware could get out to the internet and download anything. I wouldn't think that should cause this, but just wanted to mention it. I am logged in as administrator but stuck now. Should I reboot in diagnostic or Safe mode and see if it will complete that way?



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:28 PM

Posted 15 September 2015 - 06:09 AM

Hi,

please skip the combofix scan and run a scan with FRST instead.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 telecomladyj

telecomladyj
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 15 September 2015 - 08:43 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-09-2015
Ran by MARY (administrator) on MARY-LT (15-09-2015 20:34:59)
Running from C:\Users\MARY\Desktop
Loaded Profiles: MARY (Available Profiles: MARY & Baby & Guest)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(                                                                                                    ) C:\Windows\Temp\mrtA2E3.tmp\stdrt.exe
() C:\ProgramData\Uealjikiapa\1.0.5.1\roahihod.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(WebEx Communications, Inc.) C:\Windows\System32\atashost.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAO.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\TOSHIBA\IVP\ISM\pinger.exe
() C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(WebWatcher) C:\Program Files\SysFiles\WebWatcherProxy.exe
(WinZip Computing, S.L. (WinZip Computing)) C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
(Time Lapse Solutions) C:\ProgramData\OEGUQbEfDfc\gynCCr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
() C:\ProgramData\Uealjikiapa\1.0.5.1\roahihod.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Teleca Sweden AB) C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(PC Drivers Headquarters) C:\Program Files\Driver Support\DriverSupport.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Teleca Sweden AB) C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
(Popwire AB) C:\Program Files\Common Files\Teleca Shared\logger.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
(Teleca AB) C:\Program Files\Common Files\Teleca Shared\Generic.exe
(Teleca) C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
(Teleca Sweden AB) C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
(Teleca AB) C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WinCheck] => C:\Users\MARY\AppData\Local\20DBA2CD-1429710126-DD11-BBA9-001E339EBF80\bnse3CF3.exe
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [StormWatch] => "C:\Program Files\StormWatch\StormWatchApp.exe"
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [448080 2007-06-16] (TOSHIBA Corporation)
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.)
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\wrex.exe
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [ospd_us_1029] => "C:\Program Files\ospd_us_1029\ospd_us_1029.exe"
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [Mobile Connectivity Suite] => C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe [598016 2009-11-19] (Teleca Sweden AB)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [337440 2013-06-25] (McAfee, Inc.)
HKLM\...\Run: [LTCM Client] => C:\Program Files\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [76304 2008-12-18] (Logitech, Inc.)
HKLM\...\Run: [jswtrayutil] => "C:\Program Files\Jumpstart\jswtrayutil.exe"
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-11-01] (TOSHIBA Corporation)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-05-05] (Google)
HKLM\...\Run: [gmsd_us_474] => "C:\Program Files\gmsd_us_474\gmsd_us_474.exe"
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [cfFncEnabler.exe] => cfFncEnabler.exe
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-04-29] (Chicony)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-03-19] (TOSHIBA Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-13] (Google Inc.)
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\Run: [Super Optimizer] => C:\Program Files\Super Optimizer\SupOptLauncher.exe
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\Run: [NetZero_uoltray] => C:\Program Files\NetZero\exec.exe [1700864 2008-02-27] (NetZero, Inc.)
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll => c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [112128 2008-05-05] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2015-09-13]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\MARY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-09-13]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{d7e33370-8902-0ac9-d7e3-33370890cdc2}\hqghumeaylnlf.exe (No File)
Startup: C:\Users\MARY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2015-09-13]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\OLBPre\OLBPre.exe (No File)
Startup: C:\Users\MARY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-09-13]
ShortcutTarget: SmartWeb.lnk -> C:\Users\MARY\AppData\Local\SmartWeb\SmartWebHelper.exe (No File)
Startup: C:\Users\MARY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk [2015-09-13]
ShortcutTarget: StormWatch.lnk -> C:\Program Files\StormWatch\StormWatch.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\system32\WebWatcherLSP.dll [347832 2015-04-22] (WebWatcher)
Winsock: Catalog9 02 C:\Windows\system32\WebWatcherLSP.dll [347832 2015-04-22] (WebWatcher)
Winsock: Catalog9 03 C:\Windows\system32\WebWatcherLSP.dll [347832 2015-04-22] (WebWatcher)
Winsock: Catalog9 04 C:\Windows\system32\WebWatcherLSP.dll [347832 2015-04-22] (WebWatcher)
Winsock: Catalog9 15 C:\Windows\system32\WebWatcherLSP.dll [347832 2015-04-22] (WebWatcher)
Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50
Tcpip\..\Interfaces\{4905BA70-DFD9-4CB9-9E67-3A0F36D65178}: [DhcpNameServer] 192.168.100.254
Tcpip\..\Interfaces\{8FBCCC07-2F34-4DD1-B98C-4023EB418FA5}: [DhcpNameServer] 24.116.0.53 24.116.2.50

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://www.yahoo.com
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKLM - Dogpile Toolbar - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll [2009-05-26] ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000 -> No Name - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} -  No File
Toolbar: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000 -> Dogpile Toolbar - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll [2009-05-26] ()
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default
FF Homepage: about:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2009-04-28] (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-12] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-12] (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin: @worldwinner.com/Launcher2,version=1.9.0.23 -> C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll [2010-03-16] (WorldWinner.com, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-16]
FF Extension: Zynga  - C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2014-05-14]
FF Extension: Steel Cut 1.0.1 - C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\{7929dd67-6f70-43ee-9cc7-c3b1ebca3d6c}.xpi [2015-04-22]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-08-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-08-26]
FF Extension: Healthcare Gov Tool - C:\Program Files\Mozilla Firefox\extensions\healthcare@healthcaregovtool.com.xpi [2015-03-31]
FF Extension: Healthcare Gov Tool - C:\Program Files\Mozilla Firefox\browser\extensions\healthcare@healthcaregovtool.com.xpi [2015-03-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-02]
FF HKLM\...\Firefox\Extensions: [myspacefftb@myspace.com] - C:\Program Files\MySpace\Toolbar\1.0.72.0
FF Extension: MySpace Toolbar for Windows - C:\Program Files\MySpace\Toolbar\1.0.72.0 [2010-05-16]
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files\Common Files\McAfee\SystemCore [2015-08-19]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Steel Cut) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnmnjlidlhicjbeaidocohikobfelhp [2015-04-22]
CHR Extension: (Google Docs) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-06]
CHR Extension: (Google Drive) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-06]
CHR Extension: (YouTube) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-06]
CHR Extension: (Google Search) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-07]
CHR Extension: (Announcify) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiolkcfamcbpoandjpnefiegkcpeoan [2015-05-20]
CHR Extension: (Google Wallet) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-06]
CHR Extension: (Gmail) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Adobe Licensing Console; C:\Windows\System32\lnsecsl.exe [1202396 2015-04-22] (                                                                                                    ) [File not signed] <==== ATTENTION
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) [File not signed]
R2 DSAO; C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe [1684944 2015-04-20] (PC Drivers HeadQuarters LP)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-11] (WildTangent)
S3 GoogleDesktopManager-022208-143751; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-05-05] (Google)
R2 gynCCr; C:\ProgramData\OEGUQbEfDfc\gynCCr.exe [2730984 2015-04-22] (Time Lapse Solutions)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [130080 2013-06-25] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [204320 2015-08-19] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [208416 2014-01-15] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [174968 2015-08-19] (McAfee, Inc.)
R2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba) [File not signed]
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 WebWatcherProxy; C:\Program Files\SysFiles\WebWatcherProxy.exe [1856832 2015-04-07] (WebWatcher)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 WINZIPSSDiskOptimizer; C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe [268072 2013-02-13] (WinZip Computing, S.L. (WinZip Computing))
S4 Update Steel Cut; "C:\Program Files\Steel Cut\updateSteelCut.exe" [X]
S4 Util Steel Cut; "C:\Program Files\Steel Cut\bin\utilSteelCut.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CDRPDACC; C:\Program Files\321Studios\DVDXTREME\Shared\CDRPDACC.SYS [5273 2003-10-30] (Arrowkey) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [134472 2015-08-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236480 2015-08-19] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [66408 2015-08-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [573136 2015-08-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [93144 2015-08-19] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [213872 2015-08-19] (McAfee, Inc.)
S3 SQTECH9051; C:\Windows\System32\Drivers\Capt9051.sys [41216 2008-04-11] (Service & Quality Technology.) [File not signed]
S3 SVRPEDRV; C:\Windows\System32\sysprep\PEDrv.sys [9216 2008-01-18] (Inventec Corporation) [File not signed]
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
R1 wwwd; C:\Windows\system32\Drivers\wwwd.sys [28312 2015-04-07] () [File not signed]
S3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U3 mfeavfk01; no ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 {62bf0628-5809-49d1-9eee-14fa45047c7b}t; system32\drivers\{62bf0628-5809-49d1-9eee-14fa45047c7b}t.sys [X]
S1 {6dfc5aca-15d7-49c9-89a5-7df5102d7909}t; system32\drivers\{6dfc5aca-15d7-49c9-89a5-7df5102d7909}t.sys [X]
S1 {6eab28b9-4079-4e33-afb7-c332c7d8e930}Gt; system32\drivers\{6eab28b9-4079-4e33-afb7-c332c7d8e930}Gt.sys [X]
S1 {7929dd67-6f70-43ee-9cc7-c3b1ebca3d6c}Gt; system32\drivers\{7929dd67-6f70-43ee-9cc7-c3b1ebca3d6c}Gt.sys [X]
S1 {8a6c5cb0-8029-45d5-81ec-3d760f3f2e68}t; system32\drivers\{8a6c5cb0-8029-45d5-81ec-3d760f3f2e68}t.sys [X]
S1 {b75bf4f2-b9e7-4446-be16-8fafc15eb88d}t; system32\drivers\{b75bf4f2-b9e7-4446-be16-8fafc15eb88d}t.sys [X]
S1 {c979301f-1894-4c06-9f58-e9aca8d65afc}t; system32\drivers\{c979301f-1894-4c06-9f58-e9aca8d65afc}t.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 20:34 - 2015-09-15 20:35 - 00024696 _____ C:\Users\MARY\Desktop\FRST.txt
2015-09-14 22:20 - 2015-09-14 22:20 - 00000000 ____D C:\32788R22FWJFW
2015-09-14 03:08 - 2015-07-10 09:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-13 19:02 - 2015-09-13 19:09 - 00000000 ____D C:\AdwCleaner
2015-09-13 15:23 - 2015-09-13 15:23 - 00001028 _____ C:\Users\MARY\Desktop\Revo Uninstaller.lnk
2015-09-13 14:25 - 2015-08-13 09:15 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-09-13 14:25 - 2015-08-13 09:15 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-09-13 14:24 - 2015-09-02 16:26 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-13 14:24 - 2015-09-02 16:26 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-13 14:21 - 2015-09-02 16:26 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-13 14:21 - 2015-09-02 14:55 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-13 14:21 - 2015-09-02 14:54 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-13 14:19 - 2015-08-05 10:59 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-13 08:26 - 2015-09-13 15:23 - 00000000 ____D C:\Program Files\VS Revo Group
2015-09-13 08:24 - 2015-09-13 08:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\MARY\Desktop\revosetup.exe
2015-09-12 22:56 - 2015-09-15 20:35 - 00000000 ____D C:\FRST
2015-09-12 22:56 - 2015-09-12 12:24 - 01692160 _____ (Farbar) C:\Users\MARY\Desktop\FRST.exe
2015-09-12 19:40 - 2015-07-21 15:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-12 19:40 - 2015-07-21 11:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-09-12 19:40 - 2015-07-21 11:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-09-12 19:40 - 2015-07-21 11:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-09-12 19:40 - 2015-07-21 11:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-09-12 19:40 - 2015-07-21 11:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-12 19:40 - 2015-07-21 11:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-09-12 19:39 - 2015-07-21 11:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-12 19:39 - 2015-07-03 11:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-09-12 19:35 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-12 19:21 - 2009-08-04 03:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2015-09-12 19:18 - 2015-06-17 11:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-09-12 19:18 - 2015-06-17 10:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-09-12 19:17 - 2015-06-12 11:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-12 19:11 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-09-12 19:11 - 2015-04-24 10:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-09-12 19:05 - 2015-07-11 10:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-09-12 18:37 - 2015-09-12 18:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01007.Wdf
2015-09-12 18:34 - 2015-07-18 11:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-09-12 18:29 - 2015-05-31 03:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-09-12 18:28 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-09-12 18:28 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-09-12 18:28 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-09-12 18:28 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-09-12 18:28 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-09-12 18:28 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-09-12 18:27 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-09-12 18:27 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-09-12 18:27 - 2015-07-31 15:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-09-12 18:24 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-09-12 18:24 - 2015-06-27 11:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-12 18:24 - 2015-06-27 11:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-12 18:24 - 2015-06-27 11:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-12 18:24 - 2015-06-27 11:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-12 18:24 - 2015-06-27 09:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-12 18:24 - 2015-06-27 09:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-12 18:24 - 2015-06-12 08:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-12 18:24 - 2015-05-08 18:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-12 18:24 - 2015-01-08 19:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-12 18:23 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-09-12 18:23 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-09-12 18:21 - 2015-08-14 01:24 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-12 18:21 - 2015-08-14 01:23 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-12 18:21 - 2015-08-14 01:23 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-12 18:21 - 2015-08-14 01:23 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-12 18:21 - 2015-08-14 01:23 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-09-12 18:21 - 2015-08-14 01:22 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-09-12 18:21 - 2015-08-14 01:20 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-09-12 18:21 - 2015-08-14 01:20 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-12 18:21 - 2015-08-14 01:19 - 06010880 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-12 18:21 - 2015-08-14 01:19 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-12 18:21 - 2015-08-14 01:19 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-12 18:21 - 2015-08-14 01:19 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-09-12 18:21 - 2015-08-14 01:19 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 11085824 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 02006016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-12 18:21 - 2015-08-14 01:18 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-12 18:21 - 2015-08-14 01:17 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-12 18:21 - 2015-08-14 01:17 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-12 18:21 - 2015-08-14 01:16 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-09-12 18:21 - 2015-08-13 23:41 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-12 18:21 - 2015-08-13 22:04 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-12 18:21 - 2015-08-13 22:04 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-12 18:21 - 2015-08-13 22:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-09-12 18:21 - 2015-08-13 22:02 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-12 18:21 - 2015-05-04 17:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-09-12 18:21 - 2015-05-04 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-09-12 18:21 - 2015-05-04 17:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-09-12 18:21 - 2015-05-04 17:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-09-12 18:21 - 2015-05-04 16:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-09-12 16:46 - 2015-09-12 16:46 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-12 16:46 - 2015-09-12 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-12 16:46 - 2015-09-12 16:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-12 16:46 - 2015-09-12 16:46 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-12 16:46 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-12 16:46 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-12 16:46 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-19 23:13 - 2015-09-13 23:32 - 00000000 ____D C:\Windows\pss
2015-08-19 18:28 - 2015-08-19 18:28 - 00000000 ____D C:\ProgramData\WindowsSearch
2015-08-19 13:01 - 2015-08-19 13:01 - 00000000 ____D C:\Quarantine
2015-08-19 11:01 - 2015-08-19 11:01 - 00000000 ____D C:\Users\MARY\AppData\Roaming\McAfee
2015-08-19 11:00 - 2015-09-13 23:37 - 00262144 _____ C:\Windows\system32\config\ELAM
2015-08-19 10:59 - 2015-08-19 10:55 - 00094080 _____ (McAfee, Inc.) C:\Windows\system32\MfeOtlkAddin.dll
2015-08-19 10:59 - 2015-08-19 10:55 - 00025088 _____ (McAfee, Inc.) C:\Windows\system32\MFEOtlk.dll
2015-08-19 10:58 - 2015-08-19 10:55 - 00573136 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2015-08-19 10:58 - 2015-08-19 10:55 - 00236480 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2015-08-19 10:58 - 2015-08-19 10:55 - 00134472 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
2015-08-19 10:58 - 2015-08-19 10:55 - 00093144 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys
2015-08-19 10:58 - 2015-08-19 10:55 - 00066408 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfebopk.sys
2015-08-19 10:58 - 2015-08-19 10:55 - 00010568 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeclnk.sys
2015-08-19 10:57 - 2015-08-19 10:55 - 00213872 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
2015-08-19 10:57 - 2015-08-19 10:55 - 00174968 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-08-19 10:56 - 2015-08-19 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-08-19 10:52 - 2015-08-19 10:57 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-08-19 10:52 - 2015-08-19 10:52 - 00000000 ____D C:\Program Files\McAfee
2015-08-19 10:49 - 2015-09-15 20:34 - 00000000 ____D C:\Users\MARY\Desktop\TECH

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 20:35 - 2015-04-22 13:51 - 00000432 _____ C:\Windows\Tasks\CIMT_S-1-5-21-1063116495-4114681664-2467881189-1000.job
2015-09-15 20:34 - 2015-04-22 14:12 - 00000998 _____ C:\Windows\Tasks\lZYVDvAe7GlknGA.job
2015-09-15 20:34 - 2015-04-22 14:12 - 00000994 _____ C:\Windows\Tasks\smmDQbZEFSzBQ.job
2015-09-15 20:34 - 2015-04-22 14:05 - 00001016 _____ C:\Windows\Tasks\klJfmcRT9KGJYtK7B2C6UoSz.job
2015-09-15 20:34 - 2015-04-22 14:05 - 00000990 _____ C:\Windows\Tasks\rCiNBy3auXo.job
2015-09-15 20:34 - 2015-04-22 14:03 - 00001022 _____ C:\Windows\Tasks\UsA3Y3DGWI8lU6Vg050nkIYOo3C.job
2015-09-15 20:34 - 2015-04-22 14:03 - 00001016 _____ C:\Windows\Tasks\4nWD0DuQtXtajdhhOyIO1Kts.job
2015-09-15 20:33 - 2015-04-22 13:55 - 00001682 _____ C:\Windows\Tasks\AUSAMRFZ.job
2015-09-15 20:33 - 2010-02-03 18:52 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-15 20:18 - 2009-01-13 07:21 - 01105797 _____ C:\Windows\WindowsUpdate.log
2015-09-15 20:14 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-15 20:14 - 2006-11-02 07:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-15 20:14 - 2006-11-02 07:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-15 00:10 - 2006-11-02 08:01 - 00032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-14 23:52 - 2010-02-03 18:52 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-14 23:13 - 2013-01-26 20:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-14 22:50 - 2015-04-22 13:51 - 00000466 _____ C:\Windows\Tasks\CIMT_daily_S-1-5-21-1063116495-4114681664-2467881189-1000.job
2015-09-14 22:22 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache
2015-09-14 03:18 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-14 03:16 - 2009-01-13 06:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-14 01:13 - 2014-05-03 10:14 - 18744520 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-09-14 01:13 - 2013-01-26 20:34 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-14 01:13 - 2011-08-24 19:48 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-13 23:37 - 2015-04-22 16:59 - 00000105 _____ C:\Windows\system32\get.dat
2015-09-13 23:36 - 2015-04-22 16:23 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-09-13 19:16 - 2015-03-15 09:17 - 00087552 _____ C:\Windows\PFRO.log
2015-09-13 19:10 - 2013-05-19 14:38 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Yahoo!
2015-09-13 19:10 - 2009-03-02 19:03 - 00000000 ____D C:\Users\MARY\AppData\Roaming\Yahoo!
2015-09-13 19:09 - 2015-04-22 13:50 - 00000000 ____D C:\Program Files\SysFiles
2015-09-13 18:14 - 2011-10-30 11:23 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-09-13 14:30 - 2006-11-02 07:47 - 00390976 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-13 14:27 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-13 14:18 - 2013-07-23 03:01 - 00000000 ____D C:\Windows\system32\MRT
2015-09-13 13:55 - 2015-04-22 14:55 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-09-13 09:38 - 2009-03-02 12:36 - 00000000 ____D C:\Users\MARY
2015-09-12 22:56 - 2006-11-02 05:33 - 00763670 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-12 20:07 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-09-12 19:48 - 2014-03-30 07:09 - 00000000 ____D C:\temp
2015-09-12 19:39 - 2010-06-12 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-12 19:38 - 2010-01-16 01:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-12 19:34 - 2015-05-20 16:43 - 00000000 ____D C:\ProgramData\Uealjikiapa
2015-09-12 18:37 - 2015-04-22 16:23 - 00003869 _____ C:\Windows\setupact.log
2015-08-26 18:36 - 2006-11-02 05:24 - 132039072 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-19 18:28 - 2015-04-22 14:08 - 00000000 ____D C:\ProgramData\AppMgr1.26.3056825
2015-08-19 10:58 - 2009-07-01 11:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-19 10:56 - 2010-08-20 23:24 - 00000000 ____D C:\ProgramData\McAfee
2015-08-19 10:47 - 2014-04-01 20:12 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-08-19 10:45 - 2006-11-02 05:23 - 00000492 _____ C:\Windows\win.ini
2015-08-17 13:04 - 2015-04-26 21:13 - 00000484 _____ C:\Windows\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job

==================== Files in the root of some directories =======

2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\MARY\AppData\Roaming\4nWD0DuQtXtajdhhOyIO1Kts
2015-04-20 08:45 - 2015-04-20 08:45 - 1246720 _____ () C:\Users\MARY\AppData\Roaming\4nWD0DuQtXtajdhhOyIO1Kts.exe
2015-05-25 14:23 - 2015-05-25 14:23 - 0000024 _____ () C:\Users\MARY\AppData\Roaming\appdataFr25.bin
2015-04-28 19:00 - 2015-05-10 05:26 - 0000020 _____ () C:\Users\MARY\AppData\Roaming\appdataFr3.bin
2015-01-25 11:12 - 2015-01-25 11:12 - 0001248 _____ () C:\Users\MARY\AppData\Roaming\AUSAMRFZ
2015-04-22 13:55 - 2015-04-22 13:55 - 1854464 _____ (Com NotificationsV06.03) C:\Users\MARY\AppData\Roaming\AUSAMRFZ.exe
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\MARY\AppData\Roaming\klJfmcRT9KGJYtK7B2C6UoSz
2015-04-20 08:45 - 2015-04-20 08:45 - 1246720 _____ () C:\Users\MARY\AppData\Roaming\klJfmcRT9KGJYtK7B2C6UoSz.exe
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\MARY\AppData\Roaming\lZYVDvAe7GlknGA
2015-04-20 08:45 - 2015-04-20 08:45 - 1579520 _____ () C:\Users\MARY\AppData\Roaming\lZYVDvAe7GlknGA.exe
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\MARY\AppData\Roaming\rCiNBy3auXo
2015-04-20 08:45 - 2015-04-20 08:45 - 1579520 _____ () C:\Users\MARY\AppData\Roaming\rCiNBy3auXo.exe
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\MARY\AppData\Roaming\smmDQbZEFSzBQ
2015-04-20 08:45 - 2015-04-20 08:45 - 1246720 _____ () C:\Users\MARY\AppData\Roaming\smmDQbZEFSzBQ.exe
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\MARY\AppData\Roaming\UsA3Y3DGWI8lU6Vg050nkIYOo3C
2015-04-20 08:45 - 2015-04-20 08:45 - 1579520 _____ () C:\Users\MARY\AppData\Roaming\UsA3Y3DGWI8lU6Vg050nkIYOo3C.exe
2010-05-17 13:38 - 2015-09-13 09:05 - 0000680 _____ () C:\Users\MARY\AppData\Local\d3d9caps.dat
2009-03-02 12:45 - 2015-05-01 01:03 - 0045056 _____ () C:\Users\MARY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-22 16:23 - 2015-04-22 16:23 - 0613255 _____ (CMI Limited) C:\Users\MARY\AppData\Local\nsoCD22.tmp

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.


LastRegBack: 2015-09-15 20:30

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-09-2015
Ran by MARY (2015-09-15 20:36:03)
Running from C:\Users\MARY\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2009-01-13 12:17:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1063116495-4114681664-2467881189-500 - Administrator - Disabled)
Baby (S-1-5-21-1063116495-4114681664-2467881189-1001 - Limited - Enabled) => C:\Users\Baby
Guest (S-1-5-21-1063116495-4114681664-2467881189-501 - Limited - Enabled) => C:\Users\Guest
MARY (S-1-5-21-1063116495-4114681664-2467881189-1000 - Administrator - Enabled) => C:\Users\MARY

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Out of date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5 - Adobe Systems, Inc.)
Ashtons Family Resort (remove only) (HKLM\...\Ashtons Family Resort) (Version:  - )
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Atheros Wi-Fi Protected Setup Library (HKLM\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version:  - Atheros)
ATI Catalyst Install Manager (HKLM\...\{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
Big Fish Games: Game Manager (HKLM\...\BFGC) (Version: 3.0.1.60 - )
Blokus World Tour (remove only) (HKLM\...\Blokus World Tour) (Version: 3.3.11.8 - )
Blokus World Tour (Version: 3.3.11.8 - Yahoo) Hidden
Boogie Bunnies (Version: 2.2.0.98 - WildTangent) Hidden
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.193.0508L - Chicony Electronics Co.,Ltd.)
Catalyst Control Center - Branding (HKLM\...\{69E5255D-9D43-4CFF-8984-843ABD7753B7}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0422.2139.36895 - ATI) Hidden
CD X Rescue (HKLM\...\CD X Rescue) (Version: 3.2.1 - 321 Studios, Inc.)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Chloe's Dream Resort (Version: 2.2.0.98 - WildTangent) Hidden
Crop Busters (Version: 2.2.0.98 - WildTangent) Hidden
Cubis Gold 2 (HKLM\...\Cubis Gold 2) (Version:  - )
Dancing Craze (Version: 2.2.0.95 - WildTangent) Hidden
Daycare Nightmare mini-monsters (remove only) (HKLM\...\Daycare Nightmare mini-monsters) (Version:  - )
DB VGA Cam (HKLM\...\{A6DE1AAE-B147-4B08-A61C-BA471D86AC4D}) (Version: 1.0 - My Company Name)
Driver Support (HKLM\...\DriverSupport) (Version: 10.0.0.39 - PC Drivers HeadQuarters LP)
Driver Support Active Optimization (Version: 1.0.4.8063 - PC Drivers HeadQuarters LP) Hidden
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVD X Show (HKLM\...\{EEB6382A-0855-41DF-86E6-C87F1745C7AA}) (Version: 2.2 - 321 Studios Inc.)
DVDXMaker2-1 (HKLM\...\{39599050-C604-4B89-AA6D-A62C6392BA70}) (Version: 2.1 - 321 Studios Inc.)
Epson Connect (HKLM\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-400 Series Printer Uninstall (HKLM\...\EPSON XP-400 Series) (Version:  - SEIKO EPSON Corporation)
ezManagerMax 2.0.14 (HKLM\...\ezManagerMax 2.0.14) (Version:  - Animas Corporation)
Farm Frenzy 2 (remove only) (HKLM\...\Farm Frenzy 2) (Version:  - )
Farm Frenzy 3 (remove only) (HKLM\...\Farm Frenzy 3) (Version:  - )
Flower Paradise (remove only) (HKLM\...\Flower Paradise) (Version:  - )
FreeFixer (HKLM\...\FreeFixer1.10) (Version: 1.10 - Kephyr)
FrostWire 4.21.1 (HKLM\...\FrostWire) (Version: 4.21.1.0 - FrostWire, LLC)
GearDrivers (HKLM\...\GearDrivers) (Version:  - )
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
Glowfish (Version: 2.2.0.98 - WildTangent) Hidden
Gold Fever (remove only) (HKLM\...\Gold Fever) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.7.0802.22438 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Great Art (HKLM\...\Great Art) (Version:  - GameHouse, Inc.)
HealthcareGovTool (HKLM\...\HealthcareGovTool) (Version: 1.0.0.0 - healthcaregovtool)
Hobby Farm (Version: 2.2.0.98 - WildTangent) Hidden
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 2.0.7.016 - HTC Corporation)
HTC Sync (HKLM\...\{BC4174D1-7970-40E6-AC57-F095F961FB08}) (Version: 2.0.33 - HTC Corporation)
Ice Cream Craze: Natural Hero (Version: 2.2.0.97 - WildTangent) Hidden
Jane's Dress Up Rush (remove only) (HKLM\...\Jane's Dress Up Rush) (Version:  - )
Java™ 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Java™ 6 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)
Jessica's BowWow Bistro (Version: 2.2.0.98 - WildTangent) Hidden
Jigsaw World (HKLM\...\BFG-Jigsaw World) (Version:  - )
KhalInstallWrapper (Version: 4.72.40 - Logitech) Hidden
LimeWire 5.5.10 (HKLM\...\LimeWire) (Version: 5.5.10 - Lime Wire, LLC)
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.72 - Logitech)
LTCM Client (HKLM\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Luxor 2 (HKLM\...\Luxor 2) (Version: 1.1.0.0 - MumboJumbo)
Mah Jong Medley (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Agent (HKLM\...\{1FDB8EC6-BAF1-42F9-8E09-4D9AB369F1B5}) (Version: 4.8.0.887 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.04001 - McAfee, Inc.)
Memeo AutoBackup (HKLM\...\InstallShield_{68BEE9AE-D577-4CFA-9201-02B0CF288FC5}) (Version: 3.00.3251 - Memeo Inc)
Memeo AutoBackup (Version: 3.00.3251 - Memeo Inc) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Monopoly Tycoon (HKLM\...\{B975F4A1-63B6-11D4-BFEC-005004AF2D32}) (Version:  - )
Moraff's Maximum MahJongg, Volume 3 (HKLM\...\MoraffMahJongg3_is1) (Version:  - MoraffWare)
Mozaki Blocks Deluxe (HKLM\...\{D2DEA9D8-2C39-42DA-B2A8-E91AF5D09490}) (Version: 1.0.0 - MumboJumbo, LLC)
Mozilla Firefox 7.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 7.0.1 (x86 en-US)) (Version: 7.0.1 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySpace Toolbar (HKLM\...\MySpaceToolbar) (Version: 1.0.72.0 - MySpace.com)
Nero 7 Ultra Edition (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
NetZero Internet (HKLM\...\{6c651250-2eb2-11d5-8e33-0050dad72ac2}) (Version: NetZero QuickStart - NetZero, Inc.)
NVIDIA PhysX v8.10.29 (HKLM\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OneTouch USB Driver (HKLM\...\{E08EC542-BC5F-4F26-BBB9-E426BA007A31}) (Version: 2.0 - LifeScan)
Paradise Quest (remove only) (HKLM\...\Paradise Quest) (Version:  - )
Path to Success (Version: 2.2.0.98 - WildTangent) Hidden
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
PL-2303 Vista Driver Installer (HKLM\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.0.1.0 - Prolific)
Profitville (remove only) (HKLM\...\Profitville) (Version:  - )
Project Rescue: Africa! (Version: 2.2.0.98 - WildTangent) Hidden
QuickBooks Financial Center (HKLM\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.00.0000 - Intuit Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Rescue Frenzy (Version: 2.2.0.98 - WildTangent) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safari Island (Version: 2.2.0.98 - WildTangent) Hidden
Sally's Quick Clips (Version: 2.2.0.98 - WildTangent) Hidden
Shape Shifter (HKLM\...\Shape Shifter) (Version:  - GameHouse, Inc.)
Skins (Version: 2008.0422.2139.36895 - ATI) Hidden
Slingo Mystery - Who's Gold? (remove only) (HKLM\...\Slingo Mystery - Who's Gold?) (Version:  - )
Software Updater (HKLM\...\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474}) (Version: 4.3.6 - SEIKO EPSON CORPORATION)
Stand O'Food 3 (Version: 2.2.0.98 - WildTangent) Hidden
Super Jigsaw - Landscapes (remove only) (HKLM\...\Super Jigsaw - Landscapes) (Version:  - )
Super Jigsaw - Puppies (remove only) (HKLM\...\Super Jigsaw - Puppies) (Version:  - )
Super Jigsaw Caboodle (remove only) (HKLM\...\Super Jigsaw Caboodle) (Version:  - )
Supermarket Management 2 (Version: 2.2.0.98 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
Tetris Worlds (HKLM\...\Tetris Worlds) (Version:  - )
The Dark Knight Photo Editor (HKLM\...\{75633187-A6F5-4FD5-AB3F-0530802A2D5B}) (Version:  - Digital Blue)
Tiny Token Empires™ (Version: 2.2.0.98 - WildTangent) Hidden
TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.15 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.30.12 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 2.0.2.32 - TOSHIBA)
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - )
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA Corporation)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.19 - TOSHIBA Corporation)
Ultimate Puzzles 500 (HKLM\...\Ultimate Puzzles 500) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
Virtual Farm 2 (Version: 2.2.0.98 - WildTangent) Hidden
WebEx (HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\ActiveTouchMeetingClient) (Version:  - WebEx Communications, Inc)
Wheel Of Fortune 2 (remove only) (HKLM\...\Wheel Of Fortune 2) (Version:  - )
WildTangent Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
WildTangent Games (HKLM\...\WildTangent wildgames Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Version: 4.0.11.7 - WildTangent) Hidden
WinZip System Utilities Suite (HKLM\...\{73370408-B80E-4509-B9AF-957E2E0F512F}_is1) (Version: 2.0.648.13214 - WinZip Computing, S.L. (WinZip Computing))
WorldWinner Games (HKLM\...\{230B9098-A165-491F-B499-8F41AA7139F6}) (Version: 1.9.0.23 - WorldWinner.com, Inc.)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Youda Farmer 3: Seasons (Version: 2.2.0.98 - WildTangent) Hidden
ZIMO (Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130000-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltocx13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130005-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltocx13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130007-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltocx13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130060-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltdlg13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130064-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltdlg13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130065-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltdlg13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130066-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltdlg13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130068-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltdlg13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130070-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltscr13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130074-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltscr13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130075-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltscr13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130076-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltscr13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130077-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltscr13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130100-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltlst13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130104-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltlst13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130106-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltlst13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130200-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\lttmb13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130204-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\lttmb13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130400-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltodb13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130500-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130505-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130507-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130509-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{0013050B-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{0013050D-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{0013050F-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130511-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130600-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltvec13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130605-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltvec13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130607-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltvec13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130609-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltvec13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130611-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltvec13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130613-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltvec13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130620-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\lttlb13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130625-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\lttlb13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130801-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltocx13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130847-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltmrc13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{0013084B-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltmrc13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{0013085F-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\LTCML13n.dll (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130861-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\LTCML13n.dll (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130863-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\LTCML13n.dll (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{1E1B8D00-6D12-11D4-BB60-0000C03B53A6}\InprocServer32 -> C:\Program Files\321Studios\DVDXTREME\DVD X Maker\MCDVSrc.dll ()
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{693566bc-21f8-401e-8d42-e2c5ce50dacc}\localserver32 -> C:\Windows\TEMP\{d5641912-e47a-429c-879e-cfe13eac7a13}\IDriver.NonElevated.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{79E8FD71-F54B-42d4-A4F5-E7565DB58441}\localserver32 -> "C:\Program Files\kikin\KikinBroker.exe" No File

==================== Restore Points =========================

20-05-2015 13:19:38 Windows Update
25-05-2015 14:27:03 Restore Operation
25-05-2015 14:30:16 Windows Update
25-05-2015 15:57:08 Windows Update
26-05-2015 03:09:57 Windows Update
07-06-2015 22:02:29 Removed DVD X Show
19-08-2015 10:53:47 Installed McAfee VirusScan Enterprise.
12-09-2015 18:20:25 Windows Update
14-09-2015 03:01:44 Windows Update
14-09-2015 22:47:54 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {039C54B6-86EE-4CF5-A01B-3634423E533A} - System32\Tasks\{87A14BA5-DC58-4E42-8326-5DCF4A4157F2} => pcalua.exe -a "C:\Program Files\actisys\ACT-IR224UN-Li\ACT-IR224UN-Li-Setup-v1.1.6-070926.exe"
Task: {0F23BA46-D3D4-4683-B76F-8E0925ED6232} - System32\Tasks\{155E961D-5599-4899-BF35-222060505212} => pcalua.exe -a "C:\TOSAPINS\COMPS1\NetZero Internet Access0\MANUAL\B27528A.EXE" -d "C:\TOSAPINS\COMPS1\NetZero Internet Access0\MANUAL"
Task: {17F8A98E-5A8E-4670-B444-57ED0BAFE7FF} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-1-7 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-1-7.exe <==== ATTENTION
Task: {191CE1CA-EAC0-491F-A4B6-D9BDE779D5A6} - System32\Tasks\smmDQbZEFSzBQ => C:\Users\MARY\AppData\Roaming\smmDQbZEFSzBQ.exe [2015-04-20] () <==== ATTENTION
Task: {19C51564-AC56-4CC7-AC44-C25DA274BB70} - System32\Tasks\klJfmcRT9KGJYtK7B2C6UoSz => C:\Users\MARY\AppData\Roaming\klJfmcRT9KGJYtK7B2C6UoSz.exe [2015-04-20] () <==== ATTENTION
Task: {20458735-7785-4BD9-BF33-ECC5B26E0564} - System32\Tasks\CIMT_S-1-5-21-1063116495-4114681664-2467881189-1000 => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {27BF4239-7F65-4EB9-A18F-55870AEC3CBC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {36CDA412-413A-4164-9121-AF3EB5A59A40} - System32\Tasks\{825CB5A5-90DA-4B83-A34F-F143575127EB} => pcalua.exe -a "C:\Program Files\NetZero\uninst.exe" -d "C:\Program Files\NetZero"
Task: {45277F59-2FBC-4C50-89CC-2820A75BD2A0} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-7 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-7.exe <==== ATTENTION
Task: {47C47F5E-16D8-40D2-B60C-9E48A6A3D453} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files\Optimizer Pro 3.84\OptProLauncher.exe <==== ATTENTION
Task: {488E69F8-673E-4DB3-B064-1F9940CFF0BA} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-1-7 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-1-7.exe <==== ATTENTION
Task: {4EAF1B5B-1C47-45C9-8303-5AF95B889A5A} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {5535DADC-9EF5-4EDE-8B21-B5E80E6B3CCE} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {5838E215-6A44-4B34-9EB5-D402FF479F4A} - System32\Tasks\Microsoft\Windows\RestartManager\{BC8A499A-8D8B-4109-A2C7-0D9B0A607FF0} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {5C913260-1F2A-4940-863F-01FBF52EBB73} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {5D7EE71C-9BDE-4122-9CD4-DB4D034B2DD9} - System32\Tasks\20d13ed4-3ff8-43fa-b399-700ada086a92-5_user => C:\Program Files\Com NotificationsV06.03\20d13ed4-3ff8-43fa-b399-700ada086a92-5.exe <==== ATTENTION
Task: {5EC7FBD8-F108-4497-8345-C656286E237E} - System32\Tasks\4nWD0DuQtXtajdhhOyIO1Kts => C:\Users\MARY\AppData\Roaming\4nWD0DuQtXtajdhhOyIO1Kts.exe [2015-04-20] () <==== ATTENTION
Task: {60C61365-D379-4816-8D2E-AC26153C66D2} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {61038F00-2F67-4BAF-A365-2EF886A97DB0} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-4 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-4.exe <==== ATTENTION
Task: {61A6D69F-79B7-49BB-959F-1D6E563637B6} - System32\Tasks\20d13ed4-3ff8-43fa-b399-700ada086a92-10_user => C:\Program Files\Com NotificationsV06.03\20d13ed4-3ff8-43fa-b399-700ada086a92-10.exe <==== ATTENTION
Task: {652757EA-E578-4B6D-AF38-A54461AFBEB9} - System32\Tasks\20d13ed4-3ff8-43fa-b399-700ada086a92-5 => C:\Program Files\Com NotificationsV06.03\20d13ed4-3ff8-43fa-b399-700ada086a92-5.exe <==== ATTENTION
Task: {66A3142A-0475-49E2-A6E3-F250BA198A94} - System32\Tasks\gtaUpt => C:\Program Files\shopperz\zaeed.bat <==== ATTENTION
Task: {66E6C20F-0783-4BC5-B83F-54505853A2B1} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-5_user => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-5.exe <==== ATTENTION
Task: {6B59D703-553F-4965-8BFA-6F9B09DAF70C} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-4 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-4.exe <==== ATTENTION
Task: {6D0EFFC9-940C-4F7E-8420-ADB41A83FAF7} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-7 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-7.exe <==== ATTENTION
Task: {70FC46AA-2D39-4C7D-9D16-9BC0AA325078} - System32\Tasks\Super Optimizer Schedule => C:\Program Files\Super Optimizer\SupOptLauncher.exe <==== ATTENTION
Task: {736E22C8-C729-4F90-8C34-F25DCC7A5346} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: {76E3C321-3658-4019-9D58-8B329F939D6D} - System32\Tasks\UsA3Y3DGWI8lU6Vg050nkIYOo3C => C:\Users\MARY\AppData\Roaming\UsA3Y3DGWI8lU6Vg050nkIYOo3C.exe [2015-04-20] () <==== ATTENTION
Task: {7BBB14B0-8B0B-4967-9E44-56EC3892E343} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: {835DE4E5-7252-43B0-A7C4-BB1F4156AE3E} - System32\Tasks\{B07F6F1E-14FF-4497-B91E-244E941C3906} => pcalua.exe -a C:\ProgramData\ZombieNews\uninstall.exe -c /kb=y /ic=1
Task: {8674EF86-B7BB-4B6B-BDE3-E318CD53A6A0} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-5 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-5.exe <==== ATTENTION
Task: {882EF406-EC89-4434-9659-577E840F064C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {91F92EE6-5528-4E33-9100-4C4B33CD312F} - System32\Tasks\Driver Support-RTMRules => C:\Program Files\Driver Support\DriverSupport.exe [2015-02-25] (PC Drivers Headquarters)
Task: {9577C2AD-7090-409B-87AE-EB6D7396DBC1} - System32\Tasks\{1470CDE0-1689-462D-BA1F-D37336E4ECE1} => pcalua.exe -a C:\NetZeroInstaller\NetZeroInstaller.exe -d C:\NetZeroInstaller
Task: {9714BF8A-8080-48AD-92AB-B30E653C07DD} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files\Driver Support\DriverSupport.exe [2015-02-25] (PC Drivers Headquarters)
Task: {9939CE21-7680-4521-BF82-714016B002D0} - System32\Tasks\CIMT_daily_S-1-5-21-1063116495-4114681664-2467881189-1000 => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {9C98A903-AC05-47B9-8821-9FF439FCB038} - System32\Tasks\Microsoft\Windows\RestartManager\{4598BFC2-4291-490a-9753-BF99E4FAA15A} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {9E0C9FBF-F797-44BE-A138-C0645502454E} - System32\Tasks\Driver Support => C:\Program Files\Driver Support\DriverSupport.exe [2015-02-25] (PC Drivers Headquarters)
Task: {A7D5A3F5-ABF5-4FCE-8A84-42A978E7B09B} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {A90D8C61-7991-4A36-9DFD-7C17DE92A883} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-5 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-5.exe <==== ATTENTION
Task: {A99F0D58-FC5A-4201-9DDF-F63FC28D89C1} - System32\Tasks\AUSAMRFZ => C:\Users\MARY\AppData\Roaming\AUSAMRFZ.exe [2015-04-22] (Com NotificationsV06.03) <==== ATTENTION
Task: {AA869B76-C042-46AB-8DA5-B493C5F43F3E} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-3 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-3.exe <==== ATTENTION
Task: {B1208FC6-BAD5-48EA-98C2-F5B060E52F63} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-1-6 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-1-6.exe <==== ATTENTION
Task: {B438C3D5-36E2-4D59-9290-B0E2A104B4CB} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-6 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-6.exe <==== ATTENTION
Task: {B4F42752-6D7E-4782-91DE-0E5F67BE2F9C} - System32\Tasks\rCiNBy3auXo => C:\Users\MARY\AppData\Roaming\rCiNBy3auXo.exe [2015-04-20] () <==== ATTENTION
Task: {BAC4E452-4414-4153-A73F-5B5A609156D9} - System32\Tasks\Driver Support-RTMScanRunOnce => C:\Program Files\Driver Support\DriverSupport.exe [2015-02-25] (PC Drivers Headquarters)
Task: {C34D26E7-6BD0-4ED4-94CE-3299B18A95C9} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-5_user => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-5.exe <==== ATTENTION
Task: {C5F73BAA-C95E-47CF-9E93-00F80F49FB56} - System32\Tasks\{F43F2B65-EFB7-47DA-A405-7D009276CBF6} => pcalua.exe -a "C:\Users\MARY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4BB8PJM\yahoo_wheeloffortune2_tm5-3[1].exe" -d C:\Windows\system32
Task: {C86953BE-573B-4B36-A783-79B7C58F07A6} - System32\Tasks\LaunchPreSignup => C:\Program Files\OLBPre\OLBPre.exe <==== ATTENTION
Task: {CF4C0421-0471-4F98-8E2C-8706C054C8C8} - System32\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days => C:\Program Files\WinZip System Utilities Suite\WINZIPSSCheckUpdate.exe [2013-02-13] (WinZip Computing, S.L. (WinZip Computing))
Task: {CFA3551F-2BEB-462E-B545-8D29938BD2E8} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-6 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-6.exe <==== ATTENTION
Task: {D0166B5D-E7EC-4F70-A740-7452C9F4B2FB} - System32\Tasks\WINZIPSS-WINZIPSSOneClickCare => C:\Program Files\WinZip System Utilities Suite\WINZIPSS.exe [2013-02-13] (WinZip Computing, S.L. (WinZip Computing))
Task: {DC2772C6-416D-4CAF-9249-1332D2DA130B} - System32\Tasks\BlockAndSurf Update => C:\Program Files\version42BlockAndSurf\J4BlockAndSurfJ52.exe <==== ATTENTION
Task: {DF2F4954-71FE-4473-BB20-66F872E55B2A} - System32\Tasks\SysHealth_Controller_Mon => C:\Windows\SysFilesController\SysFiles_backup.exe
Task: {DF619BBD-500F-4E0B-838D-7269FB875B8B} - System32\Tasks\{80DA6008-D667-4E96-969D-67A65E15FAA8} => pcalua.exe -a "C:\TOSAPINS\COMPS1\TOSHIBA Assist0\MANUAL\B26484A.EXE" -d "C:\TOSAPINS\COMPS1\TOSHIBA Assist0\MANUAL"
Task: {E19CCB3A-2772-4047-BF02-1B23D102779C} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-1-6 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-1-6.exe <==== ATTENTION
Task: {E323391E-F9E5-4F78-82E3-EEAFF454E096} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-10_user => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-10.exe <==== ATTENTION
Task: {E32A7A09-A070-4157-80F1-21E256D2AE63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {E38F887F-48B4-4512-9F02-8038F9B55FB8} - System32\Tasks\Driver Support-RTMScan => C:\Program Files\Driver Support\DriverSupport.exe [2015-02-25] (PC Drivers Headquarters)
Task: {E3B0768B-67BB-4379-94A5-98F1E77B1A54} - System32\Tasks\KMPOFPUXOY => C:\ProgramData\3eb60c6783df4497a1bcc48c5ac778c7\3eb60c6783df4497a1bcc48c5ac778c7.exe <==== ATTENTION
Task: {E722D7A0-9125-4F5B-B318-86EC2753FFBC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E72AA5F8-7632-4789-A46B-CC6B36F82B85} - System32\Tasks\lZYVDvAe7GlknGA => C:\Users\MARY\AppData\Roaming\lZYVDvAe7GlknGA.exe [2015-04-20] () <==== ATTENTION
Task: {F21AF930-CD54-4C7C-8E32-EC6659280CBF} - System32\Tasks\Uealjikiapa => C:\ProgramData\Uealjikiapa\1.0.5.1\roahihod.exe [2015-09-12] ()
Task: {F531AC53-AB20-4434-9FC8-5288DADA0766} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-3 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-3.exe <==== ATTENTION
Task: {F62B6D32-9048-45D1-BE7E-98F0A1DB8B64} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-10_user => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-10.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\4nWD0DuQtXtajdhhOyIO1Kts.job => C:\Users\MARY\AppData\Roaming\4nWD0DuQtXtajdhhOyIO1Kts.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AUSAMRFZ.job => C:\Users\MARY\AppData\Roaming\AUSAMRFZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_daily_S-1-5-21-1063116495-4114681664-2467881189-1000.job => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_S-1-5-21-1063116495-4114681664-2467881189-1000.job => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\klJfmcRT9KGJYtK7B2C6UoSz.job => C:\Users\MARY\AppData\Roaming\klJfmcRT9KGJYtK7B2C6UoSz.exe <==== ATTENTION
Task: C:\Windows\Tasks\lZYVDvAe7GlknGA.job => C:\Users\MARY\AppData\Roaming\lZYVDvAe7GlknGA.exe <==== ATTENTION
Task: C:\Windows\Tasks\rCiNBy3auXo.job => C:\Users\MARY\AppData\Roaming\rCiNBy3auXo.exe <==== ATTENTION
Task: C:\Windows\Tasks\smmDQbZEFSzBQ.job => C:\Users\MARY\AppData\Roaming\smmDQbZEFSzBQ.exe <==== ATTENTION
Task: C:\Windows\Tasks\UsA3Y3DGWI8lU6Vg050nkIYOo3C.job => C:\Users\MARY\AppData\Roaming\UsA3Y3DGWI8lU6Vg050nkIYOo3C.exe <==== ATTENTION
Task: C:\Windows\Tasks\User_Feed_Synchronization-{100CB278-A42A-47AD-9C68-5BC3E3CF95BD}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job => C:\Program Files\WinZip System Utilities Suite\WINZIPSSCheckUpdate.exe
Task: C:\Windows\Tasks\WINZIPSS-WINZIPSSOneClickCare.job => C:\Program Files\WinZip System Utilities Suite\WINZIPSS.exe

==================== Loaded Modules (Whitelisted) ==============

2008-01-20 21:24 - 2008-01-20 21:24 - 00009216 _____ () C:\Windows\System32\wship6.dll
2009-09-10 16:52 - 2009-04-11 01:28 - 00083968 _____ () C:\Windows\system32\wbem\wmiutils.dll
2015-09-15 20:14 - 2015-09-15 20:14 - 00307200 _____ () C:\Windows\TEMP\mrtA2E3.tmp\MMFS2.dll
2015-09-15 20:14 - 2015-09-15 20:14 - 00021504 _____ () C:\Windows\TEMP\mrtA2E3.tmp\Get.mfx
2015-09-15 20:14 - 2015-09-15 20:14 - 00059392 _____ () C:\Windows\TEMP\mrtA2E3.tmp\Yaso.mfx
2015-09-12 19:34 - 2015-09-12 19:34 - 00158208 _____ () C:\ProgramData\Uealjikiapa\1.0.5.1\roahihod.exe
2015-09-15 20:15 - 2015-09-15 20:15 - 00049274 ____R () C:\Windows\TEMP\pdk-SYSTEM-900\63034c7371a6548f55e2e2ada11d61df\Console.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00041064 ____R () C:\Windows\TEMP\pdk-SYSTEM-900\84c73e03b82ca27738913a411aab1a36\Win32.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00032878 ____R () C:\Windows\TEMP\pdk-SYSTEM-900\5a043c9ceeb6d93382986c196a4fafd4\API.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00024675 ____R () C:\Windows\TEMP\pdk-SYSTEM-900\83c9827eb0780dfbd0d606810dabd32b\MD5.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00032873 ____R () C:\Windows\TEMP\pdk-SYSTEM-900\e790df575748f7ddfa6d074eefbd3af9\Dumper.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00163971 ____R () C:\Windows\TEMP\pdk-SYSTEM-900\d8a986739f35fd413025de54fd074182\Registry.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00086141 ____R () C:\Windows\TEMP\pdk-SYSTEM-900\b925c172201d5ef768c668345559b93c\WinError.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00024680 ____R () C:\Windows\TEMP\pdk-SYSTEM-900\52f32cf781dbf574d1d227e3fdefb6a8\Base64.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00024678 ____R () C:\Windows\TEMP\pdk-SYSTEM-900\278e95d3c70d01bffd43d0d6f0a68d54\HiRes.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00028794 ____R () C:\Windows\TEMP\pdk-SYSTEM-900\cc6074bff1906afc872db1ac09b9f547\Process.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00393216 _____ () C:\Program Files\McAfee\Common Framework\cryptocme2.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00471040 _____ () C:\Program Files\McAfee\Common Framework\ccme_base.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00041077 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\21245c5569721f0f2a33e16be17cbf54\Parser.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00033061 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\1fb9e4724fa361b2039d7108d86facb1\IO.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00024673 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\bca7aac987d374edc35a6e36445e61af\Fcntl.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00065649 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\a7e3c95a9eafdbe78935b179b3ff1b32\Storable.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00028767 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\c7908c77cfa1eb6c67bd6c2c8828e47d\Socket.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00032868 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\5bec2b7324c81f25bdf5c087fdf888e2\Util.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00024680 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\52f32cf781dbf574d1d227e3fdefb6a8\Base64.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00753770 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\255873e11a19a4173c46c5f0f1c45a75\SSLeay.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00041064 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\84c73e03b82ca27738913a411aab1a36\Win32.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00032878 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\5a043c9ceeb6d93382986c196a4fafd4\API.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00024675 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\83c9827eb0780dfbd0d606810dabd32b\MD5.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00032873 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\e790df575748f7ddfa6d074eefbd3af9\Dumper.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00163971 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\d8a986739f35fd413025de54fd074182\Registry.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00086141 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\b925c172201d5ef768c668345559b93c\WinError.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00110067 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\69a7571ee8627e000e7aa3e84e6c0287\XS.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00028797 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\4010f65ec76e2d10892bb18b850ef0fe\EventLog.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00036974 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\d3cf21878a857fd038aba844148f5d25\threads.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00036987 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\7e7eb1f6db17cd1fa4804f58459d1f4a\shared.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00024678 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\278e95d3c70d01bffd43d0d6f0a68d54\HiRes.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00090222 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\eec708426f797e3eae1af772a856fdae\OLE.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00073825 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\823c451b17adc6464f8cf55ac2dcafcf\POSIX.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00020573 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\5bf8db5274d53c6ed2dd878aeff6e7d5\Cwd.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00049274 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\63034c7371a6548f55e2e2ada11d61df\Console.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00053347 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\baeb31b10de41e0fd6fecc1b786c31f3\SHA.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00024686 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\766ccbea5ec5a2bc70b9fe8ea13d73f8\IPC.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00024690 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\41d3bfad1943c3f1696600b681760fd4\Event.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00028643 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\a8bf61c655dc018f08ffa870367e19ab\Blowfish.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00024676 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\74e8e28bfe91d1cf7eb0624b24843997\Glob.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00098419 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\be99ba2f5fa59beaeeab574714026ae6\Zlib.dll
2015-09-15 20:15 - 2015-09-15 20:15 - 00028794 ____R () C:\Windows\TEMP\pdk-SYSTEM-2112\cc6074bff1906afc872db1ac09b9f547\Process.dll
2008-05-05 13:19 - 2007-01-25 20:47 - 00136816 _____ () C:\TOSHIBA\IVP\ISM\pinger.exe
2008-05-05 13:19 - 2007-10-23 18:27 - 00066928 _____ () c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
2008-04-24 21:25 - 2008-04-24 21:25 - 00126976 _____ () C:\Windows\system32\SmartFaceVCtrl.dll
2008-04-24 21:25 - 2008-04-24 21:25 - 06701056 _____ () C:\Windows\system32\FaceHI.dll
2008-04-24 21:25 - 2008-04-24 21:25 - 00995328 _____ () C:\Windows\system32\FaceRec.dll
2007-01-11 18:33 - 2007-01-11 18:33 - 00106496 ____R () C:\Program Files\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll
2015-02-25 09:06 - 2015-02-25 09:06 - 00334112 _____ () C:\Program Files\Driver Support\Agent.Common.XmlSerializers.dll
2015-02-25 09:06 - 2015-02-25 09:06 - 00035104 _____ () C:\Program Files\Driver Support\Agent.ExceptionLogging.XmlSerializers.dll
2015-02-25 09:06 - 2015-02-25 09:06 - 00465184 _____ () C:\Program Files\Driver Support\Agent.Communication.XmlSerializers.dll
2008-04-23 01:05 - 2008-04-23 01:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2010-03-31 10:08 - 2010-03-31 10:08 - 00240552 ____R () C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll
2010-03-17 16:20 - 2010-03-17 16:20 - 00139264 ____R () C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll
2010-03-31 10:08 - 2010-03-31 10:08 - 00240552 ____R () C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:6B50A605
AlternateDataStreams: C:\ProgramData\TEMP:E428B9D4

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wwwd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebWatcherProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wwwd.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\driversupport.com -> hxxps://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\netzero.com -> netzero.com
IE trusted site: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\netzero.net -> netzero.net


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MARY\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: 22134214 => 2
MSCONFIG\Services: 40030ae4 => 2
MSCONFIG\Services: 67b32930 => 2
MSCONFIG\Services: 70F4EEDB-1367-4b4f-8247-3133551A7415 => 2
MSCONFIG\Services: AppMgr1.26.3056825 => 2
MSCONFIG\Services: consumerinput_update => 2
MSCONFIG\Services: consumerinput_updatem => 3
MSCONFIG\Services: csrcc => 2
MSCONFIG\Services: FlashBeat => 2
MSCONFIG\Services: globalUpdate => 2
MSCONFIG\Services: globalUpdatem => 3
MSCONFIG\Services: insvc_1.10.0.14 => 2
MSCONFIG\Services: pastaleadsupd => 2
MSCONFIG\Services: pyteqisi => 2
MSCONFIG\Services: ryvyrife => 2
MSCONFIG\Services: shopperz Updater => 2
MSCONFIG\Services: StormWatch Update Service => 2
MSCONFIG\Services: SWUpdater => 2
MSCONFIG\Services: Update Steel Cut => 2
MSCONFIG\Services: Util Steel Cut => 2
MSCONFIG\Services: xihyqumu => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [TCP Query User{F8D95447-87CF-42FE-8839-613673FC4EFB}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{ECB2991F-0FE4-4C33-BDAC-61539F397819}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{568AAE34-124E-4FE7-BD64-E26CED0B777E}C:\program files\nero\nero 7\nero showtime\showtime.exe] => (Block) C:\program files\nero\nero 7\nero showtime\showtime.exe
FirewallRules: [UDP Query User{98477DBB-3731-4A1A-AB06-79DBD0907307}C:\program files\nero\nero 7\nero showtime\showtime.exe] => (Block) C:\program files\nero\nero 7\nero showtime\showtime.exe
FirewallRules: [{9EE2AA52-B7CB-4D7C-A34B-2055ACFF4530}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{DCE61DF5-753F-4991-8959-4C1A9C9A1081}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{48DD2A18-DC9A-48B1-B59B-447E0A6A9FF9}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{22AD4409-45F8-4313-A013-5BBAF98A542F}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{B60F514D-1165-467C-B3C4-0B0FCA9CAD19}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{B2E653EC-E6AE-4687-9660-3585DED9C8E6}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{8024F8B5-702E-4F4E-A8FE-9C76939C9BA8}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{42583F21-625F-49C6-A509-05D9D4E328D1}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{6543F1BF-ECDF-4AB6-8FFC-98A6BCCC6D56}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{1B829C43-0AEA-49F0-B11F-D4E7724CBE0A}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{DD6F273F-C9EA-45EC-B883-6093592BA869}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{4D075355-BF68-47D2-870B-B01C8D3F8E1A}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{57DE68D4-AEBD-440F-A61B-1D3F99C59AE3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger

==================== Faulty Device Manager Devices =============

Name: Communications Port (COM8)
Description: Communications Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard port types)
Service: Serial
Problem: : Windows cannot determine the settings for this device. Consult the documentation that came with this device and use the Resource tab to set the configuration. (Code 34)
Resolution: The device requires manual configuration. See the hardware documentation or contact the hardware vendor for instructions on manually configuring the device. After you configure the device itself, you can use the "Resources" tab in Device Manager to configure the resource settings in Windows.

Name: Trusted Platform Module 1.2
Description: Trusted Platform Module 1.2
Class Guid: {d94ee5d8-d189-4994-83d2-f68d7d41b0e6}
Manufacturer: (Standard)
Service: TPM
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2015 08:34:45 PM) (Source: Driver Support) (EventID: 100) (User: )
Description: Timestamp: 9/16/2015 1:34:45 AM
Message: An exception occured and was caught: ConfigurationErrorsException
---------Exception Information----------
Local Time: 9/15/2015 8:34:45 PM
Type: ExceptionLogging, Version=4.0.0.60, Culture=neutral, PublicKeyToken=null
Message: Error creating the Web Proxy specified in the 'system.net/defaultProxy' configuration section.
Source: System
Target Site: System.Net.Configuration.DefaultProxySectionInternal GetSection()
Stack Trace:    at System.Net.Configuration.DefaultProxySectionInternal.GetSection()
    
   at System.Net.WebRequest.get_InternalDefaultWebProxy()
    
   at System.Net.HttpWebRequest..ctor(Uri uri, ServicePoint servicePoint)
    
   at System.Net.HttpRequestCreator.Create(Uri Uri)
    
   at System.Net.WebRequest.Create(Uri requestUri, Boolean useUriBase)
    
   at System.Net.WebRequest.Create(String requestUriString)
    
   at DriversHQ.Common.Communication.WebRequestMessageBase.GetResponseInternal()
    
   at DriversHQ.Common.Communication.RequestMessageBase.GetResponse(Boolean async)
    
   at DriversHQ.Common.Communication.RequestMessageBase.GetResponse()
    
   at DriversHQ.DriverDetective.Client.Veloxum.VeloxumManager.SendVeloxumClientMessage(VeloxumClientRequestMessageBase request, Boolean async, Boolean isHandshakeMessage, Int32 retryCount)
    ----------Inner Exception Information----------
        Message: The parameter is incorrect
        Source: System
        Target Site: System.Net.SafeCloseSocketAndEvent CreateWSASocketWithEvent(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType, Boolean, Boolean)
        Stack Trace:    at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled)
    
   at System.Net.NetworkAddressChangePolled..ctor()
    
   at System.Net.AutoWebProxyScriptEngine.AutoDetector.Initialize()
    
   at System.Net.AutoWebProxyScriptEngine.AutoDetector.get_CurrentAutoDetector()
    
   at System.Net.AutoWebProxyScriptEngine..ctor(WebProxy proxy, Boolean useRegistry)
    
   at System.Net.WebProxy.UnsafeUpdateFromRegistry()
    
   at System.Net.WebProxy..ctor(Boolean enableAutoproxy)
    
   at System.Net.Configuration.DefaultProxySectionInternal..ctor(DefaultProxySection section)
    
   at System.Net.Configuration.DefaultProxySectionInternal.GetSection()
--------------------------------------
Additional Information
Machine Name: MARY-LT
Assembly: ExceptionLogging, Version=4.0.0.60, Culture=neutral, PublicKeyToken=null
Application Domain: DriverSupport.exe
Thread Identity: MARY-LT\MARY
Thread Name:
Windows Identity: MARY-LT\MARY
Process Name:

Error: (09/15/2015 08:34:45 PM) (Source: Driver Support) (EventID: 100) (User: )
Description: Timestamp: 9/16/2015 1:34:45 AM
Message: An exception occured and was caught: ConfigurationErrorsException
---------Exception Information----------
Local Time: 9/15/2015 8:34:45 PM
Type: ExceptionLogging, Version=4.0.0.60, Culture=neutral, PublicKeyToken=null
Message: Error creating the Web Proxy specified in the 'system.net/defaultProxy' configuration section.
Source: System
Target Site: System.Net.Configuration.DefaultProxySectionInternal GetSection()
Stack Trace:    at System.Net.Configuration.DefaultProxySectionInternal.GetSection()
    
   at System.Net.WebRequest.get_InternalDefaultWebProxy()
    
   at System.Net.HttpWebRequest..ctor(Uri uri, ServicePoint servicePoint)
    
   at System.Net.HttpRequestCreator.Create(Uri Uri)
    
   at System.Net.WebRequest.Create(Uri requestUri, Boolean useUriBase)
    
   at System.Net.WebRequest.Create(String requestUriString)
    
   at DriversHQ.Common.Communication.WebRequestMessageBase.GetResponseInternal()
    
   at DriversHQ.Common.Communication.RequestMessageBase.GetResponse(Boolean async)
    
   at DriversHQ.Common.Communication.RequestMessageBase.GetResponse()
    
   at DriversHQ.DriverDetective.Client.Veloxum.VeloxumManager.SendVeloxumClientMessage(VeloxumClientRequestMessageBase request, Boolean async, Boolean isHandshakeMessage, Int32 retryCount)
    ----------Inner Exception Information----------
        Message: The parameter is incorrect
        Source: System
        Target Site: System.Net.SafeCloseSocketAndEvent CreateWSASocketWithEvent(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType, Boolean, Boolean)
        Stack Trace:    at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled)
    
   at System.Net.NetworkAddressChangePolled..ctor()
    
   at System.Net.AutoWebProxyScriptEngine.AutoDetector.Initialize()
    
   at System.Net.AutoWebProxyScriptEngine.AutoDetector.get_CurrentAutoDetector()
    
   at System.Net.AutoWebProxyScriptEngine..ctor(WebProxy proxy, Boolean useRegistry)
    
   at System.Net.WebProxy.UnsafeUpdateFromRegistry()
    
   at System.Net.WebProxy..ctor(Boolean enableAutoproxy)
    
   at System.Net.Configuration.DefaultProxySectionInternal..ctor(DefaultProxySection section)
    
   at System.Net.Configuration.DefaultProxySectionInternal.GetSection()
--------------------------------------
Additional Information
Machine Name: MARY-LT
Assembly: ExceptionLogging, Version=4.0.0.60, Culture=neutral, PublicKeyToken=null
Application Domain: DriverSupport.exe
Thread Identity: MARY-LT\MARY
Thread Name:
Windows Identity: MARY-LT\MARY
Process Name:

Error: (09/15/2015 08:34:45 PM) (Source: Driver Support) (EventID: 100) (User: )
Description: Timestamp: 9/16/2015 1:34:45 AM
Message: An exception occured and was caught: ConfigurationErrorsException
---------Exception Information----------
Local Time: 9/15/2015 8:34:45 PM
Type: ExceptionLogging, Version=4.0.0.60, Culture=neutral, PublicKeyToken=null
Message: Error creating the Web Proxy specified in the 'system.net/defaultProxy' configuration section.
Source: System
Target Site: System.Net.Configuration.DefaultProxySectionInternal GetSection()
Stack Trace:    at System.Net.Configuration.DefaultProxySectionInternal.GetSection()
    
   at System.Net.WebRequest.get_InternalDefaultWebProxy()
    
   at System.Net.HttpWebRequest..ctor(Uri uri, ServicePoint servicePoint)
    
   at System.Net.HttpRequestCreator.Create(Uri Uri)
    
   at System.Net.WebRequest.Create(Uri requestUri, Boolean useUriBase)
    
   at System.Net.WebRequest.Create(String requestUriString)
    
   at DriversHQ.Common.Communication.WebRequestMessageBase.GetResponseInternal()
    
   at DriversHQ.Common.Communication.RequestMessageBase.GetResponse(Boolean async)
    
   at DriversHQ.Common.Communication.RequestMessageBase.GetResponse()
    
   at DriversHQ.DriverDetective.Client.Veloxum.VeloxumManager.SendVeloxumClientMessage(VeloxumClientRequestMessageBase request, Boolean async, Boolean isHandshakeMessage, Int32 retryCount)
    ----------Inner Exception Information----------
        Message: The parameter is incorrect
        Source: System
        Target Site: System.Net.SafeCloseSocketAndEvent CreateWSASocketWithEvent(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType, Boolean, Boolean)
        Stack Trace:    at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled)
    
   at System.Net.NetworkAddressChangePolled..ctor()
    
   at System.Net.AutoWebProxyScriptEngine.AutoDetector.Initialize()
    
   at System.Net.AutoWebProxyScriptEngine.AutoDetector.get_CurrentAutoDetector()
    
   at System.Net.AutoWebProxyScriptEngine..ctor(WebProxy proxy, Boolean useRegistry)
    
   at System.Net.WebProxy.UnsafeUpdateFromRegistry()
    
   at System.Net.WebProxy..ctor(Boolean enableAutoproxy)
    
   at System.Net.Configuration.DefaultProxySectionInternal..ctor(DefaultProxySection section)
    
   at System.Net.Configuration.DefaultProxySectionInternal.GetSection()
--------------------------------------
Additional Information
Machine Name: MARY-LT
Assembly: ExceptionLogging, Version=4.0.0.60, Culture=neutral, PublicKeyToken=null
Application Domain: DriverSupport.exe
Thread Identity: MARY-LT\MARY
Thread Name:
Windows Identity: MARY-LT\MARY
Process Name:

Error: (09/15/2015 08:15:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2015 10:14:36 PM) (Source: Driver Support) (EventID: 100) (User: )
Description: Timestamp: 9/15/2015 3:14:36 AM
Message: An exception occured and was caught: ConfigurationErrorsException
---------Exception Information----------
Local Time: 9/14/2015 10:14:36 PM
Type: ExceptionLogging, Version=4.0.0.60, Culture=neutral, PublicKeyToken=null
Message: Error creating the Web Proxy specified in the 'system.net/defaultProxy' configuration section.
Source: System
Target Site: System.Net.Configuration.DefaultProxySectionInternal GetSection()
Stack Trace:    at System.Net.Configuration.DefaultProxySectionInternal.GetSection()
    
   at System.Net.WebRequest.get_InternalDefaultWebProxy()
    
   at System.Net.HttpWebRequest..ctor(Uri uri, ServicePoint servicePoint)
    
   at System.Net.HttpRequestCreator.Create(Uri Uri)
    
   at System.Net.WebRequest.Create(Uri requestUri, Boolean useUriBase)
    
   at System.Net.WebRequest.Create(String requestUriString)
    
   at DriversHQ.Common.Communication.WebRequestMessageBase.GetResponseInternal()
    
   at DriversHQ.Common.Communication.RequestMessageBase.GetResponse(Boolean async)
    
   at DriversHQ.Common.Communication.RequestMessageBase.GetResponse()
    
   at DriversHQ.DriverDetective.Client.Veloxum.VeloxumManager.SendVeloxumClientMessage(VeloxumClientRequestMessageBase request, Boolean async, Boolean isHandshakeMessage, Int32 retryCount)
    ----------Inner Exception Information----------
        Message: The parameter is incorrect
        Source: System
        Target Site: System.Net.SafeCloseSocketAndEvent CreateWSASocketWithEvent(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType, Boolean, Boolean)
        Stack Trace:    at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled)
    
   at System.Net.NetworkAddressChangePolled..ctor()
    
   at System.Net.AutoWebProxyScriptEngine.AutoDetector.Initialize()
    
   at System.Net.AutoWebProxyScriptEngine.AutoDetector.get_CurrentAutoDetector()
    
   at System.Net.AutoWebProxyScriptEngine..ctor(WebProxy proxy, Boolean useRegistry)
    
   at System.Net.WebProxy.UnsafeUpdateFromRegistry()
    
   at System.Net.WebProxy..ctor(Boolean enableAutoproxy)
    
   at System.Net.Configuration.DefaultProxySectionInternal..ctor(DefaultProxySection section)
    
   at System.Net.Configuration.DefaultProxySectionInternal.GetSection()
--------------------------------------
Additional Information
Machine Name: MARY-LT
Assembly: ExceptionLogging, Version=4.0.0.60, Culture=neutral, PublicKeyToken=null
Application Domain: DriverSupport.exe
Thread Identity: MARY-LT\MARY
Thread Name:
Windows Identity: MARY-LT\MARY
Process Name:

Error: (09/14/2015 10:14:36 PM) (Source: Driver Support) (EventID: 100) (User: )
Description: Timestamp: 9/15/2015 3:14:36 AM
Message: An exception occured and was caught: ConfigurationErrorsException
---------Exception Information----------
Local Time: 9/14/2015 10:14:36 PM
Type: ExceptionLogging, Version=4.0.0.60, Culture=neutral, PublicKeyToken=null
Message: Error creating the Web Proxy specified in the 'system.net/defaultProxy' configuration section.
Source: System
Target Site: System.Net.Configuration.DefaultProxySectionInternal GetSection()
Stack Trace:    at System.Net.Configuration.DefaultProxySectionInternal.GetSection()
    
   at System.Net.WebRequest.get_InternalDefaultWebProxy()
    
   at System.Net.HttpWebRequest..ctor(Uri uri, ServicePoint servicePoint)
    
   at System.Net.HttpRequestCreator.Create(Uri Uri)
    
   at System.Net.WebRequest.Create(Uri requestUri, Boolean useUriBase)
    
   at System.Net.WebRequest.Create(String requestUriString)
    
   at DriversHQ.Common.Communication.WebRequestMessageBase.GetResponseInternal()
    
   at DriversHQ.Common.Communication.RequestMessageBase.GetResponse(Boolean async)
    
   at DriversHQ.Common.Communication.RequestMessageBase.GetResponse()
    
   at DriversHQ.DriverDetective.Client.Veloxum.VeloxumManager.SendVeloxumClientMessage(VeloxumClientRequestMessageBase request, Boolean async, Boolean isHandshakeMessage, Int32 retryCount)
    ----------Inner Exception Information----------
        Message: The parameter is incorrect
        Source: System
        Target Site: System.Net.SafeCloseSocketAndEvent CreateWSASocketWithEvent(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType, Boolean, Boolean)
        Stack Trace:    at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled)
    
   at System.Net.NetworkAddressChangePolled..ctor()
    
   at System.Net.AutoWebProxyScriptEngine.AutoDetector.Initialize()
    
   at System.Net.AutoWebProxyScriptEngine.AutoDetector.get_CurrentAutoDetector()
    
   at System.Net.AutoWebProxyScriptEngine..ctor(WebProxy proxy, Boolean useRegistry)
    
   at System.Net.WebProxy.UnsafeUpdateFromRegistry()
    
   at System.Net.WebProxy..ctor(Boolean enableAutoproxy)
    
   at System.Net.Configuration.DefaultProxySectionInternal..ctor(DefaultProxySection section)
    
   at System.Net.Configuration.DefaultProxySectionInternal.GetSection()
--------------------------------------
Additional Information
Machine Name: MARY-LT
Assembly: ExceptionLogging, Version=4.0.0.60, Culture=neutral, PublicKeyToken=null
Application Domain: DriverSupport.exe
Thread Identity: MARY-LT\MARY
Thread Name:
Windows Identity: MARY-LT\MARY
Process Name:

Error: (09/14/2015 10:14:35 PM) (Source: Driver Support) (EventID: 100) (User: )
Description: Timestamp: 9/15/2015 3:14:35 AM
Message: An exception occured and was caught: ConfigurationErrorsException
---------Exception Information----------
Local Time: 9/14/2015 10:14:35 PM
Type: ExceptionLogging, Version=4.0.0.60, Culture=neutral, PublicKeyToken=null
Message: Error creating the Web Proxy specified in the 'system.net/defaultProxy' configuration section.
Source: System
Target Site: System.Net.Configuration.DefaultProxySectionInternal GetSection()
Stack Trace:    at System.Net.Configuration.DefaultProxySectionInternal.GetSection()
    
   at System.Net.WebRequest.get_InternalDefaultWebProxy()
    
   at System.Net.HttpWebRequest..ctor(Uri uri, ServicePoint servicePoint)
    
   at System.Net.HttpRequestCreator.Create(Uri Uri)
    
   at System.Net.WebRequest.Create(Uri requestUri, Boolean useUriBase)
    
   at System.Net.WebRequest.Create(String requestUriString)
    
   at DriversHQ.Common.Communication.WebRequestMessageBase.GetResponseInternal()
    
   at DriversHQ.Common.Communication.RequestMessageBase.GetResponse(Boolean async)
    
   at DriversHQ.Common.Communication.RequestMessageBase.GetResponse()
    
   at DriversHQ.DriverDetective.Client.Veloxum.VeloxumManager.SendVeloxumClientMessage(VeloxumClientRequestMessageBase request, Boolean async, Boolean isHandshakeMessage, Int32 retryCount)
    ----------Inner Exception Information----------
        Message: The parameter is incorrect
        Source: System
        Target Site: System.Net.SafeCloseSocketAndEvent CreateWSASocketWithEvent(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType, Boolean, Boolean)
        Stack Trace:    at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled)
    
   at System.Net.NetworkAddressChangePolled..ctor()
    
   at System.Net.AutoWebProxyScriptEngine.AutoDetector.Initialize()
    
   at System.Net.AutoWebProxyScriptEngine.AutoDetector.get_CurrentAutoDetector()
    
   at System.Net.AutoWebProxyScriptEngine..ctor(WebProxy proxy, Boolean useRegistry)
    
   at System.Net.WebProxy.UnsafeUpdateFromRegistry()
    
   at System.Net.WebProxy..ctor(Boolean enableAutoproxy)
    
   at System.Net.Configuration.DefaultProxySectionInternal..ctor(DefaultProxySection section)
    
   at System.Net.Configuration.DefaultProxySectionInternal.GetSection()
--------------------------------------
Additional Information
Machine Name: MARY-LT
Assembly: ExceptionLogging, Version=4.0.0.60, Culture=neutral, PublicKeyToken=null
Application Domain: DriverSupport.exe
Thread Identity: MARY-LT\MARY
Thread Name:
Windows Identity: MARY-LT\MARY
Process Name:

Error: (09/14/2015 10:08:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2015 08:11:48 AM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context:  Application, SystemIndex Catalog

Error: (09/14/2015 08:11:43 AM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context:  Application, SystemIndex Catalog


System errors:
=============
Error: (09/15/2015 08:15:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: {62bf0628-5809-49d1-9eee-14fa45047c7b}t
{6dfc5aca-15d7-49c9-89a5-7df5102d7909}t
{6eab28b9-4079-4e33-afb7-c332c7d8e930}Gt
{7929dd67-6f70-43ee-9cc7-c3b1ebca3d6c}Gt
{8a6c5cb0-8029-45d5-81ec-3d760f3f2e68}t
{b75bf4f2-b9e7-4446-be16-8fafc15eb88d}t
{c979301f-1894-4c06-9f58-e9aca8d65afc}t

Error: (09/15/2015 08:15:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Adobe Licensing Console%%1053

Error: (09/15/2015 08:15:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Adobe Licensing Console

Error: (09/15/2015 08:14:31 PM) (Source: TPM) (EventID: 13) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (09/15/2015 08:14:31 PM) (Source: TPM) (EventID: 13) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (09/15/2015 08:14:31 PM) (Source: TPM) (EventID: 13) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (09/15/2015 08:14:31 PM) (Source: TPM) (EventID: 13) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (09/14/2015 10:08:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: {62bf0628-5809-49d1-9eee-14fa45047c7b}t
{6dfc5aca-15d7-49c9-89a5-7df5102d7909}t
{6eab28b9-4079-4e33-afb7-c332c7d8e930}Gt
{7929dd67-6f70-43ee-9cc7-c3b1ebca3d6c}Gt
{8a6c5cb0-8029-45d5-81ec-3d760f3f2e68}t
{b75bf4f2-b9e7-4446-be16-8fafc15eb88d}t
{c979301f-1894-4c06-9f58-e9aca8d65afc}t

Error: (09/14/2015 10:08:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Adobe Licensing Console%%1053

Error: (09/14/2015 10:08:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Adobe Licensing Console


Microsoft Office:
=========================

==================== Memory info ===========================

Processor: AMD Turion™ X2 Dual-Core Mobile RM-72
Percentage of memory in use: 49%
Total physical RAM: 2813.1 MB
Available physical RAM: 1407.1 MB
Total Virtual: 5848.68 MB
Available Virtual: 4494.7 MB

==================== Drives ================================

Drive c: (SQ004720V05) (Fixed) (Total:225.52 GB) (Free:122.56 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 220ED127)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=225.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5.9 GB) - (Type=17)

==================== End of Addition.txt ============================



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:28 PM

Posted 16 September 2015 - 04:57 AM

Hello,

please do the following:

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

tdss.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 telecomladyj

telecomladyj
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 16 September 2015 - 05:46 AM

That was a pretty quick scan! Thanks again for all your help. Report is below.

 

05:39:55.0074 0x144c  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
05:40:48.0601 0x144c  ============================================================
05:40:48.0601 0x144c  Current date / time: 2015/09/16 05:40:48.0601
05:40:48.0601 0x144c  SystemInfo:
05:40:48.0601 0x144c  
05:40:48.0601 0x144c  OS Version: 6.0.6002 ServicePack: 2.0
05:40:48.0601 0x144c  Product type: Workstation
05:40:48.0601 0x144c  ComputerName: MARY-LT
05:40:48.0601 0x144c  UserName: MARY
05:40:48.0602 0x144c  Windows directory: C:\Windows
05:40:48.0602 0x144c  System windows directory: C:\Windows
05:40:48.0602 0x144c  Processor architecture: Intel x86
05:40:48.0602 0x144c  Number of processors: 2
05:40:48.0602 0x144c  Page size: 0x1000
05:40:48.0602 0x144c  Boot type: Normal boot
05:40:48.0602 0x144c  ============================================================
05:40:51.0780 0x144c  KLMD registered as C:\Windows\system32\drivers\34059100.sys
05:40:55.0171 0x144c  System UUID: {F3D6F1F3-BA0E-C674-278F-5DF86B16E6FA}
05:40:56.0152 0x144c  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
05:40:56.0157 0x144c  Drive \Device\Harddisk1\DR2 - Size: 0x1E98D1A00 ( 7.65 Gb ), SectorSize: 0x200, Cylinders: 0x3E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
05:40:56.0158 0x144c  ============================================================
05:40:56.0158 0x144c  \Device\Harddisk0\DR0:
05:40:56.0159 0x144c  MBR partitions:
05:40:56.0159 0x144c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1C30B000
05:40:56.0159 0x144c  \Device\Harddisk1\DR2:
05:40:56.0160 0x144c  MBR partitions:
05:40:56.0160 0x144c  \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x3A, BlocksNum 0xF4656B
05:40:56.0160 0x144c  ============================================================
05:40:56.0189 0x144c  C: <-> \Device\Harddisk0\DR0\Partition1
05:40:56.0189 0x144c  ============================================================
05:40:56.0189 0x144c  Initialize success
05:40:56.0189 0x144c  ============================================================
05:41:20.0739 0x4844  ============================================================
05:41:20.0739 0x4844  Scan started
05:41:20.0739 0x4844  Mode: Manual; SigCheck; TDLFS;
05:41:20.0739 0x4844  ============================================================
05:41:20.0739 0x4844  KSN ping started
05:41:20.0762 0x4844  KSN ping finished: false
05:41:21.0292 0x4844  ================ Scan system memory ========================
05:41:21.0292 0x4844  System memory - ok
05:41:21.0293 0x4844  ================ Scan services =============================
05:41:21.0506 0x4844  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
05:41:21.0669 0x4844  ACPI - ok
05:41:21.0816 0x4844  [ B101FF7CE08A7CFE32EF4309826F807C, 250A08430C07E6D911E1120A7B6401FC5C8B957E564E7A6F7EEFB6F9A366781F ] Adobe Licensing Console C:\Windows\System32\lnsecsl.exe
05:41:21.0893 0x4844  Adobe Licensing Console - detected UnsignedFile.Multi.Generic ( 1 )
05:41:22.0027 0x4844  Adobe Licensing Console ( UnsignedFile.Multi.Generic ) - warning
05:41:22.0109 0x4844  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
05:41:22.0133 0x4844  AdobeARMservice - ok
05:41:22.0198 0x4844  [ 368290D0A612D62DA6F3D798B1BB8FE7, D573BF8543F37BC51B88A2473EDFD28AFBCCC446E8CADD54A90FA48D8739D222 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
05:41:22.0225 0x4844  AdobeFlashPlayerUpdateSvc - ok
05:41:22.0277 0x4844  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
05:41:22.0317 0x4844  adp94xx - ok
05:41:22.0338 0x4844  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
05:41:22.0369 0x4844  adpahci - ok
05:41:22.0397 0x4844  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
05:41:22.0421 0x4844  adpu160m - ok
05:41:22.0441 0x4844  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
05:41:22.0467 0x4844  adpu320 - ok
05:41:22.0497 0x4844  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
05:41:22.0529 0x4844  AeLookupSvc - ok
05:41:22.0580 0x4844  [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD             C:\Windows\system32\drivers\afd.sys
05:41:22.0614 0x4844  AFD - ok
05:41:22.0639 0x4844  [ 39E435C90C9C4F780FA0ED05CA3C3A1B, 0006CC8CBFB775CA9C4121B4DDC80560DE35CCBB276DEE7A9F5148743529758A ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
05:41:22.0661 0x4844  AgereModemAudio - ok
05:41:22.0742 0x4844  [ CE91B158FA490CF4C4D487A4130F4660, C343AEB125B15E6FC8428499E1C48390EF5073FACB0DC9BAB9040EFB170D04A5 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
05:41:22.0820 0x4844  AgereSoftModem - ok
05:41:22.0853 0x4844  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
05:41:22.0876 0x4844  agp440 - ok
05:41:22.0904 0x4844  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
05:41:22.0928 0x4844  aic78xx - ok
05:41:22.0967 0x4844  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
05:41:23.0007 0x4844  ALG - ok
05:41:23.0028 0x4844  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
05:41:23.0049 0x4844  aliide - ok
05:41:23.0073 0x4844  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
05:41:23.0095 0x4844  amdagp - ok
05:41:23.0133 0x4844  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
05:41:23.0154 0x4844  amdide - ok
05:41:23.0171 0x4844  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
05:41:23.0210 0x4844  AmdK7 - ok
05:41:23.0225 0x4844  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
05:41:23.0267 0x4844  AmdK8 - ok
05:41:23.0317 0x4844  [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo         C:\Windows\System32\appinfo.dll
05:41:23.0357 0x4844  Appinfo - ok
05:41:23.0375 0x4844  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
05:41:23.0401 0x4844  arc - ok
05:41:23.0432 0x4844  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
05:41:23.0457 0x4844  arcsas - ok
05:41:23.0553 0x4844  [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
05:41:23.0579 0x4844  aspnet_state - ok
05:41:23.0612 0x4844  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
05:41:23.0650 0x4844  AsyncMac - ok
05:41:23.0688 0x4844  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
05:41:23.0709 0x4844  atapi - ok
05:41:23.0741 0x4844  [ 1941D70C83BDFF19A5F47043A5883678, E7E1D8EA5BE6B74C352F603475049F8EE2DDDE513247E31B0D806DAA7A4F3562 ] atashost        C:\Windows\system32\atashost.exe
05:41:23.0763 0x4844  atashost - ok
05:41:23.0839 0x4844  [ 8BE56F8300E1C37B578DA23C71816B7A, C214C8B070E60ED2C8144D875969DAB3B3999532AE0B7E8732813DCC0408826F ] athr            C:\Windows\system32\DRIVERS\athr.sys
05:41:23.0928 0x4844  athr - ok
05:41:23.0985 0x4844  [ 37C63181D8A1B6C948F0866BCBDE406E, F0AFA1A5242253793643508289659D2531F7B0D51D804278E82BF70BC49A1F9E ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
05:41:24.0051 0x4844  Ati External Event Utility - ok
05:41:24.0218 0x4844  [ A2B6478963451A99C28DA8133B648142, 9857643D4293278E36B9E31F788C341897B7F72302B27F6FE23C125002EED21A ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
05:41:24.0509 0x4844  atikmdag - ok
05:41:24.0563 0x4844  [ 4AA1EB65481C392955939E735D27118B, 167F91B0F48C13FA4B976EAB2DC0B29C31A2A98E276B2BF80323E051D54934CB ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
05:41:24.0617 0x4844  AtiPcie - ok
05:41:24.0696 0x4844  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
05:41:24.0745 0x4844  AudioEndpointBuilder - ok
05:41:24.0764 0x4844  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
05:41:24.0801 0x4844  Audiosrv - ok
05:41:24.0828 0x4844  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
05:41:24.0867 0x4844  Beep - ok
05:41:24.0912 0x4844  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
05:41:25.0009 0x4844  BFE - ok
05:41:25.0106 0x4844  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
05:41:25.0224 0x4844  BITS - ok
05:41:25.0263 0x4844  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
05:41:25.0303 0x4844  blbdrive - ok
05:41:25.0339 0x4844  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
05:41:25.0379 0x4844  bowser - ok
05:41:25.0397 0x4844  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
05:41:25.0429 0x4844  BrFiltLo - ok
05:41:25.0455 0x4844  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
05:41:25.0487 0x4844  BrFiltUp - ok
05:41:25.0522 0x4844  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
05:41:25.0566 0x4844  Browser - ok
05:41:25.0600 0x4844  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
05:41:25.0663 0x4844  Brserid - ok
05:41:25.0679 0x4844  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
05:41:25.0741 0x4844  BrSerWdm - ok
05:41:25.0759 0x4844  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
05:41:25.0821 0x4844  BrUsbMdm - ok
05:41:25.0829 0x4844  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
05:41:25.0890 0x4844  BrUsbSer - ok
05:41:25.0906 0x4844  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
05:41:25.0967 0x4844  BTHMODEM - ok
05:41:26.0000 0x4844  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
05:41:26.0041 0x4844  cdfs - ok
05:41:26.0069 0x4844  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
05:41:26.0104 0x4844  cdrom - ok
05:41:26.0174 0x4844  [ 30B37C18E1725EB9F25039E9A1FB9B7E, 969590754F8BA2FACF6AEF30D93E26880C156DDB0558A41A86A5CB80A00CBBF6 ] CDRPDACC        C:\Program Files\321Studios\DVDXTREME\Shared\CDRPDACC.SYS
05:41:26.0182 0x4844  CDRPDACC - detected UnsignedFile.Multi.Generic ( 1 )
05:41:26.0182 0x4844  CDRPDACC ( UnsignedFile.Multi.Generic ) - warning
05:41:26.0213 0x4844  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
05:41:26.0247 0x4844  CertPropSvc - ok
05:41:26.0288 0x4844  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
05:41:26.0328 0x4844  circlass - ok
05:41:26.0374 0x4844  [ 5D9311526801643000D7032A83B18B12, C5A98868A41446617B3A27C6C4AAFA4E7C093E253E8C1DD5DBFE6FAE21991209 ] CLFS            C:\Windows\system32\CLFS.sys
05:41:26.0405 0x4844  CLFS - ok
05:41:26.0477 0x4844  [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:41:26.0501 0x4844  clr_optimization_v2.0.50727_32 - ok
05:41:26.0542 0x4844  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:41:26.0570 0x4844  clr_optimization_v4.0.30319_32 - ok
05:41:26.0589 0x4844  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
05:41:26.0628 0x4844  CmBatt - ok
05:41:26.0664 0x4844  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
05:41:26.0686 0x4844  cmdide - ok
05:41:26.0717 0x4844  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
05:41:26.0737 0x4844  Compbatt - ok
05:41:26.0744 0x4844  COMSysApp - ok
05:41:26.0789 0x4844  [ D10D01B2DFCD8D2F32A32ED29E8DA1C2, D5F89AFF51D690494A70F0E17CB5609DB81F7C9BACD2952D411C7959E90BEEE3 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
05:41:26.0799 0x4844  ConfigFree Service - detected UnsignedFile.Multi.Generic ( 1 )
05:41:26.0800 0x4844  ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
05:41:26.0834 0x4844  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
05:41:26.0856 0x4844  crcdisk - ok
05:41:26.0886 0x4844  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
05:41:26.0925 0x4844  Crusoe - ok
05:41:26.0971 0x4844  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
05:41:27.0006 0x4844  CryptSvc - ok
05:41:27.0064 0x4844  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
05:41:27.0130 0x4844  DcomLaunch - ok
05:41:27.0169 0x4844  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
05:41:27.0222 0x4844  DfsC - ok
05:41:27.0340 0x4844  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
05:41:27.0501 0x4844  DFSR - ok
05:41:27.0546 0x4844  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
05:41:27.0588 0x4844  Dhcp - ok
05:41:27.0625 0x4844  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
05:41:27.0649 0x4844  disk - ok
05:41:27.0670 0x4844  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
05:41:27.0699 0x4844  Dnscache - ok
05:41:27.0736 0x4844  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
05:41:27.0777 0x4844  dot3svc - ok
05:41:27.0804 0x4844  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
05:41:27.0850 0x4844  DPS - ok
05:41:27.0875 0x4844  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
05:41:27.0915 0x4844  drmkaud - ok
05:41:28.0073 0x4844  [ C47D2DBDE456A8F16F958391DDC4B80F, 2DE40E45A37D55E40F39958EBDFFAEE4AD1024BFBBAAD57AC8D6CAEC9596EDD0 ] DSAO            C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe
05:41:28.0190 0x4844  DSAO - ok
05:41:28.0252 0x4844  [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
05:41:28.0309 0x4844  DXGKrnl - ok
05:41:28.0348 0x4844  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
05:41:28.0392 0x4844  E1G60 - ok
05:41:28.0430 0x4844  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
05:41:28.0465 0x4844  EapHost - ok
05:41:28.0506 0x4844  [ 9BAB89DBB27891DEEF6E1F1B589A6ED4, 61BE4A6394ED5C99CB84B720F6AA6B97C7FE71A7A04D822F6EE99AB084C55606 ] Ecache          C:\Windows\system32\drivers\ecache.sys
05:41:28.0534 0x4844  Ecache - ok
05:41:28.0627 0x4844  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
05:41:28.0670 0x4844  ehRecvr - ok
05:41:28.0697 0x4844  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
05:41:28.0727 0x4844  ehSched - ok
05:41:28.0786 0x4844  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
05:41:28.0812 0x4844  ehstart - ok
05:41:28.0853 0x4844  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
05:41:28.0889 0x4844  elxstor - ok
05:41:28.0942 0x4844  [ E798C0BDFA4913CCF8A646D29BB34796, 7CDB2BCCDD8A8A70C6248C327A357EA3488C7ADED32D4F89B933ED72AE12B73B ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
05:41:29.0069 0x4844  EMDMgmt - ok
05:41:29.0153 0x4844  [ 138FA38DC0AC61F39C99B801BF11D867, F5F4F4BF9993DE876CEF09D16B798F76D8794488C739B9605C23E729D0A42659 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
05:41:29.0200 0x4844  EpsonCustomerParticipation - ok
05:41:29.0247 0x4844  [ E9EFCB47B90FD5498695BB7FEFD36CAE, 453B956C99C4D3626B0B0BDB449E9F0283D01AD50C331E298D219B4710BD6870 ] EpsonScanSvc    C:\Windows\system32\EscSvc.exe
05:41:29.0271 0x4844  EpsonScanSvc - ok
05:41:29.0291 0x4844  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
05:41:29.0330 0x4844  ErrDev - ok
05:41:29.0408 0x4844  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
05:41:29.0458 0x4844  EventSystem - ok
05:41:29.0508 0x4844  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
05:41:29.0571 0x4844  exfat - ok
05:41:29.0633 0x4844  [ 4E404505B3F62ECFBDBCBBCF0A72DBC5, 9F446ED06A31BFE52C4F1E8ACC400B8E3F47A3CC02FFC950DB861B2B3BA4C5B9 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
05:41:29.0667 0x4844  fastfat - ok
05:41:29.0694 0x4844  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
05:41:29.0737 0x4844  fdc - ok
05:41:29.0767 0x4844  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
05:41:29.0810 0x4844  fdPHost - ok
05:41:29.0821 0x4844  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
05:41:29.0883 0x4844  FDResPub - ok
05:41:29.0906 0x4844  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
05:41:29.0929 0x4844  FileInfo - ok
05:41:29.0943 0x4844  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
05:41:29.0983 0x4844  Filetrace - ok
05:41:30.0004 0x4844  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
05:41:30.0043 0x4844  flpydisk - ok
05:41:30.0075 0x4844  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
05:41:30.0105 0x4844  FltMgr - ok
05:41:30.0163 0x4844  [ 456E786A157692A7463B3739C9ADBBF5, 9AB00B5A7CF8CCCF4332E1901286D8832508471809D8BCE45FD75CCFF9CEAD8E ] FontCache       C:\Windows\system32\FntCache.dll
05:41:30.0239 0x4844  FontCache - ok
05:41:30.0326 0x4844  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
05:41:30.0348 0x4844  FontCache3.0.0.0 - ok
05:41:30.0380 0x4844  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
05:41:30.0422 0x4844  Fs_Rec - ok
05:41:30.0451 0x4844  [ CBC22823628544735625B280665E434E, 6B5A3FE469CACE241F3332E6E6B3D0ACB3C2EB3DF0297C744F5A155992F0B411 ] FwLnk           C:\Windows\system32\DRIVERS\FwLnk.sys
05:41:30.0483 0x4844  FwLnk - ok
05:41:30.0510 0x4844  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
05:41:30.0534 0x4844  gagp30kx - ok
05:41:30.0636 0x4844  [ C2E4D92EB552380189B38D937EE2A131, 7C247E44780198A72C299B752CC047B195EA80D1EB104DF087F96F70811702CA ] GamesAppIntegrationService C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe
05:41:30.0665 0x4844  GamesAppIntegrationService - ok
05:41:30.0689 0x4844  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
05:41:30.0716 0x4844  GamesAppService - ok
05:41:30.0746 0x4844  [ AB8A6A87D9D7255C3884D5B9541A6E80, D073B5D8A06EFA6415E8F22DFE486DE913113AE23F59CFC5EEF1B3E694CE86F3 ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
05:41:30.0765 0x4844  GEARAspiWDM - ok
05:41:30.0816 0x4844  [ B39662E4C237AA25A2CD2379FF508099, B3F5CE350425649E11972D379BD9843310F21F40E0921CD304A5B1D2427425A5 ] GoogleDesktopManager-022208-143751 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
05:41:30.0844 0x4844  GoogleDesktopManager-022208-143751 - ok
05:41:30.0898 0x4844  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
05:41:30.0962 0x4844  gpsvc - ok
05:41:31.0034 0x4844  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
05:41:31.0059 0x4844  gupdate - ok
05:41:31.0074 0x4844  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
05:41:31.0096 0x4844  gupdatem - ok
05:41:31.0132 0x4844  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
05:41:31.0159 0x4844  gusvc - ok
05:41:31.0338 0x4844  [ FE064126163B464BD3A583278E34517F, 2EE98ADC24CA6B139597A08896BDEF2607F93BD51C6919AA340B9EFE94CF37BC ] gynCCr          C:\ProgramData\OEGUQbEfDfc\gynCCr.exe
05:41:31.0569 0x4844  gynCCr - ok
05:41:31.0624 0x4844  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
05:41:31.0699 0x4844  HdAudAddService - ok
05:41:31.0755 0x4844  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
05:41:31.0846 0x4844  HDAudBus - ok
05:41:31.0885 0x4844  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
05:41:31.0947 0x4844  HidBth - ok
05:41:31.0973 0x4844  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
05:41:32.0034 0x4844  HidIr - ok
05:41:32.0090 0x4844  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
05:41:32.0116 0x4844  hidserv - ok
05:41:32.0154 0x4844  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
05:41:32.0192 0x4844  HidUsb - ok
05:41:32.0225 0x4844  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
05:41:32.0269 0x4844  hkmsvc - ok
05:41:32.0301 0x4844  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
05:41:32.0323 0x4844  HpCISSs - ok
05:41:32.0365 0x4844  [ CBD09ED9CF6822177EE85AEA4D8816A2, 369897B4609B3FE55F9A82F19E38116E2E6527E349D48A956607EDED71F664D2 ] HTCAND32        C:\Windows\system32\Drivers\ANDROIDUSB.sys
05:41:32.0391 0x4844  HTCAND32 - ok
05:41:32.0447 0x4844  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
05:41:32.0547 0x4844  HTTP - ok
05:41:32.0586 0x4844  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
05:41:32.0608 0x4844  i2omp - ok
05:41:32.0640 0x4844  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
05:41:32.0673 0x4844  i8042prt - ok
05:41:32.0715 0x4844  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
05:41:32.0748 0x4844  iaStorV - ok
05:41:32.0807 0x4844  [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
05:41:32.0820 0x4844  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
05:41:32.0820 0x4844  IDriverT ( UnsignedFile.Multi.Generic ) - warning
05:41:32.0938 0x4844  [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
05:41:33.0012 0x4844  idsvc - ok
05:41:33.0055 0x4844  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
05:41:33.0077 0x4844  iirsp - ok
05:41:33.0141 0x4844  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
05:41:33.0236 0x4844  IKEEXT - ok
05:41:33.0367 0x4844  [ B9CBD3DEA7CA02868621173BF7A2AF9F, FC3A84A8D3878B14F3070299B8B878C71A66CE400507FBA3FCF23FC732DFB90D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
05:41:33.0837 0x4844  IntcAzAudAddService - ok
05:41:33.0910 0x4844  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
05:41:33.0931 0x4844  intelide - ok
05:41:33.0957 0x4844  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
05:41:33.0998 0x4844  intelppm - ok
05:41:34.0030 0x4844  IO_Memory - ok
05:41:34.0061 0x4844  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
05:41:34.0104 0x4844  IPBusEnum - ok
05:41:34.0129 0x4844  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
05:41:34.0169 0x4844  IpFilterDriver - ok
05:41:34.0204 0x4844  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
05:41:34.0258 0x4844  iphlpsvc - ok
05:41:34.0268 0x4844  IpInIp - ok
05:41:34.0298 0x4844  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
05:41:34.0339 0x4844  IPMIDRV - ok
05:41:34.0380 0x4844  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
05:41:34.0423 0x4844  IPNAT - ok
05:41:34.0445 0x4844  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
05:41:34.0485 0x4844  IRENUM - ok
05:41:34.0510 0x4844  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
05:41:34.0533 0x4844  isapnp - ok
05:41:34.0574 0x4844  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
05:41:34.0604 0x4844  iScsiPrt - ok
05:41:34.0627 0x4844  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
05:41:34.0648 0x4844  iteatapi - ok
05:41:34.0680 0x4844  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
05:41:34.0701 0x4844  iteraid - ok
05:41:34.0806 0x4844  [ 957135960E7533EA5C7EA0BFB34F8EFD, 036B11D7639C49F02A6C15022BC9629BAE023B7FE1F86451F12B0D5C92D5B57E ] jswpsapi        C:\Program Files\Jumpstart\jswpsapi.exe
05:41:34.0876 0x4844  jswpsapi - detected UnsignedFile.Multi.Generic ( 1 )
05:41:34.0876 0x4844  jswpsapi ( UnsignedFile.Multi.Generic ) - warning
05:41:34.0877 0x4844  Force sending object to P2P due to detect: jswpsapi
05:41:34.0894 0x4844  Object send P2P result: false
05:41:34.0924 0x4844  [ 11AD410F41AF42BA12E63187E3EC141A, 67B2FE9C39E391DF058C3642FB7412EFA9507602BE1805F16A72E28C4C88E9C2 ] jswpslwf        C:\Windows\system32\DRIVERS\jswpslwf.sys
05:41:34.0961 0x4844  jswpslwf - ok
05:41:34.0996 0x4844  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
05:41:35.0022 0x4844  kbdclass - ok
05:41:35.0048 0x4844  [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
05:41:35.0088 0x4844  kbdhid - ok
05:41:35.0122 0x4844  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
05:41:35.0162 0x4844  KeyIso - ok
05:41:35.0188 0x4844  [ E8CA038F51F7761BD6E3A3B0B8014263, CC168838CB56776DC728869278A9F3CCEC215D5AFBE9ACD32D09D0971501EAAF ] KR10I           C:\Windows\system32\drivers\kr10i.sys
05:41:35.0231 0x4844  KR10I - ok
05:41:35.0259 0x4844  [ 6A4ADB9186DD0E114E623DAF57E42B31, AECE2412890B1716F5E22ECC62EC09AF4DDD66A642D7B7DC892730D472B7FEAF ] KR10N           C:\Windows\system32\drivers\kr10n.sys
05:41:35.0291 0x4844  KR10N - ok
05:41:35.0349 0x4844  [ E9648A2E6691B3BF0D17697640B8F7EB, 6832F086C3AD0BBB57A5D3B1B3DE8EAFB9F8E63906A70A77770B421670D61F8C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
05:41:35.0393 0x4844  KSecDD - ok
05:41:35.0446 0x4844  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
05:41:35.0507 0x4844  KtmRm - ok
05:41:35.0553 0x4844  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
05:41:35.0599 0x4844  LanmanServer - ok
05:41:35.0668 0x4844  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
05:41:35.0709 0x4844  LanmanWorkstation - ok
05:41:35.0763 0x4844  [ 47C12F1A54B5C1B51008D7629C1D4F7B, 2D06752EA8DD2FDA941236BA05EA1EA82D0CBDE3252FDD5AF5FEE1945870242C ] LBTServ         C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
05:41:35.0796 0x4844  LBTServ - ok
05:41:35.0835 0x4844  [ 8B30311241F97B35167AFE68D79E8530, 1E8BA411967BE7BBC91F346DAA85093993DFDA56979E5172F933C3264FFE4348 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
05:41:35.0857 0x4844  LHidFilt - ok
05:41:35.0891 0x4844  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
05:41:35.0931 0x4844  lltdio - ok
05:41:35.0979 0x4844  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
05:41:36.0028 0x4844  lltdsvc - ok
05:41:36.0041 0x4844  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
05:41:36.0110 0x4844  lmhosts - ok
05:41:36.0141 0x4844  [ 48D7422A6C4EEC886B56AC534CFA3ACF, 62D54ECA5900E15F66D03173AD81184C4DAE6F52A612FC42E75DC15737EDF36E ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
05:41:36.0163 0x4844  LMouFilt - ok
05:41:36.0196 0x4844  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
05:41:36.0221 0x4844  LSI_FC - ok
05:41:36.0251 0x4844  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
05:41:36.0276 0x4844  LSI_SAS - ok
05:41:36.0301 0x4844  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
05:41:36.0326 0x4844  LSI_SCSI - ok
05:41:36.0341 0x4844  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
05:41:36.0386 0x4844  luafv - ok
05:41:36.0474 0x4844  [ B4CD87E78A01562E3DA67FE1C2779204, 536AC01C53A18E7B43F02F345FC3088C189A2D01F5E060714C0534FE7ECA2356 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
05:41:36.0495 0x4844  MBAMProtector - ok
05:41:36.0604 0x4844  [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService     C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
05:41:36.0690 0x4844  MBAMService - ok
05:41:36.0727 0x4844  [ 739164A8B8FB2F1B50A498F20AF7B21E, 8E7A387C3726A863BF251E638D072FA472B698EF6868E9A7A00EF1272F809C64 ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
05:41:36.0753 0x4844  MBAMSwissArmy - ok
05:41:36.0822 0x4844  [ EAFEB8DF3B5B2AD7848B4C367FDD6E05, 7444D9DB01D28100831CDE3208829784225A92C4CDF9ED594EA3DD8F5FEAEA98 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
05:41:36.0844 0x4844  MBAMWebAccessControl - ok
05:41:36.0960 0x4844  [ 114061CEBEDB149971B70E3B31B0026A, F135084F6CF0BC1220CBCCAE3FA3FD14CBCD9E05D6E598B28FC22F6C53B5F1C3 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
05:41:36.0984 0x4844  McAfeeFramework - ok
05:41:37.0053 0x4844  [ 6D7E4FD4262DF716DD4A80FF3E902BA6, E7CB79A0992B92D04E1957453407C650013FFC328CFA656839230C44FF088E0C ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
05:41:37.0084 0x4844  McShield - ok
05:41:37.0177 0x4844  [ E273B126962C4EF7D5D1223ACF283F9A, BD7C53A7F1BB297ECB48073B868D6F4AB9FBBCCA0855CBC2CCF78D6A59CB0ABB ] McTaskManager   C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
05:41:37.0208 0x4844  McTaskManager - ok
05:41:37.0243 0x4844  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
05:41:37.0270 0x4844  Mcx2Svc - ok
05:41:37.0310 0x4844  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
05:41:37.0332 0x4844  megasas - ok
05:41:37.0374 0x4844  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
05:41:37.0417 0x4844  MegaSR - ok
05:41:37.0476 0x4844  [ 7BE502D61AB0F06A4E70CFBAAF7AD1E4, 3F2FABB0179612E9D914E8BF0EF3E9E1FF70FC61259E9038CA8BB5FCBC59DCB0 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
05:41:37.0503 0x4844  mfeapfk - ok
05:41:37.0559 0x4844  [ 76EF59EBA904D73B86915517BC1EC761, 28E2A1D9B267A9B83582BF1CF2610AF8A366B2C2335EE659D4DFFFF739B89F70 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
05:41:37.0592 0x4844  mfeavfk - ok
05:41:37.0635 0x4844  mfeavfk01 - ok
05:41:37.0674 0x4844  [ DBF9632C0C3310856F60FBC8E9E435EA, 17D9C412F4ED2F72F269FC86BA72B552390D51B3F68E7ECBC5E59B1968FCF5CA ] mfebopk         C:\Windows\system32\drivers\mfebopk.sys
05:41:37.0697 0x4844  mfebopk - ok
05:41:37.0758 0x4844  [ E2B7A654C25E4DF4F772EE3AF67E6411, EAEE48FAB14C6DAA654D09832324ECCDA9FF0AD010E8F28F62380198351A1D06 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
05:41:37.0809 0x4844  mfehidk - ok
05:41:37.0841 0x4844  [ 69B0680101DAA00ADC1B6D5EF0D22510, F976DEBF8996E014EF98B35B71CFBDD8242FEA8A6D4A52FB6F878C66EF08BFE3 ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
05:41:37.0866 0x4844  mferkdet - ok
05:41:37.0890 0x4844  [ 3DB888B4B99CC81FEE84F6839FF255CC, B12A75D3B32C87BFF01CC0AAFFAB120384FC0AA2372B37DAB0442E7C94A2EDDF ] mfevtp          C:\Windows\system32\mfevtps.exe
05:41:37.0920 0x4844  mfevtp - ok
05:41:37.0946 0x4844  [ 8DF996AB6E7F7BD7960395C16AC5C1F1, 91109370902AB4ABCB062A26184A1CF81FF2B6CCBDF3350AF1B2DB5FF0D5C4F3 ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
05:41:37.0978 0x4844  mfewfpk - ok
05:41:38.0009 0x4844  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
05:41:38.0051 0x4844  MMCSS - ok
05:41:38.0087 0x4844  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
05:41:38.0127 0x4844  Modem - ok
05:41:38.0146 0x4844  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
05:41:38.0188 0x4844  monitor - ok
05:41:38.0205 0x4844  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
05:41:38.0230 0x4844  mouclass - ok
05:41:38.0249 0x4844  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
05:41:38.0288 0x4844  mouhid - ok
05:41:38.0315 0x4844  [ 3EAE06B0D9E32A3D45DC3E07F1FBFA97, 0C56D92C5131D60AF2FCCF071976F2932A2C544C5EC4C2A5476E99CDE17FF08C ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
05:41:38.0337 0x4844  MountMgr - ok
05:41:38.0366 0x4844  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
05:41:38.0392 0x4844  mpio - ok
05:41:38.0412 0x4844  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
05:41:38.0446 0x4844  mpsdrv - ok
05:41:38.0499 0x4844  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
05:41:38.0556 0x4844  MpsSvc - ok
05:41:38.0588 0x4844  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
05:41:38.0611 0x4844  Mraid35x - ok
05:41:38.0666 0x4844  [ B0584CA7DEF55929FDB5169BD28B2484, AF6A7E404FEB29F7F3428D0AF6682195E5E8ED106996A04E6947DBD575696546 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
05:41:38.0767 0x4844  MRxDAV - ok
05:41:38.0807 0x4844  [ 1B864548B2ACEC1C0BB29B615CC42978, E1DA3E6764A2C7072D99F2F093E5F40DB6DC809701B59C155C6B4EE327AB9E41 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
05:41:38.0848 0x4844  mrxsmb - ok
05:41:38.0875 0x4844  [ 3F39B02EEDC5B8A0ED896EA1CDF7245F, 41C1DCD82F964A398B7C3D44178DBF7C8AF1C2DBC5F2D944BE6B00E909FE083B ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
05:41:38.0909 0x4844  mrxsmb10 - ok
05:41:38.0933 0x4844  [ D0670EC8E5AD3FA5BE372BF70AC0EABF, BD2D1BA151FD5409EAA41ECCBEB863FE52FF7C2D92349961FEE736D66970748E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
05:41:38.0960 0x4844  mrxsmb20 - ok
05:41:38.0992 0x4844  [ 5457DCFA7C0DA43522F4D9D4049C1472, C8B0FD8F96E4FC5CB4B74D5968E808F44B4371F0A797B1D368E6A6080CB862FD ] msahci          C:\Windows\system32\drivers\msahci.sys
05:41:39.0014 0x4844  msahci - ok
05:41:39.0050 0x4844  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
05:41:39.0076 0x4844  msdsm - ok
05:41:39.0133 0x4844  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
05:41:39.0178 0x4844  MSDTC - ok
05:41:39.0206 0x4844  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
05:41:39.0266 0x4844  Msfs - ok
05:41:39.0301 0x4844  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
05:41:39.0322 0x4844  msisadrv - ok
05:41:39.0354 0x4844  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
05:41:39.0400 0x4844  MSiSCSI - ok
05:41:39.0411 0x4844  msiserver - ok
05:41:39.0445 0x4844  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
05:41:39.0485 0x4844  MSKSSRV - ok
05:41:39.0515 0x4844  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
05:41:39.0564 0x4844  MSPCLOCK - ok
05:41:39.0598 0x4844  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
05:41:39.0637 0x4844  MSPQM - ok
05:41:39.0676 0x4844  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
05:41:39.0704 0x4844  MsRPC - ok
05:41:39.0744 0x4844  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
05:41:39.0765 0x4844  mssmbios - ok
05:41:39.0795 0x4844  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
05:41:39.0834 0x4844  MSTEE - ok
05:41:39.0859 0x4844  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
05:41:39.0881 0x4844  Mup - ok
05:41:39.0919 0x4844  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
05:41:39.0968 0x4844  napagent - ok
05:41:40.0008 0x4844  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
05:41:40.0041 0x4844  NativeWifiP - ok
05:41:40.0154 0x4844  [ B498A14133BD09AD0817590ACE4470AD, 14CCC922C6596C97A5CF580209C4AFB6138A8FFD3A0E60CD506810DFCBC43A1A ] NBService       C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
05:41:40.0215 0x4844  NBService - ok
05:41:40.0273 0x4844  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
05:41:40.0349 0x4844  NDIS - ok
05:41:40.0393 0x4844  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
05:41:40.0425 0x4844  NdisTapi - ok
05:41:40.0446 0x4844  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
05:41:40.0486 0x4844  Ndisuio - ok
05:41:40.0525 0x4844  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
05:41:40.0563 0x4844  NdisWan - ok
05:41:40.0614 0x4844  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
05:41:40.0650 0x4844  NDProxy - ok
05:41:40.0676 0x4844  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
05:41:40.0716 0x4844  NetBIOS - ok
05:41:40.0762 0x4844  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
05:41:40.0803 0x4844  netbt - ok
05:41:40.0829 0x4844  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
05:41:40.0854 0x4844  Netlogon - ok
05:41:40.0905 0x4844  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
05:41:40.0961 0x4844  Netman - ok
05:41:41.0006 0x4844  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
05:41:41.0037 0x4844  NetMsmqActivator - ok
05:41:41.0053 0x4844  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
05:41:41.0082 0x4844  NetPipeActivator - ok
05:41:41.0125 0x4844  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
05:41:41.0178 0x4844  netprofm - ok
05:41:41.0196 0x4844  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
05:41:41.0224 0x4844  NetTcpActivator - ok
05:41:41.0243 0x4844  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
05:41:41.0271 0x4844  NetTcpPortSharing - ok
05:41:41.0310 0x4844  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
05:41:41.0332 0x4844  nfrd960 - ok
05:41:41.0406 0x4844  [ C96411DD46AABC0D6F3CF06D0E0E7E14, 0D36F322AF1B923D96735BFFCAC3FDB0B282E59220BADAB8B49AC178A6765380 ] NlaSvc          C:\Windows\System32\nlasvc.dll
05:41:41.0453 0x4844  NlaSvc - ok
05:41:41.0539 0x4844  [ A328A46D87BB92CE4D8A4528E9D84787, D3245ED700151111592BA82FB675B284DA7FCE52B07A7F68352F64A402CAB37C ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
05:41:41.0572 0x4844  NMIndexingService - ok
05:41:41.0610 0x4844  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
05:41:41.0646 0x4844  Npfs - ok
05:41:41.0719 0x4844  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
05:41:41.0761 0x4844  nsi - ok
05:41:41.0783 0x4844  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
05:41:41.0823 0x4844  nsiproxy - ok
05:41:41.0965 0x4844  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
05:41:42.0053 0x4844  Ntfs - ok
05:41:42.0132 0x4844  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
05:41:42.0208 0x4844  ntrigdigi - ok
05:41:42.0234 0x4844  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
05:41:42.0274 0x4844  Null - ok
05:41:42.0331 0x4844  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
05:41:42.0357 0x4844  nvraid - ok
05:41:42.0391 0x4844  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
05:41:42.0415 0x4844  nvstor - ok
05:41:42.0453 0x4844  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
05:41:42.0481 0x4844  nv_agp - ok
05:41:42.0495 0x4844  NwlnkFlt - ok
05:41:42.0511 0x4844  NwlnkFwd - ok
05:41:42.0601 0x4844  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
05:41:42.0647 0x4844  odserv - ok
05:41:42.0703 0x4844  [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
05:41:42.0765 0x4844  ohci1394 - ok
05:41:42.0806 0x4844  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
05:41:42.0833 0x4844  ose - ok
05:41:42.0912 0x4844  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
05:41:43.0012 0x4844  p2pimsvc - ok
05:41:43.0066 0x4844  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
05:41:43.0213 0x4844  p2psvc - ok
05:41:43.0276 0x4844  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
05:41:43.0343 0x4844  Parport - ok
05:41:43.0391 0x4844  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
05:41:43.0416 0x4844  partmgr - ok
05:41:43.0445 0x4844  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
05:41:43.0511 0x4844  Parvdm - ok
05:41:43.0579 0x4844  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
05:41:43.0621 0x4844  PcaSvc - ok
05:41:43.0659 0x4844  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
05:41:43.0686 0x4844  pci - ok
05:41:43.0719 0x4844  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\drivers\pciide.sys
05:41:43.0740 0x4844  pciide - ok
05:41:43.0781 0x4844  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
05:41:43.0812 0x4844  pcmcia - ok
05:41:43.0873 0x4844  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
05:41:43.0997 0x4844  PEAUTH - ok
05:41:44.0104 0x4844  [ 6DBF2AC2BDAFF355995AB25ECCC4CFE1, F2DD39F6B1489276A913FD62D6C068D79EABADC417D404143E3D2FF8C20CDE01 ] pinger          C:\TOSHIBA\IVP\ISM\pinger.exe
05:41:44.0131 0x4844  pinger - ok
05:41:44.0231 0x4844  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
05:41:44.0357 0x4844  pla - ok
05:41:44.0410 0x4844  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
05:41:44.0457 0x4844  PlugPlay - ok
05:41:44.0512 0x4844  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
05:41:44.0570 0x4844  PNRPAutoReg - ok
05:41:44.0616 0x4844  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
05:41:44.0694 0x4844  PNRPsvc - ok
05:41:44.0778 0x4844  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
05:41:44.0832 0x4844  PolicyAgent - ok
05:41:44.0895 0x4844  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
05:41:44.0937 0x4844  PptpMiniport - ok
05:41:44.0957 0x4844  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
05:41:44.0997 0x4844  Processor - ok
05:41:45.0041 0x4844  [ 0D5DAD610D7EA1627581ED06FB2BAA9A, 6E27CF3A1624AE10EECB8B5F38E03D76A6AABE4E75DD66DEDD67E0773935A396 ] ProfSvc         C:\Windows\system32\profsvc.dll
05:41:45.0078 0x4844  ProfSvc - ok
05:41:45.0105 0x4844  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
05:41:45.0131 0x4844  ProtectedStorage - ok
05:41:45.0194 0x4844  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
05:41:45.0228 0x4844  PSched - ok
05:41:45.0258 0x4844  [ 49452BFCEC22F36A7A9B9C2181BC3042, C01A2005E9897B142FF9BC6155770F70C19725C425E48D14239195E81E2E42D0 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
05:41:45.0279 0x4844  PxHelp20 - ok
05:41:45.0415 0x4844  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
05:41:45.0503 0x4844  ql2300 - ok
05:41:45.0565 0x4844  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
05:41:45.0589 0x4844  ql40xx - ok
05:41:45.0639 0x4844  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
05:41:45.0680 0x4844  QWAVE - ok
05:41:45.0715 0x4844  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
05:41:45.0742 0x4844  QWAVEdrv - ok
05:41:45.0770 0x4844  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
05:41:45.0811 0x4844  RasAcd - ok
05:41:45.0841 0x4844  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
05:41:45.0886 0x4844  RasAuto - ok
05:41:45.0920 0x4844  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
05:41:45.0961 0x4844  Rasl2tp - ok
05:41:46.0013 0x4844  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
05:41:46.0060 0x4844  RasMan - ok
05:41:46.0100 0x4844  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
05:41:46.0134 0x4844  RasPppoe - ok
05:41:46.0182 0x4844  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
05:41:46.0210 0x4844  RasSstp - ok
05:41:46.0255 0x4844  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
05:41:46.0300 0x4844  rdbss - ok
05:41:46.0365 0x4844  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
05:41:46.0404 0x4844  RDPCDD - ok
05:41:46.0461 0x4844  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
05:41:46.0512 0x4844  rdpdr - ok
05:41:46.0528 0x4844  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
05:41:46.0568 0x4844  RDPENCDD - ok
05:41:46.0628 0x4844  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
05:41:46.0709 0x4844  RDPWD - ok
05:41:46.0761 0x4844  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
05:41:46.0805 0x4844  RemoteAccess - ok
05:41:46.0870 0x4844  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
05:41:46.0913 0x4844  RemoteRegistry - ok
05:41:46.0980 0x4844  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
05:41:47.0004 0x4844  RpcLocator - ok
05:41:47.0066 0x4844  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
05:41:47.0123 0x4844  RpcSs - ok
05:41:47.0159 0x4844  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
05:41:47.0203 0x4844  rspndr - ok
05:41:47.0253 0x4844  [ 2D19A7469EA19993D0C12E627F4530BC, B59F0D4ACAA60ED95093FA561D4C5D87F26C9F6C646858772743038D97B2D6AB ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
05:41:47.0288 0x4844  RTL8169 - ok
05:41:47.0317 0x4844  [ 9FF7D9CF3A5F296613588B0E8DB83AFE, 69DF889D09539CF342957A91751DAF733EE929AE5DD573E1BC0019660CA5CB83 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
05:41:47.0356 0x4844  RTSTOR - ok
05:41:47.0390 0x4844  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
05:41:47.0415 0x4844  SamSs - ok
05:41:47.0463 0x4844  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
05:41:47.0486 0x4844  sbp2port - ok
05:41:47.0535 0x4844  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
05:41:47.0573 0x4844  SCardSvr - ok
05:41:47.0645 0x4844  [ F79CC0F814748E15538BF4D808030739, 396E94A309AFB163791095A25950CB7D85EEC43B416E1E7F056F430E1B719F4D ] Schedule        C:\Windows\system32\schedsvc.dll
05:41:47.0743 0x4844  Schedule - ok
05:41:47.0782 0x4844  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
05:41:47.0815 0x4844  SCPolicySvc - ok
05:41:47.0850 0x4844  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
05:41:47.0892 0x4844  SDRSVC - ok
05:41:47.0929 0x4844  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
05:41:47.0963 0x4844  secdrv - ok
05:41:47.0990 0x4844  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
05:41:48.0041 0x4844  seclogon - ok
05:41:48.0074 0x4844  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
05:41:48.0116 0x4844  SENS - ok
05:41:48.0156 0x4844  [ CB3E852B818946F396E35A976EE6B552, 2CA45BEBD2F607E66F13DBD23DE7FB4E0C74F9B93A649B270E96A97000B650CA ] Ser2pl          C:\Windows\system32\DRIVERS\ser2pl.sys
05:41:48.0182 0x4844  Ser2pl - ok
05:41:48.0214 0x4844  [ CE9EC966638EF0B10B864DDEDF62A099, 2DEC5A8C947D87C12B342F15B8A552A0D49B979A2AC32D2C97FC7A3A76C34524 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
05:41:48.0253 0x4844  Serenum - ok
05:41:48.0315 0x4844  [ 6D663022DB3E7058907784AE14B69898, 54263888C64A7F010D3B5E399369B0F3FF3AF0A0DE8ADB502B98277533E4D45F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
05:41:48.0372 0x4844  Serial - ok
05:41:48.0430 0x4844  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
05:41:48.0494 0x4844  sermouse - ok
05:41:48.0562 0x4844  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
05:41:48.0607 0x4844  SessionEnv - ok
05:41:48.0636 0x4844  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
05:41:48.0668 0x4844  sffdisk - ok
05:41:48.0698 0x4844  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
05:41:48.0738 0x4844  sffp_mmc - ok
05:41:48.0759 0x4844  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
05:41:48.0798 0x4844  sffp_sd - ok
05:41:48.0823 0x4844  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
05:41:48.0884 0x4844  sfloppy - ok
05:41:48.0964 0x4844  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
05:41:49.0019 0x4844  SharedAccess - ok
05:41:49.0116 0x4844  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
05:41:49.0168 0x4844  ShellHWDetection - ok
05:41:49.0205 0x4844  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
05:41:49.0228 0x4844  sisagp - ok
05:41:49.0261 0x4844  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
05:41:49.0285 0x4844  SiSRaid2 - ok
05:41:49.0316 0x4844  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
05:41:49.0341 0x4844  SiSRaid4 - ok
05:41:49.0525 0x4844  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
05:41:49.0851 0x4844  slsvc - ok
05:41:49.0918 0x4844  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
05:41:49.0954 0x4844  SLUINotify - ok
05:41:50.0038 0x4844  [ 3566310DF25EA5C3B2E9F50F5B50EAC1, FB27E0AF4DFB2AA373C94370A1241C2D9D2CE93A52E69D8D259A023FC907ED39 ] SmartFaceVWatchSrv C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
05:41:50.0049 0x4844  SmartFaceVWatchSrv - detected UnsignedFile.Multi.Generic ( 1 )
05:41:50.0050 0x4844  SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - warning
05:41:50.0050 0x4844  Force sending object to P2P due to detect: SmartFaceVWatchSrv
05:41:50.0052 0x4844  Object send P2P result: false
05:41:50.0087 0x4844  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
05:41:50.0124 0x4844  Smb - ok
05:41:50.0192 0x4844  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
05:41:50.0218 0x4844  SNMPTRAP - ok
05:41:50.0241 0x4844  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
05:41:50.0263 0x4844  spldr - ok
05:41:50.0312 0x4844  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
05:41:50.0349 0x4844  Spooler - ok
05:41:50.0417 0x4844  [ 63320D2724B0380E5A61EB14EFA4C27E, 23837587B8CB7CF05E241CE07153C381DC9BD0BD70511E311F61CCED6724A51F ] SQTECH9051      C:\Windows\system32\Drivers\Capt9051.sys
05:41:50.0427 0x4844  SQTECH9051 - detected UnsignedFile.Multi.Generic ( 1 )
05:41:50.0428 0x4844  SQTECH9051 ( UnsignedFile.Multi.Generic ) - warning
05:41:50.0428 0x4844  Force sending object to P2P due to detect: SQTECH9051
05:41:50.0430 0x4844  Object send P2P result: false
05:41:50.0484 0x4844  [ DC7E6FCD8C51AEF8FF3F2E23C786014A, 02852FC293359BA89155367FA7D3A69922EC2574E5B85C842517272768BE8808 ] srv             C:\Windows\system32\DRIVERS\srv.sys
05:41:50.0529 0x4844  srv - ok
05:41:50.0583 0x4844  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
05:41:50.0627 0x4844  srv2 - ok
05:41:50.0695 0x4844  [ 8AE0783E3EDCED90D4B2961887056A2B, D24168259988576B13EB2A4B2C11622A736174DDF11F6718D9A0DC9837F50EA5 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
05:41:50.0723 0x4844  srvnet - ok
05:41:50.0774 0x4844  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
05:41:50.0822 0x4844  SSDPSRV - ok
05:41:50.0854 0x4844  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
05:41:50.0885 0x4844  SstpSvc - ok
05:41:50.0948 0x4844  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
05:41:51.0003 0x4844  stisvc - ok
05:41:51.0056 0x4844  [ 3E4239B92139F7174A0DA7D53FE5E1AB, B4459E839AD4735FDF013389EBBABCFA17ADE0A69CF5F530DFC1BE80CE7853BB ] SVRPEDRV        C:\Windows\System32\sysprep\PEDrv.sys
05:41:51.0065 0x4844  SVRPEDRV - detected UnsignedFile.Multi.Generic ( 1 )
05:41:51.0065 0x4844  SVRPEDRV ( UnsignedFile.Multi.Generic ) - warning
05:41:51.0097 0x4844  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
05:41:51.0120 0x4844  swenum - ok
05:41:51.0202 0x4844  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
05:41:51.0254 0x4844  swprv - ok
05:41:51.0323 0x4844  [ E1292C1ED4DEB17B8A9B586D22CB2061, 03303CD71BC6614D22374B5804967EBBD8B2C66B0C15CECBD022601CED81D72F ] Swupdtmr        c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
05:41:51.0343 0x4844  Swupdtmr - ok
05:41:51.0380 0x4844  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
05:41:51.0402 0x4844  Symc8xx - ok
05:41:51.0436 0x4844  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
05:41:51.0458 0x4844  Sym_hi - ok
05:41:51.0496 0x4844  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
05:41:51.0518 0x4844  Sym_u3 - ok
05:41:51.0566 0x4844  [ 70534D1E4F9AC990536D5FB5B550B3DE, BD7F52FAD8FDF7F5FE37B6E6101D1386816F371894DD46D799FF4107F98134A1 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
05:41:51.0596 0x4844  SynTP - ok
05:41:51.0690 0x4844  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
05:41:51.0756 0x4844  SysMain - ok
05:41:51.0803 0x4844  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
05:41:51.0834 0x4844  TabletInputService - ok
05:41:51.0888 0x4844  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
05:41:51.0934 0x4844  TapiSrv - ok
05:41:51.0957 0x4844  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
05:41:52.0001 0x4844  TBS - ok
05:41:52.0074 0x4844  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
05:41:52.0175 0x4844  Tcpip - ok
05:41:52.0231 0x4844  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
05:41:52.0377 0x4844  Tcpip6 - ok
05:41:52.0469 0x4844  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
05:41:52.0502 0x4844  tcpipreg - ok
05:41:52.0544 0x4844  [ 6FDFBA25002CE4BAC463AC866AE71405, E2952EA6E10543910931612D8AC18D340589C2AC88CF059F65866189CA03602A ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
05:41:52.0565 0x4844  tdcmdpst - ok
05:41:52.0610 0x4844  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
05:41:52.0650 0x4844  TDPIPE - ok
05:41:52.0681 0x4844  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
05:41:52.0721 0x4844  TDTCP - ok
05:41:52.0763 0x4844  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
05:41:52.0798 0x4844  tdx - ok
05:41:52.0827 0x4844  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
05:41:52.0850 0x4844  TermDD - ok
05:41:52.0924 0x4844  [ DBD84E59D631569EC3E756EF144E8431, 9E58629EC762584A2D294A619593620626F7CBE467045AD0F920B6CF1D4B4724 ] TermService     C:\Windows\System32\termsrv.dll
05:41:53.0046 0x4844  TermService - ok
05:41:53.0105 0x4844  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
05:41:53.0139 0x4844  Themes - ok
05:41:53.0160 0x4844  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
05:41:53.0201 0x4844  THREADORDER - ok
05:41:53.0259 0x4844  [ B146492A882A25A2DF1DB4668FCED6C8, B8C46B4536A7DE5A39EB7EE6F4BB6A7962FFA25563AF8ED8615B439123027E92 ] TNaviSrv        C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
05:41:53.0281 0x4844  TNaviSrv - ok
05:41:53.0321 0x4844  [ C5AC715B65B01788ABC22D10749DDDD8, 3237B8CBEA645F550CE588511BC7085358B3D1358D46AF5EED65F3BAC5174195 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
05:41:53.0349 0x4844  TODDSrv - ok
05:41:53.0410 0x4844  [ 44DBAC611B11646683B5B066A049B8E4, A15CF58CAAA9C7184DBF183851DABE744A8CA9DC848299244F18BC98C360D006 ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
05:41:53.0451 0x4844  TosCoSrv - ok
05:41:53.0484 0x4844  [ 22690DFFC7F2A18279A7A0489AA02BAC, 703B10A17AF6871439143AF9E419D780779BD4ED54D32FA7751A5630C4CCFC0C ] TOSHIBA SMART Log Service C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
05:41:53.0506 0x4844  TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic ( 1 )
05:41:53.0507 0x4844  TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
05:41:53.0507 0x4844  Force sending object to P2P due to detect: TOSHIBA SMART Log Service
05:41:53.0509 0x4844  Object send P2P result: false
05:41:53.0557 0x4844  [ 1EA5F27C29405BF49799FECA77186DA9, 95C2DB739C7128919BBF373B0528D70C3EEC55846850A9D8423C57E21FE59141 ] tos_sps32       C:\Windows\system32\DRIVERS\tos_sps32.sys
05:41:53.0604 0x4844  tos_sps32 - ok
05:41:53.0676 0x4844  [ CB258C2F726F1BE73C507022BE33EBB3, 096A6027D3C0D4D09DC4038505FAEA41E5DD9F62782CED648DC14314F138D666 ] TPM             C:\Windows\system32\drivers\tpm.sys
05:41:53.0698 0x4844  TPM - ok
05:41:53.0731 0x4844  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
05:41:53.0776 0x4844  TrkWks - ok
05:41:53.0834 0x4844  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
05:41:53.0866 0x4844  TrustedInstaller - ok
05:41:53.0921 0x4844  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
05:41:53.0955 0x4844  tssecsrv - ok
05:41:53.0999 0x4844  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
05:41:54.0026 0x4844  tunmp - ok
05:41:54.0068 0x4844  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
05:41:54.0093 0x4844  tunnel - ok
05:41:54.0131 0x4844  [ 792A8B80F8188ABA4B2BE271583F3E46, BFE96D13926F3CB7D807CEBB5E190736B742EB5C93F7FED08AA5D145F4B6A874 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
05:41:54.0151 0x4844  TVALZ - ok
05:41:54.0190 0x4844  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
05:41:54.0213 0x4844  uagp35 - ok
05:41:54.0260 0x4844  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
05:41:54.0304 0x4844  udfs - ok
05:41:54.0378 0x4844  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
05:41:54.0422 0x4844  UI0Detect - ok
05:41:54.0475 0x4844  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
05:41:54.0498 0x4844  uliagpkx - ok
05:41:54.0532 0x4844  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
05:41:54.0564 0x4844  uliahci - ok
05:41:54.0632 0x4844  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
05:41:54.0657 0x4844  UlSata - ok
05:41:54.0712 0x4844  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
05:41:54.0739 0x4844  ulsata2 - ok
05:41:54.0779 0x4844  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
05:41:54.0822 0x4844  umbus - ok
05:41:54.0864 0x4844  [ 88BD96A1BAEED33EE8BDF9499C07A841, 1C4DA1B34FE52B8022AB23CBF18D6B16635283625BB2D08E6524292E6009773A ] UMPass          C:\Windows\system32\DRIVERS\umpass.sys
05:41:54.0903 0x4844  UMPass - ok
05:41:54.0942 0x4844  Update Steel Cut - ok
05:41:54.0999 0x4844  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
05:41:55.0053 0x4844  upnphost - ok
05:41:55.0117 0x4844  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
05:41:55.0153 0x4844  usbccgp - ok
05:41:55.0206 0x4844  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
05:41:55.0270 0x4844  usbcir - ok
05:41:55.0331 0x4844  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
05:41:55.0358 0x4844  usbehci - ok
05:41:55.0397 0x4844  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
05:41:55.0433 0x4844  usbhub - ok
05:41:55.0473 0x4844  [ D457EBD0C3A8B3A3A144355B5EE91CBC, 6AD52BDBB1607A48F0B02E663B97C3A00E3345B1B12C259608A5AE728C1C06B2 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
05:41:55.0500 0x4844  usbohci - ok
05:41:55.0546 0x4844  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
05:41:55.0586 0x4844  usbprint - ok
05:41:55.0632 0x4844  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
05:41:55.0663 0x4844  usbscan - ok
05:41:55.0696 0x4844  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
05:41:55.0730 0x4844  USBSTOR - ok
05:41:55.0820 0x4844  [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
05:41:55.0855 0x4844  usbuhci - ok
05:41:55.0918 0x4844  [ 73FF24E21B690625A58109637DDA0DF7, 62B1F9CD82678E2110D4BB5CC86EE8A7AB0757681443916620B6AAA1EF0DECEB ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
05:41:55.0966 0x4844  usbvideo - ok
05:41:56.0019 0x4844  [ 228F444F9AF0D3B9ECA9FC3F4FEB12F2, D29C9A0ED5602BCD529A0D7F538DFA8771B1CAC6F433AA686C3A4917DC596369 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
05:41:56.0079 0x4844  usb_rndisx - ok
05:41:56.0096 0x4844  Util Steel Cut - ok
05:41:56.0146 0x4844  [ 8C5094A8AB24DE7496C7C19942F2DF04, B6F0CF09FD307793EE799221FA8BF1DC3C772748B2B6CA40EC8127A6E1462787 ] UVCFTR          C:\Windows\system32\Drivers\UVCFTR_S.SYS
05:41:56.0183 0x4844  UVCFTR - ok
05:41:56.0233 0x4844  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
05:41:56.0283 0x4844  UxSms - ok
05:41:56.0337 0x4844  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
05:41:56.0398 0x4844  vds - ok
05:41:56.0440 0x4844  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
05:41:56.0482 0x4844  vga - ok
05:41:56.0507 0x4844  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
05:41:56.0550 0x4844  VgaSave - ok
05:41:56.0585 0x4844  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
05:41:56.0611 0x4844  viaagp - ok
05:41:56.0639 0x4844  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
05:41:56.0682 0x4844  ViaC7 - ok
05:41:56.0712 0x4844  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
05:41:56.0735 0x4844  viaide - ok
05:41:56.0786 0x4844  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
05:41:56.0811 0x4844  volmgr - ok
05:41:56.0866 0x4844  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
05:41:56.0903 0x4844  volmgrx - ok
05:41:56.0953 0x4844  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
05:41:56.0990 0x4844  volsnap - ok
05:41:57.0031 0x4844  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
05:41:57.0060 0x4844  vsmraid - ok
05:41:57.0148 0x4844  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
05:41:57.0250 0x4844  VSS - ok
05:41:57.0336 0x4844  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
05:41:57.0385 0x4844  W32Time - ok
05:41:57.0429 0x4844  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
05:41:57.0494 0x4844  WacomPen - ok
05:41:57.0552 0x4844  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
05:41:57.0591 0x4844  Wanarp - ok
05:41:57.0611 0x4844  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
05:41:57.0645 0x4844  Wanarpv6 - ok
05:41:57.0722 0x4844  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
05:41:57.0774 0x4844  wcncsvc - ok
05:41:57.0829 0x4844  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
05:41:57.0866 0x4844  WcsPlugInService - ok
05:41:57.0916 0x4844  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
05:41:57.0938 0x4844  Wd - ok
05:41:58.0007 0x4844  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
05:41:58.0061 0x4844  Wdf01000 - ok
05:41:58.0104 0x4844  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
05:41:58.0149 0x4844  WdiServiceHost - ok
05:41:58.0170 0x4844  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
05:41:58.0213 0x4844  WdiSystemHost - ok
05:41:58.0265 0x4844  [ BB77BAA3E7FD8F1A5D092A96D37B5A2D, 880C37347091224DFB7C442252FE4A29FD7002DA6A8BA994B8CEAABC5E535593 ] WebClient       C:\Windows\System32\webclnt.dll
05:41:58.0311 0x4844  WebClient - ok
05:41:58.0492 0x4844  [ CE57C77B88B4B8BD185CFD1B6DBE9AD8, 0BBA5FEC21E70FC716465B13B0BD14E70076992A6CE9C0EEDAAB2807D93F9193 ] WebWatcherProxy C:\Program Files\SysFiles\WebWatcherProxy.exe
05:41:58.0617 0x4844  WebWatcherProxy - ok
05:41:58.0666 0x4844  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
05:41:58.0714 0x4844  Wecsvc - ok
05:41:58.0764 0x4844  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
05:41:58.0802 0x4844  wercplsupport - ok
05:41:58.0848 0x4844  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
05:41:58.0888 0x4844  WerSvc - ok
05:41:58.0969 0x4844  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
05:41:59.0003 0x4844  WinDefend - ok
05:41:59.0058 0x4844  WinHttpAutoProxySvc - ok
05:41:59.0124 0x4844  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
05:41:59.0164 0x4844  Winmgmt - ok
05:41:59.0262 0x4844  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
05:41:59.0361 0x4844  WinRM - ok
05:41:59.0473 0x4844  [ D6BE3B6D7680F5907C93EE07A21A61F0, 5035CA5D65F128ACF2F11FCBC7016C2BCA7F4E252D5BAE1A565D29B253C150EE ] WINZIPSSDiskOptimizer C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
05:41:59.0506 0x4844  WINZIPSSDiskOptimizer - ok
05:41:59.0613 0x4844  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
05:41:59.0754 0x4844  Wlansvc - ok
05:41:59.0811 0x4844  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
05:41:59.0868 0x4844  WmiAcpi - ok
05:41:59.0937 0x4844  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
05:41:59.0976 0x4844  wmiApSrv - ok
05:42:00.0083 0x4844  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
05:42:00.0170 0x4844  WMPNetworkSvc - ok
05:42:00.0228 0x4844  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
05:42:00.0269 0x4844  WPCSvc - ok
05:42:00.0318 0x4844  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
05:42:00.0352 0x4844  WPDBusEnum - ok
05:42:00.0394 0x4844  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
05:42:00.0420 0x4844  WpdUsb - ok
05:42:00.0549 0x4844  [ C108DC20ACE05072350DBB6934E277FB, 548E6ABE4C4ADE48260FFDC7BADFD1697972EA3AE94D6576498C8A183D8CE0C8 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
05:42:00.0671 0x4844  WPFFontCache_v0400 - ok
05:42:00.0741 0x4844  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
05:42:00.0781 0x4844  ws2ifsl - ok
05:42:00.0829 0x4844  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
05:42:00.0859 0x4844  wscsvc - ok
05:42:00.0878 0x4844  WSearch - ok
05:42:01.0024 0x4844  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
05:42:01.0161 0x4844  wuauserv - ok
05:42:01.0224 0x4844  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
05:42:01.0263 0x4844  WudfPf - ok
05:42:01.0297 0x4844  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
05:42:01.0329 0x4844  WUDFRd - ok
05:42:01.0380 0x4844  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
05:42:01.0410 0x4844  wudfsvc - ok
05:42:01.0462 0x4844  [ 30191561EF28B605157C161F8F77B3DE, 21333EB9C4B107B509820AB05304AAEB416778AFBA3EBFB480EF94C1489035D1 ] wwwd            C:\Windows\system32\Drivers\wwwd.sys
05:42:01.0462 0x4844  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\wwwd.sys. md5: 30191561EF28B605157C161F8F77B3DE, sha256: 21333EB9C4B107B509820AB05304AAEB416778AFBA3EBFB480EF94C1489035D1
05:42:01.0476 0x4844  wwwd - detected LockedFile.Multi.Generic ( 1 )
05:42:01.0476 0x4844  wwwd ( LockedFile.Multi.Generic ) - warning
05:42:01.0554 0x4844  {62bf0628-5809-49d1-9eee-14fa45047c7b}t - ok
05:42:01.0584 0x4844  {6dfc5aca-15d7-49c9-89a5-7df5102d7909}t - ok
05:42:01.0619 0x4844  {6eab28b9-4079-4e33-afb7-c332c7d8e930}Gt - ok
05:42:01.0641 0x4844  {7929dd67-6f70-43ee-9cc7-c3b1ebca3d6c}Gt - ok
05:42:01.0671 0x4844  {8a6c5cb0-8029-45d5-81ec-3d760f3f2e68}t - ok
05:42:01.0730 0x4844  {b75bf4f2-b9e7-4446-be16-8fafc15eb88d}t - ok
05:42:01.0751 0x4844  {c979301f-1894-4c06-9f58-e9aca8d65afc}t - ok
05:42:01.0754 0x4844  ================ Scan global ===============================
05:42:01.0821 0x4844  [ 2F2DFC846D75D680B9018823A8B5EF07, DBC823CF0C659B6D7482CB080CD042EC6BBAEDB6297DB712CADA1BCEAA8A95C8 ] C:\Windows\system32\basesrv.dll
05:42:01.0866 0x4844  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
05:42:01.0903 0x4844  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
05:42:01.0941 0x4844  [ 4F0A7910FC7D8A66433FA9961EEF8BB5, 2086EDEE8CF9CC9BDBDC03018F7C28BB56172F941CB4D6F3D857BCF82B32FB6B ] C:\Windows\system32\services.exe
05:42:01.0956 0x4844  [ Global ] - ok
05:42:01.0957 0x4844  ================ Scan MBR ==================================
05:42:01.0968 0x4844  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
05:42:02.0923 0x4844  \Device\Harddisk0\DR0 - ok
05:42:02.0931 0x4844  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR2
05:42:03.0063 0x4844  \Device\Harddisk1\DR2 - ok
05:42:03.0065 0x4844  ================ Scan VBR ==================================
05:42:03.0095 0x4844  [ FF3EF40340589DCC10B9DB07941E7FB3 ] \Device\Harddisk0\DR0\Partition1
05:42:03.0139 0x4844  \Device\Harddisk0\DR0\Partition1 - ok
05:42:03.0145 0x4844  [ B7362CBA0066151BFA70F6208BE036DC ] \Device\Harddisk1\DR2\Partition1
05:42:03.0148 0x4844  \Device\Harddisk1\DR2\Partition1 - ok
05:42:03.0149 0x4844  ================ Scan generic autorun ======================
05:42:03.0225 0x4844  WinCheck - ok
05:42:03.0269 0x4844  [ 8A75C36EEE9BA57FBE09F6DCB8FC8D10, 920FE23BD5554A00219ACD4731333A5A2CF4D72F39993058930829047DCDE205 ] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
05:42:03.0310 0x4844  TPwrMain - ok
05:42:03.0422 0x4844  [ 6E240D6C2F0DB74BED13AD723D3AB0A1, 99811F1EF27E0B6DDCF79DD07F49931FD55788407AB48C019C1E1B7592919614 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
05:42:03.0513 0x4844  SynTPEnh - ok
05:42:03.0592 0x4844  [ 13E7CFE8E269ED15E7FC9C3EBBCB7E2B, 3B64263BA305F094B09B1961621C50CA6F9771F80CAC9F916B18BB0C7753A662 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
05:42:03.0623 0x4844  SunJavaUpdateSched - ok
05:42:03.0625 0x4844  StormWatch - ok
05:42:03.0698 0x4844  [ E1E71D80D078C576801B6FE2A29FCF85, 7A8911FF626E5EEC01D7C1922F8AD6901EFC75952ADB3FAF606506C7DB4BC54A ] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
05:42:03.0711 0x4844  StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
05:42:03.0712 0x4844  StartCCC ( UnsignedFile.Multi.Generic ) - warning
05:42:03.0712 0x4844  Force sending object to P2P due to detect: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
05:42:03.0714 0x4844  Object send P2P result: false
05:42:03.0776 0x4844  [ 4E72F2DC0A0B2D48C70F7EE5D3B84B93, 555AF4C189CE4F0539D11E2B8D95997E13196DFD181F69DB87D947F4FEC04FAD ] C:\Program Files\Toshiba\SmoothView\SmoothView.exe
05:42:03.0859 0x4844  SmoothView - ok
05:42:03.0939 0x4844  [ E5ED0DC1902D63733445D07D295CDA7C, 93310EE0ABE6F0AE9F71D8281096CDB1970AA92B6650B732319927CC71BEAE9A ] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
05:42:03.0968 0x4844  ShStatEXE - ok
05:42:03.0970 0x4844  shopperz - ok
05:42:04.0250 0x4844  [ 6C887E9BA3AE7F62635F098BFC9853CD, B7644B9882F387F87140930503E1EA0E766A90ADDD963CB9D96A013716AC7B2F ] C:\Windows\RtHDVCpl.exe
05:42:04.0815 0x4844  RtHDVCpl - ok
05:42:04.0834 0x4844  ospd_us_1029 - ok
05:42:04.0912 0x4844  [ 8112D0DACAE746290FC87B3A980FA719, 43CA8CED6AB58EDD97AD476C791D49C7ECD40EB8DA627E8412C0A27699A58F01 ] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
05:42:04.0936 0x4844  NeroFilterCheck - ok
05:42:04.0942 0x4844  NDSTray.exe - ok
05:42:05.0015 0x4844  [ 2038D8DBC7C3B8BC978E684258D7B87E, 23474E64E9F8D1494588233BA639938FFC798ECBA10721421258F0CAB4C46730 ] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
05:42:05.0090 0x4844  Mobile Connectivity Suite - detected UnsignedFile.Multi.Generic ( 1 )
05:42:05.0090 0x4844  Mobile Connectivity Suite ( UnsignedFile.Multi.Generic ) - warning
05:42:05.0169 0x4844  [ A6AADFE1B60E2232038BED6AA6666637, D3AC327BB9793C082B4E2FC94DD1EF885155291C9DC800E9178E26D4CB768156 ] C:\Program Files\McAfee\Common Framework\udaterui.exe
05:42:05.0205 0x4844  McAfeeUpdaterUI - ok
05:42:05.0329 0x4844  [ E30B5056C874308F22CF155CE3BAE3D2, 004EE5D751C29EE7CBF2ABF4A2D22699DB1A227A5F2258833747B775B04D4635 ] C:\Program Files\LTCM Client\ltcmClient.exe
05:42:05.0436 0x4844  LTCM Client - ok
05:42:05.0465 0x4844  [ 98E24054191041D0353F5E61AD191459, FEF925BA5097FD23C9E69B519489211C2AE6E9EDBECDFDB5A76DB12594A237FC ] C:\Windows\KHALMNPR.EXE
05:42:05.0488 0x4844  Kernel and Hardware Abstraction Layer - ok
05:42:05.0504 0x4844  jswtrayutil - ok
05:42:05.0546 0x4844  [ 5F0D3BD87EA98332B5B1D5B86C40FBF9, 27CF8676C6EF2B21C38A1DEB516D96FFCC31080F290E35B4002D3B3F1103971D ] C:\Program Files\TOSHIBA\TBS\HSON.exe
05:42:05.0567 0x4844  HSON - ok
05:42:05.0613 0x4844  [ B39662E4C237AA25A2CD2379FF508099, B3F5CE350425649E11972D379BD9843310F21F40E0921CD304A5B1D2427425A5 ] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
05:42:05.0632 0x4844  Google Desktop Search - ok
05:42:05.0633 0x4844  gmsd_us_474 - ok
05:42:05.0713 0x4844  [ 01D92A226791867F2DED688F25271905, E2B8F12C9675C8AA1BE96BB68570E40F6F62CA81B6BE6EC3FAACCD096F303D15 ] C:\Program Files\Epson Software\Event Manager\EEventManager.exe
05:42:05.0788 0x4844  EEventManager - ok
05:42:05.0796 0x4844  cfFncEnabler.exe - ok
05:42:05.0851 0x4844  [ B1DB5EDB658F3FF4F13AC069CE622893, D4AC66DD9CF9EE4770AA34936EE28844D2BE39968727E8A9CAAB9E9A09387CC6 ] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
05:42:05.0907 0x4844  Camera Assistant Software - detected UnsignedFile.Multi.Generic ( 1 )
05:42:05.0907 0x4844  Camera Assistant Software ( UnsignedFile.Multi.Generic ) - warning
05:42:05.0907 0x4844  Force sending object to P2P due to detect: C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
05:42:05.0914 0x4844  Object send P2P result: false
05:42:06.0009 0x4844  [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
05:42:06.0082 0x4844  Adobe ARM - ok
05:42:06.0091 0x4844  3D BubbleSound - ok
05:42:06.0155 0x4844  [ EF1464C1F3334F65F55943BFDA45C519, 4FD00B7C1DBE43A839900AB9402EB04887E481390AFAF7E3AEA42ADCE1044EC6 ] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
05:42:06.0281 0x4844  00TCrdMain - detected UnsignedFile.Multi.Generic ( 1 )
05:42:06.0281 0x4844  00TCrdMain ( UnsignedFile.Multi.Generic ) - warning
05:42:06.0281 0x4844  Force sending object to P2P due to detect: C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
05:42:06.0344 0x4844  Object send P2P result: false
05:42:06.0462 0x4844  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
05:42:06.0670 0x4844  Sidebar - ok
05:42:06.0678 0x4844  WindowsWelcomeCenter - ok
05:42:06.0752 0x4844  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
05:42:06.0832 0x4844  Sidebar - ok
05:42:06.0841 0x4844  WindowsWelcomeCenter - ok
05:42:06.0867 0x4844  [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
05:42:06.0901 0x4844  WMPNSCFG - ok
05:42:06.0937 0x4844  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
05:42:06.0957 0x4844  swg - ok
05:42:06.0958 0x4844  Super Optimizer - ok
05:42:07.0069 0x4844  [ 5DBED23C5B1B694CBA7A97AB7F94E097, 2FDD2EA0316AD2A1D3A8F91C17F109A6A69A663C401F8BAE9FF8248DC3DFAA0B ] C:\Program Files\NetZero\exec.exe
05:42:07.0203 0x4844  NetZero_uoltray - detected UnsignedFile.Multi.Generic ( 1 )
05:42:07.0204 0x4844  NetZero_uoltray ( UnsignedFile.Multi.Generic ) - warning
05:42:07.0235 0x4844  [ 86F0D0B3A07C142C81DAB47E8495A822, DA214C967FFE0B3E2BBCE99E7330DBB74EB0BB7F21833FE689277109B0FF92B5 ] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
05:42:07.0260 0x4844  BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - ok
05:42:07.0265 0x4844  WindowsWelcomeCenter - ok
05:42:07.0326 0x4844  [ 5D29764082133F302126C85AB96ACB80, 4EC95D6F5094CBCF032818E1823625360928810ACB218EBFED32CFD31A02D9D7 ] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
05:42:07.0382 0x4844  TOSCDSPD - detected UnsignedFile.Multi.Generic ( 1 )
05:42:07.0382 0x4844  TOSCDSPD ( UnsignedFile.Multi.Generic ) - warning
05:42:07.0463 0x4844  [ 3F3A26E471CCCB3CFFCA68F0C052F35F, 7B58C5A6B400F9A31B3E7F5FF9D3E9516A7737A15B44EB8B0E2CC99C20A57E9C ] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIIBA.EXE
05:42:07.0493 0x4844  EPLTarget\P0000000000000000 - ok
05:42:07.0513 0x4844  [ 86F0D0B3A07C142C81DAB47E8495A822, DA214C967FFE0B3E2BBCE99E7330DBB74EB0BB7F21833FE689277109B0FF92B5 ] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
05:42:07.0536 0x4844  BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - ok
05:42:07.0541 0x4844  WindowsWelcomeCenter - ok
05:42:07.0546 0x4844  TOSCDSPD - ok
05:42:07.0559 0x4844  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
05:42:07.0577 0x4844  swg - ok
05:42:07.0590 0x4844  [ 86F0D0B3A07C142C81DAB47E8495A822, DA214C967FFE0B3E2BBCE99E7330DBB74EB0BB7F21833FE689277109B0FF92B5 ] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
05:42:07.0612 0x4844  BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - ok
05:42:07.0645 0x4844  AV detected via SS2: McAfee VirusScan Enterprise, "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /!REMEDIATE (  ), 0x61010 ( enabled : outofdate )
05:42:07.0657 0x4844  Win FW state via NFP2: disabled ( trusted )
05:42:07.0658 0x4844  ============================================================
05:42:07.0658 0x4844  Scan finished
05:42:07.0658 0x4844  ============================================================
05:42:07.0672 0x4c88  Detected object count: 16
05:42:07.0672 0x4c88  Actual detected object count: 16
05:42:42.0412 0x4c88  Adobe Licensing Console ( UnsignedFile.Multi.Generic ) - skipped by user
05:42:42.0412 0x4c88  Adobe Licensing Console ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:42:42.0413 0x4c88  CDRPDACC ( UnsignedFile.Multi.Generic ) - skipped by user
05:42:42.0413 0x4c88  CDRPDACC ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:42:42.0416 0x4c88  ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
05:42:42.0416 0x4c88  ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:42:42.0419 0x4c88  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
05:42:42.0419 0x4c88  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:42:42.0422 0x4c88  jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user
05:42:42.0422 0x4c88  jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:42:42.0426 0x4c88  SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - skipped by user
05:42:42.0426 0x4c88  SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:42:42.0429 0x4c88  SQTECH9051 ( UnsignedFile.Multi.Generic ) - skipped by user
05:42:42.0429 0x4c88  SQTECH9051 ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:42:42.0432 0x4c88  SVRPEDRV ( UnsignedFile.Multi.Generic ) - skipped by user
05:42:42.0432 0x4c88  SVRPEDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:42:42.0435 0x4c88  TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - skipped by user
05:42:42.0435 0x4c88  TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:42:42.0439 0x4c88  wwwd ( LockedFile.Multi.Generic ) - skipped by user
05:42:42.0439 0x4c88  wwwd ( LockedFile.Multi.Generic ) - User select action: Skip
05:42:42.0443 0x4c88  StartCCC ( UnsignedFile.Multi.Generic ) - skipped by user
05:42:42.0443 0x4c88  StartCCC ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:42:42.0446 0x4c88  Mobile Connectivity Suite ( UnsignedFile.Multi.Generic ) - skipped by user
05:42:42.0446 0x4c88  Mobile Connectivity Suite ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:42:42.0449 0x4c88  Camera Assistant Software ( UnsignedFile.Multi.Generic ) - skipped by user
05:42:42.0449 0x4c88  Camera Assistant Software ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:42:42.0452 0x4c88  00TCrdMain ( UnsignedFile.Multi.Generic ) - skipped by user
05:42:42.0452 0x4c88  00TCrdMain ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:42:42.0455 0x4c88  NetZero_uoltray ( UnsignedFile.Multi.Generic ) - skipped by user
05:42:42.0455 0x4c88  NetZero_uoltray ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:42:42.0459 0x4c88  TOSCDSPD ( UnsignedFile.Multi.Generic ) - skipped by user
05:42:42.0460 0x4c88  TOSCDSPD ( UnsignedFile.Multi.Generic ) - User select action: Skip
 



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:28 PM

Posted 16 September 2015 - 06:10 AM

You are welcome.
I will review your logs and post the next steps in a few hours. OK? :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 telecomladyj

telecomladyj
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 16 September 2015 - 06:17 AM

Ok good deal. I'm about to go to work so I'll check back in with you this evening. Have a good day!



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:28 PM

Posted 16 September 2015 - 11:56 AM

Step 1

Start TDSStdsskiller.pngiller.exe again with administrator privileges.
  • Set the parameters like in the first scan and click on Start scan.
  • This time select for the threat wwwd (and only for that!) the option Cure (or Delete).
  • Click on Continue and allow the reboot.
  • Copy and paste the log file (C:\TDSSKiller.<version_date_time>_log.txt) of this run in your next reply.
Step 2

Scan with adwcleaner.png AdwCleaner (by Xplode).
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3

Click hidden2.png
In the Start Search box, type cmd, and then press CTRL+SHIFT+ENTER.
cmdadmin.png

Then type

netsh winsock reset
and press ENTER.

cmdadmin2.gif

Afterwards reboot your computer.

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 telecomladyj

telecomladyj
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 16 September 2015 - 07:31 PM

Hello Jürgen!

I labeled each logfile in big bold letters so hopefully the sections are easy to distinguish. They are pasted below in the order you requested them.

 

TDSSKiller.3.1.0.5_16.09.2015_18.36.35_log.txt

 

18:36:35.0041 0x14fc  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
18:36:35.0085 0x14fc  ============================================================
18:36:35.0085 0x14fc  Current date / time: 2015/09/16 18:36:35.0085
18:36:35.0085 0x14fc  SystemInfo:
18:36:35.0085 0x14fc  
18:36:35.0085 0x14fc  OS Version: 6.0.6002 ServicePack: 2.0
18:36:35.0085 0x14fc  Product type: Workstation
18:36:35.0085 0x14fc  ComputerName: MARY-LT
18:36:35.0086 0x14fc  UserName: MARY
18:36:35.0086 0x14fc  Windows directory: C:\Windows
18:36:35.0086 0x14fc  System windows directory: C:\Windows
18:36:35.0086 0x14fc  Processor architecture: Intel x86
18:36:35.0087 0x14fc  Number of processors: 2
18:36:35.0087 0x14fc  Page size: 0x1000
18:36:35.0087 0x14fc  Boot type: Normal boot
18:36:35.0087 0x14fc  ============================================================
18:36:35.0090 0x14fc  BG loaded
18:36:39.0633 0x14fc  System UUID: {F3D6F1F3-BA0E-C674-278F-5DF86B16E6FA}
18:36:41.0745 0x14fc  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:36:41.0782 0x14fc  ============================================================
18:36:41.0782 0x14fc  \Device\Harddisk0\DR0:
18:36:41.0783 0x14fc  MBR partitions:
18:36:41.0783 0x14fc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1C30B000
18:36:41.0783 0x14fc  ============================================================
18:36:41.0912 0x14fc  C: <-> \Device\Harddisk0\DR0\Partition1
18:36:41.0913 0x14fc  ============================================================
18:36:41.0913 0x14fc  Initialize success
18:36:41.0913 0x14fc  ============================================================
18:40:20.0599 0x146c  Deinitialize success

 


AdwCleaner[C2].txt:

# AdwCleaner v5.007 - Logfile created 16/09/2015 at 18:49:13
# Updated 08/09/2015 by Xplode
# Database : 2015-09-08.2 [Local]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : MARY - MARY-LT
# Running from : C:\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : WebWatcherProxy

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\SysFiles
[-] Folder Deleted : C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Smartbar

***** [ Files ] *****

[-] File Deleted : C:\Users\MARY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[-] File Deleted : C:\Users\MARY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
[-] File Deleted : C:\Users\MARY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
[-] File Deleted : C:\Users\MARY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk
[-] File Deleted : C:\Windows\system32\WebWatcherLSP.dll
[-] File Deleted : C:\Windows\TEMP\WebWatcherProxyr.log
[-] File Deleted : C:\Windows\TEMP\WebWatcherProxy.log

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[!] Task Not Deleted : APSnotifierPP1
[!] Task Not Deleted : APSnotifierPP2
[!] Task Not Deleted : APSnotifierPP3
[!] Task Not Deleted : ConsumerInputUpdateTaskMachineCore
[!] Task Not Deleted : ConsumerInputUpdateTaskMachineUA
[!] Task Not Deleted : globalUpdateUpdateTaskMachineCore
[!] Task Not Deleted : globalUpdateUpdateTaskMachineUA
[!] Task Not Deleted : gtaUpt
[!] Task Not Deleted : Optimizer Pro Schedule
[!] Task Not Deleted : Super Optimizer Schedule
[!] Task Not Deleted : LaunchPreSignup
[!] Task Not Deleted : BlockAndSurf Update
[!] Task Not Deleted : SysHealth_Controller_Mon
[!] Task Not Deleted : BlockAndSurf Update
[!] Task Not Deleted : BlockAndSurf Update
[!] Task Not Deleted : 040e23e2-399d-4610-be58-a134927bb6d0-1-6
[!] Task Not Deleted : 040e23e2-399d-4610-be58-a134927bb6d0-1-7
[!] Task Not Deleted : 040e23e2-399d-4610-be58-a134927bb6d0-10_user
[!] Task Not Deleted : 040e23e2-399d-4610-be58-a134927bb6d0-3
[!] Task Not Deleted : 040e23e2-399d-4610-be58-a134927bb6d0-4
[!] Task Not Deleted : 040e23e2-399d-4610-be58-a134927bb6d0-5
[!] Task Not Deleted : 040e23e2-399d-4610-be58-a134927bb6d0-5_user
[!] Task Not Deleted : 040e23e2-399d-4610-be58-a134927bb6d0-6
[!] Task Not Deleted : 040e23e2-399d-4610-be58-a134927bb6d0-7
[!] Task Not Deleted : 20d13ed4-3ff8-43fa-b399-700ada086a92-10_user
[!] Task Not Deleted : 20d13ed4-3ff8-43fa-b399-700ada086a92-5
[!] Task Not Deleted : 20d13ed4-3ff8-43fa-b399-700ada086a92-5_user
[!] Task Not Deleted : 38640837-5c4c-4ce3-a864-69d317525fac-1-6
[!] Task Not Deleted : 38640837-5c4c-4ce3-a864-69d317525fac-1-7
[!] Task Not Deleted : 38640837-5c4c-4ce3-a864-69d317525fac-10_user
[!] Task Not Deleted : 38640837-5c4c-4ce3-a864-69d317525fac-3
[!] Task Not Deleted : 38640837-5c4c-4ce3-a864-69d317525fac-4
[!] Task Not Deleted : 38640837-5c4c-4ce3-a864-69d317525fac-5
[!] Task Not Deleted : 38640837-5c4c-4ce3-a864-69d317525fac-5_user
[!] Task Not Deleted : 38640837-5c4c-4ce3-a864-69d317525fac-6
[!] Task Not Deleted : 38640837-5c4c-4ce3-a864-69d317525fac-7
[!] Task Not Deleted : globalUpdateUpdateTaskMachineCore
[!] Task Not Deleted : globalUpdateUpdateTaskMachineUA

***** [ Registry ] *****

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [shopperz]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WinCheck]
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Super Optimizer]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [3D BubbleSound]
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataContainer
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataContainer.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataController
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataController.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTable
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTable.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTableFields
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTableHolder
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTableHolder.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.LSPLogic
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.LSPLogic.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.ReadOnlyManager
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.ReadOnlyManager.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.WatchDog
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.WatchDog.1
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [StormWatch]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ospd_us_1029]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_us_474]
[!] Value Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [shopperz]
[-] Key Deleted : HKCU\Software\Conduit

***** [ Web browsers ] *****

[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.FirstTime", "true");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.FirstTimeFF3", "true");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.UserID", "UN43332775718063876");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.fixPageNotFoundErrorByUser", "TRUE");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.fullUserID", "UN43332775718063876.UP.20140514082611");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.homepageuserchanged", true);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.isCheckedStartAsHidden", true);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.lastVersion", "10.20.101.5");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3A\",\"EB_MAIN_FRAME_TITLE\":\"About%3A\"}");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.searchInNewTabEnabledByUser", "true");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.searchSuggestEnabledByUser", "True");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.serviceLayer_services_serviceMap_lastUpdate", "1442206102438");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.settingsINI", true);
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.smartbar.CTID", "CT2438727");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.smartbar.Uninstall", "0");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727.smartbar.toolbarName", "Zynga ");
[-] [C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\prefs.js] [Preference] Deleted : user_pref("CT2438727_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1442206100985,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

*************************


*************************

C:\AdwCleaner.exe - [1660416 bytes] - [16/09/2015 18:24:47]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [8511 bytes] ##########
 

 

 

 

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-09-2015
Ran by MARY (administrator) on MARY-LT (16-09-2015 18:59:46)
Running from C:\Users\MARY\Desktop
Loaded Profiles: MARY (Available Profiles: MARY & Baby & Guest)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(                                                                                                    ) C:\Windows\Temp\mrt821A.tmp\stdrt.exe
() C:\ProgramData\Uealjikiapa\1.0.5.1\roahihod.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(WebEx Communications, Inc.) C:\Windows\System32\atashost.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
() C:\TOSHIBA\IVP\ISM\pinger.exe
() C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(WinZip Computing, S.L. (WinZip Computing)) C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
(Time Lapse Solutions) C:\ProgramData\OEGUQbEfDfc\gynCCr.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAO.exe
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
(PC Drivers Headquarters) C:\Program Files\Driver Support\DriverSupport.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\ProgramData\Uealjikiapa\1.0.5.1\roahihod.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Teleca Sweden AB) C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(NetZero, Inc.) C:\Program Files\NetZero\exec.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
(NetZero, Inc.) C:\Program Files\NetZero\exec.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Teleca Sweden AB) C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
(Popwire AB) C:\Program Files\Common Files\Teleca Shared\logger.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
(Teleca AB) C:\Program Files\Common Files\Teleca Shared\Generic.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Teleca) C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
(Teleca Sweden AB) C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
(Teleca AB) C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
(TODO: <Company name>) C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [448080 2007-06-16] (TOSHIBA Corporation)
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [Mobile Connectivity Suite] => C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe [598016 2009-11-19] (Teleca Sweden AB)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [337440 2013-06-25] (McAfee, Inc.)
HKLM\...\Run: [LTCM Client] => C:\Program Files\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [76304 2008-12-18] (Logitech, Inc.)
HKLM\...\Run: [jswtrayutil] => "C:\Program Files\Jumpstart\jswtrayutil.exe"
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-11-01] (TOSHIBA Corporation)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-05-05] (Google)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [cfFncEnabler.exe] => cfFncEnabler.exe
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-04-29] (Chicony)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-03-19] (TOSHIBA Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-13] (Google Inc.)
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\Run: [NetZero_uoltray] => C:\Program Files\NetZero\exec.exe [1700864 2008-02-27] (NetZero, Inc.)
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll => c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [112128 2008-05-05] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2015-09-13]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50
Tcpip\..\Interfaces\{4905BA70-DFD9-4CB9-9E67-3A0F36D65178}: [DhcpNameServer] 192.168.100.254
Tcpip\..\Interfaces\{8FBCCC07-2F34-4DD1-B98C-4023EB418FA5}: [DhcpNameServer] 24.116.0.53 24.116.2.50

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://www.yahoo.com
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKLM - Dogpile Toolbar - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll [2009-05-26] ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000 -> No Name - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} -  No File
Toolbar: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000 -> Dogpile Toolbar - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll [2009-05-26] ()
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default
FF Homepage: about:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2009-04-28] (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-12] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-12] (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin: @worldwinner.com/Launcher2,version=1.9.0.23 -> C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll [2010-03-16] (WorldWinner.com, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-16]
FF Extension: Zynga  - C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2014-05-14]
FF Extension: Steel Cut 1.0.1 - C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\{7929dd67-6f70-43ee-9cc7-c3b1ebca3d6c}.xpi [2015-04-22]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-08-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-08-26]
FF Extension: Healthcare Gov Tool - C:\Program Files\Mozilla Firefox\extensions\healthcare@healthcaregovtool.com.xpi [2015-03-31]
FF Extension: Healthcare Gov Tool - C:\Program Files\Mozilla Firefox\browser\extensions\healthcare@healthcaregovtool.com.xpi [2015-03-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-02]
FF HKLM\...\Firefox\Extensions: [myspacefftb@myspace.com] - C:\Program Files\MySpace\Toolbar\1.0.72.0
FF Extension: MySpace Toolbar for Windows - C:\Program Files\MySpace\Toolbar\1.0.72.0 [2010-05-16]
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files\Common Files\McAfee\SystemCore [2015-08-19]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Steel Cut) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnmnjlidlhicjbeaidocohikobfelhp [2015-04-22]
CHR Extension: (Google Docs) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-06]
CHR Extension: (Google Drive) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-06]
CHR Extension: (YouTube) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-06]
CHR Extension: (Google Search) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-07]
CHR Extension: (Announcify) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiolkcfamcbpoandjpnefiegkcpeoan [2015-05-20]
CHR Extension: (Google Wallet) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-06]
CHR Extension: (Gmail) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Adobe Licensing Console; C:\Windows\System32\lnsecsl.exe [1202396 2015-04-22] (                                                                                                    ) [File not signed] <==== ATTENTION
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) [File not signed]
R2 DSAO; C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe [1684944 2015-04-20] (PC Drivers HeadQuarters LP)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-11] (WildTangent)
S3 GoogleDesktopManager-022208-143751; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-05-05] (Google)
R2 gynCCr; C:\ProgramData\OEGUQbEfDfc\gynCCr.exe [2730984 2015-04-22] (Time Lapse Solutions)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [130080 2013-06-25] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [204320 2015-08-19] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [208416 2014-01-15] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [174968 2015-08-19] (McAfee, Inc.)
R2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba) [File not signed]
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 WINZIPSSDiskOptimizer; C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe [268072 2013-02-13] (WinZip Computing, S.L. (WinZip Computing))
S4 Update Steel Cut; "C:\Program Files\Steel Cut\updateSteelCut.exe" [X]
S4 Util Steel Cut; "C:\Program Files\Steel Cut\bin\utilSteelCut.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CDRPDACC; C:\Program Files\321Studios\DVDXTREME\Shared\CDRPDACC.SYS [5273 2003-10-30] (Arrowkey) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [134472 2015-08-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236480 2015-08-19] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [66408 2015-08-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [573136 2015-08-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [93144 2015-08-19] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [213872 2015-08-19] (McAfee, Inc.)
S3 SQTECH9051; C:\Windows\System32\Drivers\Capt9051.sys [41216 2008-04-11] (Service & Quality Technology.) [File not signed]
S3 SVRPEDRV; C:\Windows\System32\sysprep\PEDrv.sys [9216 2008-01-18] (Inventec Corporation) [File not signed]
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U3 mfeavfk01; no ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 {62bf0628-5809-49d1-9eee-14fa45047c7b}t; system32\drivers\{62bf0628-5809-49d1-9eee-14fa45047c7b}t.sys [X]
S1 {6dfc5aca-15d7-49c9-89a5-7df5102d7909}t; system32\drivers\{6dfc5aca-15d7-49c9-89a5-7df5102d7909}t.sys [X]
S1 {6eab28b9-4079-4e33-afb7-c332c7d8e930}Gt; system32\drivers\{6eab28b9-4079-4e33-afb7-c332c7d8e930}Gt.sys [X]
S1 {7929dd67-6f70-43ee-9cc7-c3b1ebca3d6c}Gt; system32\drivers\{7929dd67-6f70-43ee-9cc7-c3b1ebca3d6c}Gt.sys [X]
S1 {8a6c5cb0-8029-45d5-81ec-3d760f3f2e68}t; system32\drivers\{8a6c5cb0-8029-45d5-81ec-3d760f3f2e68}t.sys [X]
S1 {b75bf4f2-b9e7-4446-be16-8fafc15eb88d}t; system32\drivers\{b75bf4f2-b9e7-4446-be16-8fafc15eb88d}t.sys [X]
S1 {c979301f-1894-4c06-9f58-e9aca8d65afc}t; system32\drivers\{c979301f-1894-4c06-9f58-e9aca8d65afc}t.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-16 18:59 - 2015-09-16 19:00 - 00022771 _____ C:\Users\MARY\Desktop\FRST.txt
2015-09-16 18:53 - 2015-09-16 18:53 - 00008594 _____ C:\Users\MARY\Desktop\AdwCleaner[C2].txt
2015-09-16 18:32 - 2015-09-16 18:32 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-09-16 18:24 - 2015-09-16 18:18 - 01660416 _____ C:\AdwCleaner.exe
2015-09-16 05:39 - 2015-09-16 05:33 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\MARY\Desktop\tdsskiller.exe
2015-09-14 22:20 - 2015-09-14 22:20 - 00000000 ____D C:\32788R22FWJFW
2015-09-14 03:08 - 2015-07-10 09:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-13 19:02 - 2015-09-16 18:49 - 00000000 ____D C:\AdwCleaner
2015-09-13 15:23 - 2015-09-13 15:23 - 00001028 _____ C:\Users\MARY\Desktop\Revo Uninstaller.lnk
2015-09-13 14:25 - 2015-08-13 09:15 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-09-13 14:25 - 2015-08-13 09:15 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-09-13 14:24 - 2015-09-02 16:26 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-13 14:24 - 2015-09-02 16:26 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-13 14:21 - 2015-09-02 16:26 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-13 14:21 - 2015-09-02 14:55 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-13 14:21 - 2015-09-02 14:54 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-13 14:19 - 2015-08-05 10:59 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-13 08:26 - 2015-09-13 15:23 - 00000000 ____D C:\Program Files\VS Revo Group
2015-09-12 22:56 - 2015-09-16 19:00 - 00000000 ____D C:\FRST
2015-09-12 22:56 - 2015-09-12 12:24 - 01692160 _____ (Farbar) C:\Users\MARY\Desktop\FRST.exe
2015-09-12 19:40 - 2015-07-21 15:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-12 19:40 - 2015-07-21 11:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-09-12 19:40 - 2015-07-21 11:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-09-12 19:40 - 2015-07-21 11:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-09-12 19:40 - 2015-07-21 11:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-09-12 19:40 - 2015-07-21 11:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-12 19:40 - 2015-07-21 11:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-09-12 19:39 - 2015-07-21 11:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-12 19:39 - 2015-07-03 11:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-09-12 19:35 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-12 19:21 - 2009-08-04 03:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2015-09-12 19:18 - 2015-06-17 11:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-09-12 19:18 - 2015-06-17 10:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-09-12 19:17 - 2015-06-12 11:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-12 19:11 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-09-12 19:11 - 2015-04-24 10:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-09-12 19:05 - 2015-07-11 10:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-09-12 18:37 - 2015-09-12 18:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01007.Wdf
2015-09-12 18:34 - 2015-07-18 11:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-09-12 18:29 - 2015-05-31 03:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-09-12 18:28 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-09-12 18:28 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-09-12 18:28 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-09-12 18:28 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-09-12 18:28 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-09-12 18:28 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-09-12 18:27 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-09-12 18:27 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-09-12 18:27 - 2015-07-31 15:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-09-12 18:24 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-09-12 18:24 - 2015-06-27 11:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-12 18:24 - 2015-06-27 11:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-12 18:24 - 2015-06-27 11:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-12 18:24 - 2015-06-27 11:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-12 18:24 - 2015-06-27 09:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-12 18:24 - 2015-06-27 09:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-12 18:24 - 2015-06-12 08:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-12 18:24 - 2015-05-08 18:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-12 18:24 - 2015-01-08 19:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-12 18:23 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-09-12 18:23 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-09-12 18:21 - 2015-08-14 01:24 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-12 18:21 - 2015-08-14 01:23 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-12 18:21 - 2015-08-14 01:23 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-12 18:21 - 2015-08-14 01:23 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-12 18:21 - 2015-08-14 01:23 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-09-12 18:21 - 2015-08-14 01:22 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-09-12 18:21 - 2015-08-14 01:20 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-09-12 18:21 - 2015-08-14 01:20 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-12 18:21 - 2015-08-14 01:19 - 06010880 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-12 18:21 - 2015-08-14 01:19 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-12 18:21 - 2015-08-14 01:19 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-12 18:21 - 2015-08-14 01:19 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-09-12 18:21 - 2015-08-14 01:19 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 11085824 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 02006016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-12 18:21 - 2015-08-14 01:18 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-12 18:21 - 2015-08-14 01:17 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-12 18:21 - 2015-08-14 01:17 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-12 18:21 - 2015-08-14 01:16 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-09-12 18:21 - 2015-08-13 23:41 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-12 18:21 - 2015-08-13 22:04 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-12 18:21 - 2015-08-13 22:04 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-12 18:21 - 2015-08-13 22:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-09-12 18:21 - 2015-08-13 22:02 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-12 18:21 - 2015-05-04 17:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-09-12 18:21 - 2015-05-04 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-09-12 18:21 - 2015-05-04 17:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-09-12 18:21 - 2015-05-04 17:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-09-12 18:21 - 2015-05-04 16:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-09-12 16:46 - 2015-09-12 16:46 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-12 16:46 - 2015-09-12 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-12 16:46 - 2015-09-12 16:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-12 16:46 - 2015-09-12 16:46 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-12 16:46 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-12 16:46 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-12 16:46 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-19 23:13 - 2015-09-13 23:32 - 00000000 ____D C:\Windows\pss
2015-08-19 18:28 - 2015-08-19 18:28 - 00000000 ____D C:\ProgramData\WindowsSearch
2015-08-19 13:01 - 2015-08-19 13:01 - 00000000 ____D C:\Quarantine
2015-08-19 11:01 - 2015-08-19 11:01 - 00000000 ____D C:\Users\MARY\AppData\Roaming\McAfee
2015-08-19 11:00 - 2015-09-13 23:37 - 00262144 _____ C:\Windows\system32\config\ELAM
2015-08-19 10:59 - 2015-08-19 10:55 - 00094080 _____ (McAfee, Inc.) C:\Windows\system32\MfeOtlkAddin.dll
2015-08-19 10:59 - 2015-08-19 10:55 - 00025088 _____ (McAfee, Inc.) C:\Windows\system32\MFEOtlk.dll
2015-08-19 10:58 - 2015-08-19 10:55 - 00573136 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2015-08-19 10:58 - 2015-08-19 10:55 - 00236480 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2015-08-19 10:58 - 2015-08-19 10:55 - 00134472 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
2015-08-19 10:58 - 2015-08-19 10:55 - 00093144 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys
2015-08-19 10:58 - 2015-08-19 10:55 - 00066408 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfebopk.sys
2015-08-19 10:58 - 2015-08-19 10:55 - 00010568 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeclnk.sys
2015-08-19 10:57 - 2015-08-19 10:55 - 00213872 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
2015-08-19 10:57 - 2015-08-19 10:55 - 00174968 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-08-19 10:56 - 2015-08-19 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-08-19 10:52 - 2015-08-19 10:57 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-08-19 10:52 - 2015-08-19 10:52 - 00000000 ____D C:\Program Files\McAfee
2015-08-19 10:49 - 2015-09-16 05:39 - 00000000 ____D C:\Users\MARY\Desktop\TECH

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-16 19:02 - 2015-04-22 13:51 - 00000432 _____ C:\Windows\Tasks\CIMT_S-1-5-21-1063116495-4114681664-2467881189-1000.job
2015-09-16 18:59 - 2009-01-13 07:21 - 01121195 _____ C:\Windows\WindowsUpdate.log
2015-09-16 18:57 - 2015-04-22 14:12 - 00000998 _____ C:\Windows\Tasks\lZYVDvAe7GlknGA.job
2015-09-16 18:57 - 2015-04-22 14:12 - 00000994 _____ C:\Windows\Tasks\smmDQbZEFSzBQ.job
2015-09-16 18:57 - 2015-04-22 14:05 - 00001016 _____ C:\Windows\Tasks\klJfmcRT9KGJYtK7B2C6UoSz.job
2015-09-16 18:57 - 2015-04-22 14:05 - 00000990 _____ C:\Windows\Tasks\rCiNBy3auXo.job
2015-09-16 18:57 - 2015-04-22 14:03 - 00001022 _____ C:\Windows\Tasks\UsA3Y3DGWI8lU6Vg050nkIYOo3C.job
2015-09-16 18:57 - 2015-04-22 14:03 - 00001016 _____ C:\Windows\Tasks\4nWD0DuQtXtajdhhOyIO1Kts.job
2015-09-16 18:57 - 2015-04-22 13:55 - 00001682 _____ C:\Windows\Tasks\AUSAMRFZ.job
2015-09-16 18:57 - 2010-02-03 18:52 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-16 18:56 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-16 18:56 - 2006-11-02 07:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-16 18:56 - 2006-11-02 07:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-16 18:54 - 2006-11-02 08:01 - 00032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-16 18:52 - 2010-02-03 18:52 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-16 06:13 - 2013-01-26 20:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-15 22:50 - 2015-04-22 13:51 - 00000466 _____ C:\Windows\Tasks\CIMT_daily_S-1-5-21-1063116495-4114681664-2467881189-1000.job
2015-09-14 22:22 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache
2015-09-14 03:18 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-14 03:16 - 2009-01-13 06:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-14 01:13 - 2014-05-03 10:14 - 18744520 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-09-14 01:13 - 2013-01-26 20:34 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-14 01:13 - 2011-08-24 19:48 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-13 23:37 - 2015-04-22 16:59 - 00000105 _____ C:\Windows\system32\get.dat
2015-09-13 23:36 - 2015-04-22 16:23 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-09-13 19:16 - 2015-03-15 09:17 - 00087552 _____ C:\Windows\PFRO.log
2015-09-13 19:10 - 2013-05-19 14:38 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Yahoo!
2015-09-13 19:10 - 2009-03-02 19:03 - 00000000 ____D C:\Users\MARY\AppData\Roaming\Yahoo!
2015-09-13 18:14 - 2011-10-30 11:23 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-09-13 14:30 - 2006-11-02 07:47 - 00390976 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-13 14:27 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-13 14:18 - 2013-07-23 03:01 - 00000000 ____D C:\Windows\system32\MRT
2015-09-13 13:55 - 2015-04-22 14:55 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-09-13 09:38 - 2009-03-02 12:36 - 00000000 ____D C:\Users\MARY
2015-09-12 22:56 - 2006-11-02 05:33 - 00763670 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-12 20:07 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-09-12 19:48 - 2014-03-30 07:09 - 00000000 ____D C:\temp
2015-09-12 19:39 - 2010-06-12 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-12 19:38 - 2010-01-16 01:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-12 19:34 - 2015-05-20 16:43 - 00000000 ____D C:\ProgramData\Uealjikiapa
2015-09-12 18:37 - 2015-04-22 16:23 - 00003869 _____ C:\Windows\setupact.log
2015-08-26 18:36 - 2006-11-02 05:24 - 132039072 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-19 18:28 - 2015-04-22 14:08 - 00000000 ____D C:\ProgramData\AppMgr1.26.3056825
2015-08-19 10:58 - 2009-07-01 11:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-19 10:56 - 2010-08-20 23:24 - 00000000 ____D C:\ProgramData\McAfee
2015-08-19 10:47 - 2014-04-01 20:12 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-08-19 10:45 - 2006-11-02 05:23 - 00000492 _____ C:\Windows\win.ini
2015-08-17 13:04 - 2015-04-26 21:13 - 00000484 _____ C:\Windows\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job

==================== Files in the root of some directories =======

2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\MARY\AppData\Roaming\4nWD0DuQtXtajdhhOyIO1Kts
2015-04-20 08:45 - 2015-04-20 08:45 - 1246720 _____ () C:\Users\MARY\AppData\Roaming\4nWD0DuQtXtajdhhOyIO1Kts.exe
2015-05-25 14:23 - 2015-05-25 14:23 - 0000024 _____ () C:\Users\MARY\AppData\Roaming\appdataFr25.bin
2015-04-28 19:00 - 2015-05-10 05:26 - 0000020 _____ () C:\Users\MARY\AppData\Roaming\appdataFr3.bin
2015-01-25 11:12 - 2015-01-25 11:12 - 0001248 _____ () C:\Users\MARY\AppData\Roaming\AUSAMRFZ
2015-04-22 13:55 - 2015-04-22 13:55 - 1854464 _____ (Com NotificationsV06.03) C:\Users\MARY\AppData\Roaming\AUSAMRFZ.exe
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\MARY\AppData\Roaming\klJfmcRT9KGJYtK7B2C6UoSz
2015-04-20 08:45 - 2015-04-20 08:45 - 1246720 _____ () C:\Users\MARY\AppData\Roaming\klJfmcRT9KGJYtK7B2C6UoSz.exe
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\MARY\AppData\Roaming\lZYVDvAe7GlknGA
2015-04-20 08:45 - 2015-04-20 08:45 - 1579520 _____ () C:\Users\MARY\AppData\Roaming\lZYVDvAe7GlknGA.exe
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\MARY\AppData\Roaming\rCiNBy3auXo
2015-04-20 08:45 - 2015-04-20 08:45 - 1579520 _____ () C:\Users\MARY\AppData\Roaming\rCiNBy3auXo.exe
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\MARY\AppData\Roaming\smmDQbZEFSzBQ
2015-04-20 08:45 - 2015-04-20 08:45 - 1246720 _____ () C:\Users\MARY\AppData\Roaming\smmDQbZEFSzBQ.exe
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\MARY\AppData\Roaming\UsA3Y3DGWI8lU6Vg050nkIYOo3C
2015-04-20 08:45 - 2015-04-20 08:45 - 1579520 _____ () C:\Users\MARY\AppData\Roaming\UsA3Y3DGWI8lU6Vg050nkIYOo3C.exe
2010-05-17 13:38 - 2015-09-13 09:05 - 0000680 _____ () C:\Users\MARY\AppData\Local\d3d9caps.dat
2009-03-02 12:45 - 2015-05-01 01:03 - 0045056 _____ () C:\Users\MARY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-22 16:23 - 2015-04-22 16:23 - 0613255 _____ (CMI Limited) C:\Users\MARY\AppData\Local\nsoCD22.tmp

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.


LastRegBack: 2015-09-16 19:02

==================== End of FRST.txt ============================

 

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-09-2015
Ran by MARY (2015-09-16 19:02:13)
Running from C:\Users\MARY\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2009-01-13 12:17:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1063116495-4114681664-2467881189-500 - Administrator - Disabled)
Baby (S-1-5-21-1063116495-4114681664-2467881189-1001 - Limited - Enabled) => C:\Users\Baby
Guest (S-1-5-21-1063116495-4114681664-2467881189-501 - Limited - Enabled) => C:\Users\Guest
MARY (S-1-5-21-1063116495-4114681664-2467881189-1000 - Administrator - Enabled) => C:\Users\MARY

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Out of date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5 - Adobe Systems, Inc.)
Ashtons Family Resort (remove only) (HKLM\...\Ashtons Family Resort) (Version:  - )
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Atheros Wi-Fi Protected Setup Library (HKLM\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version:  - Atheros)
ATI Catalyst Install Manager (HKLM\...\{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
Big Fish Games: Game Manager (HKLM\...\BFGC) (Version: 3.0.1.60 - )
Blokus World Tour (remove only) (HKLM\...\Blokus World Tour) (Version: 3.3.11.8 - )
Blokus World Tour (Version: 3.3.11.8 - Yahoo) Hidden
Boogie Bunnies (Version: 2.2.0.98 - WildTangent) Hidden
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.193.0508L - Chicony Electronics Co.,Ltd.)
Catalyst Control Center - Branding (HKLM\...\{69E5255D-9D43-4CFF-8984-843ABD7753B7}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0422.2139.36895 - ATI) Hidden
CD X Rescue (HKLM\...\CD X Rescue) (Version: 3.2.1 - 321 Studios, Inc.)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Chloe's Dream Resort (Version: 2.2.0.98 - WildTangent) Hidden
Crop Busters (Version: 2.2.0.98 - WildTangent) Hidden
Cubis Gold 2 (HKLM\...\Cubis Gold 2) (Version:  - )
Dancing Craze (Version: 2.2.0.95 - WildTangent) Hidden
Daycare Nightmare mini-monsters (remove only) (HKLM\...\Daycare Nightmare mini-monsters) (Version:  - )
DB VGA Cam (HKLM\...\{A6DE1AAE-B147-4B08-A61C-BA471D86AC4D}) (Version: 1.0 - My Company Name)
Driver Support (HKLM\...\DriverSupport) (Version: 10.0.0.39 - PC Drivers HeadQuarters LP)
Driver Support Active Optimization (Version: 1.0.4.8063 - PC Drivers HeadQuarters LP) Hidden
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVD X Show (HKLM\...\{EEB6382A-0855-41DF-86E6-C87F1745C7AA}) (Version: 2.2 - 321 Studios Inc.)
DVDXMaker2-1 (HKLM\...\{39599050-C604-4B89-AA6D-A62C6392BA70}) (Version: 2.1 - 321 Studios Inc.)
Epson Connect (HKLM\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-400 Series Printer Uninstall (HKLM\...\EPSON XP-400 Series) (Version:  - SEIKO EPSON Corporation)
ezManagerMax 2.0.14 (HKLM\...\ezManagerMax 2.0.14) (Version:  - Animas Corporation)
Farm Frenzy 2 (remove only) (HKLM\...\Farm Frenzy 2) (Version:  - )
Farm Frenzy 3 (remove only) (HKLM\...\Farm Frenzy 3) (Version:  - )
Flower Paradise (remove only) (HKLM\...\Flower Paradise) (Version:  - )
FreeFixer (HKLM\...\FreeFixer1.10) (Version: 1.10 - Kephyr)
FrostWire 4.21.1 (HKLM\...\FrostWire) (Version: 4.21.1.0 - FrostWire, LLC)
GearDrivers (HKLM\...\GearDrivers) (Version:  - )
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
Glowfish (Version: 2.2.0.98 - WildTangent) Hidden
Gold Fever (remove only) (HKLM\...\Gold Fever) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.7.0802.22438 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Great Art (HKLM\...\Great Art) (Version:  - GameHouse, Inc.)
HealthcareGovTool (HKLM\...\HealthcareGovTool) (Version: 1.0.0.0 - healthcaregovtool)
Hobby Farm (Version: 2.2.0.98 - WildTangent) Hidden
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 2.0.7.016 - HTC Corporation)
HTC Sync (HKLM\...\{BC4174D1-7970-40E6-AC57-F095F961FB08}) (Version: 2.0.33 - HTC Corporation)
Ice Cream Craze: Natural Hero (Version: 2.2.0.97 - WildTangent) Hidden
Jane's Dress Up Rush (remove only) (HKLM\...\Jane's Dress Up Rush) (Version:  - )
Java™ 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Java™ 6 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)
Jessica's BowWow Bistro (Version: 2.2.0.98 - WildTangent) Hidden
Jigsaw World (HKLM\...\BFG-Jigsaw World) (Version:  - )
KhalInstallWrapper (Version: 4.72.40 - Logitech) Hidden
LimeWire 5.5.10 (HKLM\...\LimeWire) (Version: 5.5.10 - Lime Wire, LLC)
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.72 - Logitech)
LTCM Client (HKLM\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Luxor 2 (HKLM\...\Luxor 2) (Version: 1.1.0.0 - MumboJumbo)
Mah Jong Medley (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Agent (HKLM\...\{1FDB8EC6-BAF1-42F9-8E09-4D9AB369F1B5}) (Version: 4.8.0.887 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.04001 - McAfee, Inc.)
Memeo AutoBackup (HKLM\...\InstallShield_{68BEE9AE-D577-4CFA-9201-02B0CF288FC5}) (Version: 3.00.3251 - Memeo Inc)
Memeo AutoBackup (Version: 3.00.3251 - Memeo Inc) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Monopoly Tycoon (HKLM\...\{B975F4A1-63B6-11D4-BFEC-005004AF2D32}) (Version:  - )
Moraff's Maximum MahJongg, Volume 3 (HKLM\...\MoraffMahJongg3_is1) (Version:  - MoraffWare)
Mozaki Blocks Deluxe (HKLM\...\{D2DEA9D8-2C39-42DA-B2A8-E91AF5D09490}) (Version: 1.0.0 - MumboJumbo, LLC)
Mozilla Firefox 7.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 7.0.1 (x86 en-US)) (Version: 7.0.1 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySpace Toolbar (HKLM\...\MySpaceToolbar) (Version: 1.0.72.0 - MySpace.com)
Nero 7 Ultra Edition (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
NetZero Internet (HKLM\...\{6c651250-2eb2-11d5-8e33-0050dad72ac2}) (Version: NetZero QuickStart - NetZero, Inc.)
NVIDIA PhysX v8.10.29 (HKLM\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OneTouch USB Driver (HKLM\...\{E08EC542-BC5F-4F26-BBB9-E426BA007A31}) (Version: 2.0 - LifeScan)
Paradise Quest (remove only) (HKLM\...\Paradise Quest) (Version:  - )
Path to Success (Version: 2.2.0.98 - WildTangent) Hidden
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
PL-2303 Vista Driver Installer (HKLM\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.0.1.0 - Prolific)
Profitville (remove only) (HKLM\...\Profitville) (Version:  - )
Project Rescue: Africa! (Version: 2.2.0.98 - WildTangent) Hidden
QuickBooks Financial Center (HKLM\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.00.0000 - Intuit Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Rescue Frenzy (Version: 2.2.0.98 - WildTangent) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safari Island (Version: 2.2.0.98 - WildTangent) Hidden
Sally's Quick Clips (Version: 2.2.0.98 - WildTangent) Hidden
Shape Shifter (HKLM\...\Shape Shifter) (Version:  - GameHouse, Inc.)
Skins (Version: 2008.0422.2139.36895 - ATI) Hidden
Slingo Mystery - Who's Gold? (remove only) (HKLM\...\Slingo Mystery - Who's Gold?) (Version:  - )
Software Updater (HKLM\...\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474}) (Version: 4.3.6 - SEIKO EPSON CORPORATION)
Stand O'Food 3 (Version: 2.2.0.98 - WildTangent) Hidden
Super Jigsaw - Landscapes (remove only) (HKLM\...\Super Jigsaw - Landscapes) (Version:  - )
Super Jigsaw - Puppies (remove only) (HKLM\...\Super Jigsaw - Puppies) (Version:  - )
Super Jigsaw Caboodle (remove only) (HKLM\...\Super Jigsaw Caboodle) (Version:  - )
Supermarket Management 2 (Version: 2.2.0.98 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
Tetris Worlds (HKLM\...\Tetris Worlds) (Version:  - )
The Dark Knight Photo Editor (HKLM\...\{75633187-A6F5-4FD5-AB3F-0530802A2D5B}) (Version:  - Digital Blue)
Tiny Token Empires™ (Version: 2.2.0.98 - WildTangent) Hidden
TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.15 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.30.12 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 2.0.2.32 - TOSHIBA)
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - )
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA Corporation)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.19 - TOSHIBA Corporation)
Ultimate Puzzles 500 (HKLM\...\Ultimate Puzzles 500) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
Virtual Farm 2 (Version: 2.2.0.98 - WildTangent) Hidden
WebEx (HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\ActiveTouchMeetingClient) (Version:  - WebEx Communications, Inc)
Wheel Of Fortune 2 (remove only) (HKLM\...\Wheel Of Fortune 2) (Version:  - )
WildTangent Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
WildTangent Games (HKLM\...\WildTangent wildgames Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Version: 4.0.11.7 - WildTangent) Hidden
WinZip System Utilities Suite (HKLM\...\{73370408-B80E-4509-B9AF-957E2E0F512F}_is1) (Version: 2.0.648.13214 - WinZip Computing, S.L. (WinZip Computing))
WorldWinner Games (HKLM\...\{230B9098-A165-491F-B499-8F41AA7139F6}) (Version: 1.9.0.23 - WorldWinner.com, Inc.)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Youda Farmer 3: Seasons (Version: 2.2.0.98 - WildTangent) Hidden
ZIMO (Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130000-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltocx13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130005-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltocx13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130007-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltocx13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130060-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltdlg13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130064-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltdlg13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130065-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltdlg13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130066-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltdlg13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130068-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltdlg13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130070-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltscr13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130074-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltscr13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130075-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltscr13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130076-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltscr13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130077-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltscr13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130100-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltlst13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130104-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltlst13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130106-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltlst13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130200-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\lttmb13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130204-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\lttmb13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130400-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltodb13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130500-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130505-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130507-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130509-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{0013050B-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{0013050D-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{0013050F-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130511-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130600-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltvec13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130605-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltvec13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130607-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltvec13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130609-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltvec13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130611-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltvec13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130613-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltvec13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130620-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\lttlb13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130625-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\lttlb13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130801-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltocx13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130847-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltmrc13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{0013084B-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltmrc13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{0013085F-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\LTCML13n.dll (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130861-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\LTCML13n.dll (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130863-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\LTCML13n.dll (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{1E1B8D00-6D12-11D4-BB60-0000C03B53A6}\InprocServer32 -> C:\Program Files\321Studios\DVDXTREME\DVD X Maker\MCDVSrc.dll ()
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{693566bc-21f8-401e-8d42-e2c5ce50dacc}\localserver32 -> C:\Windows\TEMP\{d5641912-e47a-429c-879e-cfe13eac7a13}\IDriver.NonElevated.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{79E8FD71-F54B-42d4-A4F5-E7565DB58441}\localserver32 -> "C:\Program Files\kikin\KikinBroker.exe" No File

==================== Restore Points =========================

20-05-2015 13:19:38 Windows Update
25-05-2015 14:27:03 Restore Operation
25-05-2015 14:30:16 Windows Update
25-05-2015 15:57:08 Windows Update
26-05-2015 03:09:57 Windows Update
07-06-2015 22:02:29 Removed DVD X Show
19-08-2015 10:53:47 Installed McAfee VirusScan Enterprise.
12-09-2015 18:20:25 Windows Update
14-09-2015 03:01:44 Windows Update
14-09-2015 22:47:54 Scheduled Checkpoint
15-09-2015 21:11:30 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {039C54B6-86EE-4CF5-A01B-3634423E533A} - System32\Tasks\{87A14BA5-DC58-4E42-8326-5DCF4A4157F2} => pcalua.exe -a "C:\Program Files\actisys\ACT-IR224UN-Li\ACT-IR224UN-Li-Setup-v1.1.6-070926.exe"
Task: {0F23BA46-D3D4-4683-B76F-8E0925ED6232} - System32\Tasks\{155E961D-5599-4899-BF35-222060505212} => pcalua.exe -a "C:\TOSAPINS\COMPS1\NetZero Internet Access0\MANUAL\B27528A.EXE" -d "C:\TOSAPINS\COMPS1\NetZero Internet Access0\MANUAL"
Task: {17F8A98E-5A8E-4670-B444-57ED0BAFE7FF} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-1-7 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-1-7.exe <==== ATTENTION
Task: {191CE1CA-EAC0-491F-A4B6-D9BDE779D5A6} - System32\Tasks\smmDQbZEFSzBQ => C:\Users\MARY\AppData\Roaming\smmDQbZEFSzBQ.exe [2015-04-20] () <==== ATTENTION
Task: {19C51564-AC56-4CC7-AC44-C25DA274BB70} - System32\Tasks\klJfmcRT9KGJYtK7B2C6UoSz => C:\Users\MARY\AppData\Roaming\klJfmcRT9KGJYtK7B2C6UoSz.exe [2015-04-20] () <==== ATTENTION
Task: {20458735-7785-4BD9-BF33-ECC5B26E0564} - System32\Tasks\CIMT_S-1-5-21-1063116495-4114681664-2467881189-1000 => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {27BF4239-7F65-4EB9-A18F-55870AEC3CBC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {36CDA412-413A-4164-9121-AF3EB5A59A40} - System32\Tasks\{825CB5A5-90DA-4B83-A34F-F143575127EB} => pcalua.exe -a "C:\Program Files\NetZero\uninst.exe" -d "C:\Program Files\NetZero"
Task: {45277F59-2FBC-4C50-89CC-2820A75BD2A0} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-7 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-7.exe <==== ATTENTION
Task: {47C47F5E-16D8-40D2-B60C-9E48A6A3D453} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files\Optimizer Pro 3.84\OptProLauncher.exe <==== ATTENTION
Task: {488E69F8-673E-4DB3-B064-1F9940CFF0BA} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-1-7 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-1-7.exe <==== ATTENTION
Task: {4EAF1B5B-1C47-45C9-8303-5AF95B889A5A} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {5535DADC-9EF5-4EDE-8B21-B5E80E6B3CCE} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {5838E215-6A44-4B34-9EB5-D402FF479F4A} - System32\Tasks\Microsoft\Windows\RestartManager\{BC8A499A-8D8B-4109-A2C7-0D9B0A607FF0} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {5C913260-1F2A-4940-863F-01FBF52EBB73} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {5D7EE71C-9BDE-4122-9CD4-DB4D034B2DD9} - System32\Tasks\20d13ed4-3ff8-43fa-b399-700ada086a92-5_user => C:\Program Files\Com NotificationsV06.03\20d13ed4-3ff8-43fa-b399-700ada086a92-5.exe <==== ATTENTION
Task: {5EC7FBD8-F108-4497-8345-C656286E237E} - System32\Tasks\4nWD0DuQtXtajdhhOyIO1Kts => C:\Users\MARY\AppData\Roaming\4nWD0DuQtXtajdhhOyIO1Kts.exe [2015-04-20] () <==== ATTENTION
Task: {60C61365-D379-4816-8D2E-AC26153C66D2} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {61038F00-2F67-4BAF-A365-2EF886A97DB0} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-4 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-4.exe <==== ATTENTION
Task: {61A6D69F-79B7-49BB-959F-1D6E563637B6} - System32\Tasks\20d13ed4-3ff8-43fa-b399-700ada086a92-10_user => C:\Program Files\Com NotificationsV06.03\20d13ed4-3ff8-43fa-b399-700ada086a92-10.exe <==== ATTENTION
Task: {652757EA-E578-4B6D-AF38-A54461AFBEB9} - System32\Tasks\20d13ed4-3ff8-43fa-b399-700ada086a92-5 => C:\Program Files\Com NotificationsV06.03\20d13ed4-3ff8-43fa-b399-700ada086a92-5.exe <==== ATTENTION
Task: {66A3142A-0475-49E2-A6E3-F250BA198A94} - System32\Tasks\gtaUpt => C:\Program Files\shopperz\zaeed.bat <==== ATTENTION
Task: {66E6C20F-0783-4BC5-B83F-54505853A2B1} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-5_user => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-5.exe <==== ATTENTION
Task: {6B59D703-553F-4965-8BFA-6F9B09DAF70C} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-4 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-4.exe <==== ATTENTION
Task: {6D0EFFC9-940C-4F7E-8420-ADB41A83FAF7} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-7 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-7.exe <==== ATTENTION
Task: {70FC46AA-2D39-4C7D-9D16-9BC0AA325078} - System32\Tasks\Super Optimizer Schedule => C:\Program Files\Super Optimizer\SupOptLauncher.exe <==== ATTENTION
Task: {736E22C8-C729-4F90-8C34-F25DCC7A5346} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: {76E3C321-3658-4019-9D58-8B329F939D6D} - System32\Tasks\UsA3Y3DGWI8lU6Vg050nkIYOo3C => C:\Users\MARY\AppData\Roaming\UsA3Y3DGWI8lU6Vg050nkIYOo3C.exe [2015-04-20] () <==== ATTENTION
Task: {7BBB14B0-8B0B-4967-9E44-56EC3892E343} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: {835DE4E5-7252-43B0-A7C4-BB1F4156AE3E} - System32\Tasks\{B07F6F1E-14FF-4497-B91E-244E941C3906} => pcalua.exe -a C:\ProgramData\ZombieNews\uninstall.exe -c /kb=y /ic=1
Task: {8674EF86-B7BB-4B6B-BDE3-E318CD53A6A0} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-5 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-5.exe <==== ATTENTION
Task: {882EF406-EC89-4434-9659-577E840F064C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {91F92EE6-5528-4E33-9100-4C4B33CD312F} - System32\Tasks\Driver Support-RTMRules => C:\Program Files\Driver Support\DriverSupport.exe [2015-02-25] (PC Drivers Headquarters)
Task: {9577C2AD-7090-409B-87AE-EB6D7396DBC1} - System32\Tasks\{1470CDE0-1689-462D-BA1F-D37336E4ECE1} => pcalua.exe -a C:\NetZeroInstaller\NetZeroInstaller.exe -d C:\NetZeroInstaller
Task: {9714BF8A-8080-48AD-92AB-B30E653C07DD} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files\Driver Support\DriverSupport.exe [2015-02-25] (PC Drivers Headquarters)
Task: {9939CE21-7680-4521-BF82-714016B002D0} - System32\Tasks\CIMT_daily_S-1-5-21-1063116495-4114681664-2467881189-1000 => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {9C98A903-AC05-47B9-8821-9FF439FCB038} - System32\Tasks\Microsoft\Windows\RestartManager\{4598BFC2-4291-490a-9753-BF99E4FAA15A} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {9E0C9FBF-F797-44BE-A138-C0645502454E} - System32\Tasks\Driver Support => C:\Program Files\Driver Support\DriverSupport.exe [2015-02-25] (PC Drivers Headquarters)
Task: {A7D5A3F5-ABF5-4FCE-8A84-42A978E7B09B} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {A90D8C61-7991-4A36-9DFD-7C17DE92A883} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-5 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-5.exe <==== ATTENTION
Task: {A99F0D58-FC5A-4201-9DDF-F63FC28D89C1} - System32\Tasks\AUSAMRFZ => C:\Users\MARY\AppData\Roaming\AUSAMRFZ.exe [2015-04-22] (Com NotificationsV06.03) <==== ATTENTION
Task: {AA869B76-C042-46AB-8DA5-B493C5F43F3E} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-3 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-3.exe <==== ATTENTION
Task: {B1208FC6-BAD5-48EA-98C2-F5B060E52F63} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-1-6 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-1-6.exe <==== ATTENTION
Task: {B438C3D5-36E2-4D59-9290-B0E2A104B4CB} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-6 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-6.exe <==== ATTENTION
Task: {B4F42752-6D7E-4782-91DE-0E5F67BE2F9C} - System32\Tasks\rCiNBy3auXo => C:\Users\MARY\AppData\Roaming\rCiNBy3auXo.exe [2015-04-20] () <==== ATTENTION
Task: {BAC4E452-4414-4153-A73F-5B5A609156D9} - System32\Tasks\Driver Support-RTMScanRunOnce => C:\Program Files\Driver Support\DriverSupport.exe [2015-02-25] (PC Drivers Headquarters)
Task: {C34D26E7-6BD0-4ED4-94CE-3299B18A95C9} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-5_user => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-5.exe <==== ATTENTION
Task: {C5F73BAA-C95E-47CF-9E93-00F80F49FB56} - System32\Tasks\{F43F2B65-EFB7-47DA-A405-7D009276CBF6} => pcalua.exe -a "C:\Users\MARY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4BB8PJM\yahoo_wheeloffortune2_tm5-3[1].exe" -d C:\Windows\system32
Task: {C86953BE-573B-4B36-A783-79B7C58F07A6} - System32\Tasks\LaunchPreSignup => C:\Program Files\OLBPre\OLBPre.exe <==== ATTENTION
Task: {CF4C0421-0471-4F98-8E2C-8706C054C8C8} - System32\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days => C:\Program Files\WinZip System Utilities Suite\WINZIPSSCheckUpdate.exe [2013-02-13] (WinZip Computing, S.L. (WinZip Computing))
Task: {CFA3551F-2BEB-462E-B545-8D29938BD2E8} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-6 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-6.exe <==== ATTENTION
Task: {D0166B5D-E7EC-4F70-A740-7452C9F4B2FB} - System32\Tasks\WINZIPSS-WINZIPSSOneClickCare => C:\Program Files\WinZip System Utilities Suite\WINZIPSS.exe [2013-02-13] (WinZip Computing, S.L. (WinZip Computing))
Task: {DC2772C6-416D-4CAF-9249-1332D2DA130B} - System32\Tasks\BlockAndSurf Update => C:\Program Files\version42BlockAndSurf\J4BlockAndSurfJ52.exe <==== ATTENTION
Task: {DF2F4954-71FE-4473-BB20-66F872E55B2A} - System32\Tasks\SysHealth_Controller_Mon => C:\Windows\SysFilesController\SysFiles_backup.exe
Task: {DF619BBD-500F-4E0B-838D-7269FB875B8B} - System32\Tasks\{80DA6008-D667-4E96-969D-67A65E15FAA8} => pcalua.exe -a "C:\TOSAPINS\COMPS1\TOSHIBA Assist0\MANUAL\B26484A.EXE" -d "C:\TOSAPINS\COMPS1\TOSHIBA Assist0\MANUAL"
Task: {E19CCB3A-2772-4047-BF02-1B23D102779C} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-1-6 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-1-6.exe <==== ATTENTION
Task: {E323391E-F9E5-4F78-82E3-EEAFF454E096} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-10_user => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-10.exe <==== ATTENTION
Task: {E32A7A09-A070-4157-80F1-21E256D2AE63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {E38F887F-48B4-4512-9F02-8038F9B55FB8} - System32\Tasks\Driver Support-RTMScan => C:\Program Files\Driver Support\DriverSupport.exe [2015-02-25] (PC Drivers Headquarters)
Task: {E3B0768B-67BB-4379-94A5-98F1E77B1A54} - System32\Tasks\KMPOFPUXOY => C:\ProgramData\3eb60c6783df4497a1bcc48c5ac778c7\3eb60c6783df4497a1bcc48c5ac778c7.exe <==== ATTENTION
Task: {E722D7A0-9125-4F5B-B318-86EC2753FFBC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E72AA5F8-7632-4789-A46B-CC6B36F82B85} - System32\Tasks\lZYVDvAe7GlknGA => C:\Users\MARY\AppData\Roaming\lZYVDvAe7GlknGA.exe [2015-04-20] () <==== ATTENTION
Task: {F21AF930-CD54-4C7C-8E32-EC6659280CBF} - System32\Tasks\Uealjikiapa => C:\ProgramData\Uealjikiapa\1.0.5.1\roahihod.exe [2015-09-12] ()
Task: {F531AC53-AB20-4434-9FC8-5288DADA0766} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-3 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-3.exe <==== ATTENTION
Task: {F62B6D32-9048-45D1-BE7E-98F0A1DB8B64} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-10_user => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-10.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\4nWD0DuQtXtajdhhOyIO1Kts.job => C:\Users\MARY\AppData\Roaming\4nWD0DuQtXtajdhhOyIO1Kts.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AUSAMRFZ.job => C:\Users\MARY\AppData\Roaming\AUSAMRFZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_daily_S-1-5-21-1063116495-4114681664-2467881189-1000.job => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_S-1-5-21-1063116495-4114681664-2467881189-1000.job => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\klJfmcRT9KGJYtK7B2C6UoSz.job => C:\Users\MARY\AppData\Roaming\klJfmcRT9KGJYtK7B2C6UoSz.exe <==== ATTENTION
Task: C:\Windows\Tasks\lZYVDvAe7GlknGA.job => C:\Users\MARY\AppData\Roaming\lZYVDvAe7GlknGA.exe <==== ATTENTION
Task: C:\Windows\Tasks\rCiNBy3auXo.job => C:\Users\MARY\AppData\Roaming\rCiNBy3auXo.exe <==== ATTENTION
Task: C:\Windows\Tasks\smmDQbZEFSzBQ.job => C:\Users\MARY\AppData\Roaming\smmDQbZEFSzBQ.exe <==== ATTENTION
Task: C:\Windows\Tasks\UsA3Y3DGWI8lU6Vg050nkIYOo3C.job => C:\Users\MARY\AppData\Roaming\UsA3Y3DGWI8lU6Vg050nkIYOo3C.exe <==== ATTENTION
Task: C:\Windows\Tasks\User_Feed_Synchronization-{100CB278-A42A-47AD-9C68-5BC3E3CF95BD}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job => C:\Program Files\WinZip System Utilities Suite\WINZIPSSCheckUpdate.exe
Task: C:\Windows\Tasks\WINZIPSS-WINZIPSSOneClickCare.job => C:\Program Files\WinZip System Utilities Suite\WINZIPSS.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-16 18:56 - 2015-09-16 18:56 - 00307200 _____ () C:\Windows\TEMP\mrt821A.tmp\MMFS2.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00021504 _____ () C:\Windows\TEMP\mrt821A.tmp\Get.mfx
2015-09-16 18:56 - 2015-09-16 18:56 - 00059392 _____ () C:\Windows\TEMP\mrt821A.tmp\Yaso.mfx
2015-09-12 19:34 - 2015-09-12 19:34 - 00158208 _____ () C:\ProgramData\Uealjikiapa\1.0.5.1\roahihod.exe
2015-09-16 18:56 - 2015-09-16 18:56 - 00049274 ____R () C:\Windows\TEMP\pdk-SYSTEM-1688\63034c7371a6548f55e2e2ada11d61df\Console.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00041064 ____R () C:\Windows\TEMP\pdk-SYSTEM-1688\84c73e03b82ca27738913a411aab1a36\Win32.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00032878 ____R () C:\Windows\TEMP\pdk-SYSTEM-1688\5a043c9ceeb6d93382986c196a4fafd4\API.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00024675 ____R () C:\Windows\TEMP\pdk-SYSTEM-1688\83c9827eb0780dfbd0d606810dabd32b\MD5.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00032873 ____R () C:\Windows\TEMP\pdk-SYSTEM-1688\e790df575748f7ddfa6d074eefbd3af9\Dumper.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00163971 ____R () C:\Windows\TEMP\pdk-SYSTEM-1688\d8a986739f35fd413025de54fd074182\Registry.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00086141 ____R () C:\Windows\TEMP\pdk-SYSTEM-1688\b925c172201d5ef768c668345559b93c\WinError.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00024680 ____R () C:\Windows\TEMP\pdk-SYSTEM-1688\52f32cf781dbf574d1d227e3fdefb6a8\Base64.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00024678 ____R () C:\Windows\TEMP\pdk-SYSTEM-1688\278e95d3c70d01bffd43d0d6f0a68d54\HiRes.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00028794 ____R () C:\Windows\TEMP\pdk-SYSTEM-1688\cc6074bff1906afc872db1ac09b9f547\Process.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00393216 _____ () C:\Program Files\McAfee\Common Framework\cryptocme2.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00471040 _____ () C:\Program Files\McAfee\Common Framework\ccme_base.dll
2008-05-05 13:19 - 2007-01-25 20:47 - 00136816 _____ () C:\TOSHIBA\IVP\ISM\pinger.exe
2008-05-05 13:19 - 2007-10-23 18:27 - 00066928 _____ () c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
2015-09-16 18:56 - 2015-09-16 18:56 - 00041077 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\21245c5569721f0f2a33e16be17cbf54\Parser.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00033061 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\1fb9e4724fa361b2039d7108d86facb1\IO.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00024673 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\bca7aac987d374edc35a6e36445e61af\Fcntl.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00065649 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\a7e3c95a9eafdbe78935b179b3ff1b32\Storable.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00028767 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\c7908c77cfa1eb6c67bd6c2c8828e47d\Socket.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00032868 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\5bec2b7324c81f25bdf5c087fdf888e2\Util.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00024680 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\52f32cf781dbf574d1d227e3fdefb6a8\Base64.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00753770 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\255873e11a19a4173c46c5f0f1c45a75\SSLeay.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00041064 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\84c73e03b82ca27738913a411aab1a36\Win32.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00032878 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\5a043c9ceeb6d93382986c196a4fafd4\API.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00024675 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\83c9827eb0780dfbd0d606810dabd32b\MD5.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00032873 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\e790df575748f7ddfa6d074eefbd3af9\Dumper.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00163971 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\d8a986739f35fd413025de54fd074182\Registry.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00086141 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\b925c172201d5ef768c668345559b93c\WinError.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00110067 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\69a7571ee8627e000e7aa3e84e6c0287\XS.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00028797 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\4010f65ec76e2d10892bb18b850ef0fe\EventLog.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00036974 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\d3cf21878a857fd038aba844148f5d25\threads.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00036987 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\7e7eb1f6db17cd1fa4804f58459d1f4a\shared.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00024678 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\278e95d3c70d01bffd43d0d6f0a68d54\HiRes.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00090222 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\eec708426f797e3eae1af772a856fdae\OLE.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00073825 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\823c451b17adc6464f8cf55ac2dcafcf\POSIX.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00020573 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\5bf8db5274d53c6ed2dd878aeff6e7d5\Cwd.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00049274 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\63034c7371a6548f55e2e2ada11d61df\Console.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00053347 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\baeb31b10de41e0fd6fecc1b786c31f3\SHA.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00024686 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\766ccbea5ec5a2bc70b9fe8ea13d73f8\IPC.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00024690 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\41d3bfad1943c3f1696600b681760fd4\Event.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00028643 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\a8bf61c655dc018f08ffa870367e19ab\Blowfish.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00024676 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\74e8e28bfe91d1cf7eb0624b24843997\Glob.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00098419 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\be99ba2f5fa59beaeeab574714026ae6\Zlib.dll
2015-09-16 18:56 - 2015-09-16 18:56 - 00028794 ____R () C:\Windows\TEMP\pdk-SYSTEM-2960\cc6074bff1906afc872db1ac09b9f547\Process.dll
2008-04-24 21:25 - 2008-04-24 21:25 - 00126976 _____ () C:\Windows\system32\SmartFaceVCtrl.dll
2008-04-24 21:25 - 2008-04-24 21:25 - 06701056 _____ () C:\Windows\system32\FaceHI.dll
2008-04-24 21:25 - 2008-04-24 21:25 - 00995328 _____ () C:\Windows\system32\FaceRec.dll
2008-04-23 01:05 - 2008-04-23 01:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2007-01-11 18:33 - 2007-01-11 18:33 - 00106496 ____R () C:\Program Files\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll
2010-03-31 10:08 - 2010-03-31 10:08 - 00240552 ____R () C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll
2010-03-17 16:20 - 2010-03-17 16:20 - 00139264 ____R () C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll
2010-03-31 10:08 - 2010-03-31 10:08 - 00240552 ____R () C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:6B50A605
AlternateDataStreams: C:\ProgramData\TEMP:E428B9D4

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20242288.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wwwd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20242288.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebWatcherProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wwwd.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\driversupport.com -> hxxps://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\netzero.com -> netzero.com
IE trusted site: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\netzero.net -> netzero.net


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MARY\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: 22134214 => 2
MSCONFIG\Services: 40030ae4 => 2
MSCONFIG\Services: 67b32930 => 2
MSCONFIG\Services: 70F4EEDB-1367-4b4f-8247-3133551A7415 => 2
MSCONFIG\Services: AppMgr1.26.3056825 => 2
MSCONFIG\Services: consumerinput_update => 2
MSCONFIG\Services: consumerinput_updatem => 3
MSCONFIG\Services: csrcc => 2
MSCONFIG\Services: FlashBeat => 2
MSCONFIG\Services: globalUpdate => 2
MSCONFIG\Services: globalUpdatem => 3
MSCONFIG\Services: insvc_1.10.0.14 => 2
MSCONFIG\Services: pastaleadsupd => 2
MSCONFIG\Services: pyteqisi => 2
MSCONFIG\Services: ryvyrife => 2
MSCONFIG\Services: shopperz Updater => 2
MSCONFIG\Services: StormWatch Update Service => 2
MSCONFIG\Services: SWUpdater => 2
MSCONFIG\Services: Update Steel Cut => 2
MSCONFIG\Services: Util Steel Cut => 2
MSCONFIG\Services: xihyqumu => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [TCP Query User{F8D95447-87CF-42FE-8839-613673FC4EFB}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{ECB2991F-0FE4-4C33-BDAC-61539F397819}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{568AAE34-124E-4FE7-BD64-E26CED0B777E}C:\program files\nero\nero 7\nero showtime\showtime.exe] => (Block) C:\program files\nero\nero 7\nero showtime\showtime.exe
FirewallRules: [UDP Query User{98477DBB-3731-4A1A-AB06-79DBD0907307}C:\program files\nero\nero 7\nero showtime\showtime.exe] => (Block) C:\program files\nero\nero 7\nero showtime\showtime.exe
FirewallRules: [{9EE2AA52-B7CB-4D7C-A34B-2055ACFF4530}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{DCE61DF5-753F-4991-8959-4C1A9C9A1081}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{48DD2A18-DC9A-48B1-B59B-447E0A6A9FF9}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{22AD4409-45F8-4313-A013-5BBAF98A542F}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{B60F514D-1165-467C-B3C4-0B0FCA9CAD19}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{B2E653EC-E6AE-4687-9660-3585DED9C8E6}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{8024F8B5-702E-4F4E-A8FE-9C76939C9BA8}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{42583F21-625F-49C6-A509-05D9D4E328D1}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{6543F1BF-ECDF-4AB6-8FFC-98A6BCCC6D56}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{1B829C43-0AEA-49F0-B11F-D4E7724CBE0A}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{DD6F273F-C9EA-45EC-B883-6093592BA869}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{4D075355-BF68-47D2-870B-B01C8D3F8E1A}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{57DE68D4-AEBD-440F-A61B-1D3F99C59AE3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger

==================== Faulty Device Manager Devices =============

Name: Communications Port (COM8)
Description: Communications Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard port types)
Service: Serial
Problem: : Windows cannot determine the settings for this device. Consult the documentation that came with this device and use the Resource tab to set the configuration. (Code 34)
Resolution: The device requires manual configuration. See the hardware documentation or contact the hardware vendor for instructions on manually configuring the device. After you configure the device itself, you can use the "Resources" tab in Device Manager to configure the resource settings in Windows.

Name: Trusted Platform Module 1.2
Description: Trusted Platform Module 1.2
Class Guid: {d94ee5d8-d189-4994-83d2-f68d7d41b0e6}
Manufacturer: (Standard)
Service: TPM
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2015 06:56:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2015 06:53:45 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY)
Description: 0x80072af9

Error: (09/16/2015 06:52:37 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY)
Description: 0x80072af9

Error: (09/16/2015 06:51:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2015 06:51:27 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY)
Description: 0x80072af9

Error: (09/16/2015 06:42:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application AdwCleaner.exe, version 5.0.0.7, time stamp 0x55ef5185, faulting module AdwCleaner.exe, version 5.0.0.7, time stamp 0x55ef5185, exception code 0xc0000005, fault offset 0x0000cb3d,
process id 0x1888, application start time 0xAdwCleaner.exe0.

Error: (09/16/2015 06:41:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application AdwCleaner.exe, version 5.0.0.7, time stamp 0x55ef5185, faulting module AdwCleaner.exe, version 5.0.0.7, time stamp 0x55ef5185, exception code 0xc0000005, fault offset 0x0000cb3d,
process id 0xdf0, application start time 0xAdwCleaner.exe0.

Error: (09/16/2015 06:41:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application AdwCleaner.exe, version 5.0.0.7, time stamp 0x55ef5185, faulting module AdwCleaner.exe, version 5.0.0.7, time stamp 0x55ef5185, exception code 0xc0000005, fault offset 0x0000cb3d,
process id 0x151c, application start time 0xAdwCleaner.exe0.

Error: (09/16/2015 06:40:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application AdwCleaner.exe, version 5.0.0.7, time stamp 0x55ef5185, faulting module AdwCleaner.exe, version 5.0.0.7, time stamp 0x55ef5185, exception code 0xc0000005, fault offset 0x00012c46,
process id 0x464, application start time 0xAdwCleaner.exe0.

Error: (09/16/2015 06:39:07 PM) (Source: Driver Support) (EventID: 100) (User: )
Description: Timestamp: 9/16/2015 11:39:07 PM
Message: An exception occured and was caught: ConfigurationErrorsException
---------Exception Information----------
Local Time: 9/16/2015 6:39:07 PM
Type: ExceptionLogging, Version=4.0.0.60, Culture=neutral, PublicKeyToken=null
Message: Error creating the Web Proxy specified in the 'system.net/defaultProxy' configuration section.
Source: System
Target Site: System.Net.Configuration.DefaultProxySectionInternal GetSection()
Stack Trace:    at System.Net.Configuration.DefaultProxySectionInternal.GetSection()
    
   at System.Net.WebRequest.get_InternalDefaultWebProxy()
    
   at System.Net.HttpWebRequest..ctor(Uri uri, ServicePoint servicePoint)
    
   at System.Net.HttpRequestCreator.Create(Uri Uri)
    
   at System.Net.WebRequest.Create(Uri requestUri, Boolean useUriBase)
    
   at System.Net.WebRequest.Create(String requestUriString)
    
   at DriversHQ.Common.Communication.WebRequestMessageBase.GetResponseInternal()
    
   at DriversHQ.Common.Communication.RequestMessageBase.GetResponse(Boolean async)
    
   at DriversHQ.Common.Communication.RequestMessageBase.GetResponse()
    
   at DriversHQ.DriverDetective.Client.Veloxum.VeloxumManager.SendVeloxumClientMessage(VeloxumClientRequestMessageBase request, Boolean async, Boolean isHandshakeMessage, Int32 retryCount)
    ----------Inner Exception Information----------
        Message: The parameter is incorrect
        Source: System
        Target Site: System.Net.SafeCloseSocketAndEvent CreateWSASocketWithEvent(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType, Boolean, Boolean)
        Stack Trace:    at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled)
    
   at System.Net.NetworkAddressChangePolled..ctor()
    
   at System.Net.AutoWebProxyScriptEngine.AutoDetector.Initialize()
    
   at System.Net.AutoWebProxyScriptEngine.AutoDetector.get_CurrentAutoDetector()
    
   at System.Net.AutoWebProxyScriptEngine..ctor(WebProxy proxy, Boolean useRegistry)
    
   at System.Net.WebProxy.UnsafeUpdateFromRegistry()
    
   at System.Net.WebProxy..ctor(Boolean enableAutoproxy)
    
   at System.Net.Configuration.DefaultProxySectionInternal..ctor(DefaultProxySection section)
    
   at System.Net.Configuration.DefaultProxySectionInternal.GetSection()
--------------------------------------
Additional Information
Machine Name: MARY-LT
Assembly: ExceptionLogging, Version=4.0.0.60, Culture=neutral, PublicKeyToken=null
Application Domain: DriverSupport.exe
Thread Identity: MARY-LT\MARY
Thread Name:
Windows Identity: MARY-LT\MARY
Process Name:


System errors:
=============
Error: (09/16/2015 06:56:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: {62bf0628-5809-49d1-9eee-14fa45047c7b}t
{6dfc5aca-15d7-49c9-89a5-7df5102d7909}t
{6eab28b9-4079-4e33-afb7-c332c7d8e930}Gt
{7929dd67-6f70-43ee-9cc7-c3b1ebca3d6c}Gt
{8a6c5cb0-8029-45d5-81ec-3d760f3f2e68}t
{b75bf4f2-b9e7-4446-be16-8fafc15eb88d}t
{c979301f-1894-4c06-9f58-e9aca8d65afc}t

Error: (09/16/2015 06:56:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Adobe Licensing Console%%1053

Error: (09/16/2015 06:56:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Adobe Licensing Console

Error: (09/16/2015 06:55:50 PM) (Source: TPM) (EventID: 13) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (09/16/2015 06:55:50 PM) (Source: TPM) (EventID: 13) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (09/16/2015 06:55:50 PM) (Source: TPM) (EventID: 13) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (09/16/2015 06:55:50 PM) (Source: TPM) (EventID: 13) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (09/16/2015 06:53:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Print Spooler3

Error: (09/16/2015 06:53:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Update%%2147952506

Error: (09/16/2015 06:53:31 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: 2147952506


Microsoft Office:
=========================

==================== Memory info ===========================

Processor: AMD Turion™ X2 Dual-Core Mobile RM-72
Percentage of memory in use: 51%
Total physical RAM: 2813.1 MB
Available physical RAM: 1377.53 MB
Total Virtual: 5848.68 MB
Available Virtual: 4162.73 MB

==================== Drives ================================

Drive c: (SQ004720V05) (Fixed) (Total:225.52 GB) (Free:120.19 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 220ED127)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=225.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5.9 GB) - (Type=17)

==================== End of Addition.txt ============================

 

 



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:28 PM

Posted 17 September 2015 - 05:59 AM

Hi,

Step 1

Upload File(s) to virustotal.png
I want you to upload the following file(s) to an online virus-scanner to scan.
  • Click the Choose File button.
  • Please copy/paste the following text into the 'File name:' box:

    C:\Windows\System32\lnsecsl.exe
    
  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analyzed: click Reanalyse
  • Copy and Paste the link of the result page in your reply;
Step 2

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
    HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
    Toolbar: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000 -> No Name - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} -  No File
    C:\Program Files\Cinema_Plus_i2V22.04\
    C:\Program Files\Lights Cinema 1.3betaV22.04\
    C:\Program Files\shopperz
    Task: {F531AC53-AB20-4434-9FC8-5288DADA0766} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-3 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-3.exe 
    Task: {F62B6D32-9048-45D1-BE7E-98F0A1DB8B64} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-10_user => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-10.exe 
    C:\Users\MARY\AppData\Roaming\4nWD0DuQtXtajdhhOyIO1Kts.exe
    Task: C:\Windows\Tasks\4nWD0DuQtXtajdhhOyIO1Kts.job => C:\Users\MARY\AppData\Roaming\4nWD0DuQtXtajdhhOyIO1Kts.exe 
    C:\Users\MARY\AppData\Roaming\AUSAMRFZ.exe 
    Task: C:\Windows\Tasks\AUSAMRFZ.job => C:\Users\MARY\AppData\Roaming\AUSAMRFZ.exe 
    C:\Program Files\Consumer Input
    Task: C:\Windows\Tasks\CIMT_daily_S-1-5-21-1063116495-4114681664-2467881189-1000.job => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe 
    Task: C:\Windows\Tasks\CIMT_S-1-5-21-1063116495-4114681664-2467881189-1000.job => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe 
    C:\Users\MARY\AppData\Roaming\klJfmcRT9KGJYtK7B2C6UoSz.exe 
    Task: C:\Windows\Tasks\klJfmcRT9KGJYtK7B2C6UoSz.job => C:\Users\MARY\AppData\Roaming\klJfmcRT9KGJYtK7B2C6UoSz.exe 
    C:\Users\MARY\AppData\Roaming\lZYVDvAe7GlknGA.exe
    Task: C:\Windows\Tasks\lZYVDvAe7GlknGA.job => C:\Users\MARY\AppData\Roaming\lZYVDvAe7GlknGA.exe 
    C:\Users\MARY\AppData\Roaming\rCiNBy3auXo.exe 
    Task: C:\Windows\Tasks\rCiNBy3auXo.job => C:\Users\MARY\AppData\Roaming\rCiNBy3auXo.exe 
    C:\Users\MARY\AppData\Roaming\smmDQbZEFSzBQ.exe 
    Task: C:\Windows\Tasks\smmDQbZEFSzBQ.job => C:\Users\MARY\AppData\Roaming\smmDQbZEFSzBQ.exe 
    C:\Users\MARY\AppData\Roaming\UsA3Y3DGWI8lU6Vg050nkIYOo3C.exe 
    Task: C:\Windows\Tasks\UsA3Y3DGWI8lU6Vg050nkIYOo3C.job => C:\Users\MARY\AppData\Roaming\UsA3Y3DGWI8lU6Vg050nkIYOo3C.exe 
    AlternateDataStreams: C:\ProgramData\TEMP:6B50A605
    AlternateDataStreams: C:\ProgramData\TEMP:E428B9D4
    C:\ProgramData\3eb60c6783df4497a1bcc48c5ac778c7
    Task: {E3B0768B-67BB-4379-94A5-98F1E77B1A54} - System32\Tasks\KMPOFPUXOY => C:\ProgramData\3eb60c6783df4497a1bcc48c5ac778c7\3eb60c6783df4497a1bcc48c5ac778c7.exe 
    C:\Users\MARY\AppData\Roaming\lZYVDvAe7GlknGA.exe 
    Task: {E72AA5F8-7632-4789-A46B-CC6B36F82B85} - System32\Tasks\lZYVDvAe7GlknGA => C:\Users\MARY\AppData\Roaming\lZYVDvAe7GlknGA.exe [2015-04-20] () 
    C:\ProgramData\Uealjikiapa\
    Task: {F21AF930-CD54-4C7C-8E32-EC6659280CBF} - System32\Tasks\Uealjikiapa => C:\ProgramData\Uealjikiapa\1.0.5.1\roahihod.exe [2015-09-12] ()
    C:\Program Files\Super Optimizer
    Task: {70FC46AA-2D39-4C7D-9D16-9BC0AA325078} - System32\Tasks\Super Optimizer Schedule => C:\Program Files\Super Optimizer\SupOptLauncher.exe 
    Task: {736E22C8-C729-4F90-8C34-F25DCC7A5346} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe 
    C:\Users\MARY\AppData\Roaming\UsA3Y3DGWI8lU6Vg050nkIYOo3C.exe 
    Task: {76E3C321-3658-4019-9D58-8B329F939D6D} - System32\Tasks\UsA3Y3DGWI8lU6Vg050nkIYOo3C => C:\Users\MARY\AppData\Roaming\UsA3Y3DGWI8lU6Vg050nkIYOo3C.exe [2015-04-20] () 
    Task: {7BBB14B0-8B0B-4967-9E44-56EC3892E343} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe 
    Task: {835DE4E5-7252-43B0-A7C4-BB1F4156AE3E} - System32\Tasks\{B07F6F1E-14FF-4497-B91E-244E941C3906} => 
    Task: {8674EF86-B7BB-4B6B-BDE3-E318CD53A6A0} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-5 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-5.exe 
    
    Task: {91F92EE6-5528-4E33-9100-4C4B33CD312F} - System32\Tasks\Driver Support-RTMRules => C:\Program Files\Driver Support\DriverSupport.exe [2015-02-25] (PC Drivers Headquarters)
    
    Task: {9714BF8A-8080-48AD-92AB-B30E653C07DD} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files\Driver Support\DriverSupport.exe [2015-02-25] (PC Drivers Headquarters)
    Task: {9939CE21-7680-4521-BF82-714016B002D0} - System32\Tasks\CIMT_daily_S-1-5-21-1063116495-4114681664-2467881189-1000 => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe 
    Task: {9E0C9FBF-F797-44BE-A138-C0645502454E} - System32\Tasks\Driver Support => C:\Program Files\Driver Support\DriverSupport.exe [2015-02-25] (PC Drivers Headquarters)
    C:\Program Files\globalUpdate
    Task: {A7D5A3F5-ABF5-4FCE-8A84-42A978E7B09B} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe 
    Task: {A90D8C61-7991-4A36-9DFD-7C17DE92A883} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-5 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-5.exe 
    C:\Users\MARY\AppData\Roaming\AUSAMRFZ.exe 
    Task: {A99F0D58-FC5A-4201-9DDF-F63FC28D89C1} - System32\Tasks\AUSAMRFZ => C:\Users\MARY\AppData\Roaming\AUSAMRFZ.exe [2015-04-22] (Com NotificationsV06.03) 
    Task: {AA869B76-C042-46AB-8DA5-B493C5F43F3E} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-3 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-3.exe 
    Task: {B1208FC6-BAD5-48EA-98C2-F5B060E52F63} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-1-6 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-1-6.exe 
    Task: {B438C3D5-36E2-4D59-9290-B0E2A104B4CB} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-6 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-6.exe 
    C:\Users\MARY\AppData\Roaming\rCiNBy3auXo.exe 
    Task: {B4F42752-6D7E-4782-91DE-0E5F67BE2F9C} - System32\Tasks\rCiNBy3auXo => C:\Users\MARY\AppData\Roaming\rCiNBy3auXo.exe [2015-04-20] ()  
    Task: {BAC4E452-4414-4153-A73F-5B5A609156D9} - System32\Tasks\Driver Support-RTMScanRunOnce => C:\Program Files\Driver Support\DriverSupport.exe [2015-02-25] (PC Drivers Headquarters)
    Task: {C34D26E7-6BD0-4ED4-94CE-3299B18A95C9} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-5_user => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-5.exe 
    Task: {C5F73BAA-C95E-47CF-9E93-00F80F49FB56} - System32\Tasks\{F43F2B65-EFB7-47DA-A405-7D009276CBF6} => 
    C:\Program Files\OLBPre\
    Task: {C86953BE-573B-4B36-A783-79B7C58F07A6} - System32\Tasks\LaunchPreSignup => C:\Program Files\OLBPre\OLBPre.exe 
    Task: {CFA3551F-2BEB-462E-B545-8D29938BD2E8} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-6 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-6.exe 
    C:\Program Files\version42BlockAndSurf
    Task: {DC2772C6-416D-4CAF-9249-1332D2DA130B} - System32\Tasks\BlockAndSurf Update => C:\Program Files\version42BlockAndSurf\J4BlockAndSurfJ52.exe 
    C:\Windows\SysFilesController
    Task: {DF2F4954-71FE-4473-BB20-66F872E55B2A} - System32\Tasks\SysHealth_Controller_Mon => C:\Windows\SysFilesController\SysFiles_backup.exe
    Task: {E19CCB3A-2772-4047-BF02-1B23D102779C} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-1-6 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-1-6.exe 
    Task: {E323391E-F9E5-4F78-82E3-EEAFF454E096} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-10_user => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-10.exe 
    C:\Program Files\Driver Support\
    Task: {E38F887F-48B4-4512-9F02-8038F9B55FB8} - System32\Tasks\Driver Support-RTMScan => C:\Program Files\Driver Support\DriverSupport.exe [2015-02-25] (PC Drivers Headquarters)
    Task: {17F8A98E-5A8E-4670-B444-57ED0BAFE7FF} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-1-7 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-1-7.exe 
    C:\Users\MARY\AppData\Roaming\smmDQbZEFSzBQ.exe 
    Task: {191CE1CA-EAC0-491F-A4B6-D9BDE779D5A6} - System32\Tasks\smmDQbZEFSzBQ => C:\Users\MARY\AppData\Roaming\smmDQbZEFSzBQ.exe [2015-04-20] () 
    C:\Users\MARY\AppData\Roaming\klJfmcRT9KGJYtK7B2C6UoSz.exe
    Task: {19C51564-AC56-4CC7-AC44-C25DA274BB70} - System32\Tasks\klJfmcRT9KGJYtK7B2C6UoSz => C:\Users\MARY\AppData\Roaming\klJfmcRT9KGJYtK7B2C6UoSz.exe [2015-04-20] () 
    Task: {20458735-7785-4BD9-BF33-ECC5B26E0564} - System32\Tasks\CIMT_S-1-5-21-1063116495-4114681664-2467881189-1000 => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe 
    Task: {45277F59-2FBC-4C50-89CC-2820A75BD2A0} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-7 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-7.exe 
    Task: {47C47F5E-16D8-40D2-B60C-9E48A6A3D453} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files\Optimizer Pro 3.84\OptProLauncher.exe 
    Task: {488E69F8-673E-4DB3-B064-1F9940CFF0BA} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-1-7 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-1-7.exe 
    C:\Program Files\AnyProtectEx
    Task: {4EAF1B5B-1C47-45C9-8303-5AF95B889A5A} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe 
    Task: {5535DADC-9EF5-4EDE-8B21-B5E80E6B3CCE} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe 
    Task: {5C913260-1F2A-4940-863F-01FBF52EBB73} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe 
    C:\Program Files\Com NotificationsV06.03
    Task: {5D7EE71C-9BDE-4122-9CD4-DB4D034B2DD9} - System32\Tasks\20d13ed4-3ff8-43fa-b399-700ada086a92-5_user => C:\Program Files\Com NotificationsV06.03\20d13ed4-3ff8-43fa-b399-700ada086a92-5.exe 
    C:\Users\MARY\AppData\Roaming\4nWD0DuQtXtajdhhOyIO1Kts.exe 
    Task: {5EC7FBD8-F108-4497-8345-C656286E237E} - System32\Tasks\4nWD0DuQtXtajdhhOyIO1Kts => C:\Users\MARY\AppData\Roaming\4nWD0DuQtXtajdhhOyIO1Kts.exe [2015-04-20] () 
    Task: {60C61365-D379-4816-8D2E-AC26153C66D2} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.
    Task: {61038F00-2F67-4BAF-A365-2EF886A97DB0} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-4 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-4.exe 
    Task: {61A6D69F-79B7-49BB-959F-1D6E563637B6} - System32\Tasks\20d13ed4-3ff8-43fa-b399-700ada086a92-10_user => C:\Program Files\Com NotificationsV06.03\20d13ed4-3ff8-43fa-b399-700ada086a92-10.exe 
    Task: {652757EA-E578-4B6D-AF38-A54461AFBEB9} - System32\Tasks\20d13ed4-3ff8-43fa-b399-700ada086a92-5 => C:\Program Files\Com NotificationsV06.03\20d13ed4-3ff8-43fa-b399-700ada086a92-5.exe 
    Task: {66A3142A-0475-49E2-A6E3-F250BA198A94} - System32\Tasks\gtaUpt => C:\Program Files\shopperz\zaeed.bat 
    Task: {66E6C20F-0783-4BC5-B83F-54505853A2B1} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-5_user => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-5.exe 
    Task: {6B59D703-553F-4965-8BFA-6F9B09DAF70C} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-4 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-4.exe 
    Task: {6D0EFFC9-940C-4F7E-8420-ADB41A83FAF7} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-7 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-7.exe 
    R2 gynCCr; C:\ProgramData\OEGUQbEfDfc\gynCCr.exe [2730984 2015-04-22] (Time Lapse Solutions)
    S4 Update Steel Cut; "C:\Program Files\Steel Cut\updateSteelCut.exe" [X]
    S4 Util Steel Cut; "C:\Program Files\Steel Cut\bin\utilSteelCut.exe" [X]
    S1 {62bf0628-5809-49d1-9eee-14fa45047c7b}t; system32\drivers\{62bf0628-5809-49d1-9eee-14fa45047c7b}t.sys [X]
    S1 {6dfc5aca-15d7-49c9-89a5-7df5102d7909}t; system32\drivers\{6dfc5aca-15d7-49c9-89a5-7df5102d7909}t.sys [X]
    S1 {6eab28b9-4079-4e33-afb7-c332c7d8e930}Gt; system32\drivers\{6eab28b9-4079-4e33-afb7-c332c7d8e930}Gt.sys [X]
    S1 {7929dd67-6f70-43ee-9cc7-c3b1ebca3d6c}Gt; system32\drivers\{7929dd67-6f70-43ee-9cc7-c3b1ebca3d6c}Gt.sys [X]
    S1 {8a6c5cb0-8029-45d5-81ec-3d760f3f2e68}t; system32\drivers\{8a6c5cb0-8029-45d5-81ec-3d760f3f2e68}t.sys [X]
    S1 {b75bf4f2-b9e7-4446-be16-8fafc15eb88d}t; system32\drivers\{b75bf4f2-b9e7-4446-be16-8fafc15eb88d}t.sys [X]
    S1 {c979301f-1894-4c06-9f58-e9aca8d65afc}t; system32\drivers\{c979301f-1894-4c06-9f58-e9aca8d65afc}t.sys [X]
    CreateRestorePoint:
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After the Reboot:

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 telecomladyj

telecomladyj
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 17 September 2015 - 07:33 AM

VT RESULT:
https://www.virustotal.com/en/file/250a08430c07e6d911e1120a7b6401fc5c8b957e564e7a6f7eefb6f9a366781f/analysis/1442490323/


FIXLOG.TXT:
Fix result of Farbar Recovery Scan Tool (x86) Version:15-09-2015
Ran by MARY (2015-09-17 06:58:41) Run:1
Running from C:\Users\MARY\Desktop
Loaded Profiles: MARY (Available Profiles: MARY & Baby & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
Toolbar: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000 -> No Name - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} -  No File
C:\Program Files\Cinema_Plus_i2V22.04\
C:\Program Files\Lights Cinema 1.3betaV22.04\
C:\Program Files\shopperz
Task: {F531AC53-AB20-4434-9FC8-5288DADA0766} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-3 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-3.exe
Task: {F62B6D32-9048-45D1-BE7E-98F0A1DB8B64} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-10_user => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-10.exe
C:\Users\MARY\AppData\Roaming\4nWD0DuQtXtajdhhOyIO1Kts.exe
Task: C:\Windows\Tasks\4nWD0DuQtXtajdhhOyIO1Kts.job => C:\Users\MARY\AppData\Roaming\4nWD0DuQtXtajdhhOyIO1Kts.exe
C:\Users\MARY\AppData\Roaming\AUSAMRFZ.exe
Task: C:\Windows\Tasks\AUSAMRFZ.job => C:\Users\MARY\AppData\Roaming\AUSAMRFZ.exe
C:\Program Files\Consumer Input
Task: C:\Windows\Tasks\CIMT_daily_S-1-5-21-1063116495-4114681664-2467881189-1000.job => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe
Task: C:\Windows\Tasks\CIMT_S-1-5-21-1063116495-4114681664-2467881189-1000.job => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe
C:\Users\MARY\AppData\Roaming\klJfmcRT9KGJYtK7B2C6UoSz.exe
Task: C:\Windows\Tasks\klJfmcRT9KGJYtK7B2C6UoSz.job => C:\Users\MARY\AppData\Roaming\klJfmcRT9KGJYtK7B2C6UoSz.exe
C:\Users\MARY\AppData\Roaming\lZYVDvAe7GlknGA.exe
Task: C:\Windows\Tasks\lZYVDvAe7GlknGA.job => C:\Users\MARY\AppData\Roaming\lZYVDvAe7GlknGA.exe
C:\Users\MARY\AppData\Roaming\rCiNBy3auXo.exe
Task: C:\Windows\Tasks\rCiNBy3auXo.job => C:\Users\MARY\AppData\Roaming\rCiNBy3auXo.exe
C:\Users\MARY\AppData\Roaming\smmDQbZEFSzBQ.exe
Task: C:\Windows\Tasks\smmDQbZEFSzBQ.job => C:\Users\MARY\AppData\Roaming\smmDQbZEFSzBQ.exe
C:\Users\MARY\AppData\Roaming\UsA3Y3DGWI8lU6Vg050nkIYOo3C.exe
Task: C:\Windows\Tasks\UsA3Y3DGWI8lU6Vg050nkIYOo3C.job => C:\Users\MARY\AppData\Roaming\UsA3Y3DGWI8lU6Vg050nkIYOo3C.exe
AlternateDataStreams: C:\ProgramData\TEMP:6B50A605
AlternateDataStreams: C:\ProgramData\TEMP:E428B9D4
C:\ProgramData\3eb60c6783df4497a1bcc48c5ac778c7
Task: {E3B0768B-67BB-4379-94A5-98F1E77B1A54} - System32\Tasks\KMPOFPUXOY => C:\ProgramData\3eb60c6783df4497a1bcc48c5ac778c7\3eb60c6783df4497a1bcc48c5ac778c7.exe
C:\Users\MARY\AppData\Roaming\lZYVDvAe7GlknGA.exe
Task: {E72AA5F8-7632-4789-A46B-CC6B36F82B85} - System32\Tasks\lZYVDvAe7GlknGA => C:\Users\MARY\AppData\Roaming\lZYVDvAe7GlknGA.exe [2015-04-20] ()
C:\ProgramData\Uealjikiapa\
Task: {F21AF930-CD54-4C7C-8E32-EC6659280CBF} - System32\Tasks\Uealjikiapa => C:\ProgramData\Uealjikiapa\1.0.5.1\roahihod.exe [2015-09-12] ()
C:\Program Files\Super Optimizer
Task: {70FC46AA-2D39-4C7D-9D16-9BC0AA325078} - System32\Tasks\Super Optimizer Schedule => C:\Program Files\Super Optimizer\SupOptLauncher.exe
Task: {736E22C8-C729-4F90-8C34-F25DCC7A5346} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe
C:\Users\MARY\AppData\Roaming\UsA3Y3DGWI8lU6Vg050nkIYOo3C.exe
Task: {76E3C321-3658-4019-9D58-8B329F939D6D} - System32\Tasks\UsA3Y3DGWI8lU6Vg050nkIYOo3C => C:\Users\MARY\AppData\Roaming\UsA3Y3DGWI8lU6Vg050nkIYOo3C.exe [2015-04-20] ()
Task: {7BBB14B0-8B0B-4967-9E44-56EC3892E343} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe
Task: {835DE4E5-7252-43B0-A7C4-BB1F4156AE3E} - System32\Tasks\{B07F6F1E-14FF-4497-B91E-244E941C3906} =>
Task: {8674EF86-B7BB-4B6B-BDE3-E318CD53A6A0} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-5 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-5.exe

Task: {91F92EE6-5528-4E33-9100-4C4B33CD312F} - System32\Tasks\Driver Support-RTMRules => C:\Program Files\Driver Support\DriverSupport.exe [2015-02-25] (PC Drivers Headquarters)

Task: {9714BF8A-8080-48AD-92AB-B30E653C07DD} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files\Driver Support\DriverSupport.exe [2015-02-25] (PC Drivers Headquarters)
Task: {9939CE21-7680-4521-BF82-714016B002D0} - System32\Tasks\CIMT_daily_S-1-5-21-1063116495-4114681664-2467881189-1000 => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe
Task: {9E0C9FBF-F797-44BE-A138-C0645502454E} - System32\Tasks\Driver Support => C:\Program Files\Driver Support\DriverSupport.exe [2015-02-25] (PC Drivers Headquarters)
C:\Program Files\globalUpdate
Task: {A7D5A3F5-ABF5-4FCE-8A84-42A978E7B09B} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
Task: {A90D8C61-7991-4A36-9DFD-7C17DE92A883} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-5 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-5.exe
C:\Users\MARY\AppData\Roaming\AUSAMRFZ.exe
Task: {A99F0D58-FC5A-4201-9DDF-F63FC28D89C1} - System32\Tasks\AUSAMRFZ => C:\Users\MARY\AppData\Roaming\AUSAMRFZ.exe [2015-04-22] (Com NotificationsV06.03)
Task: {AA869B76-C042-46AB-8DA5-B493C5F43F3E} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-3 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-3.exe
Task: {B1208FC6-BAD5-48EA-98C2-F5B060E52F63} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-1-6 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-1-6.exe
Task: {B438C3D5-36E2-4D59-9290-B0E2A104B4CB} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-6 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-6.exe
C:\Users\MARY\AppData\Roaming\rCiNBy3auXo.exe
Task: {B4F42752-6D7E-4782-91DE-0E5F67BE2F9C} - System32\Tasks\rCiNBy3auXo => C:\Users\MARY\AppData\Roaming\rCiNBy3auXo.exe [2015-04-20] ()  
Task: {BAC4E452-4414-4153-A73F-5B5A609156D9} - System32\Tasks\Driver Support-RTMScanRunOnce => C:\Program Files\Driver Support\DriverSupport.exe [2015-02-25] (PC Drivers Headquarters)
Task: {C34D26E7-6BD0-4ED4-94CE-3299B18A95C9} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-5_user => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-5.exe
Task: {C5F73BAA-C95E-47CF-9E93-00F80F49FB56} - System32\Tasks\{F43F2B65-EFB7-47DA-A405-7D009276CBF6} =>
C:\Program Files\OLBPre\
Task: {C86953BE-573B-4B36-A783-79B7C58F07A6} - System32\Tasks\LaunchPreSignup => C:\Program Files\OLBPre\OLBPre.exe
Task: {CFA3551F-2BEB-462E-B545-8D29938BD2E8} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-6 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-6.exe
C:\Program Files\version42BlockAndSurf
Task: {DC2772C6-416D-4CAF-9249-1332D2DA130B} - System32\Tasks\BlockAndSurf Update => C:\Program Files\version42BlockAndSurf\J4BlockAndSurfJ52.exe
C:\Windows\SysFilesController
Task: {DF2F4954-71FE-4473-BB20-66F872E55B2A} - System32\Tasks\SysHealth_Controller_Mon => C:\Windows\SysFilesController\SysFiles_backup.exe
Task: {E19CCB3A-2772-4047-BF02-1B23D102779C} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-1-6 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-1-6.exe
Task: {E323391E-F9E5-4F78-82E3-EEAFF454E096} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-10_user => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-10.exe
C:\Program Files\Driver Support\
Task: {E38F887F-48B4-4512-9F02-8038F9B55FB8} - System32\Tasks\Driver Support-RTMScan => C:\Program Files\Driver Support\DriverSupport.exe [2015-02-25] (PC Drivers Headquarters)
Task: {17F8A98E-5A8E-4670-B444-57ED0BAFE7FF} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-1-7 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-1-7.exe
C:\Users\MARY\AppData\Roaming\smmDQbZEFSzBQ.exe
Task: {191CE1CA-EAC0-491F-A4B6-D9BDE779D5A6} - System32\Tasks\smmDQbZEFSzBQ => C:\Users\MARY\AppData\Roaming\smmDQbZEFSzBQ.exe [2015-04-20] ()
C:\Users\MARY\AppData\Roaming\klJfmcRT9KGJYtK7B2C6UoSz.exe
Task: {19C51564-AC56-4CC7-AC44-C25DA274BB70} - System32\Tasks\klJfmcRT9KGJYtK7B2C6UoSz => C:\Users\MARY\AppData\Roaming\klJfmcRT9KGJYtK7B2C6UoSz.exe [2015-04-20] ()
Task: {20458735-7785-4BD9-BF33-ECC5B26E0564} - System32\Tasks\CIMT_S-1-5-21-1063116495-4114681664-2467881189-1000 => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe
Task: {45277F59-2FBC-4C50-89CC-2820A75BD2A0} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-7 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-7.exe
Task: {47C47F5E-16D8-40D2-B60C-9E48A6A3D453} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files\Optimizer Pro 3.84\OptProLauncher.exe
Task: {488E69F8-673E-4DB3-B064-1F9940CFF0BA} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-1-7 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-1-7.exe
C:\Program Files\AnyProtectEx
Task: {4EAF1B5B-1C47-45C9-8303-5AF95B889A5A} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: {5535DADC-9EF5-4EDE-8B21-B5E80E6B3CCE} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: {5C913260-1F2A-4940-863F-01FBF52EBB73} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe
C:\Program Files\Com NotificationsV06.03
Task: {5D7EE71C-9BDE-4122-9CD4-DB4D034B2DD9} - System32\Tasks\20d13ed4-3ff8-43fa-b399-700ada086a92-5_user => C:\Program Files\Com NotificationsV06.03\20d13ed4-3ff8-43fa-b399-700ada086a92-5.exe
C:\Users\MARY\AppData\Roaming\4nWD0DuQtXtajdhhOyIO1Kts.exe
Task: {5EC7FBD8-F108-4497-8345-C656286E237E} - System32\Tasks\4nWD0DuQtXtajdhhOyIO1Kts => C:\Users\MARY\AppData\Roaming\4nWD0DuQtXtajdhhOyIO1Kts.exe [2015-04-20] ()
Task: {60C61365-D379-4816-8D2E-AC26153C66D2} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.
Task: {61038F00-2F67-4BAF-A365-2EF886A97DB0} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-4 => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-4.exe
Task: {61A6D69F-79B7-49BB-959F-1D6E563637B6} - System32\Tasks\20d13ed4-3ff8-43fa-b399-700ada086a92-10_user => C:\Program Files\Com NotificationsV06.03\20d13ed4-3ff8-43fa-b399-700ada086a92-10.exe
Task: {652757EA-E578-4B6D-AF38-A54461AFBEB9} - System32\Tasks\20d13ed4-3ff8-43fa-b399-700ada086a92-5 => C:\Program Files\Com NotificationsV06.03\20d13ed4-3ff8-43fa-b399-700ada086a92-5.exe
Task: {66A3142A-0475-49E2-A6E3-F250BA198A94} - System32\Tasks\gtaUpt => C:\Program Files\shopperz\zaeed.bat
Task: {66E6C20F-0783-4BC5-B83F-54505853A2B1} - System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-5_user => C:\Program Files\Cinema_Plus_i2V22.04\040e23e2-399d-4610-be58-a134927bb6d0-5.exe
Task: {6B59D703-553F-4965-8BFA-6F9B09DAF70C} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-4 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-4.exe
Task: {6D0EFFC9-940C-4F7E-8420-ADB41A83FAF7} - System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-7 => C:\Program Files\Lights Cinema 1.3betaV22.04\38640837-5c4c-4ce3-a864-69d317525fac-7.exe
R2 gynCCr; C:\ProgramData\OEGUQbEfDfc\gynCCr.exe [2730984 2015-04-22] (Time Lapse Solutions)
S4 Update Steel Cut; "C:\Program Files\Steel Cut\updateSteelCut.exe" [X]
S4 Util Steel Cut; "C:\Program Files\Steel Cut\bin\utilSteelCut.exe" [X]
S1 {62bf0628-5809-49d1-9eee-14fa45047c7b}t; system32\drivers\{62bf0628-5809-49d1-9eee-14fa45047c7b}t.sys [X]
S1 {6dfc5aca-15d7-49c9-89a5-7df5102d7909}t; system32\drivers\{6dfc5aca-15d7-49c9-89a5-7df5102d7909}t.sys [X]
S1 {6eab28b9-4079-4e33-afb7-c332c7d8e930}Gt; system32\drivers\{6eab28b9-4079-4e33-afb7-c332c7d8e930}Gt.sys [X]
S1 {7929dd67-6f70-43ee-9cc7-c3b1ebca3d6c}Gt; system32\drivers\{7929dd67-6f70-43ee-9cc7-c3b1ebca3d6c}Gt.sys [X]
S1 {8a6c5cb0-8029-45d5-81ec-3d760f3f2e68}t; system32\drivers\{8a6c5cb0-8029-45d5-81ec-3d760f3f2e68}t.sys [X]
S1 {b75bf4f2-b9e7-4446-be16-8fafc15eb88d}t; system32\drivers\{b75bf4f2-b9e7-4446-be16-8fafc15eb88d}t.sys [X]
S1 {c979301f-1894-4c06-9f58-e9aca8d65afc}t; system32\drivers\{c979301f-1894-4c06-9f58-e9aca8d65afc}t.sys [X]
CreateRestorePoint:
EmptyTemp:
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} => value removed successfully.
HKCR\CLSID\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} => key not found.
"C:\Program Files\Cinema_Plus_i2V22.04" => File/Folder not found.
"C:\Program Files\Lights Cinema 1.3betaV22.04" => File/Folder not found.
"C:\Program Files\shopperz" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F531AC53-AB20-4434-9FC8-5288DADA0766}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F531AC53-AB20-4434-9FC8-5288DADA0766}" => key removed successfully.
C:\Windows\System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-3 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\38640837-5c4c-4ce3-a864-69d317525fac-3" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F62B6D32-9048-45D1-BE7E-98F0A1DB8B64}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F62B6D32-9048-45D1-BE7E-98F0A1DB8B64}" => key removed successfully.
C:\Windows\System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-10_user => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\040e23e2-399d-4610-be58-a134927bb6d0-10_user" => key removed successfully.
C:\Users\MARY\AppData\Roaming\4nWD0DuQtXtajdhhOyIO1Kts.exe => moved successfully
C:\Windows\Tasks\4nWD0DuQtXtajdhhOyIO1Kts.job => moved successfully
C:\Users\MARY\AppData\Roaming\AUSAMRFZ.exe => moved successfully
C:\Windows\Tasks\AUSAMRFZ.job => moved successfully
"C:\Program Files\Consumer Input" => File/Folder not found.
C:\Windows\Tasks\CIMT_daily_S-1-5-21-1063116495-4114681664-2467881189-1000.job => moved successfully
C:\Windows\Tasks\CIMT_S-1-5-21-1063116495-4114681664-2467881189-1000.job => moved successfully
C:\Users\MARY\AppData\Roaming\klJfmcRT9KGJYtK7B2C6UoSz.exe => moved successfully
C:\Windows\Tasks\klJfmcRT9KGJYtK7B2C6UoSz.job => moved successfully
C:\Users\MARY\AppData\Roaming\lZYVDvAe7GlknGA.exe => moved successfully
C:\Windows\Tasks\lZYVDvAe7GlknGA.job => moved successfully
C:\Users\MARY\AppData\Roaming\rCiNBy3auXo.exe => moved successfully
C:\Windows\Tasks\rCiNBy3auXo.job => moved successfully
C:\Users\MARY\AppData\Roaming\smmDQbZEFSzBQ.exe => moved successfully
C:\Windows\Tasks\smmDQbZEFSzBQ.job => moved successfully
C:\Users\MARY\AppData\Roaming\UsA3Y3DGWI8lU6Vg050nkIYOo3C.exe => moved successfully
C:\Windows\Tasks\UsA3Y3DGWI8lU6Vg050nkIYOo3C.job => moved successfully
C:\ProgramData\TEMP => ":6B50A605" ADS removed successfully..
C:\ProgramData\TEMP => ":E428B9D4" ADS removed successfully..
"C:\ProgramData\3eb60c6783df4497a1bcc48c5ac778c7" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3B0768B-67BB-4379-94A5-98F1E77B1A54}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3B0768B-67BB-4379-94A5-98F1E77B1A54}" => key removed successfully.
C:\Windows\System32\Tasks\KMPOFPUXOY => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMPOFPUXOY" => key removed successfully.
"C:\Users\MARY\AppData\Roaming\lZYVDvAe7GlknGA.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E72AA5F8-7632-4789-A46B-CC6B36F82B85}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E72AA5F8-7632-4789-A46B-CC6B36F82B85}" => key removed successfully.
C:\Windows\System32\Tasks\lZYVDvAe7GlknGA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\lZYVDvAe7GlknGA" => key removed successfully.
C:\ProgramData\Uealjikiapa => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F21AF930-CD54-4C7C-8E32-EC6659280CBF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F21AF930-CD54-4C7C-8E32-EC6659280CBF}" => key removed successfully.
C:\Windows\System32\Tasks\Uealjikiapa => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uealjikiapa" => key removed successfully.
"C:\Program Files\Super Optimizer" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{70FC46AA-2D39-4C7D-9D16-9BC0AA325078}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70FC46AA-2D39-4C7D-9D16-9BC0AA325078}" => key removed successfully.
C:\Windows\System32\Tasks\Super Optimizer Schedule => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{736E22C8-C729-4F90-8C34-F25DCC7A5346}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{736E22C8-C729-4F90-8C34-F25DCC7A5346}" => key removed successfully.
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA" => key removed successfully.
"C:\Users\MARY\AppData\Roaming\UsA3Y3DGWI8lU6Vg050nkIYOo3C.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{76E3C321-3658-4019-9D58-8B329F939D6D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76E3C321-3658-4019-9D58-8B329F939D6D}" => key removed successfully.
C:\Windows\System32\Tasks\UsA3Y3DGWI8lU6Vg050nkIYOo3C => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UsA3Y3DGWI8lU6Vg050nkIYOo3C" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7BBB14B0-8B0B-4967-9E44-56EC3892E343}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BBB14B0-8B0B-4967-9E44-56EC3892E343}" => key removed successfully.
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{835DE4E5-7252-43B0-A7C4-BB1F4156AE3E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{835DE4E5-7252-43B0-A7C4-BB1F4156AE3E}" => key removed successfully.
C:\Windows\System32\Tasks\{B07F6F1E-14FF-4497-B91E-244E941C3906} => => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B07F6F1E-14FF-4497-B91E-244E941C3906} => => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8674EF86-B7BB-4B6B-BDE3-E318CD53A6A0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8674EF86-B7BB-4B6B-BDE3-E318CD53A6A0}" => key removed successfully.
C:\Windows\System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-5 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\040e23e2-399d-4610-be58-a134927bb6d0-5" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91F92EE6-5528-4E33-9100-4C4B33CD312F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91F92EE6-5528-4E33-9100-4C4B33CD312F}" => key removed successfully.
C:\Windows\System32\Tasks\Driver Support-RTMRules => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMRules" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9714BF8A-8080-48AD-92AB-B30E653C07DD}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9714BF8A-8080-48AD-92AB-B30E653C07DD}" => key removed successfully.
C:\Windows\System32\Tasks\Driver Support-RTMUpdater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMUpdater" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9939CE21-7680-4521-BF82-714016B002D0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9939CE21-7680-4521-BF82-714016B002D0}" => key removed successfully.
C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-1063116495-4114681664-2467881189-1000 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-1063116495-4114681664-2467881189-1000" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9E0C9FBF-F797-44BE-A138-C0645502454E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E0C9FBF-F797-44BE-A138-C0645502454E}" => key removed successfully.
C:\Windows\System32\Tasks\Driver Support => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support" => key removed successfully.
"C:\Program Files\globalUpdate" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7D5A3F5-ABF5-4FCE-8A84-42A978E7B09B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7D5A3F5-ABF5-4FCE-8A84-42A978E7B09B}" => key removed successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A90D8C61-7991-4A36-9DFD-7C17DE92A883}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A90D8C61-7991-4A36-9DFD-7C17DE92A883}" => key removed successfully.
C:\Windows\System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-5 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\38640837-5c4c-4ce3-a864-69d317525fac-5" => key removed successfully.
"C:\Users\MARY\AppData\Roaming\AUSAMRFZ.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A99F0D58-FC5A-4201-9DDF-F63FC28D89C1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A99F0D58-FC5A-4201-9DDF-F63FC28D89C1}" => key removed successfully.
C:\Windows\System32\Tasks\AUSAMRFZ => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AUSAMRFZ" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AA869B76-C042-46AB-8DA5-B493C5F43F3E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA869B76-C042-46AB-8DA5-B493C5F43F3E}" => key removed successfully.
C:\Windows\System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-3 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\040e23e2-399d-4610-be58-a134927bb6d0-3" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B1208FC6-BAD5-48EA-98C2-F5B060E52F63}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1208FC6-BAD5-48EA-98C2-F5B060E52F63}" => key removed successfully.
C:\Windows\System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-1-6 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\38640837-5c4c-4ce3-a864-69d317525fac-1-6" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B438C3D5-36E2-4D59-9290-B0E2A104B4CB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B438C3D5-36E2-4D59-9290-B0E2A104B4CB}" => key removed successfully.
C:\Windows\System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-6 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\040e23e2-399d-4610-be58-a134927bb6d0-6" => key removed successfully.
"C:\Users\MARY\AppData\Roaming\rCiNBy3auXo.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B4F42752-6D7E-4782-91DE-0E5F67BE2F9C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4F42752-6D7E-4782-91DE-0E5F67BE2F9C}" => key removed successfully.
C:\Windows\System32\Tasks\rCiNBy3auXo => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\rCiNBy3auXo" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAC4E452-4414-4153-A73F-5B5A609156D9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAC4E452-4414-4153-A73F-5B5A609156D9}" => key removed successfully.
C:\Windows\System32\Tasks\Driver Support-RTMScanRunOnce => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMScanRunOnce" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C34D26E7-6BD0-4ED4-94CE-3299B18A95C9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C34D26E7-6BD0-4ED4-94CE-3299B18A95C9}" => key removed successfully.
C:\Windows\System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-5_user => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\38640837-5c4c-4ce3-a864-69d317525fac-5_user" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5F73BAA-C95E-47CF-9E93-00F80F49FB56}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5F73BAA-C95E-47CF-9E93-00F80F49FB56}" => key removed successfully.
C:\Windows\System32\Tasks\{F43F2B65-EFB7-47DA-A405-7D009276CBF6} => => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F43F2B65-EFB7-47DA-A405-7D009276CBF6} => => key not found.
"C:\Program Files\OLBPre" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C86953BE-573B-4B36-A783-79B7C58F07A6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C86953BE-573B-4B36-A783-79B7C58F07A6}" => key removed successfully.
C:\Windows\System32\Tasks\LaunchPreSignup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CFA3551F-2BEB-462E-B545-8D29938BD2E8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFA3551F-2BEB-462E-B545-8D29938BD2E8}" => key removed successfully.
C:\Windows\System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-6 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\38640837-5c4c-4ce3-a864-69d317525fac-6" => key removed successfully.
"C:\Program Files\version42BlockAndSurf" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DC2772C6-416D-4CAF-9249-1332D2DA130B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC2772C6-416D-4CAF-9249-1332D2DA130B}" => key removed successfully.
C:\Windows\System32\Tasks\BlockAndSurf Update => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BlockAndSurf Update" => key removed successfully.
"C:\Windows\SysFilesController" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF2F4954-71FE-4473-BB20-66F872E55B2A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF2F4954-71FE-4473-BB20-66F872E55B2A}" => key removed successfully.
C:\Windows\System32\Tasks\SysHealth_Controller_Mon => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SysHealth_Controller_Mon" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E19CCB3A-2772-4047-BF02-1B23D102779C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E19CCB3A-2772-4047-BF02-1B23D102779C}" => key removed successfully.
C:\Windows\System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-1-6 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\040e23e2-399d-4610-be58-a134927bb6d0-1-6" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E323391E-F9E5-4F78-82E3-EEAFF454E096}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E323391E-F9E5-4F78-82E3-EEAFF454E096}" => key removed successfully.
C:\Windows\System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-10_user => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\38640837-5c4c-4ce3-a864-69d317525fac-10_user" => key removed successfully.
C:\Program Files\Driver Support => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E38F887F-48B4-4512-9F02-8038F9B55FB8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E38F887F-48B4-4512-9F02-8038F9B55FB8}" => key removed successfully.
C:\Windows\System32\Tasks\Driver Support-RTMScan => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMScan" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{17F8A98E-5A8E-4670-B444-57ED0BAFE7FF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17F8A98E-5A8E-4670-B444-57ED0BAFE7FF}" => key removed successfully.
C:\Windows\System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-1-7 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\38640837-5c4c-4ce3-a864-69d317525fac-1-7" => key removed successfully.
"C:\Users\MARY\AppData\Roaming\smmDQbZEFSzBQ.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{191CE1CA-EAC0-491F-A4B6-D9BDE779D5A6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{191CE1CA-EAC0-491F-A4B6-D9BDE779D5A6}" => key removed successfully.
C:\Windows\System32\Tasks\smmDQbZEFSzBQ => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\smmDQbZEFSzBQ" => key removed successfully.
"C:\Users\MARY\AppData\Roaming\klJfmcRT9KGJYtK7B2C6UoSz.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{19C51564-AC56-4CC7-AC44-C25DA274BB70}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19C51564-AC56-4CC7-AC44-C25DA274BB70}" => key removed successfully.
C:\Windows\System32\Tasks\klJfmcRT9KGJYtK7B2C6UoSz => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\klJfmcRT9KGJYtK7B2C6UoSz" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20458735-7785-4BD9-BF33-ECC5B26E0564}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20458735-7785-4BD9-BF33-ECC5B26E0564}" => key removed successfully.
C:\Windows\System32\Tasks\CIMT_S-1-5-21-1063116495-4114681664-2467881189-1000 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-1063116495-4114681664-2467881189-1000" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{45277F59-2FBC-4C50-89CC-2820A75BD2A0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45277F59-2FBC-4C50-89CC-2820A75BD2A0}" => key removed successfully.
C:\Windows\System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-7 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\040e23e2-399d-4610-be58-a134927bb6d0-7" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{47C47F5E-16D8-40D2-B60C-9E48A6A3D453}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47C47F5E-16D8-40D2-B60C-9E48A6A3D453}" => key removed successfully.
C:\Windows\System32\Tasks\Optimizer Pro Schedule => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{488E69F8-673E-4DB3-B064-1F9940CFF0BA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{488E69F8-673E-4DB3-B064-1F9940CFF0BA}" => key removed successfully.
C:\Windows\System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-1-7 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\040e23e2-399d-4610-be58-a134927bb6d0-1-7" => key removed successfully.
"C:\Program Files\AnyProtectEx" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EAF1B5B-1C47-45C9-8303-5AF95B889A5A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EAF1B5B-1C47-45C9-8303-5AF95B889A5A}" => key removed successfully.
C:\Windows\System32\Tasks\APSnotifierPP3 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5535DADC-9EF5-4EDE-8B21-B5E80E6B3CCE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5535DADC-9EF5-4EDE-8B21-B5E80E6B3CCE}" => key removed successfully.
C:\Windows\System32\Tasks\APSnotifierPP2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C913260-1F2A-4940-863F-01FBF52EBB73}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C913260-1F2A-4940-863F-01FBF52EBB73}" => key removed successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => key removed successfully.
"C:\Program Files\Com NotificationsV06.03" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D7EE71C-9BDE-4122-9CD4-DB4D034B2DD9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D7EE71C-9BDE-4122-9CD4-DB4D034B2DD9}" => key removed successfully.
C:\Windows\System32\Tasks\20d13ed4-3ff8-43fa-b399-700ada086a92-5_user => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\20d13ed4-3ff8-43fa-b399-700ada086a92-5_user" => key removed successfully.
"C:\Users\MARY\AppData\Roaming\4nWD0DuQtXtajdhhOyIO1Kts.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5EC7FBD8-F108-4497-8345-C656286E237E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EC7FBD8-F108-4497-8345-C656286E237E}" => key removed successfully.
C:\Windows\System32\Tasks\4nWD0DuQtXtajdhhOyIO1Kts => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4nWD0DuQtXtajdhhOyIO1Kts" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{60C61365-D379-4816-8D2E-AC26153C66D2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60C61365-D379-4816-8D2E-AC26153C66D2}" => key removed successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{61038F00-2F67-4BAF-A365-2EF886A97DB0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61038F00-2F67-4BAF-A365-2EF886A97DB0}" => key removed successfully.
C:\Windows\System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-4 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\040e23e2-399d-4610-be58-a134927bb6d0-4" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{61A6D69F-79B7-49BB-959F-1D6E563637B6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61A6D69F-79B7-49BB-959F-1D6E563637B6}" => key removed successfully.
C:\Windows\System32\Tasks\20d13ed4-3ff8-43fa-b399-700ada086a92-10_user => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\20d13ed4-3ff8-43fa-b399-700ada086a92-10_user" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{652757EA-E578-4B6D-AF38-A54461AFBEB9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{652757EA-E578-4B6D-AF38-A54461AFBEB9}" => key removed successfully.
C:\Windows\System32\Tasks\20d13ed4-3ff8-43fa-b399-700ada086a92-5 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\20d13ed4-3ff8-43fa-b399-700ada086a92-5" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66A3142A-0475-49E2-A6E3-F250BA198A94}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66A3142A-0475-49E2-A6E3-F250BA198A94}" => key removed successfully.
C:\Windows\System32\Tasks\gtaUpt => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gtaUpt" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{66E6C20F-0783-4BC5-B83F-54505853A2B1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66E6C20F-0783-4BC5-B83F-54505853A2B1}" => key removed successfully.
C:\Windows\System32\Tasks\040e23e2-399d-4610-be58-a134927bb6d0-5_user => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\040e23e2-399d-4610-be58-a134927bb6d0-5_user" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B59D703-553F-4965-8BFA-6F9B09DAF70C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B59D703-553F-4965-8BFA-6F9B09DAF70C}" => key removed successfully.
C:\Windows\System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-4 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\38640837-5c4c-4ce3-a864-69d317525fac-4" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6D0EFFC9-940C-4F7E-8420-ADB41A83FAF7}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D0EFFC9-940C-4F7E-8420-ADB41A83FAF7}" => key removed successfully.
C:\Windows\System32\Tasks\38640837-5c4c-4ce3-a864-69d317525fac-7 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\38640837-5c4c-4ce3-a864-69d317525fac-7" => key removed successfully.
gynCCr => service removed successfully.
Update Steel Cut => service removed successfully.
Util Steel Cut => service removed successfully.
{62bf0628-5809-49d1-9eee-14fa45047c7b}t => service removed successfully.
{6dfc5aca-15d7-49c9-89a5-7df5102d7909}t => service removed successfully.
{6eab28b9-4079-4e33-afb7-c332c7d8e930}Gt => service removed successfully.
{7929dd67-6f70-43ee-9cc7-c3b1ebca3d6c}Gt => service removed successfully.
{8a6c5cb0-8029-45d5-81ec-3d760f3f2e68}t => service removed successfully.
{b75bf4f2-b9e7-4446-be16-8fafc15eb88d}t => service removed successfully.
{c979301f-1894-4c06-9f58-e9aca8d65afc}t => service removed successfully.
Restore point was successfully created.
EmptyTemp: => 1.3 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 07:01:38 ====


FRST.TXT:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-09-2015
Ran by MARY (administrator) on MARY-LT (17-09-2015 07:20:22)
Running from C:\Users\MARY\Desktop
Loaded Profiles: MARY (Available Profiles: MARY & Baby & Guest)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(                                                                                                    ) C:\Windows\Temp\mrt8DEC.tmp\stdrt.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(WebEx Communications, Inc.) C:\Windows\System32\atashost.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAO.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
() C:\TOSHIBA\IVP\ISM\pinger.exe
() C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(WinZip Computing, S.L. (WinZip Computing)) C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Teleca Sweden AB) C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(NetZero, Inc.) C:\Program Files\NetZero\exec.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(NetZero, Inc.) C:\Program Files\NetZero\exec.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Teleca Sweden AB) C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
(Popwire AB) C:\Program Files\Common Files\Teleca Shared\logger.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Teleca AB) C:\Program Files\Common Files\Teleca Shared\Generic.exe
(Teleca) C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
(Teleca Sweden AB) C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
(Teleca AB) C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
(TODO: <Company name>) C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\LU\LuLnchr.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [448080 2007-06-16] (TOSHIBA Corporation)
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [Mobile Connectivity Suite] => C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe [598016 2009-11-19] (Teleca Sweden AB)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [337440 2013-06-25] (McAfee, Inc.)
HKLM\...\Run: [LTCM Client] => C:\Program Files\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [76304 2008-12-18] (Logitech, Inc.)
HKLM\...\Run: [jswtrayutil] => "C:\Program Files\Jumpstart\jswtrayutil.exe"
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-11-01] (TOSHIBA Corporation)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-05-05] (Google)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [cfFncEnabler.exe] => cfFncEnabler.exe
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-04-29] (Chicony)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-03-19] (TOSHIBA Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-13] (Google Inc.)
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\Run: [NetZero_uoltray] => C:\Program Files\NetZero\exec.exe [1700864 2008-02-27] (NetZero, Inc.)
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll => c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [112128 2008-05-05] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2015-09-13]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50
Tcpip\..\Interfaces\{4905BA70-DFD9-4CB9-9E67-3A0F36D65178}: [DhcpNameServer] 192.168.100.254
Tcpip\..\Interfaces\{8FBCCC07-2F34-4DD1-B98C-4023EB418FA5}: [DhcpNameServer] 24.116.0.53 24.116.2.50

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://www.yahoo.com
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKLM - Dogpile Toolbar - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll [2009-05-26] ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000 -> Dogpile Toolbar - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll [2009-05-26] ()
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default
FF Homepage: about:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2009-04-28] (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin: @worldwinner.com/Launcher2,version=1.9.0.23 -> C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll [2010-03-16] (WorldWinner.com, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-16]
FF Extension: Steel Cut 1.0.1 - C:\Users\MARY\AppData\Roaming\Mozilla\Firefox\Profiles\4cli095a.default\Extensions\{7929dd67-6f70-43ee-9cc7-c3b1ebca3d6c}.xpi [2015-04-22]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-08-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-08-26]
FF Extension: Healthcare Gov Tool - C:\Program Files\Mozilla Firefox\extensions\healthcare@healthcaregovtool.com.xpi [2015-03-31]
FF Extension: Healthcare Gov Tool - C:\Program Files\Mozilla Firefox\browser\extensions\healthcare@healthcaregovtool.com.xpi [2015-03-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-02]
FF HKLM\...\Firefox\Extensions: [myspacefftb@myspace.com] - C:\Program Files\MySpace\Toolbar\1.0.72.0
FF Extension: MySpace Toolbar for Windows - C:\Program Files\MySpace\Toolbar\1.0.72.0 [2010-05-16]
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files\Common Files\McAfee\SystemCore [2015-08-19]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Steel Cut) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnmnjlidlhicjbeaidocohikobfelhp [2015-04-22]
CHR Extension: (Google Docs) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-06]
CHR Extension: (Google Drive) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-06]
CHR Extension: (YouTube) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-06]
CHR Extension: (Google Search) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-07]
CHR Extension: (Announcify) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiolkcfamcbpoandjpnefiegkcpeoan [2015-05-20]
CHR Extension: (Google Wallet) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-06]
CHR Extension: (Gmail) - C:\Users\MARY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

S2 Adobe Licensing Console; C:\Windows\System32\lnsecsl.exe [1202396 2015-04-22] (                                                                                                    ) <==== ATTENTION
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION)
R2 DSAO; C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe [2029008 2015-08-05] (PC Drivers HeadQuarters LP)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-11] (WildTangent)
S3 GoogleDesktopManager-022208-143751; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-05-05] (Google)
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [130080 2013-06-25] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [204320 2015-08-19] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [208416 2014-01-15] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [174968 2015-08-19] (McAfee, Inc.)
R2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba)
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 WINZIPSSDiskOptimizer; C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe [268072 2013-02-13] (WinZip Computing, S.L. (WinZip Computing))

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CDRPDACC; C:\Program Files\321Studios\DVDXTREME\Shared\CDRPDACC.SYS [5273 2003-10-30] (Arrowkey)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [134472 2015-08-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236480 2015-08-19] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [66408 2015-08-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [573136 2015-08-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [93144 2015-08-19] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [213872 2015-08-19] (McAfee, Inc.)
S3 SQTECH9051; C:\Windows\System32\Drivers\Capt9051.sys [41216 2008-04-11] (Service & Quality Technology.)
S3 SVRPEDRV; C:\Windows\System32\sysprep\PEDrv.sys [9216 2008-01-18] (Inventec Corporation)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U3 mfeavfk01; no ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-17 06:58 - 2015-09-17 06:58 - 00000000 ____D C:\Users\MARY\Desktop\FRST-OlderVersion
2015-09-17 06:56 - 2015-09-17 06:56 - 00000120 _____ C:\Users\MARY\Desktop\vtResult.txt
2015-09-17 06:40 - 2015-09-17 06:40 - 00000000 ____D C:\Program Files\Veloxum
2015-09-16 19:02 - 2015-09-16 19:04 - 00063389 _____ C:\Users\MARY\Desktop\Addition.txt
2015-09-16 18:59 - 2015-09-17 07:20 - 00020916 _____ C:\Users\MARY\Desktop\FRST.txt
2015-09-16 18:53 - 2015-09-16 18:53 - 00008594 _____ C:\Users\MARY\Desktop\AdwCleaner[C2].txt
2015-09-16 18:32 - 2015-09-16 18:32 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-09-16 18:24 - 2015-09-16 18:18 - 01660416 _____ C:\AdwCleaner.exe
2015-09-16 05:39 - 2015-09-16 05:33 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\MARY\Desktop\tdsskiller.exe
2015-09-14 22:20 - 2015-09-14 22:20 - 00000000 ____D C:\32788R22FWJFW
2015-09-14 03:08 - 2015-07-10 09:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-13 19:02 - 2015-09-16 18:49 - 00000000 ____D C:\AdwCleaner
2015-09-13 15:23 - 2015-09-13 15:23 - 00001028 _____ C:\Users\MARY\Desktop\Revo Uninstaller.lnk
2015-09-13 14:25 - 2015-08-13 09:15 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-09-13 14:25 - 2015-08-13 09:15 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-09-13 14:24 - 2015-09-02 16:26 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-13 14:24 - 2015-09-02 16:26 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-13 14:21 - 2015-09-02 16:26 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-13 14:21 - 2015-09-02 14:55 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-13 14:21 - 2015-09-02 14:54 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-13 14:19 - 2015-08-05 10:59 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-13 08:26 - 2015-09-13 15:23 - 00000000 ____D C:\Program Files\VS Revo Group
2015-09-12 22:56 - 2015-09-17 07:20 - 00000000 ____D C:\FRST
2015-09-12 22:56 - 2015-09-17 06:58 - 01695232 _____ (Farbar) C:\Users\MARY\Desktop\FRST.exe
2015-09-12 19:40 - 2015-07-21 15:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-12 19:40 - 2015-07-21 11:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-09-12 19:40 - 2015-07-21 11:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-09-12 19:40 - 2015-07-21 11:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-09-12 19:40 - 2015-07-21 11:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-09-12 19:40 - 2015-07-21 11:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-12 19:40 - 2015-07-21 11:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-09-12 19:39 - 2015-07-21 11:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-12 19:39 - 2015-07-03 11:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-09-12 19:35 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-12 19:21 - 2009-08-04 03:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2015-09-12 19:18 - 2015-06-17 11:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-09-12 19:18 - 2015-06-17 10:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-09-12 19:17 - 2015-06-12 11:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-12 19:11 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-09-12 19:11 - 2015-04-24 10:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-09-12 19:05 - 2015-07-11 10:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-09-12 18:37 - 2015-09-12 18:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01007.Wdf
2015-09-12 18:34 - 2015-07-18 11:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-09-12 18:29 - 2015-05-31 03:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-09-12 18:28 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-09-12 18:28 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-09-12 18:28 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-09-12 18:28 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-09-12 18:28 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-09-12 18:28 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-09-12 18:27 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-09-12 18:27 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-09-12 18:27 - 2015-07-31 15:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-09-12 18:24 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-09-12 18:24 - 2015-06-27 11:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-12 18:24 - 2015-06-27 11:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-12 18:24 - 2015-06-27 11:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-12 18:24 - 2015-06-27 11:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-12 18:24 - 2015-06-27 09:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-12 18:24 - 2015-06-27 09:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-12 18:24 - 2015-06-12 08:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-12 18:24 - 2015-05-08 18:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-12 18:24 - 2015-01-08 19:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-12 18:23 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-09-12 18:23 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-09-12 18:21 - 2015-08-14 01:24 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-12 18:21 - 2015-08-14 01:23 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-12 18:21 - 2015-08-14 01:23 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-12 18:21 - 2015-08-14 01:23 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-12 18:21 - 2015-08-14 01:23 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-09-12 18:21 - 2015-08-14 01:22 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-09-12 18:21 - 2015-08-14 01:20 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-09-12 18:21 - 2015-08-14 01:20 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-12 18:21 - 2015-08-14 01:19 - 06010880 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-12 18:21 - 2015-08-14 01:19 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-12 18:21 - 2015-08-14 01:19 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-12 18:21 - 2015-08-14 01:19 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-09-12 18:21 - 2015-08-14 01:19 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 11085824 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 02006016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-12 18:21 - 2015-08-14 01:18 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-12 18:21 - 2015-08-14 01:18 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-12 18:21 - 2015-08-14 01:17 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-12 18:21 - 2015-08-14 01:17 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-12 18:21 - 2015-08-14 01:16 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-09-12 18:21 - 2015-08-13 23:41 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-12 18:21 - 2015-08-13 22:04 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-12 18:21 - 2015-08-13 22:04 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-12 18:21 - 2015-08-13 22:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-09-12 18:21 - 2015-08-13 22:02 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-12 18:21 - 2015-05-04 17:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-09-12 18:21 - 2015-05-04 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-09-12 18:21 - 2015-05-04 17:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-09-12 18:21 - 2015-05-04 17:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-09-12 18:21 - 2015-05-04 16:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-09-12 16:46 - 2015-09-12 16:46 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-12 16:46 - 2015-09-12 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-12 16:46 - 2015-09-12 16:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-12 16:46 - 2015-09-12 16:46 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-12 16:46 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-12 16:46 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-12 16:46 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-19 23:13 - 2015-09-13 23:32 - 00000000 ____D C:\Windows\pss
2015-08-19 18:28 - 2015-08-19 18:28 - 00000000 ____D C:\ProgramData\WindowsSearch
2015-08-19 13:01 - 2015-08-19 13:01 - 00000000 ____D C:\Quarantine
2015-08-19 11:01 - 2015-08-19 11:01 - 00000000 ____D C:\Users\MARY\AppData\Roaming\McAfee
2015-08-19 11:00 - 2015-09-13 23:37 - 00262144 _____ C:\Windows\system32\config\ELAM
2015-08-19 10:59 - 2015-08-19 10:55 - 00094080 _____ (McAfee, Inc.) C:\Windows\system32\MfeOtlkAddin.dll
2015-08-19 10:59 - 2015-08-19 10:55 - 00025088 _____ (McAfee, Inc.) C:\Windows\system32\MFEOtlk.dll
2015-08-19 10:58 - 2015-08-19 10:55 - 00573136 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2015-08-19 10:58 - 2015-08-19 10:55 - 00236480 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2015-08-19 10:58 - 2015-08-19 10:55 - 00134472 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
2015-08-19 10:58 - 2015-08-19 10:55 - 00093144 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys
2015-08-19 10:58 - 2015-08-19 10:55 - 00066408 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfebopk.sys
2015-08-19 10:58 - 2015-08-19 10:55 - 00010568 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeclnk.sys
2015-08-19 10:57 - 2015-08-19 10:55 - 00213872 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
2015-08-19 10:57 - 2015-08-19 10:55 - 00174968 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-08-19 10:56 - 2015-08-19 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-08-19 10:52 - 2015-08-19 10:57 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-08-19 10:52 - 2015-08-19 10:52 - 00000000 ____D C:\Program Files\McAfee
2015-08-19 10:49 - 2015-09-16 05:39 - 00000000 ____D C:\Users\MARY\Desktop\TECH

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-17 07:16 - 2010-02-03 18:52 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-17 07:15 - 2009-01-13 07:21 - 01143549 _____ C:\Windows\WindowsUpdate.log
2015-09-17 07:13 - 2013-01-26 20:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-17 07:12 - 2015-04-22 16:59 - 00000105 _____ C:\Windows\system32\get.dat
2015-09-17 07:10 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-17 07:10 - 2006-11-02 07:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-17 07:10 - 2006-11-02 07:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-17 07:09 - 2006-11-02 08:01 - 00032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-17 06:57 - 2010-02-03 18:52 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-14 22:22 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache
2015-09-14 03:18 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-14 03:16 - 2009-01-13 06:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-14 01:13 - 2014-05-03 10:14 - 18744520 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-09-14 01:13 - 2013-01-26 20:34 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-14 01:13 - 2011-08-24 19:48 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-13 23:36 - 2015-04-22 16:23 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-09-13 19:16 - 2015-03-15 09:17 - 00087552 _____ C:\Windows\PFRO.log
2015-09-13 19:10 - 2013-05-19 14:38 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Yahoo!
2015-09-13 19:10 - 2009-03-02 19:03 - 00000000 ____D C:\Users\MARY\AppData\Roaming\Yahoo!
2015-09-13 18:14 - 2011-10-30 11:23 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-09-13 14:30 - 2006-11-02 07:47 - 00390976 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-13 14:27 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-13 14:18 - 2013-07-23 03:01 - 00000000 ____D C:\Windows\system32\MRT
2015-09-13 13:55 - 2015-04-22 14:55 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-09-13 09:38 - 2009-03-02 12:36 - 00000000 ____D C:\Users\MARY
2015-09-12 22:56 - 2006-11-02 05:33 - 00763670 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-12 20:07 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-09-12 19:48 - 2014-03-30 07:09 - 00000000 ____D C:\temp
2015-09-12 19:39 - 2010-06-12 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-12 19:38 - 2010-01-16 01:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-12 18:37 - 2015-04-22 16:23 - 00003869 _____ C:\Windows\setupact.log
2015-08-26 18:36 - 2006-11-02 05:24 - 132039072 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-19 18:28 - 2015-04-22 14:08 - 00000000 ____D C:\ProgramData\AppMgr1.26.3056825
2015-08-19 10:58 - 2009-07-01 11:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-19 10:56 - 2010-08-20 23:24 - 00000000 ____D C:\ProgramData\McAfee
2015-08-19 10:47 - 2014-04-01 20:12 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-08-19 10:45 - 2006-11-02 05:23 - 00000492 _____ C:\Windows\win.ini

==================== Files in the root of some directories =======

2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\MARY\AppData\Roaming\4nWD0DuQtXtajdhhOyIO1Kts
2015-05-25 14:23 - 2015-05-25 14:23 - 0000024 _____ () C:\Users\MARY\AppData\Roaming\appdataFr25.bin
2015-04-28 19:00 - 2015-05-10 05:26 - 0000020 _____ () C:\Users\MARY\AppData\Roaming\appdataFr3.bin
2015-01-25 11:12 - 2015-01-25 11:12 - 0001248 _____ () C:\Users\MARY\AppData\Roaming\AUSAMRFZ
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\MARY\AppData\Roaming\klJfmcRT9KGJYtK7B2C6UoSz
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\MARY\AppData\Roaming\lZYVDvAe7GlknGA
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\MARY\AppData\Roaming\rCiNBy3auXo
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\MARY\AppData\Roaming\smmDQbZEFSzBQ
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\MARY\AppData\Roaming\UsA3Y3DGWI8lU6Vg050nkIYOo3C
2010-05-17 13:38 - 2015-09-13 09:05 - 0000680 _____ () C:\Users\MARY\AppData\Local\d3d9caps.dat
2009-03-02 12:45 - 2015-05-01 01:03 - 0045056 _____ () C:\Users\MARY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-22 16:23 - 2015-04-22 16:23 - 0613255 _____ (CMI Limited) C:\Users\MARY\AppData\Local\nsoCD22.tmp

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe
[2015-05-26 03:16] - [2015-04-10 18:22] - 0279552 ____A (Microsoft Corporation) 4F0A7910FC7D8A66433FA9961EEF8BB5

C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\dnsapi.dll
[2011-06-12 22:26] - [2011-03-02 10:44] - 0168448 ____A (Microsoft Corporation) 85E861D0B88DB2B54ACB0839654C09F7

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


ATTENTION: ==> Could not access BCD.


LastRegBack: 2015-09-17 07:23

==================== End of FRST.txt ============================


ADDITION.TXT:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-09-2015
Ran by MARY (2015-09-17 07:21:30)
Running from C:\Users\MARY\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2009-01-13 12:17:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1063116495-4114681664-2467881189-500 - Administrator - Disabled)
Baby (S-1-5-21-1063116495-4114681664-2467881189-1001 - Limited - Enabled) => C:\Users\Baby
Guest (S-1-5-21-1063116495-4114681664-2467881189-501 - Limited - Enabled) => C:\Users\Guest
MARY (S-1-5-21-1063116495-4114681664-2467881189-1000 - Administrator - Enabled) => C:\Users\MARY

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Out of date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5 - Adobe Systems, Inc.)
Ashtons Family Resort (remove only) (HKLM\...\Ashtons Family Resort) (Version:  - )
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Atheros Wi-Fi Protected Setup Library (HKLM\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version:  - Atheros)
ATI Catalyst Install Manager (HKLM\...\{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
Big Fish Games: Game Manager (HKLM\...\BFGC) (Version: 3.0.1.60 - )
Blokus World Tour (remove only) (HKLM\...\Blokus World Tour) (Version: 3.3.11.8 - )
Blokus World Tour (Version: 3.3.11.8 - Yahoo) Hidden
Boogie Bunnies (Version: 2.2.0.98 - WildTangent) Hidden
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.193.0508L - Chicony Electronics Co.,Ltd.)
Catalyst Control Center - Branding (HKLM\...\{69E5255D-9D43-4CFF-8984-843ABD7753B7}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0422.2139.36895 - ATI) Hidden
CD X Rescue (HKLM\...\CD X Rescue) (Version: 3.2.1 - 321 Studios, Inc.)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Chloe's Dream Resort (Version: 2.2.0.98 - WildTangent) Hidden
Crop Busters (Version: 2.2.0.98 - WildTangent) Hidden
Cubis Gold 2 (HKLM\...\Cubis Gold 2) (Version:  - )
Dancing Craze (Version: 2.2.0.95 - WildTangent) Hidden
Daycare Nightmare mini-monsters (remove only) (HKLM\...\Daycare Nightmare mini-monsters) (Version:  - )
DB VGA Cam (HKLM\...\{A6DE1AAE-B147-4B08-A61C-BA471D86AC4D}) (Version: 1.0 - My Company Name)
Driver Support (HKLM\...\DriverSupport) (Version: 10.0.0.39 - PC Drivers HeadQuarters LP)
Driver Support Active Optimization (Version: 1.0.4.8495 - PC Drivers HeadQuarters LP) Hidden
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVD X Show (HKLM\...\{EEB6382A-0855-41DF-86E6-C87F1745C7AA}) (Version: 2.2 - 321 Studios Inc.)
DVDXMaker2-1 (HKLM\...\{39599050-C604-4B89-AA6D-A62C6392BA70}) (Version: 2.1 - 321 Studios Inc.)
Epson Connect (HKLM\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-400 Series Printer Uninstall (HKLM\...\EPSON XP-400 Series) (Version:  - SEIKO EPSON Corporation)
ezManagerMax 2.0.14 (HKLM\...\ezManagerMax 2.0.14) (Version:  - Animas Corporation)
Farm Frenzy 2 (remove only) (HKLM\...\Farm Frenzy 2) (Version:  - )
Farm Frenzy 3 (remove only) (HKLM\...\Farm Frenzy 3) (Version:  - )
Flower Paradise (remove only) (HKLM\...\Flower Paradise) (Version:  - )
FreeFixer (HKLM\...\FreeFixer1.10) (Version: 1.10 - Kephyr)
FrostWire 4.21.1 (HKLM\...\FrostWire) (Version: 4.21.1.0 - FrostWire, LLC)
GearDrivers (HKLM\...\GearDrivers) (Version:  - )
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
Glowfish (Version: 2.2.0.98 - WildTangent) Hidden
Gold Fever (remove only) (HKLM\...\Gold Fever) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.7.0802.22438 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Great Art (HKLM\...\Great Art) (Version:  - GameHouse, Inc.)
HealthcareGovTool (HKLM\...\HealthcareGovTool) (Version: 1.0.0.0 - healthcaregovtool)
Hobby Farm (Version: 2.2.0.98 - WildTangent) Hidden
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 2.0.7.016 - HTC Corporation)
HTC Sync (HKLM\...\{BC4174D1-7970-40E6-AC57-F095F961FB08}) (Version: 2.0.33 - HTC Corporation)
Ice Cream Craze: Natural Hero (Version: 2.2.0.97 - WildTangent) Hidden
Jane's Dress Up Rush (remove only) (HKLM\...\Jane's Dress Up Rush) (Version:  - )
Java™ 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Java™ 6 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)
Jessica's BowWow Bistro (Version: 2.2.0.98 - WildTangent) Hidden
Jigsaw World (HKLM\...\BFG-Jigsaw World) (Version:  - )
KhalInstallWrapper (Version: 4.72.40 - Logitech) Hidden
LimeWire 5.5.10 (HKLM\...\LimeWire) (Version: 5.5.10 - Lime Wire, LLC)
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.72 - Logitech)
LTCM Client (HKLM\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Luxor 2 (HKLM\...\Luxor 2) (Version: 1.1.0.0 - MumboJumbo)
Mah Jong Medley (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Agent (HKLM\...\{1FDB8EC6-BAF1-42F9-8E09-4D9AB369F1B5}) (Version: 4.8.0.887 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.04001 - McAfee, Inc.)
Memeo AutoBackup (HKLM\...\InstallShield_{68BEE9AE-D577-4CFA-9201-02B0CF288FC5}) (Version: 3.00.3251 - Memeo Inc)
Memeo AutoBackup (Version: 3.00.3251 - Memeo Inc) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Monopoly Tycoon (HKLM\...\{B975F4A1-63B6-11D4-BFEC-005004AF2D32}) (Version:  - )
Moraff's Maximum MahJongg, Volume 3 (HKLM\...\MoraffMahJongg3_is1) (Version:  - MoraffWare)
Mozaki Blocks Deluxe (HKLM\...\{D2DEA9D8-2C39-42DA-B2A8-E91AF5D09490}) (Version: 1.0.0 - MumboJumbo, LLC)
Mozilla Firefox 7.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 7.0.1 (x86 en-US)) (Version: 7.0.1 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySpace Toolbar (HKLM\...\MySpaceToolbar) (Version: 1.0.72.0 - MySpace.com)
Nero 7 Ultra Edition (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
NetZero Internet (HKLM\...\{6c651250-2eb2-11d5-8e33-0050dad72ac2}) (Version: NetZero QuickStart - NetZero, Inc.)
NVIDIA PhysX v8.10.29 (HKLM\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OneTouch USB Driver (HKLM\...\{E08EC542-BC5F-4F26-BBB9-E426BA007A31}) (Version: 2.0 - LifeScan)
Paradise Quest (remove only) (HKLM\...\Paradise Quest) (Version:  - )
Path to Success (Version: 2.2.0.98 - WildTangent) Hidden
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
PL-2303 Vista Driver Installer (HKLM\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.0.1.0 - Prolific)
Profitville (remove only) (HKLM\...\Profitville) (Version:  - )
Project Rescue: Africa! (Version: 2.2.0.98 - WildTangent) Hidden
QuickBooks Financial Center (HKLM\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.00.0000 - Intuit Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Rescue Frenzy (Version: 2.2.0.98 - WildTangent) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safari Island (Version: 2.2.0.98 - WildTangent) Hidden
Sally's Quick Clips (Version: 2.2.0.98 - WildTangent) Hidden
Shape Shifter (HKLM\...\Shape Shifter) (Version:  - GameHouse, Inc.)
Skins (Version: 2008.0422.2139.36895 - ATI) Hidden
Slingo Mystery - Who's Gold? (remove only) (HKLM\...\Slingo Mystery - Who's Gold?) (Version:  - )
Software Updater (HKLM\...\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474}) (Version: 4.3.6 - SEIKO EPSON CORPORATION)
Stand O'Food 3 (Version: 2.2.0.98 - WildTangent) Hidden
Super Jigsaw - Landscapes (remove only) (HKLM\...\Super Jigsaw - Landscapes) (Version:  - )
Super Jigsaw - Puppies (remove only) (HKLM\...\Super Jigsaw - Puppies) (Version:  - )
Super Jigsaw Caboodle (remove only) (HKLM\...\Super Jigsaw Caboodle) (Version:  - )
Supermarket Management 2 (Version: 2.2.0.98 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
Tetris Worlds (HKLM\...\Tetris Worlds) (Version:  - )
The Dark Knight Photo Editor (HKLM\...\{75633187-A6F5-4FD5-AB3F-0530802A2D5B}) (Version:  - Digital Blue)
Tiny Token Empires™ (Version: 2.2.0.98 - WildTangent) Hidden
TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.15 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.30.12 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 2.0.2.32 - TOSHIBA)
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - )
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA Corporation)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.19 - TOSHIBA Corporation)
Ultimate Puzzles 500 (HKLM\...\Ultimate Puzzles 500) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
Virtual Farm 2 (Version: 2.2.0.98 - WildTangent) Hidden
WebEx (HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\ActiveTouchMeetingClient) (Version:  - WebEx Communications, Inc)
Wheel Of Fortune 2 (remove only) (HKLM\...\Wheel Of Fortune 2) (Version:  - )
WildTangent Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
WildTangent Games (HKLM\...\WildTangent wildgames Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Version: 4.0.11.7 - WildTangent) Hidden
WinZip System Utilities Suite (HKLM\...\{73370408-B80E-4509-B9AF-957E2E0F512F}_is1) (Version: 2.0.648.13214 - WinZip Computing, S.L. (WinZip Computing))
WorldWinner Games (HKLM\...\{230B9098-A165-491F-B499-8F41AA7139F6}) (Version: 1.9.0.23 - WorldWinner.com, Inc.)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Youda Farmer 3: Seasons (Version: 2.2.0.98 - WildTangent) Hidden
ZIMO (Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130000-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltocx13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130005-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltocx13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130007-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltocx13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130060-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltdlg13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130064-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltdlg13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130065-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltdlg13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130066-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltdlg13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130068-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltdlg13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130070-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltscr13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130074-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltscr13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130075-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltscr13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130076-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltscr13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130077-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltscr13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130100-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltlst13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130104-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltlst13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130106-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltlst13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130200-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\lttmb13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130204-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\lttmb13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130400-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltodb13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130500-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130505-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130507-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130509-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{0013050B-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{0013050D-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{0013050F-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130511-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltpnt13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130600-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltvec13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130605-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltvec13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130607-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltvec13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130609-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltvec13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130611-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltvec13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130613-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltvec13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130620-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\lttlb13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130625-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\lttlb13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130801-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltocx13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130847-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltmrc13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{0013084B-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\ltmrc13n.ocx (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{0013085F-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\LTCML13n.dll (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130861-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\LTCML13n.dll (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{00130863-B1BA-11CE-ABC6-F5B2E79D9E3F}\InprocServer32 -> C:\Windows\system32\LTCML13n.dll (LEAD Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{1E1B8D00-6D12-11D4-BB60-0000C03B53A6}\InprocServer32 -> C:\Program Files\321Studios\DVDXTREME\DVD X Maker\MCDVSrc.dll ()
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{693566bc-21f8-401e-8d42-e2c5ce50dacc}\localserver32 -> C:\Windows\TEMP\{d5641912-e47a-429c-879e-cfe13eac7a13}\IDriver.NonElevated.exe No File
CustomCLSID: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000_Classes\CLSID\{79E8FD71-F54B-42d4-A4F5-E7565DB58441}\localserver32 -> "C:\Program Files\kikin\KikinBroker.exe" No File

==================== Restore Points =========================

20-05-2015 13:19:38 Windows Update
25-05-2015 14:27:03 Restore Operation
25-05-2015 14:30:16 Windows Update
25-05-2015 15:57:08 Windows Update
26-05-2015 03:09:57 Windows Update
07-06-2015 22:02:29 Removed DVD X Show
19-08-2015 10:53:47 Installed McAfee VirusScan Enterprise.
12-09-2015 18:20:25 Windows Update
14-09-2015 03:01:44 Windows Update
14-09-2015 22:47:54 Scheduled Checkpoint
15-09-2015 21:11:30 Scheduled Checkpoint
16-09-2015 19:32:41 Scheduled Checkpoint
17-09-2015 06:58:56 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {039C54B6-86EE-4CF5-A01B-3634423E533A} - System32\Tasks\{87A14BA5-DC58-4E42-8326-5DCF4A4157F2} => pcalua.exe -a "C:\Program Files\actisys\ACT-IR224UN-Li\ACT-IR224UN-Li-Setup-v1.1.6-070926.exe"
Task: {0F23BA46-D3D4-4683-B76F-8E0925ED6232} - System32\Tasks\{155E961D-5599-4899-BF35-222060505212} => pcalua.exe -a "C:\TOSAPINS\COMPS1\NetZero Internet Access0\MANUAL\B27528A.EXE" -d "C:\TOSAPINS\COMPS1\NetZero Internet Access0\MANUAL"
Task: {27BF4239-7F65-4EB9-A18F-55870AEC3CBC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {36CDA412-413A-4164-9121-AF3EB5A59A40} - System32\Tasks\{825CB5A5-90DA-4B83-A34F-F143575127EB} => pcalua.exe -a "C:\Program Files\NetZero\uninst.exe" -d "C:\Program Files\NetZero"
Task: {5838E215-6A44-4B34-9EB5-D402FF479F4A} - System32\Tasks\Microsoft\Windows\RestartManager\{BC8A499A-8D8B-4109-A2C7-0D9B0A607FF0} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {882EF406-EC89-4434-9659-577E840F064C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {9577C2AD-7090-409B-87AE-EB6D7396DBC1} - System32\Tasks\{1470CDE0-1689-462D-BA1F-D37336E4ECE1} => pcalua.exe -a C:\NetZeroInstaller\NetZeroInstaller.exe -d C:\NetZeroInstaller
Task: {9C98A903-AC05-47B9-8821-9FF439FCB038} - System32\Tasks\Microsoft\Windows\RestartManager\{4598BFC2-4291-490a-9753-BF99E4FAA15A} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {CF4C0421-0471-4F98-8E2C-8706C054C8C8} - System32\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days => C:\Program Files\WinZip System Utilities Suite\WINZIPSSCheckUpdate.exe [2013-02-13] (WinZip Computing, S.L. (WinZip Computing))
Task: {D0166B5D-E7EC-4F70-A740-7452C9F4B2FB} - System32\Tasks\WINZIPSS-WINZIPSSOneClickCare => C:\Program Files\WinZip System Utilities Suite\WINZIPSS.exe [2013-02-13] (WinZip Computing, S.L. (WinZip Computing))
Task: {DF619BBD-500F-4E0B-838D-7269FB875B8B} - System32\Tasks\{80DA6008-D667-4E96-969D-67A65E15FAA8} => pcalua.exe -a "C:\TOSAPINS\COMPS1\TOSHIBA Assist0\MANUAL\B26484A.EXE" -d "C:\TOSAPINS\COMPS1\TOSHIBA Assist0\MANUAL"
Task: {E32A7A09-A070-4157-80F1-21E256D2AE63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {E722D7A0-9125-4F5B-B318-86EC2753FFBC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{100CB278-A42A-47AD-9C68-5BC3E3CF95BD}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job => C:\Program Files\WinZip System Utilities Suite\WINZIPSSCheckUpdate.exe
Task: C:\Windows\Tasks\WINZIPSS-WINZIPSSOneClickCare.job => C:\Program Files\WinZip System Utilities Suite\WINZIPSS.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-17 07:10 - 2015-09-17 07:10 - 00307200 _____ () C:\Windows\TEMP\mrt8DEC.tmp\MMFS2.dll
2015-09-17 07:10 - 2015-09-17 07:10 - 00021504 _____ () C:\Windows\TEMP\mrt8DEC.tmp\Get.mfx
2015-09-17 07:10 - 2015-09-17 07:10 - 00059392 _____ () C:\Windows\TEMP\mrt8DEC.tmp\Yaso.mfx
2007-04-18 20:30 - 2007-04-18 20:30 - 00393216 _____ () C:\Program Files\McAfee\Common Framework\cryptocme2.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00471040 _____ () C:\Program Files\McAfee\Common Framework\ccme_base.dll
2008-05-05 13:19 - 2007-01-25 20:47 - 00136816 _____ () C:\TOSHIBA\IVP\ISM\pinger.exe
2008-05-05 13:19 - 2007-10-23 18:27 - 00066928 _____ () c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
2008-04-24 21:25 - 2008-04-24 21:25 - 00126976 _____ () C:\Windows\system32\SmartFaceVCtrl.dll
2008-04-24 21:25 - 2008-04-24 21:25 - 06701056 _____ () C:\Windows\system32\FaceHI.dll
2008-04-24 21:25 - 2008-04-24 21:25 - 00995328 _____ () C:\Windows\system32\FaceRec.dll
2008-04-23 01:05 - 2008-04-23 01:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2007-01-11 18:33 - 2007-01-11 18:33 - 00106496 ____R () C:\Program Files\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll
2008-05-05 13:34 - 2008-05-05 13:34 - 00034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2010-03-31 10:08 - 2010-03-31 10:08 - 00240552 ____R () C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll
2010-03-17 16:20 - 2010-03-17 16:20 - 00139264 ____R () C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll
2010-03-31 10:08 - 2010-03-31 10:08 - 00240552 ____R () C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll
2011-10-30 11:05 - 2011-09-29 01:53 - 01833944 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20242288.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wwwd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20242288.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebWatcherProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wwwd.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\driversupport.com -> hxxps://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\netzero.com -> netzero.com
IE trusted site: HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\...\netzero.net -> netzero.net


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1063116495-4114681664-2467881189-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MARY\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 24.116.0.53 - 24.116.2.50
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: 22134214 => 2
MSCONFIG\Services: 40030ae4 => 2
MSCONFIG\Services: 67b32930 => 2
MSCONFIG\Services: 70F4EEDB-1367-4b4f-8247-3133551A7415 => 2
MSCONFIG\Services: AppMgr1.26.3056825 => 2
MSCONFIG\Services: consumerinput_update => 2
MSCONFIG\Services: consumerinput_updatem => 3
MSCONFIG\Services: csrcc => 2
MSCONFIG\Services: FlashBeat => 2
MSCONFIG\Services: globalUpdate => 2
MSCONFIG\Services: globalUpdatem => 3
MSCONFIG\Services: insvc_1.10.0.14 => 2
MSCONFIG\Services: pastaleadsupd => 2
MSCONFIG\Services: pyteqisi => 2
MSCONFIG\Services: ryvyrife => 2
MSCONFIG\Services: shopperz Updater => 2
MSCONFIG\Services: StormWatch Update Service => 2
MSCONFIG\Services: SWUpdater => 2
MSCONFIG\Services: Update Steel Cut => 2
MSCONFIG\Services: Util Steel Cut => 2
MSCONFIG\Services: xihyqumu => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [TCP Query User{F8D95447-87CF-42FE-8839-613673FC4EFB}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{ECB2991F-0FE4-4C33-BDAC-61539F397819}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{568AAE34-124E-4FE7-BD64-E26CED0B777E}C:\program files\nero\nero 7\nero showtime\showtime.exe] => (Block) C:\program files\nero\nero 7\nero showtime\showtime.exe
FirewallRules: [UDP Query User{98477DBB-3731-4A1A-AB06-79DBD0907307}C:\program files\nero\nero 7\nero showtime\showtime.exe] => (Block) C:\program files\nero\nero 7\nero showtime\showtime.exe
FirewallRules: [{9EE2AA52-B7CB-4D7C-A34B-2055ACFF4530}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{DCE61DF5-753F-4991-8959-4C1A9C9A1081}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{48DD2A18-DC9A-48B1-B59B-447E0A6A9FF9}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{22AD4409-45F8-4313-A013-5BBAF98A542F}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{B60F514D-1165-467C-B3C4-0B0FCA9CAD19}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{B2E653EC-E6AE-4687-9660-3585DED9C8E6}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{8024F8B5-702E-4F4E-A8FE-9C76939C9BA8}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{42583F21-625F-49C6-A509-05D9D4E328D1}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{6543F1BF-ECDF-4AB6-8FFC-98A6BCCC6D56}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{1B829C43-0AEA-49F0-B11F-D4E7724CBE0A}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{DD6F273F-C9EA-45EC-B883-6093592BA869}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{4D075355-BF68-47D2-870B-B01C8D3F8E1A}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{57DE68D4-AEBD-440F-A61B-1D3F99C59AE3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger

==================== Faulty Device Manager Devices =============

Name: Communications Port (COM8)
Description: Communications Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard port types)
Service: Serial
Problem: : Windows cannot determine the settings for this device. Consult the documentation that came with this device and use the Resource tab to set the configuration. (Code 34)
Resolution: The device requires manual configuration. See the hardware documentation or contact the hardware vendor for instructions on manually configuring the device. After you configure the device itself, you can use the "Resources" tab in Device Manager to configure the resource settings in Windows.

Name: Trusted Platform Module 1.2
Description: Trusted Platform Module 1.2
Class Guid: {d94ee5d8-d189-4994-83d2-f68d7d41b0e6}
Manufacturer: (Standard)
Service: TPM
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2015 07:19:58 AM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context:  Application, SystemIndex Catalog

Error: (09/17/2015 07:19:50 AM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context:  Application, SystemIndex Catalog

Error: (09/17/2015 07:17:38 AM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context:  Application, SystemIndex Catalog

Error: (09/17/2015 07:17:31 AM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context:  Application, SystemIndex Catalog

Error: (09/17/2015 07:15:46 AM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context:  Application, SystemIndex Catalog

Error: (09/17/2015 07:15:27 AM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context:  Application, SystemIndex Catalog

Error: (09/17/2015 07:11:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2015 06:59:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddWin32ServiceFiles: Unable to back up image of service Util Steel Cut since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (09/17/2015 06:59:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddWin32ServiceFiles: Unable to back up image of service Update Steel Cut since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (09/17/2015 06:59:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddWin32ServiceFiles: Unable to back up image of service gynCCr since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.


System errors:
=============
Error: (09/17/2015 07:11:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Adobe Licensing Console%%1053

Error: (09/17/2015 07:11:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Adobe Licensing Console

Error: (09/17/2015 07:10:32 AM) (Source: TPM) (EventID: 13) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (09/17/2015 07:10:32 AM) (Source: TPM) (EventID: 13) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (09/17/2015 07:10:32 AM) (Source: TPM) (EventID: 13) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (09/17/2015 07:10:32 AM) (Source: TPM) (EventID: 13) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (09/17/2015 07:09:43 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: C:\Windows\system32\athihvs.dll

Error: (09/17/2015 07:09:43 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: C:\Windows\system32\athihvs.dll

Error: (09/17/2015 07:09:41 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: C:\Windows\system32\athihvs.dll

Error: (09/17/2015 06:59:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: gynCCr%%3


==================== Memory info ===========================

Processor: AMD Turion™ X2 Dual-Core Mobile RM-72
Percentage of memory in use: 49%
Total physical RAM: 2813.1 MB
Available physical RAM: 1434.41 MB
Total Virtual: 5846.68 MB
Available Virtual: 4374.87 MB

==================== Drives ================================

Drive c: (SQ004720V05) (Fixed) (Total:225.52 GB) (Free:119.86 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 220ED127)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=225.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5.9 GB) - (Type=17)

==================== End of Addition.txt ============================
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users