I uninstalled some programs and ran Avira and Malwarebytes which removed some viruses.. I just want to know what got left behind. I attached the FRST logs as well as the Avira and includedM the MBAM log as an attachment
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015 Ran by Kassab (administrator) on KASSAB-HP (24-11-2015 22:44:10) Running from C:\Users\Kassab\Desktop Loaded Profiles: Kassab & (Available Profiles: Kassab & Guest) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Medicomp Systems, Inc.) C:\Program Files (x86)\Medicomp\Server\medcinserv.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-11-03] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [788176 2015-10-28] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 Tcpip\..\Interfaces\{7B43DD0C-EBE1-4234-B150-51EFC9CFBA0E}: [DhcpNameServer] 75.75.76.76 75.75.75.75 Tcpip\..\Interfaces\{D1ABF5AC-331D-4A2A-AD42-2B3EB09E2742}: [DhcpNameServer] 75.75.76.76 75.75.75.75 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-2524037534-3531981673-270931832-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-2524037534-3531981673-270931832-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-2524037534-3531981673-270931832-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.yahoo.com/ HKU\S-1-5-21-2524037534-3531981673-270931832-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-2524037534-3531981673-270931832-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1 HKU\S-1-5-21-2524037534-3531981673-270931832-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPDSK/1 HKU\S-1-5-21-2524037534-3531981673-270931832-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1 HKU\S-1-5-21-2524037534-3531981673-270931832-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1 HKU\S-1-5-21-2524037534-3531981673-270931832-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPDSK/1 HKU\S-1-5-21-2524037534-3531981673-270931832-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1 HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/ HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1 SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {7ABD5EFD-88A6-E9CE-80AE-DBCA8C52F41C} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=Z134&form=ZGAIDF&install_date=20110830&iesrc={referrer:source} SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {7BAFDE76-7343-493D-A0F9-69D6BB467116} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-08-21] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-08-21] (Oracle Corporation) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated) BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC) BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation) BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-30] (Symantec Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation) Toolbar: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default FF DefaultSearchEngine: Astromenda FF DefaultSearchEngine.US: Astromenda FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3205709&SearchSource=3&q={searchTerms} FF SearchEngineOrder.1: Search Results FF Homepage: hxxps://www.yahoo.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-05-06] (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\system32\npDeployJava1.dll [2012-08-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.6.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-08-21] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-05-06] (DivX, LLC.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-05-23] (Foxit Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2524037534-3531981673-270931832-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC) FF Plugin HKU\S-1-5-21-2524037534-3531981673-270931832-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC) FF Plugin HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2011-09-05] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\searchplugins\wikipedia-eng.xml [2012-09-26] FF Extension: DivX Web Player - C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\extensions\DivXWebPlayer@divx.com.xpi [2011-06-05] [not signed] FF Extension: Block site - C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-05-29] FF Extension: Avira Browser Safety - C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\Extensions\abs@avira.com [2015-11-24] [not signed] FF Extension: Adblock Plus - C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-24] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn [2011-09-29] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2015-11-24] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-06-22] [not signed] Chrome: ======= CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_ir_14_38_ie&cd=2XzuyEtN2Y1L1QzuyBzz0A0C0CtDzyzzyE0Bzy0F0FtBtCyBtN0D0Tzu0SzyzyyEtN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0Ezy0EyD0Dzz0EtG0AtAzytCtGtAyC0AyEtGtAtByEtBtGyDzytBtB0D0DtAtAzz0A0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByCzyzz0F0B0ByDtGyDtC0A0CtGyE0F0AyEtGzy0FyDtCtGzz0A0AtCzzyB0F0Azy0A0FyE2Q&cr=393944548&uref=308&ir= CHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/" CHR Profile: C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (BrotherSoft Extreme3) - C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol [2015-11-24] CHR Extension: (Avira Browser Safety) - C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-11-24] CHR Extension: (Chrome Web Store Payments) - C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-10] CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-10-12] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [936544 2015-10-28] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2015-10-28] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2015-10-28] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1105952 2015-10-28] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [250136 2015-11-03] (Avira Operations GmbH & Co. KG) R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 medcinserv; C:\Program Files (x86)\Medicomp\Server\medcinserv.exe [536576 2010-12-16] (Medicomp Systems, Inc.) [File not signed] R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-10-28] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-10-28] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-10-28] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-10-28] (Avira Operations GmbH & Co. KG) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [1143416 2011-05-19] (Symantec Corporation) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-05-15] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110714.034\IDSvia64.sys [488056 2011-07-07] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110715.004\ENG64.SYS [117880 2011-05-17] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110715.004\EX64.SYS [2011768 2011-05-17] (Symantec Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-15] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation) S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.) S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.) S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.) S3 lmimirr; system32\DRIVERS\lmimirr.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-24 22:44 - 2015-11-24 22:45 - 00025598 _____ C:\Users\Kassab\Desktop\FRST.txt 2015-11-24 22:44 - 2015-11-24 22:44 - 00000000 ____D C:\FRST 2015-11-24 22:43 - 2015-11-24 22:43 - 02348544 _____ (Farbar) C:\Users\Kassab\Desktop\FRST64.exe 2015-11-24 22:07 - 2015-11-24 22:07 - 00232165 _____ C:\Users\Kassab\Desktop\MBAM.txt 2015-11-24 21:27 - 2015-11-24 21:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-24 21:20 - 2015-11-24 21:20 - 00065638 _____ C:\Users\Kassab\Desktop\AVSCAN-20151124-192434-9B5B4306.LOG 2015-11-24 20:47 - 2015-11-24 20:47 - 00000000 ____D C:\Users\Kassab\AppData\LocalLow\Avira 2015-11-24 19:27 - 2015-11-24 19:27 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-11-24 19:27 - 2015-11-24 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-11-24 19:26 - 2015-11-24 19:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-11-24 19:26 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-24 19:26 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-11-24 19:21 - 2015-11-24 19:21 - 00003432 _____ C:\Windows\System32\Tasks\Avira Browser Safety Updater Task 2015-11-24 19:21 - 2015-11-24 19:21 - 00000000 ____D C:\Users\Kassab\AppData\Roaming\Avira 2015-11-24 19:19 - 2015-10-28 18:21 - 00163544 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-11-24 19:19 - 2015-10-28 18:21 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-11-24 19:19 - 2015-10-28 18:21 - 00074952 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-11-24 19:19 - 2015-10-28 18:21 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-11-24 19:18 - 2015-11-24 19:21 - 00000000 ____D C:\Program Files (x86)\Avira 2015-11-24 19:18 - 2015-11-24 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-11-24 19:18 - 2015-11-24 19:19 - 00000000 ____D C:\ProgramData\Avira 2015-11-24 19:18 - 2015-11-24 19:18 - 00001168 _____ C:\Users\Public\Desktop\Avira Launcher.lnk 2015-11-24 19:17 - 2015-11-24 19:17 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-12 08:58 - 2015-11-03 12:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-11 08:44 - 2015-11-03 17:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-11-11 08:44 - 2015-11-03 16:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-11-11 08:44 - 2015-10-30 18:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-11 08:44 - 2015-10-30 18:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-11-11 08:44 - 2015-10-30 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-11-11 08:44 - 2015-10-30 18:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-11 08:44 - 2015-10-30 18:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-11-11 08:44 - 2015-10-30 18:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-11-11 08:44 - 2015-10-30 18:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-11-11 08:44 - 2015-10-30 18:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-11-11 08:44 - 2015-10-30 18:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-11-11 08:44 - 2015-10-30 18:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-11-11 08:44 - 2015-10-30 18:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-11-11 08:44 - 2015-10-30 18:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-11-11 08:44 - 2015-10-30 18:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-11-11 08:44 - 2015-10-30 18:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-11-11 08:44 - 2015-10-30 18:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-11-11 08:44 - 2015-10-30 18:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-11 08:44 - 2015-10-30 18:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-11-11 08:44 - 2015-10-30 18:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-11-11 08:44 - 2015-10-30 18:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-11-11 08:44 - 2015-10-30 17:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-11-11 08:44 - 2015-10-30 17:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-11-11 08:44 - 2015-10-30 17:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-11-11 08:44 - 2015-10-30 17:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-11-11 08:44 - 2015-10-30 17:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-11-11 08:44 - 2015-10-30 17:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-11-11 08:44 - 2015-10-30 17:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-11-11 08:44 - 2015-10-30 17:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-11-11 08:44 - 2015-10-30 17:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-11-11 08:44 - 2015-10-30 17:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-11-11 08:44 - 2015-10-30 17:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-11-11 08:44 - 2015-10-30 17:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-11-11 08:44 - 2015-10-30 17:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-11-11 08:44 - 2015-10-30 17:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-11-11 08:44 - 2015-10-30 17:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-11-11 08:44 - 2015-10-30 17:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-11-11 08:44 - 2015-10-30 17:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-11-11 08:44 - 2015-10-30 17:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-11-11 08:44 - 2015-10-30 17:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-11-11 08:44 - 2015-10-30 17:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-11-11 08:44 - 2015-10-30 17:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-11-11 08:44 - 2015-10-30 17:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-11-11 08:44 - 2015-10-30 17:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-11-11 08:44 - 2015-10-30 17:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-11-11 08:44 - 2015-10-30 17:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-11-11 08:44 - 2015-10-30 17:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-11-11 08:44 - 2015-10-30 17:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-11 08:44 - 2015-10-30 17:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-11-11 08:44 - 2015-10-30 17:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-11-11 08:44 - 2015-10-30 17:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-11-11 08:44 - 2015-10-30 17:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-11-11 08:44 - 2015-10-30 17:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-11-11 08:44 - 2015-10-30 17:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-11-11 08:44 - 2015-10-30 17:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-11-11 08:44 - 2015-10-30 17:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-11-11 08:44 - 2015-10-30 17:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-11-11 08:44 - 2015-10-30 17:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-11-11 08:44 - 2015-10-30 17:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-11-11 08:44 - 2015-10-30 17:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-11 08:44 - 2015-10-30 16:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-11-11 08:44 - 2015-10-30 16:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-11-11 08:44 - 2015-10-30 16:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-11-11 08:44 - 2015-10-30 16:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-11-11 08:44 - 2015-10-20 13:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-11 08:44 - 2015-10-20 13:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-11 08:44 - 2015-10-20 13:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-11 08:44 - 2015-10-20 13:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-11 08:44 - 2015-10-20 13:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-11 08:44 - 2015-10-20 13:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-11-11 08:44 - 2015-10-20 13:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-11-11 08:44 - 2015-10-20 13:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-11 08:44 - 2015-10-20 13:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-11-11 08:44 - 2015-10-20 13:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-11 08:44 - 2015-10-20 13:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-11-11 08:44 - 2015-10-20 12:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-11-11 08:44 - 2015-10-20 12:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-11-11 08:44 - 2015-10-20 12:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-11-11 08:44 - 2015-10-20 12:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-11-11 08:44 - 2015-10-20 12:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-11-11 08:43 - 2015-10-19 20:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-11 08:43 - 2015-10-19 20:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-11 08:43 - 2015-10-19 20:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-11-11 08:43 - 2015-10-19 20:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-11 08:43 - 2015-10-19 20:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-11-11 08:43 - 2015-10-19 20:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-11-11 08:43 - 2015-10-19 20:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-11-11 08:43 - 2015-10-19 20:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-11-11 08:43 - 2015-10-19 20:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-11 08:43 - 2015-10-19 20:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-11-11 08:43 - 2015-10-19 20:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-11-11 08:43 - 2015-10-19 20:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-11 08:43 - 2015-10-19 20:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-11-11 08:43 - 2015-10-19 20:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-11-11 08:43 - 2015-10-19 20:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-11 08:43 - 2015-10-19 20:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-11-11 08:43 - 2015-10-19 20:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-11 08:43 - 2015-10-19 20:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-11-11 08:43 - 2015-10-19 20:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-11-11 08:43 - 2015-10-19 20:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-11-11 08:43 - 2015-10-19 20:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-11-11 08:43 - 2015-10-19 20:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-11-11 08:43 - 2015-10-19 20:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-11-11 08:43 - 2015-10-19 20:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-11-11 08:43 - 2015-10-19 20:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-11-11 08:43 - 2015-10-19 20:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-11-11 08:43 - 2015-10-19 20:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-11-11 08:43 - 2015-10-19 20:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-11-11 08:43 - 2015-10-19 20:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-11-11 08:43 - 2015-10-19 20:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-11-11 08:43 - 2015-10-19 20:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-11-11 08:43 - 2015-10-19 20:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-11-11 08:43 - 2015-10-19 20:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-11-11 08:43 - 2015-10-19 19:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-11-11 08:43 - 2015-10-19 19:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-11-11 08:43 - 2015-10-19 19:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-11-11 08:43 - 2015-10-19 19:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-11-11 08:43 - 2015-10-19 19:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-11-11 08:43 - 2015-10-19 19:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-11-11 08:43 - 2015-10-19 19:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-11-11 08:43 - 2015-10-19 19:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-11-11 08:43 - 2015-10-19 19:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-11-11 08:43 - 2015-10-19 19:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-11-11 08:43 - 2015-10-19 19:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-11-11 08:43 - 2015-10-19 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-11-11 08:43 - 2015-10-19 19:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-11-11 08:43 - 2015-10-19 19:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-11-11 08:43 - 2015-10-19 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-11-11 08:43 - 2015-10-19 19:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-11-11 08:43 - 2015-10-19 19:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-11-11 08:43 - 2015-10-19 19:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-11-11 08:43 - 2015-10-19 19:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-11-11 08:43 - 2015-10-19 19:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-11-11 08:43 - 2015-10-19 19:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-11-11 08:43 - 2015-10-19 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-11-11 08:43 - 2015-10-19 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 18:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-11 08:43 - 2015-10-19 18:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-11-11 08:43 - 2015-10-19 18:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-11 08:43 - 2015-10-19 18:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-11-11 08:43 - 2015-10-19 18:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-11-11 08:43 - 2015-10-19 18:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 18:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 18:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-11-11 08:43 - 2015-10-19 18:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-11-11 08:43 - 2015-09-23 08:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-11 08:43 - 2015-09-23 08:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-11 08:43 - 2015-09-23 08:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2015-11-11 08:42 - 2015-10-29 12:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-11-11 08:42 - 2015-10-29 12:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-11-11 08:42 - 2015-10-29 12:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-11-11 08:42 - 2015-10-29 12:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-11-11 08:42 - 2015-10-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-11-11 08:42 - 2015-10-29 12:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-11-11 08:42 - 2015-10-29 12:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-11-11 08:42 - 2015-10-13 11:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-11 08:42 - 2015-10-13 11:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-11 08:42 - 2015-10-12 23:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-11-11 08:42 - 2015-10-01 13:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-11-11 08:42 - 2015-10-01 13:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-11-11 08:42 - 2015-10-01 12:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-11-07 08:44 - 2015-11-09 08:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-11-02 05:28 - 2015-11-02 05:28 - 00000383 _____ C:\ftconfig.ini ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-24 22:44 - 2013-06-15 18:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-11-24 22:43 - 2013-02-13 16:16 - 00000000 ___RD C:\Users\Kassab\Desktop\Bans Books 2015-11-24 22:42 - 2011-03-01 20:21 - 01455443 _____ C:\Windows\WindowsUpdate.log 2015-11-24 22:40 - 2011-09-25 22:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-24 22:38 - 2015-08-20 06:53 - 00000000 ____D C:\Windows\System32\Tasks\Remediation 2015-11-24 22:38 - 2011-09-22 12:26 - 00000432 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2015-11-24 22:36 - 2011-03-01 23:31 - 00747052 _____ C:\Windows\PFRO.log 2015-11-24 22:36 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-24 22:36 - 2009-07-13 23:51 - 00063604 _____ C:\Windows\setupact.log 2015-11-24 22:17 - 2011-09-25 22:37 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-24 22:11 - 2012-06-21 21:25 - 00000000 ____D C:\Program Files (x86)\BrotherSoft_Extreme3 2015-11-24 21:35 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-24 21:35 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-24 21:20 - 2011-05-15 17:34 - 00000000 ____D C:\Users\Kassab\AppData\Roaming\SoftGrid Client 2015-11-24 21:02 - 2012-06-21 21:25 - 00000000 ____D C:\Users\Kassab\AppData\Local\CRE 2015-11-24 20:39 - 2011-05-15 16:14 - 00000000 ____D C:\Users\Kassab 2015-11-24 19:27 - 2012-12-09 17:38 - 00000000 ____D C:\Users\Kassab\AppData\Roaming\Malwarebytes 2015-11-24 19:26 - 2012-12-09 17:38 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-24 19:26 - 2012-12-09 17:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2015-11-24 19:11 - 2015-02-26 12:24 - 00000000 ____D C:\ProgramData\MFAData 2015-11-24 19:02 - 2011-07-01 18:02 - 00000000 ____D C:\ProgramData\LogMeIn 2015-11-24 19:02 - 2011-07-01 18:01 - 00000000 ____D C:\Program Files (x86)\LogMeIn 2015-11-24 18:58 - 2009-07-14 00:13 - 00006442 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-24 18:56 - 2012-02-10 20:19 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1B9BA931-36B7-49E4-8C81-8811B1467209} 2015-11-24 18:52 - 2015-09-21 12:50 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForKassab.job 2015-11-24 16:06 - 2011-05-20 07:48 - 00000000 ____D C:\Users\Kassab\AppData\Local\CrashDumps 2015-11-24 15:10 - 2014-09-25 15:29 - 00000000 ____D C:\Users\Kassab\AppData\LocalLow\Adblock Plus for IE 2015-11-23 20:36 - 2013-06-04 17:18 - 00000000 ____D C:\Users\Guest\AppData\Roaming\SoftGrid Client 2015-11-23 17:43 - 2014-07-20 23:43 - 00000000 ____D C:\Users\Guest\AppData\Local\CrashDumps 2015-11-23 15:41 - 2015-09-21 12:50 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForKassab 2015-11-23 13:17 - 2011-05-16 13:12 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2015-11-23 13:16 - 2011-05-16 13:10 - 00000000 ____D C:\Users\Kassab\AppData\Roaming\HpUpdate 2015-11-23 13:16 - 2011-05-16 13:10 - 00000000 ____D C:\Users\Kassab\AppData\Roaming\HP Support Assistant 2015-11-21 07:42 - 2011-03-01 20:56 - 00000000 ____D C:\ProgramData\Norton 2015-11-13 03:11 - 2009-07-13 23:45 - 00280344 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-12 14:18 - 2011-09-25 22:37 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-11-12 10:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2015-11-12 03:02 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-10 13:44 - 2013-06-15 18:10 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-10 13:44 - 2013-06-15 18:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-11-10 13:44 - 2011-05-15 20:05 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-09 08:12 - 2012-06-21 21:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-10-30 22:56 - 2014-12-15 13:33 - 00000000 __SHD C:\Users\Guest\AppData\Local\EmieBrowserModeList 2015-10-30 22:56 - 2014-04-26 12:03 - 00000000 __SHD C:\Users\Guest\AppData\Local\EmieUserList 2015-10-30 22:56 - 2014-04-26 12:03 - 00000000 __SHD C:\Users\Guest\AppData\Local\EmieSiteList ==================== Files in the root of some directories ======= 2011-10-17 12:41 - 2015-09-07 12:11 - 0001854 _____ () C:\Users\Kassab\AppData\Roaming\GhostObjGAFix.xml Some files in TEMP: ==================== C:\Users\Kassab\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-11-20 02:35 ==================== End of FRST.txt ============================
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-11-2015 Ran by Kassab (2015-11-24 22:45:34) Running from C:\Users\Kassab\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2011-05-15 21:14:39) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2524037534-3531981673-270931832-500 - Administrator - Disabled) Guest (S-1-5-21-2524037534-3531981673-270931832-501 - Limited - Enabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-2524037534-3531981673-270931832-1002 - Limited - Enabled) Kassab (S-1-5-21-2524037534-3531981673-270931832-1000 - Administrator - Enabled) => C:\Users\Kassab ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{1CAFFEC6-23B4-484B-B17B-3200BE5C5636}) (Version: 99.9 - Eyeo GmbH) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.) Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated) Adobe Reader X (10.1.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated) Ask Toolbar Updater (HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.20007 - Ask.com) <==== ATTENTION ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.14.259 - Avira Operations GmbH & Co. KG) Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG) Avira Launcher (HKLM-x32\...\{529e47ba-e07b-414b-ae0b-1d17f85738f1}) (Version: 1.1.50.18326 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.50.18326 - Avira Operations GmbH & Co. KG) Hidden BrotherSoft Extreme3 Toolbar (HKLM-x32\...\BrotherSoft_Extreme3 Toolbar) (Version: 6.8.12.0 - BrotherSoft Extreme3) Canon MP470 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series) (Version: - ) ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11083.1 - Cisco Consumer Products LLC) CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.5.0.15 - DivX, LLC) DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard) DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden Foxit Reader 5.0 (HKLM-x32\...\Foxit Reader_is1) (Version: 5.0.1.523 - Foxit Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.) Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard) HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard) HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard) HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard) HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard) HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}) (Version: 5.1.8.12 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard) HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard) HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden Hulu Desktop (HKU\S-1-5-21-2524037534-3531981673-270931832-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC) Hulu Desktop (HKU\S-1-5-21-2524037534-3531981673-270931832-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC) Hulu Desktop (HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC) Java 7 Update 6 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417006FF}) (Version: 7.0.60 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - ) LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Medcin Server (HKLM-x32\...\{0FC29506-C417-4DD1-B6FD-79F2BA700E5E}) (Version: 2.21.12.357 - Medicomp) Medcin Student Edition (HKLM-x32\...\{B477242C-49BA-4DA2-AD4F-CB9BE2B47FE9}) (Version: 2.0.34 - Medicomp) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard) Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Pocket Tanks v1.3 (HKLM-x32\...\Pocket Tanks_is1) (Version: 1.3 - Blitwise Productions, LLC) Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.) Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.) PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 - NewspaperDirect Inc.) Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: - Ralink) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow) Sonic RecordNow! Deluxe (HKLM-x32\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.0 - Sonic Solutions) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer) VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 1.1.9 (HKLM-x32\...\VLC media player) (Version: 1.1.9 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) WinRAR 4.01 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.1 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 13-11-2015 03:00:12 Windows Update 21-11-2015 02:10:26 Scheduled Checkpoint 24-11-2015 18:58:01 Removed AVG 2015 24-11-2015 19:00:41 Removed AVG 2015 24-11-2015 19:01:35 Removed LogMeIn 24-11-2015 20:34:54 Removed Microsoft Office 2010 ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2015-11-24 19:03 - 00000830 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {017F03C5-EC4A-46A2-B033-CAA8D64D1D64} - System32\Tasks\Hewlett-Packard\HP Support Assistant\GetAssistance Maintenance Events => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSAObjUtil.exe [2013-04-16] (HP) Task: {108E5E5B-BD25-425B-ACF5-A14796733C9F} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG) Task: {1131C33B-6B2E-47FE-A1E2-E4448E4B5ACB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated) Task: {30F7AD45-3E35-45E3-B65F-DBE373D69C09} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-08-06] (Symantec Corporation) Task: {32B71258-FCB9-4719-BBB2-A7C1C530C65D} - System32\Tasks\0915tbUpdateInfo => C:\ProgramData\Avg_Update_0915tb\0915tb_{C4A7BADE-58DA-412A-9CCF-F20485D750F0}.exe [2015-09-18] () Task: {47391CCD-E8E3-4ECC-A9DD-9D9C1792BEFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {4F821A45-61B8-4B5E-96BC-D9C2451C333F} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation) Task: {7737C2E6-E5E2-42B2-B99C-19C1F84069A0} - System32\Tasks\HPCeeScheduleForKassab => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard) Task: {7F37E77B-1C56-49C4-AE1B-0F5A2BA10356} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-11-20] (Microsoft) Task: {9335F639-6EF5-42EF-81FC-48C74A801A6F} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-09-27] () Task: {A76A83D0-8572-4556-868A-3142B5FF4167} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company) Task: {AE613E6E-AA1C-42DE-812D-60B7CF507F22} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2015-11-20] (Microsoft) Task: {B55304B3-4A2B-469E-8813-73FDB7CD870E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company) Task: {DBA40006-71A6-48B4-8A79-7C6FBC40A203} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {DE46E681-1E31-4E11-9C8A-AA124B98BAC2} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-08-20] (CyberLink) Task: {E3FE707D-78EC-46D5-B3E9-2FFE1BAF14A8} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation) Task: {F486F935-F9E1-489B-9F48-56C84D84B743} - System32\Tasks\0715avUpdateInfo => C:\ProgramData\Avg_Update_0715av\0715av_AVG-Secure-Search-Update.exe [2015-07-07] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\0715avUpdateInfo.job => C:\ProgramData\Avg_Update_0715av\0715av_AVG-Secure-Search-Update.exe Task: C:\Windows\Tasks\0915tbUpdateInfo.job => C:\ProgramData\Avg_Update_0915tb\0915tb_{C4A7BADE-58DA-412A-9CCF-F20485D750F0}.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForKassab.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2011-05-21 20:36 - 2011-05-22 01:59 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\youtube.com -> hxxp://www.youtube.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2524037534-3531981673-270931832-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kassab\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-2524037534-3531981673-270931832-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\ban\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 75.75.76.76 - 75.75.75.75 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" MSCONFIG\startupreg: CrossRiderPlugin => C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe MSCONFIG\startupreg: DATAMNGR => C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{11B7059F-4F69-4886-9426-9B79F9506D17}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE FirewallRules: [{B84575D6-1C2F-4257-998A-2895480203E1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe FirewallRules: [{B1518EC0-6478-499F-85B2-417CC195FA7C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe FirewallRules: [{2DB5FA27-901D-4392-AF3E-262FE5CD1EEC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe FirewallRules: [{058231B8-AFBB-4066-931E-DE246DCD1E36}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe FirewallRules: [{B7570166-F4DA-441F-A804-A9E34FCD6A0B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe FirewallRules: [{5F076245-8678-45D9-ABBD-7F275FA1B83F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe FirewallRules: [{89984F84-6ABD-4E07-90A5-AF67D8D89E04}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe FirewallRules: [{D9B7AC7B-8576-4256-9A0D-11B142BCF5C9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe FirewallRules: [{C8C731C7-2BD4-4B7B-BDA2-DABD8B9399F9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe FirewallRules: [{7A2A2667-5CC9-46F5-92BF-D82BDDC95EED}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{C01C8364-066E-45FB-BEF4-8404F94FAA5F}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{8A783F04-2D99-4B38-AE4C-76A6EE484DC4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{CFCD6518-155D-4368-96C9-D27CA65F43A0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{06692E88-F313-444E-808B-3BF75B389858}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{898D3739-877E-4D88-A8A0-CCB361515FBF}] => (Allow) LPort=2869 FirewallRules: [{5D9AC265-F8A9-4BB4-93E5-1660CE9340C0}] => (Allow) LPort=1900 FirewallRules: [{F456E5D1-B4A6-4729-BD72-AEC28C6F6BE6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [TCP Query User{46071051-0F9B-43B0-8D1A-8F48DFDEFD33}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [UDP Query User{4632E4D6-E91A-4930-860D-9D3AE4FC68D9}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [{05C591CE-47DE-4A1E-B2A1-36F244E2DF36}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AE1F757D-1D85-4A51-9668-D7CDA1905BD4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{71C0DB65-0D2E-440C-9F96-1656912F1602}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{4796F8F4-67DB-4F53-A9F7-DDED8241F420}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [TCP Query User{2AFB9DB0-2479-4DCC-BAC1-6348BFD2EE7F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{2669C768-C8A4-4B43-8DD5-DB38E3D85D2F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{32756FC1-A209-4A20-AEB9-7CA12712CDD4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{9B86756B-62AD-4827-A793-91E61119F0B2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{1D513312-637E-4332-BD6A-C0847720C298}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{667A9536-6331-44BC-B569-6C06544A23E5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{7FFC7651-A571-43F9-9E20-A5A2A52605D9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6B2E2A9E-E30C-4C4C-A8F3-65588CFE7A1B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{FF3DD5F5-9763-441F-BC4C-5F59A958FB85}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/24/2015 10:20:15 PM) (Source: VSS) (EventID: 12298) (User: ) Description: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation period on volume C:\. The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully. ], Flush[0x00000000, The operation completed successfully. ], Release[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced. ], OnRun[0x00000000, The operation completed successfully. ]. Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (11/24/2015 09:32:54 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object. Error: (11/24/2015 08:37:03 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program WINWORDC.EXE version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2f0 Start Time: 01d12721ac78757f Termination Time: 30 Application Path: Q:\140066.enu\Office14\WINWORDC.EXE Report Id: fdfc6a65-9314-11e5-aaf1-78acc0984b9f Error: (11/24/2015 07:22:27 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object. Error: (11/24/2015 07:03:01 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object. Error: (11/24/2015 07:01:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver. System Error: The system cannot find the file specified. . Error: (11/24/2015 07:00:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver. System Error: The system cannot find the file specified. . Error: (11/24/2015 06:58:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (11/24/2015 06:58:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (11/24/2015 04:05:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 42.0.0.5780, time stamp: 0x5632d0a4 Faulting module name: mozglue.dll, version: 42.0.0.5780, time stamp: 0x5632ba58 Exception code: 0x80000003 Fault offset: 0x0000ed50 Faulting process id: 0x6318 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 System errors: ============= Error: (11/24/2015 10:43:32 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (11/24/2015 10:38:43 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: Error: (11/24/2015 10:38:42 PM) (Source: ipnathlp) (EventID: 30013) (User: ) Description: 10.0.0.4192.168.137.0255.255.255.0 Error: (11/24/2015 10:38:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (11/24/2015 10:35:14 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (11/24/2015 10:33:15 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (11/24/2015 10:07:11 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (11/24/2015 09:37:14 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (11/24/2015 09:29:24 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (11/24/2015 09:23:49 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: ==================== Memory info =========================== Processor: AMD Athlon(tm) II X4 640 Processor Percentage of memory in use: 57% Total physical RAM: 3839.29 MB Available physical RAM: 1620.02 MB Total Virtual: 7676.78 MB Available Virtual: 5585.46 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:918.5 GB) (Free:838.67 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:12.91 GB) (Free:1.58 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 6167C4D5) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=918.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=12.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
AVSCAN (Avira).txt
Free Antivirus Report file date: Tuesday, November 24, 2015 19:24 The program is running as an unrestricted full version. Online services are available. Licensee : Free Serial number : 0000149996-AVHOE-0000001 Platform : Windows 7 Home Premium Windows version : (Service Pack 1) [6.1.7601] Boot mode : Normally booted Username : Kassab Computer name : KASSAB-HP Version information: build.dat : 15.0.14.259 92306 Bytes 10/28/2015 18:21:00 AVSCAN.EXE : 15.0.14.257 1175480 Bytes 10/28/2015 23:21:49 AVSCANRC.DLL : 15.0.14.233 56944 Bytes 10/28/2015 23:21:49 LUKE.DLL : 15.0.14.257 68280 Bytes 10/28/2015 23:21:53 AVSCPLR.DLL : 15.0.14.257 106352 Bytes 10/28/2015 23:21:49 REPAIR.DLL : 15.0.14.257 539520 Bytes 10/28/2015 23:21:49 repair.rdf : 1.0.12.38 1345847 Bytes 11/25/2015 00:21:26 AVREG.DLL : 15.0.14.256 346312 Bytes 10/28/2015 23:21:49 avlode.dll : 15.0.14.257 675424 Bytes 10/28/2015 23:21:49 avlode.rdf : 14.0.5.6 84211 Bytes 10/28/2015 23:21:49 XBV00029.VDF : 8.11.165.190 2048 Bytes 8/7/2014 23:21:54 XBV00030.VDF : 8.11.165.190 2048 Bytes 8/7/2014 23:21:54 XBV00031.VDF : 8.11.165.190 2048 Bytes 8/7/2014 23:21:54 XBV00032.VDF : 8.11.165.190 2048 Bytes 8/7/2014 23:21:54 XBV00033.VDF : 8.11.165.190 2048 Bytes 8/7/2014 23:21:54 XBV00034.VDF : 8.11.165.190 2048 Bytes 8/7/2014 23:21:54 XBV00035.VDF : 8.11.165.190 2048 Bytes 8/7/2014 23:21:54 XBV00036.VDF : 8.11.165.190 2048 Bytes 8/7/2014 23:21:54 XBV00037.VDF : 8.11.165.190 2048 Bytes 8/7/2014 23:21:54 XBV00038.VDF : 8.11.165.190 2048 Bytes 8/7/2014 23:21:54 XBV00039.VDF : 8.11.165.190 2048 Bytes 8/7/2014 23:21:54 XBV00040.VDF : 8.11.165.190 2048 Bytes 8/7/2014 23:21:54 XBV00041.VDF : 8.11.165.190 2048 Bytes 8/7/2014 23:21:54 XBV00125.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:22 XBV00126.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:22 XBV00127.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:22 XBV00128.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:22 XBV00129.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:22 XBV00130.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:22 XBV00131.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:22 XBV00132.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:22 XBV00133.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:22 XBV00134.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:22 XBV00135.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:22 XBV00136.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:22 XBV00137.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:22 XBV00138.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:22 XBV00139.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:22 XBV00140.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:22 XBV00141.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:22 XBV00142.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:22 XBV00143.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:22 XBV00144.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:22 XBV00145.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00146.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00147.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00148.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00149.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00150.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00151.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00152.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00153.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00154.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00155.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00156.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00157.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00158.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00159.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00160.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00161.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00162.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00163.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00164.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00165.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00166.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00167.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00168.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00169.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00170.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00171.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00172.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00173.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00174.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00175.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00176.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00177.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00178.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00179.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:23 XBV00180.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00181.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00182.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00183.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00184.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00185.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00186.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00187.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00188.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00189.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00190.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00191.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00192.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00193.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00194.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00195.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00196.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00197.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00198.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00199.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00200.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00201.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00202.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00203.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00204.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00205.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00206.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00207.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00208.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00209.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00210.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:24 XBV00211.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00212.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00213.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00214.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00215.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00216.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00217.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00218.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00219.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00220.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00221.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00222.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00223.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00224.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00225.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00226.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00227.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00228.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00229.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00230.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00231.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00232.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00233.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00234.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00235.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00236.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00237.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00238.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00239.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00240.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00241.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00242.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00243.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00244.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00245.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:25 XBV00246.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:26 XBV00247.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:26 XBV00248.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:26 XBV00249.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:26 XBV00250.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:26 XBV00251.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:26 XBV00252.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:26 XBV00253.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:26 XBV00254.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:26 XBV00255.VDF : 8.12.28.114 2048 Bytes 11/17/2015 00:21:26 XBV00000.VDF : 7.11.70.0 66736640 Bytes 4/4/2013 23:21:54 XBV00001.VDF : 7.11.74.226 2201600 Bytes 4/30/2013 23:21:54 XBV00002.VDF : 7.11.80.60 2751488 Bytes 5/28/2013 23:21:54 XBV00003.VDF : 7.11.85.214 2162688 Bytes 6/21/2013 23:21:54 XBV00004.VDF : 7.11.91.176 3903488 Bytes 7/23/2013 23:21:54 XBV00005.VDF : 7.11.98.186 6822912 Bytes 8/29/2013 23:21:54 XBV00006.VDF : 7.11.139.38 15708672 Bytes 3/27/2014 23:21:54 XBV00007.VDF : 7.11.152.100 4193792 Bytes 6/2/2014 23:21:54 XBV00008.VDF : 8.11.165.192 4251136 Bytes 8/7/2014 23:21:54 XBV00009.VDF : 8.11.172.30 2094080 Bytes 9/15/2014 23:21:54 XBV00010.VDF : 8.11.178.32 1581056 Bytes 10/14/2014 23:21:54 XBV00011.VDF : 8.11.184.50 2178560 Bytes 11/11/2014 23:21:54 XBV00012.VDF : 8.11.190.32 1876992 Bytes 12/3/2014 23:21:54 XBV00013.VDF : 8.11.201.28 2973696 Bytes 1/14/2015 23:21:54 XBV00014.VDF : 8.11.206.252 2695680 Bytes 2/4/2015 23:21:54 XBV00015.VDF : 8.11.213.84 3175936 Bytes 3/3/2015 23:21:54 XBV00016.VDF : 8.11.213.176 212480 Bytes 3/5/2015 23:21:54 XBV00017.VDF : 8.11.219.166 2033664 Bytes 3/25/2015 23:21:54 XBV00018.VDF : 8.11.225.88 2367488 Bytes 4/22/2015 23:21:54 XBV00019.VDF : 8.11.230.186 1674752 Bytes 5/13/2015 23:21:54 XBV00020.VDF : 8.11.237.30 4711936 Bytes 6/2/2015 23:21:54 XBV00021.VDF : 8.11.243.12 2747904 Bytes 6/26/2015 23:21:54 XBV00022.VDF : 8.11.248.172 2350592 Bytes 7/17/2015 23:21:54 XBV00023.VDF : 8.11.254.112 2570752 Bytes 8/7/2015 23:21:54 XBV00024.VDF : 8.12.3.6 2196480 Bytes 8/27/2015 23:21:54 XBV00025.VDF : 8.12.8.238 1951232 Bytes 9/16/2015 23:21:54 XBV00026.VDF : 8.12.16.180 2211328 Bytes 10/7/2015 23:21:54 XBV00027.VDF : 8.12.21.126 2252288 Bytes 10/27/2015 23:21:54 XBV00028.VDF : 8.12.28.114 2935296 Bytes 11/17/2015 00:21:19 XBV00042.VDF : 8.12.28.118 33792 Bytes 11/17/2015 00:21:19 XBV00043.VDF : 8.12.28.122 39424 Bytes 11/17/2015 00:21:19 XBV00044.VDF : 8.12.28.124 2048 Bytes 11/18/2015 00:21:19 XBV00045.VDF : 8.12.28.128 51712 Bytes 11/18/2015 00:21:19 XBV00046.VDF : 8.12.28.130 2048 Bytes 11/18/2015 00:21:19 XBV00047.VDF : 8.12.28.132 14336 Bytes 11/18/2015 00:21:19 XBV00048.VDF : 8.12.28.158 10752 Bytes 11/18/2015 00:21:19 XBV00049.VDF : 8.12.28.184 5632 Bytes 11/18/2015 00:21:19 XBV00050.VDF : 8.12.28.210 3584 Bytes 11/18/2015 00:21:19 XBV00051.VDF : 8.12.28.236 10240 Bytes 11/18/2015 00:21:19 XBV00052.VDF : 8.12.29.6 27136 Bytes 11/18/2015 00:21:19 XBV00053.VDF : 8.12.29.8 3072 Bytes 11/18/2015 00:21:19 XBV00054.VDF : 8.12.29.10 15360 Bytes 11/18/2015 00:21:19 XBV00055.VDF : 8.12.29.12 2048 Bytes 11/18/2015 00:21:19 XBV00056.VDF : 8.12.29.14 2048 Bytes 11/18/2015 00:21:19 XBV00057.VDF : 8.12.29.16 13312 Bytes 11/18/2015 00:21:19 XBV00058.VDF : 8.12.29.18 2048 Bytes 11/18/2015 00:21:19 XBV00059.VDF : 8.12.29.20 15360 Bytes 11/18/2015 00:21:19 XBV00060.VDF : 8.12.29.22 6144 Bytes 11/18/2015 00:21:19 XBV00061.VDF : 8.12.29.24 6144 Bytes 11/18/2015 00:21:19 XBV00062.VDF : 8.12.29.26 13312 Bytes 11/18/2015 00:21:20 XBV00063.VDF : 8.12.29.28 15872 Bytes 11/18/2015 00:21:20 XBV00064.VDF : 8.12.29.52 39424 Bytes 11/19/2015 00:21:20 XBV00065.VDF : 8.12.29.72 8192 Bytes 11/19/2015 00:21:20 XBV00066.VDF : 8.12.29.92 13824 Bytes 11/19/2015 00:21:20 XBV00067.VDF : 8.12.29.112 2048 Bytes 11/19/2015 00:21:20 XBV00068.VDF : 8.12.29.156 62464 Bytes 11/19/2015 00:21:20 XBV00069.VDF : 8.12.29.176 2048 Bytes 11/19/2015 00:21:20 XBV00070.VDF : 8.12.29.196 17408 Bytes 11/19/2015 00:21:20 XBV00071.VDF : 8.12.29.198 2048 Bytes 11/19/2015 00:21:20 XBV00072.VDF : 8.12.29.200 2048 Bytes 11/19/2015 00:21:20 XBV00073.VDF : 8.12.29.202 2048 Bytes 11/19/2015 00:21:20 XBV00074.VDF : 8.12.29.204 2048 Bytes 11/19/2015 00:21:20 XBV00075.VDF : 8.12.29.206 13312 Bytes 11/19/2015 00:21:20 XBV00076.VDF : 8.12.29.210 37888 Bytes 11/20/2015 00:21:20 XBV00077.VDF : 8.12.29.212 2048 Bytes 11/20/2015 00:21:20 XBV00078.VDF : 8.12.29.252 2048 Bytes 11/20/2015 00:21:20 XBV00079.VDF : 8.12.30.16 27136 Bytes 11/20/2015 00:21:20 XBV00080.VDF : 8.12.30.56 11776 Bytes 11/20/2015 00:21:20 XBV00081.VDF : 8.12.30.76 39936 Bytes 11/20/2015 00:21:20 XBV00082.VDF : 8.12.30.78 17920 Bytes 11/20/2015 00:21:20 XBV00083.VDF : 8.12.30.80 9728 Bytes 11/20/2015 00:21:20 XBV00084.VDF : 8.12.30.82 10240 Bytes 11/20/2015 00:21:20 XBV00085.VDF : 8.12.30.84 8704 Bytes 11/20/2015 00:21:20 XBV00086.VDF : 8.12.30.86 8192 Bytes 11/20/2015 00:21:20 XBV00087.VDF : 8.12.30.90 33792 Bytes 11/21/2015 00:21:20 XBV00088.VDF : 8.12.30.92 2048 Bytes 11/21/2015 00:21:21 XBV00089.VDF : 8.12.30.94 12288 Bytes 11/21/2015 00:21:21 XBV00090.VDF : 8.12.30.96 31744 Bytes 11/21/2015 00:21:21 XBV00091.VDF : 8.12.30.116 89600 Bytes 11/22/2015 00:21:21 XBV00092.VDF : 8.12.30.178 81920 Bytes 11/23/2015 00:21:21 XBV00093.VDF : 8.12.30.198 5120 Bytes 11/23/2015 00:21:21 XBV00094.VDF : 8.12.30.216 7168 Bytes 11/23/2015 00:21:21 XBV00095.VDF : 8.12.30.218 4096 Bytes 11/23/2015 00:21:21 XBV00096.VDF : 8.12.30.220 8704 Bytes 11/23/2015 00:21:21 XBV00097.VDF : 8.12.30.222 12288 Bytes 11/23/2015 00:21:21 XBV00098.VDF : 8.12.30.224 7168 Bytes 11/23/2015 00:21:21 XBV00099.VDF : 8.12.30.226 7168 Bytes 11/23/2015 00:21:21 XBV00100.VDF : 8.12.30.228 10752 Bytes 11/23/2015 00:21:21 XBV00101.VDF : 8.12.30.246 13824 Bytes 11/23/2015 00:21:21 XBV00102.VDF : 8.12.31.8 6144 Bytes 11/23/2015 00:21:21 XBV00103.VDF : 8.12.31.26 5120 Bytes 11/23/2015 00:21:21 XBV00104.VDF : 8.12.31.44 16384 Bytes 11/23/2015 00:21:21 XBV00105.VDF : 8.12.31.62 4096 Bytes 11/23/2015 00:21:21 XBV00106.VDF : 8.12.31.80 10752 Bytes 11/23/2015 00:21:21 XBV00107.VDF : 8.12.31.82 2048 Bytes 11/23/2015 00:21:21 XBV00108.VDF : 8.12.31.84 4608 Bytes 11/23/2015 00:21:21 XBV00109.VDF : 8.12.31.86 8192 Bytes 11/23/2015 00:21:21 XBV00110.VDF : 8.12.31.90 26624 Bytes 11/24/2015 00:21:21 XBV00111.VDF : 8.12.31.92 3072 Bytes 11/24/2015 00:21:21 XBV00112.VDF : 8.12.31.94 2048 Bytes 11/24/2015 00:21:22 XBV00113.VDF : 8.12.31.96 14336 Bytes 11/24/2015 00:21:22 XBV00114.VDF : 8.12.31.98 9216 Bytes 11/24/2015 00:21:22 XBV00115.VDF : 8.12.31.100 6656 Bytes 11/24/2015 00:21:22 XBV00116.VDF : 8.12.31.102 7168 Bytes 11/24/2015 00:21:22 XBV00117.VDF : 8.12.31.104 3072 Bytes 11/24/2015 00:21:22 XBV00118.VDF : 8.12.31.106 8704 Bytes 11/24/2015 00:21:22 XBV00119.VDF : 8.12.31.108 2048 Bytes 11/24/2015 00:21:22 XBV00120.VDF : 8.12.31.110 9728 Bytes 11/24/2015 00:21:22 XBV00121.VDF : 8.12.31.128 10752 Bytes 11/24/2015 00:21:22 XBV00122.VDF : 8.12.31.130 21504 Bytes 11/24/2015 00:21:22 XBV00123.VDF : 8.12.31.132 9216 Bytes 11/24/2015 00:21:22 XBV00124.VDF : 8.12.31.134 15872 Bytes 11/24/2015 00:21:22 LOCAL000.VDF : 8.12.31.134 145726464 Bytes 11/24/2015 00:22:03 Engine version : 8.3.34.80 AEBB.DLL : 8.1.3.0 59296 Bytes 11/25/2015 00:21:15 AECORE.DLL : 8.3.9.0 249920 Bytes 11/25/2015 00:21:16 AEDROID.DLL : 8.4.3.348 1800104 Bytes 11/25/2015 00:21:17 AEEMU.DLL : 8.1.3.6 404328 Bytes 11/25/2015 00:21:16 AEEXP.DLL : 8.4.2.134 277360 Bytes 11/25/2015 00:21:17 AEGEN.DLL : 8.1.8.6 481184 Bytes 11/25/2015 00:21:16 AEHELP.DLL : 8.3.2.6 284584 Bytes 11/25/2015 00:21:16 AEHEUR.DLL : 8.1.4.2050 9894768 Bytes 11/25/2015 00:21:16 AEMOBILE.DLL : 8.1.8.8 300968 Bytes 11/25/2015 00:21:17 AEOFFICE.DLL : 8.3.1.56 408432 Bytes 10/28/2015 23:21:48 AEPACK.DLL : 8.4.1.18 802880 Bytes 10/28/2015 23:21:48 AERDL.DLL : 8.2.1.38 813928 Bytes 11/25/2015 00:21:17 AESBX.DLL : 8.2.21.2 1629032 Bytes 11/25/2015 00:21:17 AESCN.DLL : 8.3.4.0 141216 Bytes 11/25/2015 00:21:17 AESCRIPT.DLL : 8.3.0.4 542632 Bytes 11/25/2015 00:21:17 AEVDF.DLL : 8.3.2.4 141216 Bytes 11/25/2015 00:21:17 AVWINLL.DLL : 15.0.14.233 29600 Bytes 10/28/2015 23:21:49 AVPREF.DLL : 15.0.14.233 55864 Bytes 10/28/2015 23:21:49 AVREP.DLL : 15.0.14.233 225320 Bytes 10/28/2015 23:21:49 AVARKT.DLL : 15.0.14.233 231032 Bytes 10/28/2015 23:21:48 AVEVTLOG.DLL : 15.0.14.258 200632 Bytes 10/28/2015 23:21:48 SQLITE3.DLL : 15.0.14.233 460704 Bytes 10/28/2015 23:21:53 AVSMTP.DLL : 15.0.14.233 82120 Bytes 10/28/2015 23:21:49 NETNT.DLL : 15.0.14.233 18792 Bytes 10/28/2015 23:21:53 CommonImageRc.dll: 15.0.14.233 4309752 Bytes 10/28/2015 23:21:53 CommonTextRc.dll: 15.0.14.237 68792 Bytes 10/28/2015 23:21:53 Configuration settings for the scan: Jobname.............................: Local Hard Disks Configuration file..................: C:\Program Files (x86)\Avira\Antivirus\alldiscs.avp Reporting...........................: default Primary action......................: Interactive Secondary action....................: Ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Q:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: Intelligent file selection Scan archives.......................: on Limit recursion depth...............: 20 Smart extensions....................: on Macrovirus heuristic................: on File heuristic......................: extended Start of the scan: Tuesday, November 24, 2015 19:24 Start scanning boot sectors: Boot sector 'HDD0(C:, D:, Q:)' [INFO] No virus was found! The scan of running processes will be started: Scan process 'svchost.exe' - '52' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'atiesrxx.exe' - '26' Module(s) have been scanned Scan process 'svchost.exe' - '92' Module(s) have been scanned Scan process 'svchost.exe' - '129' Module(s) have been scanned Scan process 'svchost.exe' - '92' Module(s) have been scanned Scan process 'svchost.exe' - '171' Module(s) have been scanned Scan process 'atieclxx.exe' - '35' Module(s) have been scanned Scan process 'svchost.exe' - '87' Module(s) have been scanned Scan process 'spoolsv.exe' - '85' Module(s) have been scanned Scan process 'svchost.exe' - '61' Module(s) have been scanned Scan process 'armsvc.exe' - '29' Module(s) have been scanned Scan process 'svchost.exe' - '57' Module(s) have been scanned Scan process 'HPClientServices.exe' - '43' Module(s) have been scanned Scan process 'HPDrvMntSvc.exe' - '23' Module(s) have been scanned Scan process 'LSSrvc.exe' - '29' Module(s) have been scanned Scan process 'medcinserv.exe' - '27' Module(s) have been scanned Scan process 'ccSvcHst.exe' - '149' Module(s) have been scanned Scan process 'NOBuAgent.exe' - '30' Module(s) have been scanned Scan process 'RNowSvc.exe' - '36' Module(s) have been scanned Scan process 'sftvsa.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'TeamViewer_Service.exe' - '99' Module(s) have been scanned Scan process 'WLIDSVC.EXE' - '75' Module(s) have been scanned Scan process 'sftlist.exe' - '79' Module(s) have been scanned Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned Scan process 'wmiprvse.exe' - '56' Module(s) have been scanned Scan process 'CVHSVC.EXE' - '71' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '60' Module(s) have been scanned Scan process 'alg.exe' - '26' Module(s) have been scanned Scan process 'svchost.exe' - '37' Module(s) have been scanned Scan process 'svchost.exe' - '61' Module(s) have been scanned Scan process 'WUDFHost.exe' - '34' Module(s) have been scanned Scan process 'hphc_service.exe' - '48' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '120' Module(s) have been scanned Scan process 'TrustedInstaller.exe' - '49' Module(s) have been scanned Scan process 'TeamViewer_Desktop.exe' - '71' Module(s) have been scanned Scan process 'taskhost.exe' - '59' Module(s) have been scanned Scan process 'ccSvcHst.exe' - '99' Module(s) have been scanned Scan process 'TeamViewer.exe' - '118' Module(s) have been scanned Scan process 'Dwm.exe' - '35' Module(s) have been scanned Scan process 'Explorer.EXE' - '171' Module(s) have been scanned Scan process 'tv_w32.exe' - '37' Module(s) have been scanned Scan process 'tv_x64.exe' - '31' Module(s) have been scanned Scan process 'svchost.exe' - '59' Module(s) have been scanned Scan process 'GWX.exe' - '40' Module(s) have been scanned Scan process 'DllHost.exe' - '45' Module(s) have been scanned Scan process 'msiexec.exe' - '56' Module(s) have been scanned Scan process 'Avira.ServiceHost.exe' - '136' Module(s) have been scanned Scan process 'Avira.Systray.exe' - '181' Module(s) have been scanned Scan process 'avguard.exe' - '127' Module(s) have been scanned Scan process 'avshadow.exe' - '21' Module(s) have been scanned Scan process 'sched.exe' - '85' Module(s) have been scanned Scan process 'avgnt.exe' - '114' Module(s) have been scanned Scan process 'UI0Detect.exe' - '28' Module(s) have been scanned Scan process 'avcenter.exe' - '157' Module(s) have been scanned Scan process 'ipmGui.exe' - '141' Module(s) have been scanned Scan process 'svchost.exe' - '28' Module(s) have been scanned Scan process 'avscan.exe' - '88' Module(s) have been scanned Scan process 'avscan.exe' - '117' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Scan process 'csrss.exe' - '18' Module(s) have been scanned Scan process 'wininit.exe' - '26' Module(s) have been scanned Scan process 'csrss.exe' - '18' Module(s) have been scanned Scan process 'services.exe' - '33' Module(s) have been scanned Scan process 'winlogon.exe' - '31' Module(s) have been scanned Scan process 'lsass.exe' - '68' Module(s) have been scanned Scan process 'lsm.exe' - '16' Module(s) have been scanned Starting to scan executable files (registry): The registry was scanned ( '2017' files ). Starting the file scan: Begin scan in 'C:\' <OS> C:\Program Files (x86)\ClearThink\epaphgdmipnghjhhebklgdchejelobkg.crx [0] Archive type: CRX --> content.js [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.RA [WARNING] Infected files in archives cannot be repaired C:\Program Files (x86)\ClearThink\bin\c5e48979bd7f4cf79b73.dll [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.A.1099 C:\Program Files (x86)\ClearThink\bin\ClearThink.BrowserAdapter.exe [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.Gen C:\Program Files (x86)\ClearThink\bin\ClearThink.BrowserFilter.Helper.dll.old.3e210b2f-b633-4691-8b49-2a3114475e5b [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.Gen C:\Program Files (x86)\ClearThink\bin\ClearThinkBrowserFilter.exe [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.Gen7 C:\Program Files (x86)\ClearThink\bin\tmp9897.tmp [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.Gen7 C:\Users\Guest\AppData\Local\Temp\+QZDF9l8.exe.part [DETECTION] Contains patterns of software PUA/iLivid.Gen C:\Users\Guest\AppData\Local\Temp\RioGYuVU.exe.part [DETECTION] Contains patterns of software PUA/DownloadAdmin.Gen C:\Users\Guest\AppData\Local\Temp\yZHJb4Aq.exe.part [DETECTION] Contains patterns of software PUA/DownloadAdmin.Gen C:\Users\Kassab\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx [0] Archive type: CRX --> manifest.json [DETECTION] Contains patterns of software PUA/SearchBar.33 [WARNING] Infected files in archives cannot be repaired C:\Users\Kassab\AppData\Local\Temp\acro_rd_dir\7D41.tmp [0] Archive type: NSIS --> ProgramFilesDir/[UnknownDir] [DETECTION] Is the TR/Crypt.Xpack.163508 Trojan [WARNING] Infected files in archives cannot be repaired C:\Users\Kassab\AppData\Local\Temp\scoped_dir_15512_11758\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx [0] Archive type: CRX --> manifest.json [DETECTION] Contains patterns of software PUA/SearchBar.33 [WARNING] Infected files in archives cannot be repaired C:\Users\Kassab\Desktop\Bans Books\true_lbc_lebanon.zip [0] Archive type: ZIP --> true_lbc_lebanon.exe [DETECTION] Is the TR/Vundo.Gen2 Trojan [WARNING] Infected files in archives cannot be repaired C:\Users\Kassab\Downloads\IE7ProSetup_2.5.1.exe [0] Archive type: NSIS --> ProgramFilesDir/ProgSenseSetup.exe [1] Archive type: Inno Setup --> {app}\OpenCandy\OCSetupHlp.dll [DETECTION] Contains patterns of software PUA/OpenCandy.Gen [WARNING] Infected files in archives cannot be repaired Begin scan in 'D:\' <HP_RECOVERY> Begin scan in 'Q:\' Search path Q:\ could not be opened! System error [5]: Access is denied. Beginning disinfection: C:\Users\Kassab\Downloads\IE7ProSetup_2.5.1.exe [DETECTION] Contains patterns of software PUA/OpenCandy.Gen [NOTE] The file was moved to the quarantine directory under the name '5a3cdf02.qua'! C:\Users\Kassab\Desktop\Bans Books\true_lbc_lebanon.zip [DETECTION] Is the TR/Vundo.Gen2 Trojan [NOTE] The file was moved to the quarantine directory under the name '52959830.qua'! C:\Users\Kassab\AppData\Local\Temp\scoped_dir_15512_11758\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx [DETECTION] Contains patterns of software PUA/SearchBar.33 [WARNING] The file could not be copied to quarantine! [WARNING] Error in ARK library [NOTE] The file is scheduled for deleting after reboot. [NOTE] It is recommended to restart your computer in order to finish the repair. C:\Users\Kassab\AppData\Local\Temp\acro_rd_dir\7D41.tmp [DETECTION] Is the TR/Crypt.Xpack.163508 Trojan [NOTE] The file was moved to the quarantine directory under the name '741bc603.qua'! C:\Users\Kassab\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx [DETECTION] Contains patterns of software PUA/SearchBar.33 [NOTE] The file was moved to the quarantine directory under the name '4205baff.qua'! C:\Users\Guest\AppData\Local\Temp\yZHJb4Aq.exe.part [DETECTION] Contains patterns of software PUA/DownloadAdmin.Gen [NOTE] The file was moved to the quarantine directory under the name '44eabca3.qua'! C:\Users\Guest\AppData\Local\Temp\RioGYuVU.exe.part [DETECTION] Contains patterns of software PUA/DownloadAdmin.Gen [NOTE] The file was moved to the quarantine directory under the name '630dba72.qua'! C:\Users\Guest\AppData\Local\Temp\+QZDF9l8.exe.part [DETECTION] Contains patterns of software PUA/iLivid.Gen [NOTE] The file was moved to the quarantine directory under the name '059da794.qua'! C:\Program Files (x86)\ClearThink\bin\tmp9897.tmp [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.Gen7 [WARNING] The file could not be copied to quarantine! [WARNING] Error in ARK library [NOTE] The file is scheduled for deleting after reboot. [NOTE] It is recommended to restart your computer in order to finish the repair. C:\Program Files (x86)\ClearThink\bin\ClearThinkBrowserFilter.exe [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.Gen7 [WARNING] The file could not be copied to quarantine! [WARNING] Error in ARK library [NOTE] The file is scheduled for deleting after reboot. [NOTE] It is recommended to restart your computer in order to finish the repair. C:\Program Files (x86)\ClearThink\bin\ClearThink.BrowserFilter.Helper.dll.old.3e210b2f-b633-4691-8b49-2a3114475e5b [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.Gen [WARNING] The file could not be copied to quarantine! [WARNING] Error in ARK library [NOTE] The file is scheduled for deleting after reboot. [NOTE] It is recommended to restart your computer in order to finish the repair. C:\Program Files (x86)\ClearThink\bin\ClearThink.BrowserAdapter.exe [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.Gen [WARNING] The file could not be copied to quarantine! [WARNING] Error in ARK library [NOTE] The file is scheduled for deleting after reboot. [NOTE] It is recommended to restart your computer in order to finish the repair. C:\Program Files (x86)\ClearThink\bin\c5e48979bd7f4cf79b73.dll [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.A.1099 [WARNING] The file could not be copied to quarantine! [WARNING] Error in ARK library [NOTE] The file is scheduled for deleting after reboot. [NOTE] It is recommended to restart your computer in order to finish the repair. C:\Program Files (x86)\ClearThink\epaphgdmipnghjhhebklgdchejelobkg.crx [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.RA [WARNING] The file could not be copied to quarantine! [WARNING] Error in ARK library [NOTE] The file is scheduled for deleting after reboot. [NOTE] It is recommended to restart your computer in order to finish the repair.