Timmy Posted January 7, 2014 Share Posted January 7, 2014 I don't know what happened to my computer, I am new to the community here. I can't open Internet Explorer anymore, only my Chrome. Every time I try and open it, it comes up blank and closes immediately, Next, I try and open my pdf files and I get the message of Bad image error, as a matter of face I get the bad image error soon as I boot up my computer too and with everything I try and open. I get it popping up 3 times in a row. I have tried removing Adobe so that I can re install it , now it won;t let me do that. I can';t fully update my computer due to this error codes that keeps coming up. I did a quick scan with Malwarebytes' Anti-Malware here is the log after the scan. Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.07.01 Windows 7 Service Pack 1 x86 NTFS Protection: Disabled 1/6/2014 8:57:51 PM mbam-log-2014-01-06 (20-57-51).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 243251 Time elapsed: 18 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 3 C:Program FilesMovies ToolbarSafetyNutsafetynut.dll (PUP.Optional.SafetyNut.A) -> Delete on reboot. C:Program FilesMovies ToolbarSafetyNutsafetycrt.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot. C:Program FilesMovies ToolbarSafetyNutsafetyldr.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot. Registry Keys Detected: 18 HKCRCLSID{3444c3c5-6c56-4a16-a453-832b05bf6ea4} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3444C3C5-6C56-4A16-A453-832B05BF6EA4} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{3444C3C5-6C56-4A16-A453-832B05BF6EA4} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{3444C3C5-6C56-4A16-A453-832B05BF6EA4} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{3444C3C5-6C56-4A16-A453-832B05BF6EA4} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. HKLMSOFTWARE{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully. HKCUSoftwareAppDataLowSoftwareCrossrider (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. HKLMSOFTWAREClassesMoviesToolbarHelper.DNSGuard (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. HKLMSOFTWAREClassesMoviesToolbarHelper.DNSGuard.1 (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. HKLMSOFTWAREDATAMNGR (PUP.Optional.MoviesToolbar.A) -> Quarantined and deleted successfully. HKLMSOFTWARESAFETYNUT (PUP.Optional.SafetyNut.A) -> Quarantined and deleted successfully. HKCRCLSID{338a754c-b46e-4bf2-8ac8-23de36862ad3} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{338A754C-B46E-4BF2-8AC8-23DE36862AD3} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. HKCRTypeLib{934BEE21-C5A4-457E-B130-77CA098FBBD3} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. HKCRInterface{6014D692-4409-4EDD-ABB2-36CA26DC2A2E} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallsomotomoviestoolbar1FF (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallsomotomoviestoolbar1CR (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallsomotomoviestoolbar1IE (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. Registry Values Detected: 4 HKLMSOFTWAREMicrosoftInternet ExplorerToolbar|{3444C3C5-6C56-4A16-A453-832B05BF6EA4} (PUP.Optional.MoviesToolBar.A) -> Data: Movies Toolbar (Dist. by Somoto Ltd.) -> Quarantined and deleted successfully. HKLMSOFTWAREMicrosoftInternet ExplorerToolbar{3444c3c5-6c56-4a16-a453-832b05bf6ea4} (PUP.Optional.MoviesToolBar.A) -> Data: -> Quarantined and deleted successfully. HKLMSOFTWAREDatamngr|uninstallstring (PUP.Optional.MoviesToolbar.A) -> Data: C:Program FilesMovies ToolbarSafetyNutuninstall.exe -> Quarantined and deleted successfully. HKLMSOFTWARESafetyNut|browser (PUP.Optional.SafetyNut.A) -> Data: ie ff cr -> Quarantined and deleted successfully. Registry Data Items Detected: 1 HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows|AppInit_DLLs (PUP.Optional.MoviesToolBar.A) -> Bad: (C:PROGRA~1MOVIES~1SAFETY~1SAFETY~2.DLL) Good: () -> Quarantined and repaired successfully. Folders Detected: 20 C:UsersdieasAppDataLocalFilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNut (PUP.Optional.MoviesToolBar.A) -> Delete on reboot. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1 (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1FF (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1GC (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IE (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchrome (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromecontent (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromecontentlib (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromecontentmodules (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromelocale (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromelocalelib (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromelocaletoolbar (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskin (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlib (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanels (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsdefault (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsdefaultscripts (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsjs (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEcomponents (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. Files Detected: 50 C:Program FilesMovies ToolbarSafetyNutsafetynut.dll (PUP.Optional.SafetyNut.A) -> Delete on reboot. C:UsersdieasDownloadsuplayermediaplayer-setup.exe (PUP.Optional.FullSpectrumAdmin) -> Quarantined and deleted successfully. C:UsersdieasAppDataLocalGCClicker.exe (Trojan.Clicker) -> Delete on reboot. C:ProgramDataWincertwin32prop.dll (PUP.Optional.Datamngr.A) -> Quarantined and deleted successfully. C:ProgramDataWincertwin64prop.dll (PUP.Optional.Datamngr.A) -> Quarantined and deleted successfully. C:UsersdieasAppDataLocalFilesFrog Update Checkerupdate_checker.exe (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutdel_DM_DLL_nseB1ED.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutdel_DM_LL_nsc7A57.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutdel_DM_LL_nseB1ED.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutdel_DM_LL_nss2507.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutdel_mg_nsb52BC.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutdel_mg_nseB1ED.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutHelper.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutInternet Explorer Settings.exe (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutsafetycrt.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot. C:Program FilesMovies ToolbarSafetyNutsafetyldr.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot. C:Program FilesMovies ToolbarSafetyNutsafetyldr_u.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutsafetynut.exe (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutsafetynut_ie.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutUninstall.exe (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1FFinstall.ico (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1FFuninstall.exe (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1GCinstall.ico (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1GCuninstall.exe (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEdtUser.exe (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEinstall.ico (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEuninstall.exe (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IE__searchresultsDx.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IE__searchresultstb.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromecontentcustom.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromecontentvmncode.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromecontentlibcustom.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromecontentlibexternal.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromecontentmodulesnsDragAndDrop.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromelocalelocale.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromelocaleliben.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromelocaletoolbarde.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromelocaletoolbaren.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromelocaletoolbares.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromelocaletoolbarfr.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromelocaletoolbarit.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsgameData.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsdefaultscriptsdefscript.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsjsdefault.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsjsjquery.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsjsjquery.tinyscrollbar.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsjsjquery.tinyscrollbar.min.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsjsjquery.uniform.min.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsjsjquery.url.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEcomponentswindowmediator.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully. (end) Link to comment Share on other sites More sharing options...
Juliet Posted January 7, 2014 Share Posted January 7, 2014 let's see if we can find out whats going on.  If you can download these tools and run them in normal mode great, if not try to boot into safe mode and run from there.  -AdwCleaner-by Xplode  Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.  Do not click on any links in the top Advertisment.   Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click on Scan. After the scan is complete click on "Clean" Confirm each time with Ok. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile with your next answer. You can find the logfile at C:AdwCleaner[s1].txt as well. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  -Junkware-Removal-Tool-  Please download Junkware Removal Tool to your desktop.  Vista / 7 / 8 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. When they are complete let me have the two reports and let me know how things are running. Link to comment Share on other sites More sharing options...
Juliet Posted January 11, 2014 Share Posted January 11, 2014 still with me? Link to comment Share on other sites More sharing options...
Timmy Posted January 12, 2014 Author Share Posted January 12, 2014 (edited) still with me? Yes sorry couldn't get my computer working i'll do it right now. Â Well i've noticed that the bad image error went away after I restarted but I still experience the blue screen error. Â # AdwCleaner v3.017 - Report created 12/01/2014 at 14:15:59 # Updated 12/01/2014 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (32 bits) # Username : dieas - DIEAS-PC # Running from : C:UsersdieasDownloadsadwcleaner (1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:ProgramDataapn Folder Deleted : C:ProgramDataAsk Folder Deleted : C:ProgramDataBabylon [#] Folder Deleted : C:ProgramDataBitGuard Folder Deleted : C:ProgramDataboost_interprocess [#] Folder Deleted : C:ProgramDataBrowser Manager [#] Folder Deleted : C:ProgramDataBrowserProtect Folder Deleted : C:ProgramDataeSafe Folder Deleted : C:ProgramDataNCH Software Folder Deleted : C:ProgramDataParetoLogic Folder Deleted : C:ProgramDataStarApp Folder Deleted : C:ProgramDataVisualBee Folder Deleted : C:ProgramDatawincert Folder Deleted : C:ProgramDatasafe saaVE Folder Deleted : C:ProgramDataMicrosoftWindowsStart MenuProgramsotshot Folder Deleted : C:Program FilesDealPly Folder Deleted : C:Program FilesMovies Toolbar Folder Deleted : C:Program FilesMyPC Backup Folder Deleted : C:Program FilesNCH Software Folder Deleted : C:Program FilesParetoLogic Folder Deleted : C:Program FilesCommon FilesParetoLogic Folder Deleted : C:Windowssystem32hotspot shield Folder Deleted : C:UsersdieasAppDataLocalapn Folder Deleted : C:UsersdieasAppDataLocalBundled software uninstaller Folder Deleted : C:UsersdieasAppDataLocaleSupport.com Folder Deleted : C:UsersdieasAppDataLocalsavings explorer Folder Deleted : C:UsersdieasAppDataLocalsomotomoviestoolbar1 Folder Deleted : C:UsersdieasAppDataLocalSwvUpdater Folder Deleted : C:UsersdieasAppDataLocalwebplayer Folder Deleted : C:UsersdieasAppDataLocalLowsomotomoviestoolbar1 Folder Deleted : C:UsersdieasAppDataLocalLowsafe saaVE Folder Deleted : C:UsersdieasAppDataRoamingCheckPointZoneAlarm LTD Toolbar Folder Deleted : C:UsersdieasAppDataRoamingDriverCure Folder Deleted : C:UsersdieasAppDataRoamingiPumper Folder Deleted : C:UsersdieasAppDataRoamingNCH Software Folder Deleted : C:UsersdieasAppDataRoamingParetoLogic Folder Deleted : C:UsersdieasAppDataRoamingMicrosoftWindowsStart MenuProgramsFirstRowSportApp.com Folder Deleted : C:UsersdieasAppDataRoamingMicrosoftWindowsStart MenuProgramsFTDownloader.com Folder Deleted : C:UsersdieasAppDataRoamingMicrosoftWindowsStart MenuProgramsParetoLogic Folder Deleted : C:UsersdieasAppDataRoamingMicrosoftWindowsStart MenuProgramsTornTV.com Folder Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultSmartbar Folder Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultsomotomoviestoolbar1 Folder Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensions{3444c3c5-6c56-4a16-a453-832b05bf6ea4} Folder Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensions{635abd67-4fe9-1b23-4f01-e679fa7484c1} Folder Deleted : C:Program FilesMozilla FirefoxExtensionsffxtlbr@babylon.com Folder Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensionsqzlzg.vh@tucw.co.uk Folder Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiles0Extensionsstaged Folder Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensions51be189c8e15e@51be189c8e197.com Folder Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensionsdonottrack@checkpoint.com Folder Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensions{739df940-c5ee-4bab-9d7e-270894ae687a}.oldbackup Folder Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensions{9473F86A-8CD2-0C01-CF9E-946854F63D87} File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensionsfhdp@fhdp.tv.xpi File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensionsgophoto@gophoto.it.xpi File Deleted : C:END File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultinvalidprefs.js File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultsearchpluginsAsk.xml File Deleted : C:Program FilesMozilla FirefoxsearchpluginsAsk.xml File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultsearchpluginsAskcom.xml File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultsearchpluginsBabylon.xml File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultsearchpluginsConduit.xml File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultsearchpluginsdelta.xml File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultsearchpluginszonealarm.xml File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiles0user.js File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultuser.js File Deleted : C:WindowsTasksDealply.job File Deleted : C:WindowsSystem32TasksDealply File Deleted : C:WindowsSystem32TasksEscolade File Deleted : C:WindowsSystem32TasksFunmoods File Deleted : C:WindowsSystem32TasksNCH Software File Deleted : C:WindowsTasksparetologic registration3.job File Deleted : C:WindowsSystem32Tasksparetologic registration3 File Deleted : C:WindowsTasksparetologic update version3.job File Deleted : C:WindowsSystem32Tasksparetologic update version3 ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLMSOFTWAREMozillaFirefoxExtensions [ocr@babylon.com] Key Deleted : HKLMSOFTWAREGoogleChromeExtensionsaaaaimdcedbpbcjjbbnfcbbjcngmomic Key Deleted : HKLMSOFTWAREGoogleChromeExtensionsbbffdhejhaoiflnpooogkckfdcmmjppn Key Deleted : HKLMSOFTWAREGoogleChromeExtensionsjbpkiefagocgkmemidfngdkamloieekf Key Deleted : HKLMSOFTWAREGoogleChromeExtensionskkfggacklibaabdomphfdpcodjgihgon [#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{003CF83C-2AED-4EFF-AC42-4D7A276FA265} [#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{003CF83C-2AED-4EFF-AC42-4D7A276FA265} [#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{EFDBD748-5519-47D6-9261-691DEF737E36} [#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{EFDBD748-5519-47D6-9261-691DEF737E36} [#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{E1D9D73C-17D0-442F-940E-186AE1DAC58D} [#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{E1D9D73C-17D0-442F-940E-186AE1DAC58D} [#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{67CB0A54-4222-46E2-BF99-58AB8280C8AF} [#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{C3DF4D35-7A1E-4698-BA19-722F271741C1} [#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{C3DF4D35-7A1E-4698-BA19-722F271741C1} [#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{604B2427-0751-4483-9B43-ACEA6132C4D7} [#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{604B2427-0751-4483-9B43-ACEA6132C4D7} [#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{ED7C304F-DEDD-4234-BE87-6020C9C644E8} [#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{A47CBE68-9BCF-4B5A-9B90-F5142D5CC420} Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerLowRegistryDOMStoragebabylon.com Key Deleted : HKLMSOFTWAREClasses*shellfilescout Key Deleted : HKLMSOFTWAREClassesBabyDict Key Deleted : HKLMSOFTWAREClassesBabyGloss Key Deleted : HKLMSOFTWAREClassesBabyOptFile Key Deleted : HKLMSOFTWAREClassesFTDownloader Key Deleted : HKLMSOFTWAREClassesProd.cap Key Deleted : HKLMSOFTWAREMicrosoftTracingapnstub_RASAPI32 Key Deleted : HKLMSOFTWAREMicrosoftTracingapnstub_RASMANCS Key Deleted : HKLMSOFTWAREMicrosoftTracingau__rasapi32 Key Deleted : HKLMSOFTWAREMicrosoftTracingau__rasmancs Key Deleted : HKLMSOFTWAREMicrosoftTracingBabylon_RASAPI32 Key Deleted : HKLMSOFTWAREMicrosoftTracingBabylon_RASMANCS Key Deleted : HKLMSOFTWAREMicrosoftTracingConduitInstaller_RASAPI32 Key Deleted : HKLMSOFTWAREMicrosoftTracingConduitInstaller_RASMANCS Key Deleted : HKLMSOFTWAREMicrosoftTracingFunmoodsSetup_RASAPI32 Key Deleted : HKLMSOFTWAREMicrosoftTracingFunmoodsSetup_RASMANCS Key Deleted : HKLMSOFTWAREMicrosoftTracingTaskScheduler_RASAPI32 Key Deleted : HKLMSOFTWAREMicrosoftTracingTaskScheduler_RASMANCS Key Deleted : HKLMSOFTWAREMicrosoftTracingUpdateTask_RASAPI32 Key Deleted : HKLMSOFTWAREMicrosoftTracingUpdateTask_RASMANCS Key Deleted : HKLMSOFTWAREMicrosoftTracingwajam_install_rasapi32 Key Deleted : HKLMSOFTWAREMicrosoftTracingwajam_install_rasmancs Key Deleted : HKLMSOFTWAREMicrosoftTracingwajamupdater_rasapi32 Key Deleted : HKLMSOFTWAREMicrosoftTracingwajamupdater_rasmancs Key Deleted : HKLMSOFTWAREMicrosoftTracingWebCakeDesktop_RASAPI32 Key Deleted : HKLMSOFTWAREMicrosoftTracingWebCakeDesktop_RASMANCS Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbitguard.exe Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbprotect.exe Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowsemngr.exe Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserdefender.exe Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowsermngr.exe Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserprotect.exe Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbundlesweetimsetup.exe Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionscltmngsvc.exe Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdealplylive.exe Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdelta babylon.exe Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdelta tb.exe Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdelta2.exe Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdeltainstaller.exe Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdeltasetup.exe Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdeltatb.exe Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdeltatb_2501-c733154b.exe Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsiminentsetup.exe Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssweetimsetup.exe Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstbdelta.exetoolbar783881609.exe Key Deleted : HKLMSOFTWAREMozillaPlugins@checkpoint.com/FFApi Value Deleted : HKLMSYSTEMControlSet001ControlSession ManagerAppCertDlls [x64] Value Deleted : HKLMSYSTEMControlSet001ControlSession ManagerAppCertDlls [x86] Value Deleted : HKLMSYSTEMControlSet002ControlSession ManagerAppCertDlls [x64] Value Deleted : HKLMSYSTEMControlSet002ControlSession ManagerAppCertDlls [x86] Key Deleted : HKCUSoftware5b55dcd0b23ee446 Key Deleted : HKLMSOFTWARE5b55dcd0b23ee446 Key Deleted : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_for_war-rock_RASAPI32 Key Deleted : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_for_war-rock_RASMANCS Key Deleted : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_for_windows-xp-service-pack_RASAPI32 Key Deleted : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_for_windows-xp-service-pack_RASMANCS Key Deleted : HKLMSOFTWAREClassesAppID{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLMSOFTWAREClassesAppID{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLMSOFTWAREClassesAppID{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLMSOFTWAREClassesCLSID{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKLMSOFTWAREClassesCLSID{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLMSOFTWAREClassesCLSID{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Deleted : HKLMSOFTWAREClassesCLSID{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Deleted : HKLMSOFTWAREClassesCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLMSOFTWAREClassesCLSID{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLMSOFTWAREClassesCLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLMSOFTWAREClassesCLSID{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLMSOFTWAREClassesCLSID{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} Key Deleted : HKLMSOFTWAREClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLMSOFTWAREClassesInterface{0BF91075-F457-4A8B-99EF-140B52D2F22A} Key Deleted : HKLMSOFTWAREClassesInterface{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : HKLMSOFTWAREClassesInterface{37425600-CB21-49A0-8659-476FBAB0F8E8} Key Deleted : HKLMSOFTWAREClassesInterface{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7} Key Deleted : HKLMSOFTWAREClassesInterface{5C9A230D-70A5-11D5-AFB0-0050DAC67890} Key Deleted : HKLMSOFTWAREClassesInterface{75BF416E-4326-45B5-8A2D-AE32D05B930B} Key Deleted : HKLMSOFTWAREClassesInterface{8911483C-C00A-4183-9FBC-6C9C00946C15} Key Deleted : HKLMSOFTWAREClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLMSOFTWAREClassesInterface{C3F058A9-407D-4CD1-8F66-B75605B54B69} Key Deleted : HKLMSOFTWAREClassesInterface{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Key Deleted : HKLMSOFTWAREClassesInterface{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2} Key Deleted : HKLMSOFTWAREClassesTypeLib{5C9A2304-70A5-11D5-AFB0-0050DAC67890} Key Deleted : HKLMSOFTWAREClassesTypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLMSOFTWAREClassesTypeLib{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Value Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Key Deleted : HKCUSoftwareanchorfree Key Deleted : HKCUSoftwareAPN DTX Key Deleted : HKCUSoftwareAPN PIP Key Deleted : HKCUSoftwareBabylon Key Deleted : HKCUSoftwareConduit Key Deleted : HKCUSoftwaredistromatic Key Deleted : HKCUSoftwareEscolade Key Deleted : HKCUSoftwarefilescout Key Deleted : HKCUSoftwareNCH Software Key Deleted : HKCUSoftwareParetoLogic Key Deleted : HKCUSoftwarepowerpack Key Deleted : HKCUSoftwareSafetyNut Key Deleted : HKCUSoftwareSoftonic Key Deleted : HKCUSoftwareSomoto Key Deleted : HKCUSoftwareWEDLMNGR Key Deleted : HKCUSoftwareAppDataLow{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKCUSoftwareAppDataLowSoftwareLyricsFinder Key Deleted : HKCUSoftwareAppDataLowSoftwarePriceGong Key Deleted : HKCUSoftwareAppDataLowSoftwareSmartBar Key Deleted : HKLMSoftware{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLMSoftware{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLMSoftwareBabylon Key Deleted : HKLMSoftwareConduit Key Deleted : HKLMSoftwareInstallCore Key Deleted : HKLMSoftwareInstallIQ Key Deleted : HKLMSoftwareNCH Software Key Deleted : HKLMSoftwareParetoLogic Key Deleted : HKLMSoftwarePIP Key Deleted : HKLMSoftwareSP Global Key Deleted : HKLMSoftwareSProtector Key Deleted : HKLMSoftwareTarma Installer Key Deleted : HKLMSoftwarevisualbee Key Deleted : HKLMSoftwareVittalia Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallbi_uninstaller Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallFilesFrog Update Checker Key Deleted : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components08121C32A9C319F4CB0C11FF059552A4 ***** [ Browsers ] ***** - Internet Explorer v10.0.9200.16750 Setting Restored : HKCUSoftwareMicrosoftInternet ExplorerMain [start Page] - Mozilla Firefox v19.0.2 (en-US) [ File : C:UsersdieasAppDataRoamingMozillaFirefoxProfiles0prefs.js ] [ File : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultprefs.js ] Line Deleted : user_pref("CT3287804.1000082.isPlayDisplay", "true"); Line Deleted : user_pref("CT3287804.1000082.state", "{"state":"stopped","text":"Californi...","description":"California Rock - Rock","url":"hxxp://www.feedlive.net/california.asx"}"); Line Deleted : user_pref("CT3287804.ENABALE_HISTORY", "{"dataType":"string","data":"true"}"); Line Deleted : user_pref("CT3287804.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{"dataType":"string","data":"true"}"); Line Deleted : user_pref("CT3287804.Facebook_Mode.enc", "Mg=="); Line Deleted : user_pref("CT3287804.Facebook_User_Locale.enc", "ZW4="); Line Deleted : user_pref("CT3287804.FirstTime", "true"); Line Deleted : user_pref("CT3287804.FirstTimeFF3", "true"); Line Deleted : user_pref("CT3287804.PG_ENABLE.enc", "dHJ1ZQ=="); Line Deleted : user_pref("CT3287804.SF_JUST_INSTALLED.enc", "RkFMU0U="); Line Deleted : user_pref("CT3287804.SF_STATUS.enc", "RU5BQkxFRA=="); Line Deleted : user_pref("CT3287804.SF_USER_ID.enc", "Y2lkXzk1MjAxMzE5NTMyMjI4MTYxMzk="); Line Deleted : user_pref("CT3287804.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287804&SearchSource=2&CUI=UN16075096603168327&UM=UM_ID&q="); Line Deleted : user_pref("CT3287804.UserID", "UN04006430234674429"); Line Deleted : user_pref("CT3287804.addressBarTakeOverEnabledInHidden", "true"); Line Deleted : user_pref("CT3287804.browser.search.defaultthis.engineName", true); Line Deleted : user_pref("CT3287804.defaultSearch", "true"); Line Deleted : user_pref("CT3287804.embeddedsData", "[{"appId":"130058504608371967","apiPermissions":{"crossDomainAjax":true,"getMainFrameTitle":true,"getMainFrameUrl":true,"getSearchTerm":true,"insta[...] Line Deleted : user_pref("CT3287804.enableAlerts", "always"); Line Deleted : user_pref("CT3287804.enableFix404ByUser", "TRUE"); Line Deleted : user_pref("CT3287804.enableSearchFromAddressBar", "true"); Line Deleted : user_pref("CT3287804.firstTimeDialogOpened", "true"); Line Deleted : user_pref("CT3287804.fixPageNotFoundError", "true"); Line Deleted : user_pref("CT3287804.fixPageNotFoundErrorByUser", "true"); Line Deleted : user_pref("CT3287804.fixPageNotFoundErrorInHidden", "true"); Line Deleted : user_pref("CT3287804.fixUrls", true); Line Deleted : user_pref("CT3287804.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPWFsaWd[...] Line Deleted : user_pref("CT3287804.installId", "stub.exe"); Line Deleted : user_pref("CT3287804.installType", "conduitnsisintegration"); Line Deleted : user_pref("CT3287804.isCheckedStartAsHidden", true); Line Deleted : user_pref("CT3287804.isEnableAllDialogs", "{"dataType":"string","data":"true"}"); Line Deleted : user_pref("CT3287804.isFirstTimeToolbarLoading", "false"); Line Deleted : user_pref("CT3287804.isPerformedSmartBarTransition", "true"); Line Deleted : user_pref("CT3287804.isToolbarShrinked", "{"dataType":"string","data":"false"}"); Line Deleted : user_pref("CT3287804.keyword", true); Line Deleted : user_pref("CT3287804.lastNewTabSettings", "{"isEnabled":true,"newTabUrl":"hxxp://search.conduit.com/?ctid=CT3287804&octid=CT3287804&SearchSource=15&CUI=UN04006430234674429&SSPV=EB_SSPV&Lay=1&UM=U[...] Line Deleted : user_pref("CT3287804.lastVersion", "10.14.65.43"); Line Deleted : user_pref("CT3287804.mam_gk_appStateReportTime.enc", "MTM2ODE1NDM4MzM2NQ=="); Line Deleted : user_pref("CT3287804.mam_gk_appState_CouponBuddy.enc", "b24="); Line Deleted : user_pref("CT3287804.mam_gk_appState_Easytobook.enc", "b24="); Line Deleted : user_pref("CT3287804.mam_gk_appState_Easytobook_targeted.enc", "b24="); Line Deleted : user_pref("CT3287804.mam_gk_appState_PriceGong.enc", "b24="); Line Deleted : user_pref("CT3287804.mam_gk_appState_WindowShopper.enc", "b24="); Line Deleted : user_pref("CT3287804.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...] Line Deleted : user_pref("CT3287804.mam_gk_appsDefaultEnabled.enc", "bnVsbA=="); Line Deleted : user_pref("CT3287804.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGFyZ2V0ZWQiLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiIxM2RhYWE2YS02NzYwLTQ0NDAtOTJhMy1hYmEwNzliNzI4ZjAiLCJ[...] Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com"); Line Deleted : user_pref("browser.search.order.1", "Ask.com"); Line Deleted : user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=103&systemid=473&v=a9397-200&apn_dtid=BND473&apn_ptnrs=AG1&apn_uid=5191330570284252&o=APN10640&q="); Line Deleted : [...] Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com"); Line Deleted : user_pref("browser.search.order.1", "Ask.com"); Line Deleted : user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=103&systemid=473&v=a9397-200&apn_dtid=BND473&apn_ptnrs=AG1&apn_uid=5191330570284252&o=APN10640&q="); - Google Chrome v32.0.1700.72 [ File : C:UsersdieasAppDataLocalGoogleChromeUser DataDefaultpreferences ] Deleted : homepage ************************* AdwCleaner[R0].txt - [24310 octets] - [12/01/2014 14:15:13] AdwCleaner[s0].txt - [24408 octets] - [12/01/2014 14:15:59] ########## EOF - C:AdwCleanerAdwCleaner[s0].txt - [24469 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Windows 7 Ultimate x86 Ran by dieas on Sun 01/12/2014 at 14:23:00.12 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTyt.ytnavassistplugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTyt.ytnavassistplugin.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{37211D63-CCE9-4780-B182-96538CFC6FED} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{8B9C4F32-044E-491C-893E-362CB8A679D5} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{CF2BF214-9D1E-4803-9AEB-38552615FD40} Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats{1BB8B3AE-757D-443F-B3A4-0629E709B0D9} Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternetRegistryREGISTRYUSERS-1-5-21-2188790374-365846068-1736179643-1000Softwaresweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingbackupstack_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingbackupstack_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingetype_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingetype_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingetypesetup_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingetypesetup_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingetypeuninstall_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingetypeuninstall_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingetypeupdate_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingetypeupdate_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{11111111-1111-1111-1111-110211621176} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingmconduitinstaller_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingmconduitinstaller_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingpricepeep_02042013_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingpricepeep_02042013_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExtPreApproved{11111111-1111-1111-1111-110211621176} Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{08D6BFA9-1751-4E72-BF44-3AD519110A15} Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{12A81A22-CECF-4DFE-9963-387A79A0A73A} Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{52db1893-8a90-4192-aede-08e00b8f8473} Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{5FDC426C-5105-41AB-B682-9DC6056C5F4B} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearchScopes{52db1893-8a90-4192-aede-08e00b8f8473} ~~~ Files Successfully deleted: [File] C:WindowsSystem32TasksUpdater21058.exe ~~~ Folders Successfully deleted: [Folder] "C:Usersdieasappdatalocalcre" Successfully deleted: [Folder] "C:Usersdieasappdatalocalsolid savings" Successfully deleted: [Folder] "C:Usersdieasappdatalocallowbeemp3" Successfully deleted: [Folder] "C:Usersdieasappdatalocallowdatamngr" Successfully deleted: [Folder] "C:Program Filesfree youtube downloader" Successfully deleted: [Folder] "C:ProgramDataMicrosoftWindowsStart MenuProgramsbeemp3" Successfully deleted: [Folder] "C:Windowssystem32ai_recyclebin" ~~~ FireFox Successfully deleted the following from C:UsersdieasAppDataRoamingmozillafirefoxprofiless1rs6wdf.defaultprefs.js d3cuc29jaWFsZ3Jvd3RodGVjaG5vbG9naWVzLmNvbS9jb3Vwb25idWRkeV92MDAzL2luZGV4LnBocD9jdGlkPUVCVE9PTEJBUklEIiwib3B0aW9uc0RpYWxvZyI6eyJkaXNwbGF5TmFtZSI6IkNvdXBvbkJ1ZGR5IiwiYXBwRGVzYyI ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 01/12/2014 at 14:25:01.76 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Edited January 12, 2014 by Timmy Link to comment Share on other sites More sharing options...
Timmy Posted January 12, 2014 Author Share Posted January 12, 2014 First of all, i'd like to thank you for helping me out! So the Bad image error was not there when the computer restarted after the first scan but I did have the same problem occurring with the Blue screen error too and i'll let you know by tomorrow or Tuesday whether or not the problem has been fixed. Thanks a lot again! Link to comment Share on other sites More sharing options...
Juliet Posted January 13, 2014 Share Posted January 13, 2014 That was a lot of adware/malware removed from this machine. My gut instinct tells me theres more. experience the blue screen errorNext time it happens can you note down the error message? Let's do this:  Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com) There are 6 different versions. If one of them won't run then download and try to run the other one. Vista and Win7 users need to right click and choose Run as Admin You only need to get one of them to run, not all of them. rkill.exe rkill.com rkill.scr rkill.pif WiNlOgOn.exe uSeRiNiT.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`  Please download Farbar Recovery Scan Tool and save it to your Desktop.  (use correct version for your system.....Which system am I using?)   Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. Press Scan button. It will produce a log called FRST.txt in the same directory the tool is run from. Please copy and paste log back here. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. Link to comment Share on other sites More sharing options...
Timmy Posted January 13, 2014 Author Share Posted January 13, 2014 While I was scanning the Farbar recovery I crashed and it said Bad_Pool_Header but there was a file on the desktop for the scan heres the scan for Rkill and I couldn't find the Addition.txt I think that might have been because I got the blue screen error while scanning on Farbar. Rkill 2.6.5 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 01/12/2014 05:35:41 PM in x86 mode. Windows Version: Windows 7 Ultimate Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:Windowssystem32UTSCSI.EXE (PID: 636) [WD-HEUR] 1 proccess terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 01/12/2014 05:36:30 PM Execution time: 0 hours(s), 0 minute(s), and 49 seconds(s) ================================================== SCAN FOR Farbar Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2014 01 Ran by dieas (administrator) on DIEAS-PC on 12-01-2014 17:38:24 Running from C:UsersdieasDesktop Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AMD) C:WindowsSystem32atiesrxx.exe (AMD) C:WindowsSystem32atieclxx.exe (Advanced Micro Devices, Inc.) C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe (Apple Inc.) C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (Malwarebytes Corporation) C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe () C:WindowsSystem32PnkBstrA.exe (Cisco Consumer Products LLC) C:Program FilesCisco SystemsCisco Valet ConnectorCiscoAdapterSvc.exe (Skype Technologies S.A.) C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe (TeamViewer GmbH) C:Program FilesTeamViewerVersion8TeamViewer_Service.exe (Microsoft Corp.) C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE (Yahoo! Inc.) C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe (Microsoft Corp.) C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVCM.EXE (Oracle Corporation) C:Program FilesCommon FilesJavaJava Updatejusched.exe (Microsoft Corporation) C:Program FilesWindows Sidebarsidebar.exe () C:Program FilesPando NetworksMedia BoosterPMB.exe (Skype Technologies S.A.) C:Program FilesSkypePhoneSkype.exe (Microsoft Corporation) C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE (Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe (Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe (Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe (Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe (Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe (Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe ==================== Registry (Whitelisted) ================== HKLM...Run: [QuickTime Task] - C:Program FilesQuickTimeQTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM...Run: [startCCC] - C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.) HKLM...Run: [AMD AVT] - C:Program FilesAMD AVTbinkdbsync.exe [20992 2012-03-19] () HKLM...Run: [sunJavaUpdateSched] - C:Program FilesCommon FilesJavaJava Updatejusched.exe [254336 2013-07-02] (Oracle Corporation) HKCU...Run: [Pando Media Booster] - C:Program FilesPando NetworksMedia BoosterPMB.exe [4287536 2013-11-07] () HKCU...Run: [Facebook Update] - C:UsersdieasAppDataLocalFacebookUpdateFacebookUpdate.exe [138096 2013-12-10] (Facebook Inc.) HKCU...Run: [skype] - C:Program FilesSkypePhoneSkype.exe [18705664 2013-01-08] (Skype Technologies S.A.) HKCU...PoliciesExplorer: [NoStartBanner] 0x01 HKCU...PoliciesExplorer: [NoInstrumentation] 0x01 MountPoints2: {74d9f555-1d82-11e3-b94b-001bb9daca70} - J:AUTORUN.EXE MountPoints2: {b49d22a4-7c40-11e2-a5e5-001bb9daca70} - I:OriginInstaller.exe IFEOrjatydimofu.exe: [Debugger] tasklist.exe Startup: C:UsersdieasAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== ProxyServer: 127.0.0.1:834 HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 0xA0E7B45C7E09CE01 HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = en-us URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll (Yahoo! Inc.) SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {97D8FBB1-D540-4CB8-B501-64E76714EB05} URL = http://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=3c6fe3531d4245d4b02ba5881945b88b&tu=11JL0008G2B000s&sku=&tstsId=&ver=&&r=431 BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre7binssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll (Microsoft Corp.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre7binjp2ssv.dll (Oracle Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program FilesCommon FilesSkypeSkype4COM.dll (Skype Technologies) TcpipParameters: [DhcpNameServer] 192.168.1.254 75.153.176.9 FireFox: ======== FF ProfilePath: C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.default FF Plugin: @adobe.com/FlashPlayer - C:Windowssystem32MacromedFlashNPSWF32_11_9_900_170.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:Windowssystem32AdobeDirectornp32dsw_1205146.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:Program FilesiTunesMozilla Pluginsnpitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:Windowssystem32npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:Program FilesJavajre7binplugin2npjp2.dll (Oracle Corporation) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:Program FilesYahoo!SharednpYState.dll (Yahoo! Inc.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:Program FilesMicrosoft Silverlight5.1.20913.0npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:Program FilesWindows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF Plugin: @nexon.net/NxGame - C:ProgramDataNexonUSNGMnpNxGameUS.dll (Nexon) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:Program FilesPando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks) FF Plugin: @raidcall.en/RCplugin - C:UsersdieasAppDataRoamingraidcallpluginsnprcplugin.dll (Raidcall) FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin - C:Program FilesSkypeWebPluginnpSkypeWebPlugin.dll (Skype) FF Plugin: @tools.google.com/Google Update;version=3 - C:Program FilesGoogleUpdate1.3.22.3npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:Program FilesGoogleUpdate1.3.22.3npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:Program FilesAdobeReader 11.0ReaderAIRnppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:UsersdieasAppDataLocalFacebookVideoSkypenpFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:UsersdieasAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:Program FilesPando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks) FF Extension: FTdownloader V3.0 - C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensionsftdownloader3@ftdownloader.com.xpi [2013-04-11] FF Extension: Skype Click to Call - C:Program FilesMozilla Firefoxextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-24] FF Extension: No Name - C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2013-03-25] FF Extension: Skype Click to Call - C:Program FilesMozilla Firefoxbrowserextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-24] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR Plugin: (Shockwave Flash) - C:Program FilesGoogleChromeApplication32.0.1700.72PepperFlashpepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:Program FilesGoogleChromeApplication32.0.1700.72ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:Program FilesGoogleChromeApplication32.0.1700.72pdf.dll () CHR Plugin: (QuickTime Plug-in 7.7.4) - C:Program FilesQuickTimepluginsnpqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:Program FilesQuickTimepluginsnpqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:Program FilesQuickTimepluginsnpqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:Program FilesQuickTimepluginsnpqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:Program FilesQuickTimepluginsnpqtplugin5.dll (Apple Inc.) CHR Plugin: (Adobe Acrobat) - C:Program FilesAdobeReader 11.0ReaderAIRnppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Earth Plugin) - C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll (Google) CHR Plugin: (Google Update) - C:Program FilesGoogleUpdate1.3.21.153npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 7 U25) - C:Program FilesJavajre7binplugin2npjp2.dll (Oracle Corporation) CHR Plugin: (Pando Web Plugin) - C:Program FilesPando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks) CHR Plugin: (Photo Gallery) - C:Program FilesWindows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:Program FilesiTunesMozilla Pluginsnpitunes.dll () CHR Plugin: (Nexon Game Controller) - C:ProgramDataNexonUSNGMnpNxGameUS.dll (Nexon) CHR Plugin: (Unity Player) - C:UsersdieasAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Raidcall plugin) - C:UsersdieasAppDataRoamingraidcallpluginsnprcplugin.dll (Raidcall) CHR Plugin: (Shockwave for Director) - C:Windowssystem32AdobeDirectornp32dsw_1202122.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:Windowssystem32MacromedFlashNPSWF32_11_8_800_94.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:Windowssystem32npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:Program FilesMicrosoft Silverlight5.1.20513.0npctrl.dll No File CHR Extension: (AdBlock) - C:UsersdieasAppDataLocalGoogleChromeUser DataDefaultExtensionsgighmmpiobklfepjocnamgkkbiglidom2.6.16_0 [2013-11-30] CHR Extension: (Google Wallet) - C:UsersdieasAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda0.0.6.0_0 [2014-01-12] CHR Extension: (ShopperPro) - C:UsersdieasAppDataLocalGoogleChromeUser DataDefaultExtensionsojhagnahfpegocdhlopgljpaafeogmcc1.0.1.1_0 [2014-01-02] CHR HKLM...ChromeExtension: [cpoooaodibfldhiobnmnjliddplmekeb] - C:UsersdieasAppDataLocalCREcpoooaodibfldhiobnmnjliddplmekeb.crx [2014-01-02] CHR HKLM...ChromeExtension: [elnbpjcckofijioeebipepekepoceodh] - C:UsersdieasAppDataLocalCREelnbpjcckofijioeebipepekepoceodh.crx [2014-01-02] CHR HKLM...ChromeExtension: [hekjaeahnjpgfmfbmiboahofcnefofkp] - C:ProgramDataBeeMP3hekjaeahnjpgfmfbmiboahofcnefofkp.crx [2014-01-02] CHR HKLM...ChromeExtension: [ibclbohbddcmmaaobgjamgbfbchjdfae] - C:UsersdieasAppDataLocalCREibclbohbddcmmaaobgjamgbfbchjdfae.crx [2014-01-02] CHR HKLM...ChromeExtension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:UsersdieasAppDataLocalCREklibnahbojhkanfgaglnlalfkgpcppfi.crx [2014-01-02] CHR HKLM...ChromeExtension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:Program FilesSkypeToolbarsSkype for Chromiumskype_chrome_extension.crx [2014-01-02] CHR HKLM...ChromeExtension: [lonndllmbldmmoefheenkmgkencnkdkh] - C:UsersdieasAppDataLocalCRElonndllmbldmmoefheenkmgkencnkdkh.crx [2014-01-02] CHR HKLM...ChromeExtension: [oleomanaehojaiigacblenknbkhfdicd] - C:UsersdieasAppDataLocalCREoleomanaehojaiigacblenknbkhfdicd.crx [2014-01-02] CHR HKCU...ChromeExtension: [cpoooaodibfldhiobnmnjliddplmekeb] - C:UsersdieasAppDataLocalCREcpoooaodibfldhiobnmnjliddplmekeb.crx [2014-01-02] CHR HKCU...ChromeExtension: [elnbpjcckofijioeebipepekepoceodh] - C:UsersdieasAppDataLocalCREelnbpjcckofijioeebipepekepoceodh.crx [2014-01-02] CHR HKCU...ChromeExtension: [ibclbohbddcmmaaobgjamgbfbchjdfae] - C:UsersdieasAppDataLocalCREibclbohbddcmmaaobgjamgbfbchjdfae.crx [2014-01-02] CHR HKCU...ChromeExtension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:UsersdieasAppDataLocalCREklibnahbojhkanfgaglnlalfkgpcppfi.crx [2014-01-02] CHR HKCU...ChromeExtension: [lonndllmbldmmoefheenkmgkencnkdkh] - C:UsersdieasAppDataLocalCRElonndllmbldmmoefheenkmgkencnkdkh.crx [2014-01-02] CHR HKCU...ChromeExtension: [oleomanaehojaiigacblenknbkhfdicd] - C:UsersdieasAppDataLocalCREoleomanaehojaiigacblenknbkhfdicd.crx [2014-01-02] CHR HKLMSOFTWAREPoliciesGoogle: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe [291840 2012-07-04] (Advanced Micro Devices, Inc.) S3 Disc Soft Bus Service; C:Program FilesDAEMON Tools UltraDiscSoftBusService.exe [632352 2013-06-25] (Disc Soft Ltd) R2 MBAMScheduler; C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 OpenVPNAccessClient; C:Program FilesOpenVPN TechnologiesPrivateTunnelcorecapiws.exe [24064 2012-12-14] () R2 PnkBstrA; C:Windowssystem32PnkBstrA.exe [76888 2013-07-02] () R2 RaAutoInstSrv_AM10; C:Program FilesCisco SystemsCisco Valet ConnectorCiscoAdapterSvc.exe [529024 2010-05-28] (Cisco Consumer Products LLC) R2 Skype C2C Service; C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.) S2 UTSCSI; C:Windowssystem32UTSCSI.EXE [45056 2013-08-12] () ==================== Drivers (Whitelisted) ==================== R3 AM10; C:WindowsSystem32DRIVERSam10w7.sys [841504 2010-03-22] (Ralink Technology Corp.) R3 dtscsibus; C:WindowsSystem32DRIVERSdtscsibus.sys [24704 2013-09-14] (Disc Soft Ltd) S3 hamachi; C:WindowsSystem32DRIVERShamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S3 LUsbFilt; C:WindowsSystem32DriversLUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.) S3 ManyCam; C:WindowsSystem32DRIVERSmcvidrv.sys [34432 2012-10-10] (ManyCam LLC) R3 MBAMProtector; C:Windowssystem32driversmbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 mcaudrv_simple; C:WindowsSystem32driversmcaudrv.sys [22656 2013-01-31] (ManyCam LLC) S3 SCREAMINGBDRIVER; C:WindowsSystem32driversScreamingBAudio.sys [34896 2012-07-31] (Screaming Bee LLC) R3 tap0901; C:WindowsSystem32DRIVERStap0901.sys [26624 2011-07-01] (The OpenVPN Project) S3 taphss6; C:WindowsSystem32DRIVERStaphss6.sys [37064 2013-04-24] (Anchorfree Inc.) S3 tenCapture; C:WindowsSystem32DRIVERStenCapture.sys [20664 2012-07-20] (Hajo Krabbenhöft) R3 VCSVADHWSer; C:WindowsSystem32DRIVERSvcsvad.sys [17792 2008-12-26] (Avnex) S3 EagleXNt; ??C:Windowssystem32driversEagleXNt.sys [x] S3 XDva405; ??C:Windowssystem32XDva405.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-12 17:38 - 2014-01-12 17:38 - 00016912 _____ C:UsersdieasDesktopFRST.txt 2014-01-12 17:38 - 2014-01-12 17:38 - 00000000 ____D C:FRST 2014-01-12 17:35 - 2014-01-12 17:36 - 00002116 _____ C:UsersdieasDesktopRkill.txt 2014-01-12 17:35 - 2014-01-12 17:34 - 01219584 _____ (Farbar) C:UsersdieasDesktopFRST.exe 2014-01-12 17:34 - 2014-01-12 17:34 - 01219584 _____ (Farbar) C:UsersdieasDownloadsFRST.exe 2014-01-12 17:31 - 2014-01-12 17:31 - 01933048 _____ (Bleeping Computer, LLC) C:UsersdieasDownloadsrkill.exe 2014-01-12 17:31 - 2014-01-12 17:31 - 01933048 _____ (Bleeping Computer, LLC) C:UsersdieasDesktoprkill.exe 2014-01-12 14:25 - 2014-01-12 14:25 - 00005111 _____ C:UsersdieasDesktopJRT.txt 2014-01-12 14:22 - 2014-01-12 14:22 - 00000000 ____D C:WindowsERUNT 2014-01-12 14:15 - 2014-01-12 14:16 - 00000000 ____D C:AdwCleaner 2014-01-12 14:14 - 2014-01-12 14:14 - 01236282 _____ C:UsersdieasDownloadsadwcleaner (1).exe 2014-01-12 13:05 - 2014-01-12 13:06 - 00144136 _____ C:WindowsMinidump011214-26535-01.dmp 2014-01-08 19:46 - 2014-01-12 12:56 - 00000000 __SHD C:found.000 2014-01-08 15:53 - 2014-01-08 15:53 - 01037068 _____ (Thisisu) C:UsersdieasDownloadsJRT.exe 2014-01-08 15:53 - 2014-01-08 15:53 - 01037068 _____ (Thisisu) C:UsersdieasDesktopJRT.exe 2014-01-08 15:52 - 2014-01-08 15:52 - 01233962 _____ C:UsersdieasDownloadsAdwCleaner.exe 2014-01-08 15:49 - 2014-01-12 14:10 - 00000000 ____D C:UsersdieasDesktopArticles 2014-01-08 07:25 - 2014-01-08 07:25 - 00144136 _____ C:WindowsMinidump010814-18610-01.dmp 2014-01-07 08:37 - 2014-01-07 08:38 - 00131072 _____ C:WindowsMinidump010714-20311-01.dmp 2014-01-06 23:13 - 2013-10-24 20:45 - 01767936 _____ (Microsoft Corporation) C:Windowssystem32wininet.dll 2014-01-06 23:13 - 2013-10-24 20:45 - 00042496 _____ (Microsoft Corporation) C:Windowssystem32ie4uinit.exe 2014-01-06 23:13 - 2013-10-24 20:44 - 14356992 _____ (Microsoft Corporation) C:Windowssystem32mshtml.dll 2014-01-06 23:13 - 2013-10-24 20:44 - 01140736 _____ (Microsoft Corporation) C:Windowssystem32urlmon.dll 2014-01-06 23:13 - 2013-10-24 20:43 - 13761536 _____ (Microsoft Corporation) C:Windowssystem32ieframe.dll 2014-01-06 23:13 - 2013-10-24 20:43 - 02877952 _____ (Microsoft Corporation) C:Windowssystem32jscript9.dll 2014-01-06 23:13 - 2013-10-24 20:43 - 02049024 _____ (Microsoft Corporation) C:Windowssystem32iertutil.dll 2014-01-06 23:13 - 2013-10-24 20:43 - 00690688 _____ (Microsoft Corporation) C:Windowssystem32jscript.dll 2014-01-06 23:13 - 2013-10-24 20:43 - 00493056 _____ (Microsoft Corporation) C:Windowssystem32msfeeds.dll 2014-01-06 23:13 - 2013-10-24 20:43 - 00391168 _____ (Microsoft Corporation) C:Windowssystem32ieui.dll 2014-01-06 23:13 - 2013-10-24 20:43 - 00109056 _____ (Microsoft Corporation) C:Windowssystem32iesysprep.dll 2014-01-06 23:13 - 2013-10-24 20:43 - 00061440 _____ (Microsoft Corporation) C:Windowssystem32iesetup.dll 2014-01-06 23:13 - 2013-10-24 20:43 - 00039424 _____ (Microsoft Corporation) C:Windowssystem32jsproxy.dll 2014-01-06 23:13 - 2013-10-24 20:43 - 00033280 _____ (Microsoft Corporation) C:Windowssystem32iernonce.dll 2014-01-06 23:13 - 2013-10-24 19:41 - 02706432 _____ (Microsoft Corporation) C:Windowssystem32mshtml.tlb 2014-01-06 23:13 - 2013-10-24 18:49 - 00071680 _____ (Microsoft Corporation) C:Windowssystem32RegisterIEPKEYs.exe 2014-01-06 20:53 - 2014-01-06 20:53 - 10285040 _____ (Malwarebytes Corporation ) C:UsersdieasDownloadsmbam-setup-1.75.0.1300.exe 2014-01-06 20:42 - 2014-01-12 17:38 - 00000000 ____D C:UsersdieasAppDataLocalPMB Files 2014-01-05 20:31 - 2014-01-05 20:37 - 67919957 _____ C:UsersdieasDownloadsFamily.Guy.S12E09.HDTV.x264-LOL.mp4 2014-01-05 20:23 - 2014-01-12 14:11 - 00000000 ____D C:UsersdieasDesktopMovies 2014-01-03 23:00 - 2014-01-03 23:00 - 00005309 _____ C:UsersdieasDownloadsfree ebookkk.txt 2014-01-03 17:11 - 2014-01-03 17:17 - 00000000 ____D C:UsersdieasDesktopRegCure Pro 3.1.6.0 2014-01-03 14:23 - 2014-01-03 14:23 - 00039424 ___SH C:UsersdieasAppDataRoamingThumbs.db 2014-01-02 00:18 - 2014-01-03 13:54 - 00000000 ____D C:UsersPublicDocumentsGOOBZO 2014-01-02 00:17 - 2014-01-03 13:55 - 00000000 ____D C:Program FilesShopperPro 2013-12-31 16:44 - 2013-12-31 16:44 - 00000000 ____D C:UsersdieasDocumentsMy Received Files 2013-12-29 20:07 - 2014-01-06 20:36 - 00000000 ____D C:Program FilesCommon FilesSkype 2013-12-29 20:07 - 2013-12-29 20:07 - 00002503 _____ C:UsersPublicDesktopSkype.lnk 2013-12-29 19:34 - 2013-12-29 19:34 - 20717568 _____ C:UsersdieasDownloadsSkypeSetup_6.1.0.129.msi 2013-12-29 19:33 - 2013-10-08 06:51 - 00873384 _____ (Oracle Corporation) C:Windowssystem32npDeployJava1.dll 2013-12-29 19:33 - 2013-10-08 06:51 - 00796072 _____ (Oracle Corporation) C:Windowssystem32deployJava1.dll 2013-12-29 19:33 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:Windowssystem32javaws.exe 2013-12-29 19:33 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:Windowssystem32javaw.exe 2013-12-29 19:33 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:Windowssystem32java.exe 2013-12-29 19:31 - 2013-12-29 19:32 - 31175144 _____ (Oracle Corporation) C:UsersdieasDownloadsjre-7u7-windows-i586.exe 2013-12-29 19:21 - 2013-12-29 19:21 - 18124080 _____ (Microsoft Corporation) C:UsersdieasDownloadsIE9-Windows7-x86-enu.exe 2013-12-29 19:20 - 2013-12-29 19:20 - 36380976 _____ (Microsoft Corporation) C:UsersdieasDownloadsIE9-Windows7-x64-enu.exe 2013-12-24 01:18 - 2014-01-12 13:06 - 00000470 _____ C:WindowsTasksParetoLogic Update Version3 Startup Task.job ==================== One Month Modified Files and Folders ======= 2014-01-12 17:38 - 2014-01-12 17:38 - 00016912 _____ C:UsersdieasDesktopFRST.txt 2014-01-12 17:38 - 2014-01-12 17:38 - 00000000 ____D C:FRST 2014-01-12 17:38 - 2014-01-06 20:42 - 00000000 ____D C:UsersdieasAppDataLocalPMB Files 2014-01-12 17:37 - 2013-08-28 10:43 - 00000000 ____D C:UsersdieasAppDataLocalGC 2014-01-12 17:36 - 2014-01-12 17:35 - 00002116 _____ C:UsersdieasDesktopRkill.txt 2014-01-12 17:34 - 2014-01-12 17:35 - 01219584 _____ (Farbar) C:UsersdieasDesktopFRST.exe 2014-01-12 17:34 - 2014-01-12 17:34 - 01219584 _____ (Farbar) C:UsersdieasDownloadsFRST.exe 2014-01-12 17:31 - 2014-01-12 17:31 - 01933048 _____ (Bleeping Computer, LLC) C:UsersdieasDownloadsrkill.exe 2014-01-12 17:31 - 2014-01-12 17:31 - 01933048 _____ (Bleeping Computer, LLC) C:UsersdieasDesktoprkill.exe 2014-01-12 17:30 - 2013-02-16 15:09 - 00000884 _____ C:WindowsTasksGoogleUpdateTaskMachineUA.job 2014-01-12 17:30 - 2013-02-16 15:09 - 00000880 _____ C:WindowsTasksGoogleUpdateTaskMachineCore.job 2014-01-12 17:27 - 2013-02-16 16:09 - 00000830 _____ C:WindowsTasksAdobe Flash Player Updater.job 2014-01-12 17:27 - 2013-02-12 15:53 - 01320139 _____ C:WindowsWindowsUpdate.log 2014-01-12 15:40 - 2013-12-10 21:35 - 00000928 _____ C:WindowsTasksFacebookUpdateTaskUserS-1-5-21-2188790374-365846068-1736179643-1000UA.job 2014-01-12 14:25 - 2014-01-12 14:25 - 00005111 _____ C:UsersdieasDesktopJRT.txt 2014-01-12 14:24 - 2009-07-13 20:34 - 00014544 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-12 14:24 - 2009-07-13 20:34 - 00014544 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-12 14:22 - 2014-01-12 14:22 - 00000000 ____D C:WindowsERUNT 2014-01-12 14:22 - 2013-02-12 15:58 - 00795378 _____ C:Windowssystem32PerfStringBackup.INI 2014-01-12 14:18 - 2013-03-10 11:54 - 00000000 ____D C:UsersdieasAppDataRoamingSkype 2014-01-12 14:17 - 2013-09-28 06:14 - 00008568 _____ C:Windowssetupact.log 2014-01-12 14:17 - 2009-07-13 20:53 - 00000006 ____H C:WindowsTasksSA.DAT 2014-01-12 14:16 - 2014-01-12 14:15 - 00000000 ____D C:AdwCleaner 2014-01-12 14:16 - 2013-05-26 17:14 - 00000000 ____D C:UsersdieasAppDataRoamingCheckPoint 2014-01-12 14:14 - 2014-01-12 14:14 - 01236282 _____ C:UsersdieasDownloadsadwcleaner (1).exe 2014-01-12 14:11 - 2014-01-05 20:23 - 00000000 ____D C:UsersdieasDesktopMovies 2014-01-12 14:11 - 2013-12-01 12:09 - 00000000 ____D C:UsersdieasDesktopFireworks 2014-01-12 14:11 - 2013-07-13 16:27 - 00000000 ____D C:UsersdieasDesktopFolders 2014-01-12 14:10 - 2014-01-08 15:49 - 00000000 ____D C:UsersdieasDesktopArticles 2014-01-12 13:06 - 2014-01-12 13:05 - 00144136 _____ C:WindowsMinidump011214-26535-01.dmp 2014-01-12 13:06 - 2013-12-24 01:18 - 00000470 _____ C:WindowsTasksParetoLogic Update Version3 Startup Task.job 2014-01-12 13:05 - 2013-10-11 15:21 - 273350697 _____ C:WindowsMEMORY.DMP 2014-01-12 13:05 - 2013-03-16 19:46 - 00000000 ____D C:WindowsMinidump 2014-01-12 12:58 - 2013-08-26 15:42 - 00000000 ____D C:UsersdieasAppDataRoamingMicrosoftWindowsStart MenuProgramsHyperCam 2 2014-01-12 12:58 - 2013-02-12 15:57 - 00000000 ____D C:Usersdieas 2014-01-12 12:56 - 2014-01-08 19:46 - 00000000 __SHD C:found.000 2014-01-12 12:56 - 2013-09-02 20:53 - 00000000 ____D C:ProgramDataPMB Files 2014-01-12 12:56 - 2013-06-30 17:22 - 00000000 ____D C:UsersdieasAppDataRoamingMicrosoftWindowsStart MenuProgramsImage-Line 2014-01-12 12:56 - 2013-06-08 13:28 - 00000000 ____D C:Program FilesRaidCall 2014-01-12 12:56 - 2013-03-28 13:51 - 00000000 ____D C:Program FilesMalwarebytes' Anti-Malware 2014-01-12 12:56 - 2009-07-13 18:37 - 00000000 ____D C:Windowssystem32wfp 2014-01-12 12:56 - 2009-07-13 18:37 - 00000000 ____D C:Windowsrescache 2014-01-12 12:56 - 2009-07-13 18:37 - 00000000 ____D C:Windowsregistration 2014-01-12 12:56 - 2009-07-13 18:37 - 00000000 ____D C:WindowsAppCompat 2014-01-12 12:56 - 2009-07-13 18:37 - 00000000 ____D C:Program FilesCommon Filesmicrosoft shared 2014-01-10 22:01 - 2013-05-29 14:39 - 00000000 ____D C:UsersdieasAppDataLocalCrashDumps 2014-01-09 15:43 - 2013-09-18 20:30 - 00000000 ____D C:UsersdieasDesktopSchool 2014-01-08 15:53 - 2014-01-08 15:53 - 01037068 _____ (Thisisu) C:UsersdieasDownloadsJRT.exe 2014-01-08 15:53 - 2014-01-08 15:53 - 01037068 _____ (Thisisu) C:UsersdieasDesktopJRT.exe 2014-01-08 15:52 - 2014-01-08 15:52 - 01233962 _____ C:UsersdieasDownloadsAdwCleaner.exe 2014-01-08 07:25 - 2014-01-08 07:25 - 00144136 _____ C:WindowsMinidump010814-18610-01.dmp 2014-01-07 21:50 - 2013-12-10 21:35 - 00000906 _____ C:WindowsTasksFacebookUpdateTaskUserS-1-5-21-2188790374-365846068-1736179643-1000Core.job 2014-01-07 08:38 - 2014-01-07 08:37 - 00131072 _____ C:WindowsMinidump010714-20311-01.dmp 2014-01-07 06:57 - 2013-09-28 06:13 - 00178498 _____ C:WindowsPFRO.log 2014-01-07 06:57 - 2009-07-13 20:52 - 00000000 ____D C:Windowsaddins 2014-01-06 20:55 - 2013-03-28 13:51 - 00001027 _____ C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk 2014-01-06 20:53 - 2014-01-06 20:53 - 10285040 _____ (Malwarebytes Corporation ) C:UsersdieasDownloadsmbam-setup-1.75.0.1300.exe 2014-01-06 20:43 - 2013-02-19 20:31 - 00000000 ____D C:UsersdieasAppDataRoaminguTorrent 2014-01-06 20:38 - 2013-09-14 21:01 - 00000000 ____D C:Program FilesDAEMON Tools Ultra 2014-01-06 20:36 - 2013-12-29 20:07 - 00000000 ____D C:Program FilesCommon FilesSkype 2014-01-06 20:36 - 2013-11-05 00:29 - 00000000 ____D C:Program FilesSkypeWebPlugin 2014-01-06 20:36 - 2013-11-02 13:25 - 00000000 ___RD C:Program FilesSkype 2014-01-06 20:36 - 2013-10-09 21:14 - 00000000 ____D C:Program FilesProject64 2.0 2014-01-06 20:36 - 2013-10-05 12:23 - 00000000 ____D C:Usersdieasjagexcache 2014-01-06 20:36 - 2013-09-28 12:03 - 00000000 ____D C:Program FilesRegistry Winner 2014-01-06 20:36 - 2013-09-14 21:01 - 00000000 ____D C:UsersdieasAppDataRoamingDAEMON Tools Ultra 2014-01-06 20:36 - 2013-09-02 20:53 - 00000000 ____D C:UsersdieasAppDataRoamingRiot Games 2014-01-06 20:36 - 2013-08-26 15:42 - 00000000 ____D C:Program FilesHyperCam 2 2014-01-06 20:36 - 2013-08-20 21:37 - 00000000 ____D C:Usersdieas.PowerScape 2014-01-06 20:36 - 2013-08-11 00:13 - 00000000 ____D C:Usersdieasrs3cachev4 2014-01-06 20:36 - 2013-06-30 17:22 - 00000000 ____D C:Program FilesVstPlugins 2014-01-06 20:36 - 2013-06-30 17:22 - 00000000 ____D C:Program FilesOutsim 2014-01-06 20:36 - 2013-06-16 12:34 - 00000000 ____D C:Program FilesMicrosoft Expression 2014-01-06 20:36 - 2013-05-28 18:04 - 00000000 ____D C:UsersdieasAppDataRoamingBANDISOFT 2014-01-06 20:36 - 2013-05-28 18:02 - 00000000 ____D C:Program FilesBandicam 2014-01-06 20:36 - 2013-05-26 17:15 - 00000000 ____D C:Fraps 2014-01-06 20:36 - 2013-03-31 16:17 - 00000000 ____D C:Program FilesSecurityKISS Tunnel 2014-01-06 20:36 - 2013-03-10 11:53 - 00000000 ____D C:ProgramDataSkype 2014-01-06 20:36 - 2013-02-19 20:06 - 00000000 ____D C:Program FilesPando Networks 2014-01-06 20:36 - 2013-02-16 16:02 - 00000000 ____D C:UsersdieasAppDataRoaming.minecraft 2014-01-06 20:33 - 2009-07-13 18:37 - 00000000 ___RD C:UsersPublic 2014-01-06 20:29 - 2013-08-26 12:31 - 00000000 ____D C:Program FilesOpenVPN Technologies 2014-01-06 20:29 - 2013-05-29 14:21 - 00000000 ____D C:Program FilesWindows Live 2014-01-06 20:28 - 2013-06-30 17:17 - 00000000 ____D C:Program FilesImage-Line 2014-01-06 20:27 - 2013-05-29 14:19 - 00000000 ____D C:Program FilesCommon FilesWindows Live 2014-01-06 20:01 - 2013-05-29 14:27 - 00000000 ____D C:UsersdieasTracing 2014-01-05 20:37 - 2014-01-05 20:31 - 67919957 _____ C:UsersdieasDownloadsFamily.Guy.S12E09.HDTV.x264-LOL.mp4 2014-01-03 23:00 - 2014-01-03 23:00 - 00005309 _____ C:UsersdieasDownloadsfree ebookkk.txt 2014-01-03 17:17 - 2014-01-03 17:11 - 00000000 ____D C:UsersdieasDesktopRegCure Pro 3.1.6.0 2014-01-03 14:23 - 2014-01-03 14:23 - 00039424 ___SH C:UsersdieasAppDataRoamingThumbs.db 2014-01-03 14:19 - 2013-02-19 16:25 - 00000000 ____D C:UsersdieasDocumentsMy Games 2014-01-03 13:55 - 2014-01-02 00:17 - 00000000 ____D C:Program FilesShopperPro 2014-01-03 13:54 - 2014-01-02 00:18 - 00000000 ____D C:UsersPublicDocumentsGOOBZO 2014-01-03 13:24 - 2013-10-09 20:19 - 00006466 _____ C:Usersdieasovpntray.log 2013-12-31 19:27 - 2013-10-05 12:23 - 00000024 _____ C:Usersdieasrandom.dat 2013-12-31 16:44 - 2013-12-31 16:44 - 00000000 ____D C:UsersdieasDocumentsMy Received Files 2013-12-30 22:46 - 2013-05-29 14:20 - 00000000 ____D C:UsersdieasAppDataLocalWindows Live 2013-12-29 20:07 - 2013-12-29 20:07 - 00002503 _____ C:UsersPublicDesktopSkype.lnk 2013-12-29 19:34 - 2013-12-29 19:34 - 20717568 _____ C:UsersdieasDownloadsSkypeSetup_6.1.0.129.msi 2013-12-29 19:32 - 2013-12-29 19:31 - 31175144 _____ (Oracle Corporation) C:UsersdieasDownloadsjre-7u7-windows-i586.exe 2013-12-29 19:32 - 2013-03-05 23:18 - 00000000 ____D C:Program FilesJava 2013-12-29 19:21 - 2013-12-29 19:21 - 18124080 _____ (Microsoft Corporation) C:UsersdieasDownloadsIE9-Windows7-x86-enu.exe 2013-12-29 19:20 - 2013-12-29 19:20 - 36380976 _____ (Microsoft Corporation) C:UsersdieasDownloadsIE9-Windows7-x64-enu.exe 2013-12-29 15:02 - 2013-05-26 17:34 - 00007168 _____ C:UsersdieasAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-12-29 14:10 - 2013-11-07 17:08 - 00000000 ____D C:UsersdieasDocumentsCamtasia Studio 2013-12-29 01:18 - 2013-09-28 12:03 - 00000404 _____ C:WindowsTasksRegistry Winner Schedule.job ============================================================================================================ Link to comment Share on other sites More sharing options...
Juliet Posted January 13, 2014 Share Posted January 13, 2014 We do not recommend the use of registry cleaners. No registry cleaner is completely safe since most do not even create a backup the potential is ever present to cause more problems than they claim to fix. If you do not have knowledge of the registry, then you would probably be better off leaving it alone, and definitely not placing blind trust in a program to do the job for you. Our colleague miekiemoes has an excellent writeup here http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html  We suggest uninstalling them via Add or Remove Programs in your Control Panel. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~`  P2P software/programs are a major contributor to infections. I see you have uTorrent. Not passing judgment on file-sharing, However will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.  Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)  start MountPoints2: {74d9f555-1d82-11e3-b94b-001bb9daca70} - J:AUTORUN.EXE MountPoints2: {b49d22a4-7c40-11e2-a5e5-001bb9daca70} - I:OriginInstaller.exe IFEOrjatydimofu.exe: [Debugger] tasklist.exe SearchScopes: HKLM - DefaultScope value is missing Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File CHR Extension: (ShopperPro) - C:UsersdieasAppDataLocalGoogleChromeUser DataDefaultExtensionsojhagnahfpegocdhlopgljpaafeogmcc1.0.1.1_0 [2014-01-02] CHR HKLM...ChromeExtension: [cpoooaodibfldhiobnmnjliddplmekeb] - C:UsersdieasAppDataLocalCREcpoooaodibfldhiobnmnjliddplmekeb.crx [2014-01-02] CHR HKLM...ChromeExtension: [elnbpjcckofijioeebipepekepoceodh] - C:UsersdieasAppDataLocalCREelnbpjcckofijioeebipepekepoceodh.crx [2014-01-02] CHR HKLM...ChromeExtension: [hekjaeahnjpgfmfbmiboahofcnefofkp] - C:ProgramDataBeeMP3hekjaeahnjpgfmfbmiboahofcnefofkp.crx [2014-01-02] CHR HKLM...ChromeExtension: [ibclbohbddcmmaaobgjamgbfbchjdfae] - C:UsersdieasAppDataLocalCREibclbohbddcmmaaobgjamgbfbchjdfae.crx [2014-01-02] CHR HKLM...ChromeExtension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:UsersdieasAppDataLocalCREklibnahbojhkanfgaglnlalfkgpcppfi.crx [2014-01-02] CHR HKLM...ChromeExtension: [lonndllmbldmmoefheenkmgkencnkdkh] - C:UsersdieasAppDataLocalCRElonndllmbldmmoefheenkmgkencnkdkh.crx [2014-01-02] CHR HKLM...ChromeExtension: [oleomanaehojaiigacblenknbkhfdicd] - C:UsersdieasAppDataLocalCREoleomanaehojaiigacblenknbkhfdicd.crx [2014-01-02] CHR HKCU...ChromeExtension: [cpoooaodibfldhiobnmnjliddplmekeb] - C:UsersdieasAppDataLocalCREcpoooaodibfldhiobnmnjliddplmekeb.crx [2014-01-02] CHR HKCU...ChromeExtension: [elnbpjcckofijioeebipepekepoceodh] - C:UsersdieasAppDataLocalCREelnbpjcckofijioeebipepekepoceodh.crx [2014-01-02] CHR HKCU...ChromeExtension: [ibclbohbddcmmaaobgjamgbfbchjdfae] - C:UsersdieasAppDataLocalCREibclbohbddcmmaaobgjamgbfbchjdfae.crx [2014-01-02] CHR HKCU...ChromeExtension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:UsersdieasAppDataLocalCREklibnahbojhkanfgaglnlalfkgpcppfi.crx [2014-01-02] CHR HKCU...ChromeExtension: [lonndllmbldmmoefheenkmgkencnkdkh] - C:UsersdieasAppDataLocalCRElonndllmbldmmoefheenkmgkencnkdkh.crx [2014-01-02] CHR HKCU...ChromeExtension: [oleomanaehojaiigacblenknbkhfdicd] - C:UsersdieasAppDataLocalCREoleomanaehojaiigacblenknbkhfdicd.crx [2014-01-02] CHR HKLMSOFTWAREPoliciesGoogle: Policy restriction <======= ATTENTION C:Program FilesShopperPro C:UsersdieasAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini C:WindowsTasksRegistry Winner Schedule.job end Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.  Please post the log created for my review. Tell me what the computer is doing now. Link to comment Share on other sites More sharing options...
Juliet Posted January 13, 2014 Share Posted January 13, 2014 also, please see if you can find Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. Link to comment Share on other sites More sharing options...
Timmy Posted January 13, 2014 Author Share Posted January 13, 2014 also, please see if you can findAddition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. I don't really use uTorrent it is just there I really never used it except for a few times. Also can you post a screenshot to tell me where to find the Addition.txt because I don't really know what you are talking about it'd be a great help. Here is the fixlog for FRST--- HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{74d9f555-1d82-11e3-b94b-001bb9daca70} => Key deleted successfully. HKCRCLSID{74d9f555-1d82-11e3-b94b-001bb9daca70} => Key not found. HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{b49d22a4-7c40-11e2-a5e5-001bb9daca70} => Key deleted successfully. HKCRCLSID{b49d22a4-7c40-11e2-a5e5-001bb9daca70} => Key not found. HKLMSoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsrjatydimofu.exe => Key deleted successfully. HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopesDefaultScope => Value was restored successfully. HKCRPROTOCOLSHandlerlivecall => Key deleted successfully. HKCRCLSID{828030A1-22C1-4009-854F-8E305202313F} => Key deleted successfully. HKCRPROTOCOLSHandlermsnim => Key deleted successfully. HKCRCLSID{828030A1-22C1-4009-854F-8E305202313F} => Key not found. C:UsersdieasAppDataLocalGoogleChromeUser DataDefaultExtensionsojhagnahfpegocdhlopgljpaafeogmcc directory not found. HKLMSOFTWAREGoogleChromeExtensionscpoooaodibfldhiobnmnjliddplmekeb => Key deleted successfully. "C:UsersdieasAppDataLocalCREcpoooaodibfldhiobnmnjliddplmekeb.crx" => File/Directory not found. HKLMSOFTWAREGoogleChromeExtensionselnbpjcckofijioeebipepekepoceodh => Key deleted successfully. "C:UsersdieasAppDataLocalCREelnbpjcckofijioeebipepekepoceodh.crx" => File/Directory not found. HKLMSOFTWAREGoogleChromeExtensionshekjaeahnjpgfmfbmiboahofcnefofkp => Key deleted successfully. "C:ProgramDataBeeMP3hekjaeahnjpgfmfbmiboahofcnefofkp.crx" => File/Directory not found. HKLMSOFTWAREGoogleChromeExtensionsibclbohbddcmmaaobgjamgbfbchjdfae => Key deleted successfully. "C:UsersdieasAppDataLocalCREibclbohbddcmmaaobgjamgbfbchjdfae.crx" => File/Directory not found. HKLMSOFTWAREGoogleChromeExtensionsklibnahbojhkanfgaglnlalfkgpcppfi => Key deleted successfully. "C:UsersdieasAppDataLocalCREklibnahbojhkanfgaglnlalfkgpcppfi.crx" => File/Directory not found. HKLMSOFTWAREGoogleChromeExtensionslonndllmbldmmoefheenkmgkencnkdkh => Key deleted successfully. "C:UsersdieasAppDataLocalCRElonndllmbldmmoefheenkmgkencnkdkh.crx" => File/Directory not found. HKLMSOFTWAREGoogleChromeExtensionsoleomanaehojaiigacblenknbkhfdicd => Key deleted successfully. "C:UsersdieasAppDataLocalCREoleomanaehojaiigacblenknbkhfdicd.crx" => File/Directory not found. HKCUSOFTWAREGoogleChromeExtensionscpoooaodibfldhiobnmnjliddplmekeb => Key deleted successfully. "C:UsersdieasAppDataLocalCREcpoooaodibfldhiobnmnjliddplmekeb.crx" => File/Directory not found. HKCUSOFTWAREGoogleChromeExtensionselnbpjcckofijioeebipepekepoceodh => Key deleted successfully. "C:UsersdieasAppDataLocalCREelnbpjcckofijioeebipepekepoceodh.crx" => File/Directory not found. HKCUSOFTWAREGoogleChromeExtensionsibclbohbddcmmaaobgjamgbfbchjdfae => Key deleted successfully. "C:UsersdieasAppDataLocalCREibclbohbddcmmaaobgjamgbfbchjdfae.crx" => File/Directory not found. HKCUSOFTWAREGoogleChromeExtensionsklibnahbojhkanfgaglnlalfkgpcppfi => Key deleted successfully. "C:UsersdieasAppDataLocalCREklibnahbojhkanfgaglnlalfkgpcppfi.crx" => File/Directory not found. HKCUSOFTWAREGoogleChromeExtensionslonndllmbldmmoefheenkmgkencnkdkh => Key deleted successfully. "C:UsersdieasAppDataLocalCRElonndllmbldmmoefheenkmgkencnkdkh.crx" => File/Directory not found. HKCUSOFTWAREGoogleChromeExtensionsoleomanaehojaiigacblenknbkhfdicd => Key deleted successfully. "C:UsersdieasAppDataLocalCREoleomanaehojaiigacblenknbkhfdicd.crx" => File/Directory not found. HKLMSOFTWAREPoliciesGoogle => Key deleted successfully. C:Program FilesShopperPro => Moved successfully. C:UsersdieasAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully. C:WindowsTasksRegistry Winner Schedule.job => Moved successfully. ==== End of Fixlog ==== ============================================================= ALSO MY COMPUTER HAD BEEN CRASHING YESTERDAY BUT I'LL GIVE YOU A REPORT THE NEXT TIME MY COMPUTER CRASHES. Link to comment Share on other sites More sharing options...
Juliet Posted January 14, 2014 Share Posted January 14, 2014 When FRST is first run 2 logs should had been created FRST.txt and Addition.txt. I guess it's possible yours didn't create. Â Please Run TFC by OldTimer to clear temporary files: Â Download TFC from here http://oldtimer.geekstogo.com/TFC.exe and save it to your desktop. Â Close any open programs and Internet browsers. Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning. Please be patient as clearing out temp files may take a while. Once it completes you may be prompted to restart your computer, please do so. Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files. Â Then restart the computer. Â ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~` This next scan can take quite a while to run and scan your computer. Please be patient. Â Go here to run an online scanner from ESET. Â No need to download the Free Trial offer Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activeX control to install Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked. Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan Wait for the scan to finish When the scan completes, press the LIST OF THREATS FOUND button Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop Include the contents of this report in your next reply. Press the BACK button. Press Finish Link to comment Share on other sites More sharing options...
Timmy Posted January 14, 2014 Author Share Posted January 14, 2014 When FRST is first run 2 logs should had been created FRST.txt and Addition.txt. I guess it's possible yours didn't create.  Please Run TFC by OldTimer to clear temporary files:  Download TFC from here http://oldtimer.geekstogo.com/TFC.exe and save it to your desktop.  Close any open programs and Internet browsers. Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning. Please be patient as clearing out temp files may take a while. Once it completes you may be prompted to restart your computer, please do so. Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.  Then restart the computer.  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~` This next scan can take quite a while to run and scan your computer. Please be patient.  Go here to run an online scanner from ESET.  No need to download the Free Trial offer [*]Turn off the real time scanner of any existing antivirus program while performing the online scan [*]Tick the box next to YES, I accept the Terms of Use. [*]Click Start [*]When asked, allow the activeX control to install [*]Click Start [*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked. [*]Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. [*]Click Scan [*]Wait for the scan to finish [*]When the scan completes, press the LIST OF THREATS FOUND button [*]Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop [*]Include the contents of this report in your next reply. [*]Press the BACK button. [*]Press Finish  I have to do the online scanner tom I cant run anything without crashing :S Link to comment Share on other sites More sharing options...
Juliet Posted January 14, 2014 Share Posted January 14, 2014 (edited) Have you experimented to see if it crashes in safe mode too? Â Please run FRST again for fresh review. Thanks. Edited January 14, 2014 by Juliet Link to comment Share on other sites More sharing options...
Timmy Posted January 15, 2014 Author Share Posted January 15, 2014 Once it was crashing really bad and I tried it in safe mode it didn't crash I restored computer at that point than. I found the Addition.txt it wasn't made the first time I did the scan i'll repost both of the logs here Addition.txt first--- Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2014 Ran by dieas at 2014-01-14 18:18:27 Running from C:UsersdieasDesktopComputer Fix Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe AIR (Version: 3.8.0.870 - Adobe Systems Incorporated) Adobe AIR (Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden Adobe Download Assistant (Version: 1.2.6 - Adobe Systems Incorporated) Adobe Download Assistant (Version: 1.2.6 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Reader XI (11.0.03) (Version: 11.0.03 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (Version: 12.0.5.146 - Adobe Systems, Inc.) AMD Accelerated Video Transcoding (Version: 12.5.100.30424 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Fuel (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden AMD Fuel (Version: 2013.0424.1225.20315 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.80424.1301 - Advanced Micro Devices, Inc.) Hidden AMD VISION Engine Control Center (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden AMD VISION Engine Control Center (Version: 2013.0424.1225.20315 - Advanced Micro Devices, Inc.) Hidden Apple Application Support (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (Version: 2.1.3.127 - Apple Inc.) Application Profiles (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.) ASIO4ALL (Version: 2.11 Beta2 - Michael Tippach) Camtasia Studio 8 (Version: 8.1.2.1327 - TechSmith Corporation) Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (Version: 2013.0424.1225.20315 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (Version: 2013.0424.1225.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help English (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help English (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help French (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help French (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help German (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help German (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden ccc-utility (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden ccc-utility (Version: 2013.0424.1225.20315 - Advanced Micro Devices, Inc.) Hidden CINEMA 4D R14 (Version: - ) Cisco Valet Connector (Version: 1.2.10148.2 - Cisco Consumer Products LLC) Combat Arms (Version: - ) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden ESET Online Scanner v3 (Version: - ) Facebook Video Calling 2.0.0.447 (Version: 2.0.447 - Skype Limited) ffdshow v1.2.4422 [2012-04-09] (Version: 1.2.4422.0 - ) Fraps (remove only) (Version: - ) Free YouTube Downloader 3.5.138 (Version: - HOW Inc.) FSFDT FSCopilot (Version: - ) FSFDT FSInn (Version: - ) GC (Version: - ) Google Chrome (Version: 32.0.1700.72 - Google Inc.) Google Earth Plug-in (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden Gyazo 1.2 (Version: - Nota Inc. & Toshiyuki Masui) iTunes (Version: 11.0.2.26 - Apple Inc.) Java 7 Update 45 (Version: 7.0.450 - Oracle) Java 7 Update 7 (Version: 7.0.70 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java 6 Update 24 (Version: 6.0.240 - Oracle) Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Expression Encoder 4 Screen Capture Codec (Version: 4.0.1651.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40303 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40308 - Microsoft Corporation) Hidden MixPad (Version: - NCH Software) Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2 - Mozilla) Mozilla Maintenance Service (Version: 19.0.2 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0 - Microsoft Corporation) neroxml (Version: 1.0.0 - Nero AG) Hidden Nexon Game Manager (Version: - ) Nexon Launcher (Version: 1.1.1 - Nexon) PDFCreator (Version: 1.2.0 - Frank Heindörfer, Philip Chinery) Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Project 64 version 2.0.0.14 (Version: 2.0.0.14 - ) QuickTime (Version: 7.74.80.86 - Apple Inc.) RaidCall (Version: 7.2.4-1.0.7299.14 - raidcall.com) Realtek High Definition Audio Driver (Version: 6.0.1.5910 - Realtek Semiconductor Corp.) SecurityKISS Tunnel v0.3.0 (Version: - ) Skype Web Plugin (Version: 2.3.12417.17599 - Skype Technologies S.A.) Speccy (Version: 1.22 - Piriform) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab CYRI (Version: 6.0.7.0 - Husdawg, LLC) Unity Web Player (Version: - Unity Technologies ApS) Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version: - Microsoft) Vegas Pro 11.0 (Version: 11.0.700 - Sony) Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Mail (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer Resources (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden WinRAR 4.20 (32-bit) (Version: 4.20.0 - win.rar GmbH) Yahoo! Messenger (Version: - Yahoo! Inc.) Yahoo! Software Update (Version: - ) Yahoo! Toolbar (Version: - Yahoo! Inc.) ==================== Restore Points ========================= 09-01-2014 03:56:33 Windows Backup 09-01-2014 03:58:25 Restore Operation 09-01-2014 04:10:18 Windows Update 09-01-2014 07:54:12 Windows Update 12-01-2014 02:24:47 Restore Operation 12-01-2014 21:11:34 Windows Update 13-01-2014 03:26:02 Windows Backup 13-01-2014 23:56:50 Removed PrivateTunnel 13-01-2014 23:58:00 Removed Skype™ 6.1 14-01-2014 00:02:20 Removed PrivateTunnel 14-01-2014 00:05:24 Removed Skype Click to Call ==================== Hosts content: ========================== 2009-07-13 18:04 - 2009-06-10 13:39 - 00000824 ____A C:Windowssystem32Driversetchosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0C66642B-DC2E-4235-9963-C92CFCA2D672} - System32Tasks{4DA66A93-4C4C-4FF7-A4FF-3DDB1A55CB88} => C:NexonCombat ArmsCombatArms.exe [2013-12-18] (Nexon) Task: {13853900-3EEE-451C-A8D9-D6CAAF9768D8} - System32Tasks{1D8BBB79-4EA5-461F-95BC-7744D67E6168} => C:Program FilesMicrosoft GamesHalo Trialhalo.exe Task: {13C1926F-B32E-4468-A7DA-AD30415EEC01} - System32TasksGamesUpdateCheck_S-1-5-21-2188790374-365846068-1736179643-1000 Task: {1981DE7D-ED4E-4C4A-A7D5-7341807528AB} - System32TasksGoogleUpdateTaskMachineCore => C:Program FilesGoogleUpdateGoogleUpdate.exe [2013-02-16] (Google Inc.) Task: {1E35865C-05F8-417B-986A-F3DC4C9BD397} - System32Tasks{C2EDC902-8D59-4CDB-B81F-4A2841C571F5} => C:UsersdieasDesktopPerX by xKickAss.exe Task: {1EB551CD-D264-4568-BC1C-94A7DB9E09B0} - System32TasksGoogleUpdateTaskMachineUA => C:Program FilesGoogleUpdateGoogleUpdate.exe [2013-02-16] (Google Inc.) Task: {200C5013-85B0-4E24-A7C0-FD45C0C8F171} - System32Tasks{C4529400-B010-44DD-9BA4-7B130AFA217A} => C:NexonCombat ArmsCombatArms.exe [2013-12-18] (Nexon) Task: {292B3DD4-3C9F-4D5D-BF28-D1E673BA519C} - System32Tasks{E6C8CAD1-9FD1-46D8-AC11-F7B43BEDB2AD} => C:Program FilesMicrosoft GamesHalo Trialhalo.exe Task: {2B37B6C5-7237-48B9-9BDF-954DD82A9B59} - System32Tasks{162A617B-C611-4702-88A1-BEDD41E02764} => C:NexonCombat ArmsCombatArms.exe [2013-12-18] (Nexon) Task: {30D46FEB-E127-4EBB-9C40-45E0226D6697} - System32Tasks{1594C41D-1C98-4B14-B840-AE74D52FC106} => C:Program FilesMicrosoft GamesHalo Trialhalo.exe Task: {331309E0-D1AF-44CA-BC0F-D3315CA6B4F7} - System32TasksUP_Scheduler => %LOCALAPPDATA%GCupdater.exe Task: {3A43B77D-154F-4E04-83F9-BC0D0D4334BB} - System32TasksOpen URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/uninstall.html?aaa=KICMOMOJGMPMMMJMOJJMCNLJMJMMKJCNLMLMJJIMCNGMJMJMMMCNKJOMIMLJGMLJOJHMNMOMOJGMJNJICMIMCNHMCNNMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMPMJNHICMJILIIJGJBJJNBJCMLJGJKJOJMIJNKJCMJNNICMJNDJCMKJBJ" Task: {3CA73F88-0AEF-452E-940E-F38D5793658A} - System32TasksRun RoboForm TaskBar Icon => C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe Task: {4BD0D6A2-A628-44F1-8A8C-37D790287AAF} - System32Tasks{360B0BA4-EA8A-4226-B7F4-90B57AAA6053} => C:Program FilesMicrosoft GamesHalo Trialhalo.exe Task: {6A294E74-DB17-4CCA-9A39-17D12ABF4C5A} - System32Tasks{AD04FF78-0403-429F-AC78-30B1D40BF84B} => C:NexonCombat ArmsCombatArms.exe [2013-12-18] (Nexon) Task: {6C2B686E-877F-49FD-9B94-0E0015F168F7} - System32Tasks{EE799576-FECE-41DF-AAC0-6F3DD888D836} => C:NexonCombat ArmsCombatArms.exe [2013-12-18] (Nexon) Task: {6E48A0F5-09C0-40DE-AD4C-175F90F7D5DB} - System32Tasks{2EF9160C-DD0F-4F10-9DD5-4C4223347F82} => C:Program FilesMicrosoft GamesHalo Trialhalo.exe Task: {7021CF3D-FCC1-47C7-975F-6A25DC241B6E} - System32Tasks{231A8FB3-BDFC-482C-BF02-377AA9FCCBF8} => C:Program FilesBattlefield 3__Installervcvc2008sp1redistvcredist_x64.exe Task: {704B855B-B193-49B0-B49D-D1FA2E09223D} - System32Tasks{4E15776C-4FA4-4FA3-9DB2-4312F7F1893D} => C:Program FilesMicrosoft GamesHalo Trialhalo.exe Task: {72A48A62-5491-4F48-9CE8-1D34538F14AD} - System32TasksRegistry Winner Schedule => C:Program FilesRegistry WinnerRegistryWinner.exe [2013-09-28] (RegistryWinner.com) Task: {86B0F660-5404-464E-B9E1-9D053CBC3808} - System32Tasks{4248BB50-CAE8-4357-8980-D834A4E934B5} => C:Program FilesMicrosoft GamesHalo Trialhalo.exe Task: {8F0F262F-58DD-457C-9415-110D65F709B0} - System32Tasks{92311F1F-40E3-4225-8A2D-EEC160F61CB0} => C:Program FilesSkypePhoneSkype.exe Task: {91BD9435-99D6-4E0D-94A5-F71A83FA53A6} - System32TasksGC_Scheduler => %LOCALAPPDATA%GCRunner.exe Task: {9F511446-D6A9-4F7D-9E62-7B84B55F374D} - System32TasksMicrosoftWindowsWindowsBackupAutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {A32F1E3E-547E-4E9E-BF8E-6315CDC524BA} - System32TasksAppleAppleSoftwareUpdate => C:Program FilesApple Software UpdateSoftwareUpdate.exe Task: {A85AB784-637D-4EBC-8441-4AB023BACD75} - System32TasksFacebookUpdateTaskUserS-1-5-21-2188790374-365846068-1736179643-1000UA => C:UsersdieasAppDataLocalFacebookUpdateFacebookUpdate.exe [2013-12-10] (Facebook Inc.) Task: {ABC26DF4-CA60-4464-932F-7642B3DC9324} - System32Tasks{73F5F1AE-13CA-4DE8-9B7F-07AFCCF32A53} => C:NexonCombat ArmsCombatArms.exe [2013-12-18] (Nexon) Task: {B08685C3-5DE5-4945-8225-A675D3886B1A} - System32TasksAdobe Flash Player Updater => C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated) Task: {C5B65B3E-4283-4262-9AC0-4E462C3AB53F} - System32Tasks{3A7CB76E-F10B-4F8B-8459-808AF231B123} => Chrome.exe http://ui.skype.com/ui/0/6.3.59.107/en/abandoninstall?page=tsProgressBar Task: {D5A87DBD-6E23-4DB5-896E-C6BFC320CA45} - Updater21058.exe No Task File Task: {D7B21C18-43D1-4E36-B591-402CDCD6C488} - System32TasksVisualBeeRecovery => C:UsersdieasAppDataLocalVisualBeeExeVisualBeeRecovery.exe Task: {D82E69E2-3280-470C-B632-6E075CEA1568} - System32TasksFacebookUpdateTaskUserS-1-5-21-2188790374-365846068-1736179643-1000Core => C:UsersdieasAppDataLocalFacebookUpdateFacebookUpdate.exe [2013-12-10] (Facebook Inc.) Task: {D90D7D27-F598-4406-B6E8-91D5CF19A502} - System32TasksRegCure Pro => C:Program FilesParetoLogicRegCure ProRegCurePro.exe Task: {DD7BEAC7-9792-494D-A90F-A2E9345CA02E} - System32Tasks{3071F574-5DEA-4638-98AC-3772F6766744} => C:Program FilesMicrosoft GamesHalo Trialhalo.exe Task: {E405E5E5-FD04-4795-A34B-E1A4DEF5CBF7} - System32Tasks{D83DA259-FABA-4B38-A142-218559BE89EE} => Chrome.exe http://ui.skype.com/ui/0/6.3.59.107/en/abandoninstall?page=tsProgressBar Task: C:WindowsTasksAdobe Flash Player Updater.job => C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe Task: C:WindowsTasksFacebookUpdateTaskUserS-1-5-21-2188790374-365846068-1736179643-1000Core.job => C:UsersdieasAppDataLocalFacebookUpdateFacebookUpdate.exe Task: C:WindowsTasksFacebookUpdateTaskUserS-1-5-21-2188790374-365846068-1736179643-1000UA.job => C:UsersdieasAppDataLocalFacebookUpdateFacebookUpdate.exe Task: C:WindowsTasksGoogleUpdateTaskMachineCore.job => C:Program FilesGoogleUpdateGoogleUpdate.exe Task: C:WindowsTasksGoogleUpdateTaskMachineUA.job => C:Program FilesGoogleUpdateGoogleUpdate.exe Task: C:WindowsTasksParetoLogic Update Version3 Startup Task.job => C:Program FilesCommon FilesParetoLogicUUS3Pareto_Update3.exe Task: C:WindowsTasksRegCure Pro.job => C:Program FilesParetoLogicRegCure ProRegCurePro.exe ==================== Loaded Modules (whitelisted) ============= ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:ProgramDataTEMP:373E1720 AlternateDataStreams: C:ProgramDataTEMP:56E2E879 ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/13/2014 03:57:07 PM) (Source: MsiInstaller) (User: dieas-PC) Description: Product: PrivateTunnel -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance. System errors: ============= Error: (01/14/2014 04:15:54 PM) (Source: BugCheck) (User: ) Description: 0x0000008e (0xc0000005, 0x82f674c1, 0x9ae39a9c, 0x00000000)C:WindowsMEMORY.DMP Error: (01/14/2014 04:15:52 PM) (Source: BugCheck) (User: ) Description: Error: (01/14/2014 04:15:51 PM) (Source: EventLog) (User: ) Description: The previous system shutdown at 3:41:06 PM on ‎1/‎14/‎2014 was unexpected. Error: (01/14/2014 03:40:12 PM) (Source: EventLog) (User: ) Description: The previous system shutdown at 3:37:45 PM on ‎1/‎14/‎2014 was unexpected. Error: (01/14/2014 07:55:58 AM) (Source: BugCheck) (User: ) Description: 0x0000007e (0xc000001d, 0x91ac10cf, 0x8ee63bc4, 0x8ee637a0)C:WindowsMEMORY.DMP Error: (01/14/2014 07:55:58 AM) (Source: BugCheck) (User: ) Description: Error: (01/14/2014 07:55:52 AM) (Source: EventLog) (User: ) Description: The previous system shutdown at 7:37:42 AM on ‎1/‎14/‎2014 was unexpected. Error: (01/13/2014 10:11:29 PM) (Source: BugCheck) (User: ) Description: 0x00000050 (0xfffffd80, 0x00000000, 0x82ee07ee, 0x00000000)C:WindowsMEMORY.DMP Error: (01/13/2014 10:11:29 PM) (Source: BugCheck) (User: ) Description: Error: (01/13/2014 10:11:28 PM) (Source: EventLog) (User: ) Description: The previous system shutdown at 10:08:58 PM on ‎1/‎13/‎2014 was unexpected. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-05-26 22:33:46.117 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2Program FilesCheckPointZAForceFieldPluginsISWSHEX.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 25% Total physical RAM: 3070.48 MB Available physical RAM: 2283.69 MB Total Pagefile: 6139.24 MB Available Pagefile: 5115.11 MB Total Virtual: 2047.88 MB Available Virtual: 1906.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.95 GB) (Free:97.72 GB) NTFS Drive i: () (Removable) (Total:0.12 GB) (Free:0.06 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 9E839E83) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (Size: 124 MB) (Disk ID: 91F72D24) Partition 1: (Not Active) - (Size=124 MB) - (Type=06) ==================== End Of Log ============================ Heres the other one again just to show it.---- Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2014 Ran by dieas (administrator) on DIEAS-PC on 14-01-2014 18:18:01 Running from C:UsersdieasDesktopComputer Fix Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal The only official downoad link fo FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (AMD) C:WindowsSystem32atiesrxx.exe (AMD) C:WindowsSystem32atieclxx.exe (Advanced Micro Devices, Inc.) C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe (Apple Inc.) C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (Malwarebytes Corporation) C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe () C:WindowsSystem32PnkBstrA.exe (Cisco Consumer Products LLC) C:Program FilesCisco SystemsCisco Valet ConnectorCiscoAdapterSvc.exe () C:WindowsSystem32UTSCSI.EXE (Microsoft Corp.) C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE (Yahoo! Inc.) C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe (Microsoft Corp.) C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVCM.EXE (Oracle Corporation) C:Program FilesCommon FilesJavaJava Updatejusched.exe (Microsoft Corporation) C:Program FilesWindows Sidebarsidebar.exe (Microsoft Corporation) C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE ==================== Registry (Whitelisted) ================== HKLM...Run: [QuickTime Task] - C:Program FilesQuickTimeQTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM...Run: [startCCC] - C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.) HKLM...Run: [AMD AVT] - C:Program FilesAMD AVTbinkdbsync.exe [20992 2012-03-19] () HKLM...Run: [sunJavaUpdateSched] - C:Program FilesCommon FilesJavaJava Updatejusched.exe [254336 2013-07-02] (Oracle Corporation) HKCU...Run: [Facebook Update] - C:UsersdieasAppDataLocalFacebookUpdateFacebookUpdate.exe [138096 2013-12-10] (Facebook Inc.) HKCU...PoliciesExplorer: [NoStartBanner] 0x01 HKCU...PoliciesExplorer: [NoInstrumentation] 0x01 Startup: C:UsersdieasAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== ProxyServer: 127.0.0.1:834 HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 0xA0E7B45C7E09CE01 HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = en-us URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll (Yahoo! Inc.) SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319738&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPEDA1EB9D-5E59-4E32-9C3C-74A1759954F3&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319738&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPEDA1EB9D-5E59-4E32-9C3C-74A1759954F3&q={searchTerms}&SSPV= SearchScopes: HKCU - {97D8FBB1-D540-4CB8-B501-64E76714EB05} URL = http://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=3c6fe3531d4245d4b02ba5881945b88b&tu=11JL0008G2B000s&sku=&tstsId=&ver=&&r=431 BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre7binssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll (Microsoft Corp.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre7binjp2ssv.dll (Oracle Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll (Microsoft Corporation) TcpipParameters: [DhcpNameServer] 192.168.1.254 75.153.176.9 FireFox: ======== FF ProfilePath: C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.default FF user.js: detected! => C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultuser.js FF Plugin: @adobe.com/FlashPlayer - C:Windowssystem32MacromedFlashNPSWF32_11_9_900_170.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:Windowssystem32AdobeDirectornp32dsw_1205146.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:Program FilesiTunesMozilla Pluginsnpitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:Windowssystem32npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:Program FilesJavajre7binplugin2npjp2.dll (Oracle Corporation) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:Program FilesYahoo!SharednpYState.dll (Yahoo! Inc.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:Program FilesMicrosoft Silverlight5.1.20913.0npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:Program FilesWindows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF Plugin: @nexon.net/NxGame - C:ProgramDataNexonUSNGMnpNxGameUS.dll (Nexon) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:Program FilesPando NetworksMedia BoosternpPandoWebPlugin.dll No File FF Plugin: @raidcall.en/RCplugin - C:UsersdieasAppDataRoamingraidcallpluginsnprcplugin.dll (Raidcall) FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin - C:Program FilesSkypeWebPluginnpSkypeWebPlugin.dll (Skype) FF Plugin: @tools.google.com/Google Update;version=3 - C:Program FilesGoogleUpdate1.3.22.3npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:Program FilesGoogleUpdate1.3.22.3npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:Program FilesAdobeReader 11.0ReaderAIRnppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:UsersdieasAppDataLocalFacebookVideoSkypenpFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:UsersdieasAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultsearchpluginsconduit-search.xml FF Extension: FTdownloader V3.0 - C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensionsftdownloader3@ftdownloader.com.xpi [2013-04-11] FF Extension: No Name - C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2013-03-25] Chrome: ======= CHR HomePage: hxxp://google.com/ CHR Plugin: (Shockwave Flash) - C:Program FilesGoogleChromeApplication32.0.1700.72PepperFlashpepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:Program FilesGoogleChromeApplication32.0.1700.72ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:Program FilesGoogleChromeApplication32.0.1700.72pdf.dll () CHR Plugin: (QuickTime Plug-in 7.7.4) - C:Program FilesQuickTimepluginsnpqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:Program FilesQuickTimepluginsnpqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:Program FilesQuickTimepluginsnpqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:Program FilesQuickTimepluginsnpqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:Program FilesQuickTimepluginsnpqtplugin5.dll (Apple Inc.) CHR Plugin: (Adobe Acrobat) - C:Program FilesAdobeReader 11.0ReaderAIRnppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Earth Plugin) - C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll (Google) CHR Plugin: (Google Update) - C:Program FilesGoogleUpdate1.3.21.153npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 7 U25) - C:Program FilesJavajre7binplugin2npjp2.dll (Oracle Corporation) CHR Plugin: (Pando Web Plugin) - C:Program FilesPando NetworksMedia BoosternpPandoWebPlugin.dll No File CHR Plugin: (Photo Gallery) - C:Program FilesWindows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:Program FilesiTunesMozilla Pluginsnpitunes.dll () CHR Plugin: (Nexon Game Controller) - C:ProgramDataNexonUSNGMnpNxGameUS.dll (Nexon) CHR Plugin: (Unity Player) - C:UsersdieasAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Raidcall plugin) - C:UsersdieasAppDataRoamingraidcallpluginsnprcplugin.dll (Raidcall) CHR Plugin: (Shockwave for Director) - C:Windowssystem32AdobeDirectornp32dsw_1202122.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:Windowssystem32MacromedFlashNPSWF32_11_8_800_94.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:Windowssystem32npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:Program FilesMicrosoft Silverlight5.1.20513.0npctrl.dll No File CHR Extension: (AdBlock) - C:UsersdieasAppDataLocalGoogleChromeUser DataDefaultExtensionsgighmmpiobklfepjocnamgkkbiglidom2.6.16_0 [2013-11-30] CHR Extension: (Google Wallet) - C:UsersdieasAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda0.0.6.0_0 [2014-01-12] ========================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe [291840 2012-07-04] (Advanced Micro Devices, Inc.) R2 MBAMScheduler; C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 PnkBstrA; C:Windowssystem32PnkBstrA.exe [76888 2013-07-02] () R2 RaAutoInstSrv_AM10; C:Program FilesCisco SystemsCisco Valet ConnectorCiscoAdapterSvc.exe [529024 2010-05-28] (Cisco Consumer Products LLC) R2 UTSCSI; C:Windowssystem32UTSCSI.EXE [45056 2013-08-12] () ==================== Drivers (Whitelisted) ==================== R3 AM10; C:WindowsSystem32DRIVERSam10w7.sys [841504 2010-03-22] (Ralink Technology Corp.) S3 hamachi; C:WindowsSystem32DRIVERShamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S3 LUsbFilt; C:WindowsSystem32DriversLUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.) S3 ManyCam; C:WindowsSystem32DRIVERSmcvidrv.sys [34432 2012-10-10] (ManyCam LLC) R3 MBAMProtector; C:Windowssystem32driversmbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 mcaudrv_simple; C:WindowsSystem32driversmcaudrv.sys [22656 2013-01-31] (ManyCam LLC) S3 SCREAMINGBDRIVER; C:WindowsSystem32driversScreamingBAudio.sys [34896 2012-07-31] (Screaming Bee LLC) R3 tap0901; C:WindowsSystem32DRIVERStap0901.sys [26624 2011-07-01] (The OpenVPN Project) S3 taphss6; C:WindowsSystem32DRIVERStaphss6.sys [37064 2013-04-24] (Anchorfree Inc.) S3 tenCapture; C:WindowsSystem32DRIVERStenCapture.sys [20664 2012-07-20] (Hajo Krabbenhöft) R3 VCSVADHWSer; C:WindowsSystem32DRIVERSvcsvad.sys [17792 2008-12-26] (Avnex) S3 EagleXNt; ??C:Windowssystem32driversEagleXNt.sys [x] S3 XDva405; ??C:Windowssystem32XDva405.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-13 20:57 - 2014-01-13 20:57 - 290585982 _____ C:UsersdieasDownloadsTeen.Wolf.S03E14.720p.HDTV.x264-REMARKABLE.mkv (1).crdownload 2014-01-13 20:52 - 2014-01-13 20:52 - 00148248 _____ C:WindowsMinidump011314-32900-01.dmp 2014-01-13 20:44 - 2014-01-13 20:44 - 468057342 _____ C:UsersdieasDownloadsTeen.Wolf.S03E14.720p.HDTV.x264-REMARKABLE.mkv.crdownload 2014-01-13 19:59 - 2014-01-13 19:59 - 00000000 ____D C:Program FilesESET 2014-01-13 19:58 - 2014-01-13 19:58 - 02347384 _____ (ESET) C:UsersdieasDownloadsesetsmartinstaller_enu.exe 2014-01-13 18:05 - 2014-01-13 18:05 - 00448512 _____ (OldTimer Tools) C:UsersdieasDownloadsTFC.exe 2014-01-13 18:05 - 2014-01-13 18:05 - 00448512 _____ (OldTimer Tools) C:UsersdieasDesktopTFC.exe 2014-01-13 17:10 - 2014-01-13 17:10 - 02467287 _____ C:UsersdieasDownloads768689_4227725.mp4 2014-01-13 16:07 - 2014-01-14 18:18 - 00000000 ____D C:UsersdieasDesktopComputer Fix 2014-01-12 21:52 - 2014-01-12 21:52 - 00148296 _____ C:WindowsMinidump011214-35880-01.dmp 2014-01-12 19:31 - 2014-01-12 19:31 - 00000000 ____D C:UsersdieasAppDataRoamingMicrosoftWindowsStart MenuProgramsPutLockerDownloader.com 2014-01-12 19:31 - 2014-01-12 19:31 - 00000000 ____D C:UsersdieasAppDataLocalCool_Mirage 2014-01-12 17:46 - 2014-01-12 17:47 - 00144136 _____ C:WindowsMinidump011214-21262-01.dmp 2014-01-12 17:38 - 2014-01-14 18:17 - 00000000 ____D C:FRST 2014-01-12 17:34 - 2014-01-12 17:34 - 01219584 _____ (Farbar) C:UsersdieasDownloadsFRST.exe 2014-01-12 17:31 - 2014-01-12 17:31 - 01933048 _____ (Bleeping Computer, LLC) C:UsersdieasDownloadsrkill.exe 2014-01-12 14:22 - 2014-01-12 14:22 - 00000000 ____D C:WindowsERUNT 2014-01-12 14:15 - 2014-01-12 14:16 - 00000000 ____D C:AdwCleaner 2014-01-12 14:14 - 2014-01-12 14:14 - 01236282 _____ C:UsersdieasDownloadsadwcleaner (1).exe 2014-01-12 13:05 - 2014-01-12 13:06 - 00144136 _____ C:WindowsMinidump011214-26535-01.dmp 2014-01-08 19:46 - 2014-01-12 12:56 - 00000000 __SHD C:found.000 2014-01-08 15:53 - 2014-01-08 15:53 - 01037068 _____ (Thisisu) C:UsersdieasDownloadsJRT.exe 2014-01-08 15:52 - 2014-01-08 15:52 - 01233962 _____ C:UsersdieasDownloadsAdwCleaner.exe 2014-01-08 07:25 - 2014-01-08 07:25 - 00144136 _____ C:WindowsMinidump010814-18610-01.dmp 2014-01-07 08:37 - 2014-01-07 08:38 - 00131072 _____ C:WindowsMinidump010714-20311-01.dmp 2014-01-06 23:13 - 2013-10-24 20:45 - 01767936 _____ (Microsoft Corporation) C:Windowssystem32wininet.dll 2014-01-06 23:13 - 2013-10-24 20:45 - 00042496 _____ (Microsoft Corporation) C:Windowssystem32ie4uinit.exe 2014-01-06 23:13 - 2013-10-24 20:44 - 14356992 _____ (Microsoft Corporation) C:Windowssystem32mshtml.dll 2014-01-06 23:13 - 2013-10-24 20:44 - 01140736 _____ (Microsoft Corporation) C:Windowssystem32urlmon.dll 2014-01-06 23:13 - 2013-10-24 20:43 - 13761536 _____ (Microsoft Corporation) C:Windowssystem32ieframe.dll 2014-01-06 23:13 - 2013-10-24 20:43 - 02877952 _____ (Microsoft Corporation) C:Windowssystem32jscript9.dll 2014-01-06 23:13 - 2013-10-24 20:43 - 02049024 _____ (Microsoft Corporation) C:Windowssystem32iertutil.dll 2014-01-06 23:13 - 2013-10-24 20:43 - 00690688 _____ (Microsoft Corporation) C:Windowssystem32jscript.dll 2014-01-06 23:13 - 2013-10-24 20:43 - 00493056 _____ (Microsoft Corporation) C:Windowssystem32msfeeds.dll 2014-01-06 23:13 - 2013-10-24 20:43 - 00391168 _____ (Microsoft Corporation) C:Windowssystem32ieui.dll 2014-01-06 23:13 - 2013-10-24 20:43 - 00109056 _____ (Microsoft Corporation) C:Windowssystem32iesysprep.dll 2014-01-06 23:13 - 2013-10-24 20:43 - 00061440 _____ (Microsoft Corporation) C:Windowssystem32iesetup.dll 2014-01-06 23:13 - 2013-10-24 20:43 - 00039424 _____ (Microsoft Corporation) C:Windowssystem32jsproxy.dll 2014-01-06 23:13 - 2013-10-24 20:43 - 00033280 _____ (Microsoft Corporation) C:Windowssystem32iernonce.dll 2014-01-06 23:13 - 2013-10-24 19:41 - 02706432 _____ (Microsoft Corporation) C:Windowssystem32mshtml.tlb 2014-01-06 23:13 - 2013-10-24 18:49 - 00071680 _____ (Microsoft Corporation) C:Windowssystem32RegisterIEPKEYs.exe 2014-01-06 20:53 - 2014-01-06 20:53 - 10285040 _____ (Malwarebytes Corporation ) C:UsersdieasDownloadsmbam-setup-1.75.0.1300.exe 2014-01-05 20:31 - 2014-01-05 20:37 - 67919957 _____ C:UsersdieasDownloadsFamily.Guy.S12E09.HDTV.x264-LOL.mp4 2014-01-03 23:00 - 2014-01-03 23:00 - 00005309 _____ C:UsersdieasDownloadsfree ebookkk.txt 2014-01-03 14:23 - 2014-01-03 14:23 - 00039424 ___SH C:UsersdieasAppDataRoamingThumbs.db 2014-01-02 00:18 - 2014-01-03 13:54 - 00000000 ____D C:UsersPublicDocumentsGOOBZO 2013-12-31 16:44 - 2013-12-31 16:44 - 00000000 ____D C:UsersdieasDocumentsMy Received Files 2013-12-29 19:34 - 2013-12-29 19:34 - 20717568 _____ C:UsersdieasDownloadsSkypeSetup_6.1.0.129.msi 2013-12-29 19:33 - 2013-10-08 06:51 - 00873384 _____ (Oracle Corporation) C:Windowssystem32npDeployJava1.dll 2013-12-29 19:33 - 2013-10-08 06:51 - 00796072 _____ (Oracle Corporation) C:Windowssystem32deployJava1.dll 2013-12-29 19:33 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:Windowssystem32javaws.exe 2013-12-29 19:33 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:Windowssystem32javaw.exe 2013-12-29 19:33 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:Windowssystem32java.exe 2013-12-29 19:31 - 2013-12-29 19:32 - 31175144 _____ (Oracle Corporation) C:UsersdieasDownloadsjre-7u7-windows-i586.exe 2013-12-29 19:21 - 2013-12-29 19:21 - 18124080 _____ (Microsoft Corporation) C:UsersdieasDownloadsIE9-Windows7-x86-enu.exe 2013-12-29 19:20 - 2013-12-29 19:20 - 36380976 _____ (Microsoft Corporation) C:UsersdieasDownloadsIE9-Windows7-x64-enu.exe 2013-12-24 01:18 - 2014-01-12 13:06 - 00000470 _____ C:WindowsTasksParetoLogic Update Version3 Startup Task.job ==================== One Month Modified Files and Folders ======= 2014-01-14 18:18 - 2014-01-13 16:07 - 00000000 ____D C:UsersdieasDesktopComputer Fix 2014-01-14 18:17 - 2014-01-12 17:38 - 00000000 ____D C:FRST 2014-01-14 18:16 - 2013-08-28 10:43 - 00000000 ____D C:UsersdieasAppDataLocalGC 2014-01-14 18:16 - 2013-02-16 16:09 - 00000830 _____ C:WindowsTasksAdobe Flash Player Updater.job 2014-01-14 18:16 - 2013-02-16 15:09 - 00000884 _____ C:WindowsTasksGoogleUpdateTaskMachineUA.job 2014-01-14 18:16 - 2013-02-16 15:09 - 00000880 _____ C:WindowsTasksGoogleUpdateTaskMachineCore.job 2014-01-14 18:16 - 2013-02-12 15:53 - 01526288 _____ C:WindowsWindowsUpdate.log 2014-01-14 16:23 - 2009-07-13 20:34 - 00014544 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-14 16:23 - 2009-07-13 20:34 - 00014544 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-14 16:15 - 2013-10-11 15:21 - 240308425 _____ C:WindowsMEMORY.DMP 2014-01-14 16:15 - 2013-09-28 06:14 - 00009688 _____ C:Windowssetupact.log 2014-01-14 16:15 - 2013-03-16 19:46 - 00000000 ____D C:WindowsMinidump 2014-01-14 16:15 - 2009-07-13 20:53 - 00000006 ____H C:WindowsTasksSA.DAT 2014-01-14 15:40 - 2009-07-13 20:53 - 00032558 _____ C:WindowsTasksSCHEDLGU.TXT 2014-01-14 15:36 - 2013-12-10 21:35 - 00000928 _____ C:WindowsTasksFacebookUpdateTaskUserS-1-5-21-2188790374-365846068-1736179643-1000UA.job 2014-01-13 20:57 - 2014-01-13 20:57 - 290585982 _____ C:UsersdieasDownloadsTeen.Wolf.S03E14.720p.HDTV.x264-REMARKABLE.mkv (1).crdownload 2014-01-13 20:52 - 2014-01-13 20:52 - 00148248 _____ C:WindowsMinidump011314-32900-01.dmp 2014-01-13 20:44 - 2014-01-13 20:44 - 468057342 _____ C:UsersdieasDownloadsTeen.Wolf.S03E14.720p.HDTV.x264-REMARKABLE.mkv.crdownload 2014-01-13 20:30 - 2013-02-18 16:32 - 00113640 _____ C:UsersdieasAppDataLocalGDIPFONTCACHEV1.DAT 2014-01-13 19:59 - 2014-01-13 19:59 - 00000000 ____D C:Program FilesESET 2014-01-13 19:58 - 2014-01-13 19:58 - 02347384 _____ (ESET) C:UsersdieasDownloadsesetsmartinstaller_enu.exe 2014-01-13 18:07 - 2013-09-28 06:13 - 00194010 _____ C:WindowsPFRO.log 2014-01-13 18:07 - 2013-02-19 20:06 - 00000000 ____D C:Program FilesPando Networks 2014-01-13 18:05 - 2014-01-13 18:05 - 00448512 _____ (OldTimer Tools) C:UsersdieasDownloadsTFC.exe 2014-01-13 18:05 - 2014-01-13 18:05 - 00448512 _____ (OldTimer Tools) C:UsersdieasDesktopTFC.exe 2014-01-13 18:04 - 2009-07-13 18:37 - 00000000 ____D C:WindowsBranding 2014-01-13 17:10 - 2014-01-13 17:10 - 02467287 _____ C:UsersdieasDownloads768689_4227725.mp4 2014-01-13 16:07 - 2013-07-13 16:27 - 00000000 ____D C:UsersdieasDesktopFolders 2014-01-13 16:05 - 2013-03-10 11:53 - 00000000 ____D C:ProgramDataSkype 2014-01-13 16:05 - 2013-02-12 16:06 - 00000000 ____D C:Program FilesMozilla Firefox 2014-01-13 16:03 - 2013-02-12 15:58 - 00795378 _____ C:Windowssystem32PerfStringBackup.INI 2014-01-13 16:00 - 2009-07-13 20:33 - 00434032 _____ C:Windowssystem32FNTCACHE.DAT 2014-01-13 15:58 - 2013-09-28 12:03 - 00000000 ____D C:Program FilesRegistry Winner 2014-01-13 15:58 - 2013-03-10 11:54 - 00000000 ____D C:UsersdieasAppDataRoamingSkype 2014-01-13 15:56 - 2013-08-26 15:42 - 00000000 ____D C:Program FilesHyperCam 2 2014-01-13 15:54 - 2013-02-19 20:31 - 00000000 ____D C:UsersdieasAppDataRoaminguTorrent 2014-01-12 21:52 - 2014-01-12 21:52 - 00148296 _____ C:WindowsMinidump011214-35880-01.dmp 2014-01-12 21:40 - 2013-12-10 21:35 - 00000906 _____ C:WindowsTasksFacebookUpdateTaskUserS-1-5-21-2188790374-365846068-1736179643-1000Core.job 2014-01-12 19:31 - 2014-01-12 19:31 - 00000000 ____D C:UsersdieasAppDataRoamingMicrosoftWindowsStart MenuProgramsPutLockerDownloader.com 2014-01-12 19:31 - 2014-01-12 19:31 - 00000000 ____D C:UsersdieasAppDataLocalCool_Mirage 2014-01-12 17:47 - 2014-01-12 17:46 - 00144136 _____ C:WindowsMinidump011214-21262-01.dmp 2014-01-12 17:34 - 2014-01-12 17:34 - 01219584 _____ (Farbar) C:UsersdieasDownloadsFRST.exe 2014-01-12 17:31 - 2014-01-12 17:31 - 01933048 _____ (Bleeping Computer, LLC) C:UsersdieasDownloadsrkill.exe 2014-01-12 14:22 - 2014-01-12 14:22 - 00000000 ____D C:WindowsERUNT 2014-01-12 14:16 - 2014-01-12 14:15 - 00000000 ____D C:AdwCleaner 2014-01-12 14:16 - 2013-05-26 17:14 - 00000000 ____D C:UsersdieasAppDataRoamingCheckPoint 2014-01-12 14:14 - 2014-01-12 14:14 - 01236282 _____ C:UsersdieasDownloadsadwcleaner (1).exe 2014-01-12 13:06 - 2014-01-12 13:05 - 00144136 _____ C:WindowsMinidump011214-26535-01.dmp 2014-01-12 13:06 - 2013-12-24 01:18 - 00000470 _____ C:WindowsTasksParetoLogic Update Version3 Startup Task.job 2014-01-12 12:58 - 2013-02-12 15:57 - 00000000 ____D C:Usersdieas 2014-01-12 12:56 - 2014-01-08 19:46 - 00000000 __SHD C:found.000 2014-01-12 12:56 - 2013-06-08 13:28 - 00000000 ____D C:Program FilesRaidCall 2014-01-12 12:56 - 2013-03-28 13:51 - 00000000 ____D C:Program FilesMalwarebytes' Anti-Malware 2014-01-12 12:56 - 2009-07-13 18:37 - 00000000 ____D C:Windowssystem32wfp 2014-01-12 12:56 - 2009-07-13 18:37 - 00000000 ____D C:Windowsrescache 2014-01-12 12:56 - 2009-07-13 18:37 - 00000000 ____D C:Windowsregistration 2014-01-12 12:56 - 2009-07-13 18:37 - 00000000 ____D C:WindowsAppCompat 2014-01-12 12:56 - 2009-07-13 18:37 - 00000000 ____D C:Program FilesCommon Filesmicrosoft shared 2014-01-10 22:01 - 2013-05-29 14:39 - 00000000 ____D C:UsersdieasAppDataLocalCrashDumps 2014-01-08 15:53 - 2014-01-08 15:53 - 01037068 _____ (Thisisu) C:UsersdieasDownloadsJRT.exe 2014-01-08 15:52 - 2014-01-08 15:52 - 01233962 _____ C:UsersdieasDownloadsAdwCleaner.exe 2014-01-08 07:25 - 2014-01-08 07:25 - 00144136 _____ C:WindowsMinidump010814-18610-01.dmp 2014-01-07 08:38 - 2014-01-07 08:37 - 00131072 _____ C:WindowsMinidump010714-20311-01.dmp 2014-01-07 06:57 - 2009-07-13 20:52 - 00000000 ____D C:Windowsaddins 2014-01-06 20:55 - 2013-03-28 13:51 - 00001027 _____ C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk 2014-01-06 20:53 - 2014-01-06 20:53 - 10285040 _____ (Malwarebytes Corporation ) C:UsersdieasDownloadsmbam-setup-1.75.0.1300.exe 2014-01-06 20:36 - 2013-11-05 00:29 - 00000000 ____D C:Program FilesSkypeWebPlugin 2014-01-06 20:36 - 2013-10-09 21:14 - 00000000 ____D C:Program FilesProject64 2.0 2014-01-06 20:36 - 2013-10-05 12:23 - 00000000 ____D C:Usersdieasjagexcache 2014-01-06 20:36 - 2013-09-14 21:01 - 00000000 ____D C:UsersdieasAppDataRoamingDAEMON Tools Ultra 2014-01-06 20:36 - 2013-09-02 20:53 - 00000000 ____D C:UsersdieasAppDataRoamingRiot Games 2014-01-06 20:36 - 2013-08-20 21:37 - 00000000 ____D C:Usersdieas.PowerScape 2014-01-06 20:36 - 2013-08-11 00:13 - 00000000 ____D C:Usersdieasrs3cachev4 2014-01-06 20:36 - 2013-06-16 12:34 - 00000000 ____D C:Program FilesMicrosoft Expression 2014-01-06 20:36 - 2013-05-28 18:04 - 00000000 ____D C:UsersdieasAppDataRoamingBANDISOFT 2014-01-06 20:36 - 2013-05-26 17:15 - 00000000 ____D C:Fraps 2014-01-06 20:36 - 2013-03-31 16:17 - 00000000 ____D C:Program FilesSecurityKISS Tunnel 2014-01-06 20:36 - 2013-02-16 16:02 - 00000000 ____D C:UsersdieasAppDataRoaming.minecraft 2014-01-06 20:33 - 2009-07-13 18:37 - 00000000 ___RD C:UsersPublic 2014-01-06 20:29 - 2013-05-29 14:21 - 00000000 ____D C:Program FilesWindows Live 2014-01-06 20:28 - 2013-06-30 17:17 - 00000000 ____D C:Program FilesImage-Line 2014-01-06 20:27 - 2013-05-29 14:19 - 00000000 ____D C:Program FilesCommon FilesWindows Live 2014-01-06 20:01 - 2013-05-29 14:27 - 00000000 ____D C:UsersdieasTracing 2014-01-05 20:37 - 2014-01-05 20:31 - 67919957 _____ C:UsersdieasDownloadsFamily.Guy.S12E09.HDTV.x264-LOL.mp4 2014-01-03 23:00 - 2014-01-03 23:00 - 00005309 _____ C:UsersdieasDownloadsfree ebookkk.txt 2014-01-03 14:23 - 2014-01-03 14:23 - 00039424 ___SH C:UsersdieasAppDataRoamingThumbs.db 2014-01-03 14:19 - 2013-02-19 16:25 - 00000000 ____D C:UsersdieasDocumentsMy Games 2014-01-03 13:54 - 2014-01-02 00:18 - 00000000 ____D C:UsersPublicDocumentsGOOBZO 2014-01-03 13:24 - 2013-10-09 20:19 - 00006466 _____ C:Usersdieasovpntray.log 2013-12-31 19:27 - 2013-10-05 12:23 - 00000024 _____ C:Usersdieasrandom.dat 2013-12-31 16:44 - 2013-12-31 16:44 - 00000000 ____D C:UsersdieasDocumentsMy Received Files 2013-12-30 22:46 - 2013-05-29 14:20 - 00000000 ____D C:UsersdieasAppDataLocalWindows Live 2013-12-29 19:34 - 2013-12-29 19:34 - 20717568 _____ C:UsersdieasDownloadsSkypeSetup_6.1.0.129.msi 2013-12-29 19:32 - 2013-12-29 19:31 - 31175144 _____ (Oracle Corporation) C:UsersdieasDownloadsjre-7u7-windows-i586.exe 2013-12-29 19:32 - 2013-03-05 23:18 - 00000000 ____D C:Program FilesJava 2013-12-29 Link to comment Share on other sites More sharing options...
Juliet Posted January 15, 2014 Share Posted January 15, 2014 (edited) The log was cut off but I can see quite a bit and we'll continue.  Were you able to run Eset online scanner?  PutLockerDownloader utility has been known to install large amounts of adware/malware and useless addons. I suggest you uninstall it.  ~~~~~~~~~~~~~~~~`  Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow) start AlternateDataStreams: C:ProgramDataTEMP:373E1720 AlternateDataStreams: C:ProgramDataTEMP:56E2E879 SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319738&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPEDA1EB9D-5E59-4E32-9C3C-74A1759954F3&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319738&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPEDA1EB9D-5E59-4E32-9C3C-74A1759954F3&q={searchTerms}&SSPV= FF Plugin: @pandonetworks.com/PandoWebPlugin- C:Program FilesPando NetworksMedia BoosternpPandoWebPlugin.dll No File FF SearchPlugin: C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultsearchpluginsconduit-search.xml C:UsersdieasAppDataRoaminguTorrent C:Usersdieasrandom.dat end Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system  ~~~~~~~~~~~~~~~~~~~~~~` Please uninstall Java from your control panel add/remove list. Java 7 Update 45 (Version: 7.0.450 - Oracle) Java 7 Update 7 (Version: 7.0.70 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java 6 Update 24 (Version: 6.0.240 - Oracle)  Now, download the newest version from the link below  Install Java:  Please go here to install Java click on the Free Java Download Button click on Agree and start Free download click on Run click on run again click on install when install is complete click on close ~~~~~~~~~~~~~~~~~~~~~~  In your next reply post Frst.txt  How's the computer now? Edited January 16, 2014 by Juliet typo Link to comment Share on other sites More sharing options...
Timmy Posted January 16, 2014 Author Share Posted January 16, 2014 Every time I use ESET my computer starts crashing and never stops, i'm removing all junk from the computer and will do the other steps first thing tomorrow and post the logs here than. Link to comment Share on other sites More sharing options...
Juliet Posted January 16, 2014 Share Posted January 16, 2014 See if you can do my instructions from previous post first, then please try to do:  If possible print out these instructions or save to note pad, the window will close and you may need to read over the notes carefully.  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Download the latest version of TDSSKiller from here and save it to your Desktop. Doubleclick on TDSSKiller.exe to run the application ~~~~~~~~~~~~~~ Then click on Change parameters. ~~~~~~~~~~~` Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK. Click the Start Scan button. If a suspicious object is detected, the default action will be Skip, click on Continue. ~~~~~~~~~~~~~ If malicious objects are found, they will show in the Scan results and offer three (3) options. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process. Get the report by selecting Reports ~~~~~~~~~~~~ Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed. Please copy and paste its contents on your next reply. Link to comment Share on other sites More sharing options...
Juliet Posted January 16, 2014 Share Posted January 16, 2014 Download blue screen viewer from the link below and install and run it to read the dump files created by windows. Double click on BlueScreenView.exe file to run the program. When scanning is done, go Edit>Select All. Go File>Save Selected Items, and save the report as BSOD.txt. Open BSOD.txt in Notepad, copy all content, and paste it into your next reply. Â http://www.nirsoft.net/utils/blue_screen_view.html Link to comment Share on other sites More sharing options...
Timmy Posted January 17, 2014 Author Share Posted January 17, 2014 This is the report for the BSOD --- ================================================== Dump File : 011614-49249-01.dmp Crash Time : 1/16/2014 8:04:54 AM Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL Bug Check Code : 0x000000d1 Parameter 1 : 0x04170023 Parameter 2 : 0x00000002 Parameter 3 : 0x00000000 Parameter 4 : 0x8af36820 Caused By Driver : Wdf01000.sys Caused By Address : Wdf01000.sys+8820 File Description : Kernel Mode Driver Framework Runtime Product Name : Microsoft® Windows® Operating System Company : Microsoft Corporation File Version : 1.11.9200.16648 (win8_gdr.130621-1503) Processor : 32-bit Crash Address : ntkrnlpa.exe+40b6f Stack Address 1 : Wdf01000.sys+8820 Stack Address 2 : Wdf01000.sys+86b6 Stack Address 3 : Wdf01000.sys+423c9 Computer Name : Full Path : C:\Windows\Minidump\011614-49249-01.dmp Processors Count : 2 Major Version : 15 Minor Version : 7601 Dump File Size : 182,600 Dump File Time : 1/16/2014 3:24:05 PM ================================================== ================================================== Dump File : 011514-22479-01.dmp Crash Time : 1/15/2014 9:03:08 PM Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL Bug Check Code : 0x000000d1 Parameter 1 : 0x0001001c Parameter 2 : 0x00000002 Parameter 3 : 0x00000000 Parameter 4 : 0x8af7fa15 Caused By Driver : Caused By Address : File Description : Product Name : Company : File Version : Processor : 32-bit Crash Address : Stack Address 1 : ntkrnlpa.exe+772cd Stack Address 2 : Stack Address 3 : Computer Name : Full Path : C:\Windows\Minidump\011514-22479-01.dmp Processors Count : 2 Major Version : 15 Minor Version : 7601 Dump File Size : 131,072 Dump File Time : 1/15/2014 10:17:13 PM ================================================== ================================================== Dump File : 011514-26005-01.dmp Crash Time : 1/15/2014 7:34:42 PM Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED Bug Check Code : 0x0000007e Parameter 1 : 0xc000000d Parameter 2 : 0x918ce0cf Parameter 3 : 0x8ee63bc4 Parameter 4 : 0x8ee637a0 Caused By Driver : Unknown_Module_00000000 Caused By Address : File Description : Product Name : Company : File Version : Processor : 32-bit Crash Address : Stack Address 1 : ntkrnlpa.exe+772cd Stack Address 2 : Stack Address 3 : Computer Name : Full Path : C:\Windows\Minidump\011514-26005-01.dmp Processors Count : 2 Major Version : 15 Minor Version : 7601 Dump File Size : 131,072 Dump File Time : 1/15/2014 7:37:40 PM ================================================== ================================================== Dump File : 011214-35880-01.dmp Crash Time : 1/12/2014 9:50:41 PM Bug Check String : BAD_POOL_CALLER Bug Check Code : 0x000000c2 Parameter 1 : 0x00000099 Parameter 2 : 0x858ff040 Parameter 3 : 0x00000000 Parameter 4 : 0x00000000 Caused By Driver : ntkrnlpa.exe Caused By Address : ntkrnlpa.exe+debfc File Description : NT Kernel & System Product Name : Microsoft® Windows® Operating System Company : Microsoft Corporation File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532) Processor : 32-bit Crash Address : ntkrnlpa.exe+debfc Stack Address 1 : ntkrnlpa.exe+336f03 Stack Address 2 : ntkrnlpa.exe+f0247 Stack Address 3 : ntkrnlpa.exe+120ff9 Computer Name : Full Path : C:\Windows\Minidump\011214-35880-01.dmp Processors Count : 2 Major Version : 15 Minor Version : 7601 Dump File Size : 148,296 Dump File Time : 1/12/2014 9:52:20 PM ================================================== ================================================== Dump File : 011214-21262-01.dmp Crash Time : 1/12/2014 5:44:28 PM Bug Check String : BAD_POOL_HEADER Bug Check Code : 0x00000019 Parameter 1 : 0x00000020 Parameter 2 : 0x8a12e408 Parameter 3 : 0x8a12e4a0 Parameter 4 : 0x0a130403 Caused By Driver : ntkrnlpa.exe Caused By Address : ntkrnlpa.exe+120c6b File Description : NT Kernel & System Product Name : Microsoft® Windows® Operating System Company : Microsoft Corporation File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532) Processor : 32-bit Crash Address : ntkrnlpa.exe+120c6b Stack Address 1 : ntkrnlpa.exe+24147d Stack Address 2 : ntkrnlpa.exe+265969 Stack Address 3 : ntkrnlpa.exe+24142d Computer Name : Full Path : C:\Windows\Minidump\011214-21262-01.dmp Processors Count : 2 Major Version : 15 Minor Version : 7601 Dump File Size : 144,136 Dump File Time : 1/12/2014 5:47:05 PM ================================================== ================================================== Dump File : 011214-26535-01.dmp Crash Time : 1/12/2014 12:59:24 PM Bug Check String : IRQL_NOT_LESS_OR_EQUAL Bug Check Code : 0x0000000a Parameter 1 : 0x7ff4f000 Parameter 2 : 0x00000002 Parameter 3 : 0x00000000 Parameter 4 : 0x82e8debc Caused By Driver : USBPORT.SYS Caused By Address : USBPORT.SYS+15fb File Description : USB 1.1 & 2.0 Port Driver Product Name : Microsoft® Windows® Operating System Company : Microsoft Corporation File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Processor : 32-bit Crash Address : ntkrnlpa.exe+40b7f Stack Address 1 : ntkrnlpa.exe+78ebc Stack Address 2 : ntkrnlpa.exe+79702 Stack Address 3 : ntkrnlpa.exe+79407 Computer Name : Full Path : C:\Windows\Minidump\011214-26535-01.dmp Processors Count : 2 Major Version : 15 Minor Version : 7601 Dump File Size : 144,136 Dump File Time : 1/12/2014 1:06:03 PM ================================================== ================================================== Dump File : 010814-18610-01.dmp Crash Time : 1/8/2014 7:24:07 AM Bug Check String : IRQL_NOT_LESS_OR_EQUAL Bug Check Code : 0x0000000a Parameter 1 : 0xbeada597 Parameter 2 : 0x00000002 Parameter 3 : 0x00000000 Parameter 4 : 0x82ecbe3d Caused By Driver : ntkrnlpa.exe Caused By Address : ntkrnlpa.exe+40b7f File Description : NT Kernel & System Product Name : Microsoft® Windows® Operating System Company : Microsoft Corporation File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532) Processor : 32-bit Crash Address : ntkrnlpa.exe+40b7f Stack Address 1 : ntkrnlpa.exe+78e3d Stack Address 2 : ntkrnlpa.exe+7cce6 Stack Address 3 : ntkrnlpa.exe+79465 Computer Name : Full Path : C:\Windows\Minidump\010814-18610-01.dmp Processors Count : 2 Major Version : 15 Minor Version : 7601 Dump File Size : 144,136 Dump File Time : 1/8/2014 7:25:34 AM ================================================== ================================================== Dump File : 010714-20311-01.dmp Crash Time : 1/7/2014 7:09:31 AM Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED Bug Check Code : 0x0000007e Parameter 1 : 0xc000001d Parameter 2 : 0x91cd20cf Parameter 3 : 0x8f063bc4 Parameter 4 : 0x8f0637a0 Caused By Driver : Caused By Address : File Description : Product Name : Company : File Version : Processor : 32-bit Crash Address : Stack Address 1 : ntkrnlpa.exe+772cd Stack Address 2 : Stack Address 3 : Computer Name : Full Path : C:\Windows\Minidump\010714-20311-01.dmp Processors Count : 2 Major Version : 15 Minor Version : 7601 Dump File Size : 131,072 Dump File Time : 1/7/2014 8:38:01 AM ================================================== ================================================== Dump File : 120713-44179-01.dmp Crash Time : 12/7/2013 1:47:16 PM Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED Bug Check Code : 0x1000007e Parameter 1 : 0xc0000005 Parameter 2 : 0x92058568 Parameter 3 : 0x8d25ca5c Parameter 4 : 0x8d25c640 Caused By Driver : HDAudBus.sys Caused By Address : HDAudBus.sys+9568 File Description : High Definition Audio Bus Driver Product Name : Microsoft® Windows® Operating System Company : Microsoft Corporation File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Processor : 32-bit Crash Address : HDAudBus.sys+9568 Stack Address 1 : HDAudBus.sys+c30c Stack Address 2 : RTKVHDA.sys+18c6d9 Stack Address 3 : RTKVHDA.sys+a68 Computer Name : Full Path : C:\Windows\Minidump\120713-44179-01.dmp Processors Count : 2 Major Version : 15 Minor Version : 7601 Dump File Size : 144,168 Dump File Time : 12/7/2013 1:48:58 PM ================================================== ================================================== Dump File : 103113-26395-01.dmp Crash Time : 10/31/2013 7:13:10 AM Bug Check String : BAD_POOL_HEADER Bug Check Code : 0x00000019 Parameter 1 : 0x00000020 Parameter 2 : 0x88262ed8 Parameter 3 : 0x88262ef0 Parameter 4 : 0x08030008 Caused By Driver : ntkrnlpa.exe Caused By Address : ntkrnlpa.exe+120c6b File Description : NT Kernel & System Product Name : Microsoft® Windows® Operating System Company : Microsoft Corporation File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532) Processor : 32-bit Crash Address : ntkrnlpa.exe+120c6b Stack Address 1 : ntkrnlpa.exe+82edd Stack Address 2 : ntkrnlpa.exe+77dd3 Stack Address 3 : USBPORT.SYS+430d Computer Name : Full Path : C:\Windows\Minidump\103113-26395-01.dmp Processors Count : 2 Major Version : 15 Minor Version : 7601 Dump File Size : 182,608 Dump File Time : 10/31/2013 8:15:03 PM ================================================== ================================================== Dump File : 102413-62852-01.dmp Crash Time : 10/24/2013 6:49:24 AM Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED Bug Check Code : 0x1000008e Parameter 1 : 0xc0000005 Parameter 2 : 0x82c50415 Parameter 3 : 0x807e28cc Parameter 4 : 0x00000000 Caused By Driver : USBPORT.SYS Caused By Address : USBPORT.SYS+1100 File Description : USB 1.1 & 2.0 Port Driver Product Name : Microsoft® Windows® Operating System Company : Microsoft Corporation File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Processor : 32-bit Crash Address : ntkrnlpa.exe+41415 Stack Address 1 : Stack Address 2 : Stack Address 3 : Computer Name : Full Path : C:\Windows\Minidump\102413-62852-01.dmp Processors Count : 2 Major Version : 15 Minor Version : 7601 Dump File Size : 182,488 Dump File Time : 10/24/2013 2:12:22 PM ================================================== ================================================== Dump File : 102313-37097-01.dmp Crash Time : 10/23/2013 6:55:40 PM Bug Check String : IRQL_NOT_LESS_OR_EQUAL Bug Check Code : 0x0000000a Parameter 1 : 0x00000001 Parameter 2 : 0x00000002 Parameter 3 : 0x00000000 Parameter 4 : 0x82cb640b Caused By Driver : ntkrnlpa.exe Caused By Address : ntkrnlpa.exe+40b7f File Description : NT Kernel & System Product Name : Microsoft® Windows® Operating System Company : Microsoft Corporation File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532) Processor : 32-bit Crash Address : ntkrnlpa.exe+40b7f Stack Address 1 : ntkrnlpa.exe+7940b Stack Address 2 : ntkrnlpa.exe+7933a Stack Address 3 : ntkrnlpa.exe+774ce Computer Name : Full Path : C:\Windows\Minidump\102313-37097-01.dmp Processors Count : 2 Major Version : 15 Minor Version : 7601 Dump File Size : 131,072 Dump File Time : 10/23/2013 6:57:15 PM ================================================== ================================================== Dump File : 101213-17596-01.dmp Crash Time : 10/12/2013 9:35:47 AM Bug Check String : DRIVER_CORRUPTED_EXPOOL Bug Check Code : 0x000000c5 Parameter 1 : 0xd0858588 Parameter 2 : 0x00000002 Parameter 3 : 0x00000001 Parameter 4 : 0x82d754c1 Caused By Driver : ntkrnlpa.exe Caused By Address : ntkrnlpa.exe+40b7f File Description : NT Kernel & System Product Name : Microsoft® Windows® Operating System Company : Microsoft Corporation File Version : 6.1.7601.18247 (win7sp1_gdr.130828-1532) Processor : 32-bit Crash Address : ntkrnlpa.exe+40b7f Stack Address 1 : ntkrnlpa.exe+1204c1 Stack Address 2 : USBPORT.SYS+3a9e Stack Address 3 : USBPORT.SYS+8a9e Computer Name : Full Path : C:\Windows\Minidump\101213-17596-01.dmp Processors Count : 2 Major Version : 15 Minor Version : 7601 Dump File Size : 131,072 Dump File Time : 10/12/2013 11:05:07 AM ================================================== Link to comment Share on other sites More sharing options...
Timmy Posted January 17, 2014 Author Share Posted January 17, 2014 For the Kaspersky scan there was no cure but 1 object was infected and this report is going to be really big. Â 18:30:38.0991 0x0228 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50 18:30:41.0600 0x0228 ============================================================ 18:30:41.0600 0x0228 Current date / time: 2014/01/16 18:30:41.0600 18:30:41.0600 0x0228 SystemInfo: 18:30:41.0600 0x0228 18:30:41.0600 0x0228 OS Version: 6.1.7601 ServicePack: 1.0 18:30:41.0600 0x0228 Product type: Workstation 18:30:41.0600 0x0228 ComputerName: DIEAS-PC 18:30:41.0600 0x0228 UserName: dieas 18:30:41.0600 0x0228 Windows directory: C:\Windows 18:30:41.0600 0x0228 System windows directory: C:\Windows 18:30:41.0600 0x0228 Processor architecture: Intel x86 18:30:41.0601 0x0228 Number of processors: 2 18:30:41.0601 0x0228 Page size: 0x1000 18:30:41.0601 0x0228 Boot type: Normal boot 18:30:41.0601 0x0228 ============================================================ 18:30:42.0505 0x0228 KLMD registered as C:\Windows\system32\drivers\46220166.sys 18:30:42.0702 0x0228 System UUID: {4FFF5E3A-4B87-89AE-F513-64CDD32C6110} 18:30:43.0293 0x0228 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050 18:30:43.0309 0x0228 Drive \Device\Harddisk5\DR5 - Size: 0x7C00000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 18:30:43.0310 0x0228 ============================================================ 18:30:43.0310 0x0228 \Device\Harddisk0\DR0: 18:30:43.0310 0x0228 MBR partitions: 18:30:43.0310 0x0228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 18:30:43.0310 0x0228 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800 18:30:43.0310 0x0228 \Device\Harddisk5\DR5: 18:30:43.0311 0x0228 MBR partitions: 18:30:43.0311 0x0228 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3DFE0 18:30:43.0311 0x0228 ============================================================ 18:30:43.0455 0x0228 C: <-> \Device\Harddisk0\DR0\Partition2 18:30:43.0456 0x0228 ============================================================ 18:30:43.0456 0x0228 Initialize success 18:30:43.0456 0x0228 ============================================================ 18:31:11.0701 0x0e9c ============================================================ 18:31:11.0701 0x0e9c Scan started 18:31:11.0701 0x0e9c Mode: Manual; SigCheck; TDLFS; 18:31:11.0701 0x0e9c ============================================================ 18:31:11.0701 0x0e9c KSN ping started 18:31:14.0499 0x0e9c KSN ping finished: true 18:31:15.0180 0x0e9c ================ Scan system memory ======================== 18:31:15.0180 0x0e9c System memory - ok 18:31:15.0181 0x0e9c ================ Scan services ============================= 18:31:15.0398 0x0e9c [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 18:31:15.0481 0x0e9c 1394ohci - ok 18:31:15.0545 0x0e9c [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys 18:31:15.0569 0x0e9c ACPI - ok 18:31:15.0608 0x0e9c [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 18:31:15.0659 0x0e9c AcpiPmi - ok 18:31:15.0787 0x0e9c [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 18:31:15.0819 0x0e9c AdobeARMservice - ok 18:31:15.0908 0x0e9c [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 18:31:15.0925 0x0e9c AdobeFlashPlayerUpdateSvc - ok 18:31:15.0974 0x0e9c [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 18:31:16.0003 0x0e9c adp94xx - ok 18:31:16.0018 0x0e9c [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 18:31:16.0034 0x0e9c adpahci - ok 18:31:16.0053 0x0e9c [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 18:31:16.0066 0x0e9c adpu320 - ok 18:31:16.0097 0x0e9c [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:31:16.0223 0x0e9c AeLookupSvc - ok 18:31:16.0283 0x0e9c [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD C:\Windows\system32\drivers\afd.sys 18:31:16.0321 0x0e9c AFD - ok 18:31:16.0359 0x0e9c [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys 18:31:16.0383 0x0e9c agp440 - ok 18:31:16.0427 0x0e9c [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 18:31:16.0455 0x0e9c aic78xx - ok 18:31:16.0500 0x0e9c [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe 18:31:16.0557 0x0e9c ALG - ok 18:31:16.0612 0x0e9c [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys 18:31:16.0626 0x0e9c aliide - ok 18:31:16.0702 0x0e9c [ 9067A7689D108C4F15ED2FCF2C572B5C, EB601682719EB338AC56515982AD3C3ABF86823B01F8891243797E204BEFD6AF ] AM10 C:\Windows\system32\DRIVERS\am10w7.sys 18:31:16.0756 0x0e9c AM10 - ok 18:31:16.0823 0x0e9c [ F9491B157A8CD70557745FA0312C1EEE, CA91E1E136ED6AE3E16883E465D4AEB47260416ABCF14D58ADB395AE2368B418 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 18:31:16.0884 0x0e9c AMD External Events Utility - ok 18:31:17.0019 0x0e9c AMD FUEL Service - ok 18:31:17.0061 0x0e9c [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys 18:31:17.0070 0x0e9c amdagp - ok 18:31:17.0119 0x0e9c [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys 18:31:17.0143 0x0e9c amdide - ok 18:31:17.0203 0x0e9c [ FF258424F0B2EF25EB98F04EE386E6E3, 09DC3854BF0D52FB80AB08DC4E0DD4A9E37ACAA500083A56F9836C837EBCFA82 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys 18:31:17.0224 0x0e9c amdiox86 - ok 18:31:17.0267 0x0e9c [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 18:31:17.0294 0x0e9c AmdK8 - ok 18:31:17.0656 0x0e9c [ F53B89A4B976B534DAA8AEDAFEAF8EA3, 1973FC771B69ADEE17A3405B7961958B8DF135506D60554BD233325EC1C46AA6 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 18:31:18.0113 0x0e9c amdkmdag - ok 18:31:18.0187 0x0e9c [ 3DEA9B1D1B274C739C9367FB1E56185F, ACE1520FE4754DB61F6C1726C2B6859ABA322115DF8FB43660A0D964019039CA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 18:31:18.0226 0x0e9c amdkmdap - ok 18:31:18.0257 0x0e9c [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 18:31:18.0285 0x0e9c AmdPPM - ok 18:31:18.0331 0x0e9c [ E7F4D42D8076EC60E21715CD11743A0D, 91AC020A70964F8783C999BDE8AB8391A3FA3AFC1CD4BC52A43625A2010A53E7 ] amdsata C:\Windows\system32\drivers\amdsata.sys 18:31:18.0341 0x0e9c amdsata - ok 18:31:18.0368 0x0e9c [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 18:31:18.0381 0x0e9c amdsbs - ok 18:31:18.0399 0x0e9c [ 146459D2B08BFDCBFA856D9947043C81, AC7F2069717601F949B0968EA651899D497170A93B84281B66D3CE5C382DDECB ] amdxata C:\Windows\system32\drivers\amdxata.sys 18:31:18.0408 0x0e9c amdxata - ok 18:31:18.0458 0x0e9c [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys 18:31:18.0534 0x0e9c AppID - ok 18:31:18.0583 0x0e9c [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll 18:31:18.0611 0x0e9c AppIDSvc - ok 18:31:18.0649 0x0e9c [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll 18:31:18.0693 0x0e9c Appinfo - ok 18:31:18.0778 0x0e9c [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 18:31:18.0786 0x0e9c Apple Mobile Device - ok 18:31:18.0827 0x0e9c [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll 18:31:18.0879 0x0e9c AppMgmt - ok 18:31:18.0919 0x0e9c [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys 18:31:18.0930 0x0e9c arc - ok 18:31:18.0945 0x0e9c [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 18:31:18.0957 0x0e9c arcsas - ok 18:31:19.0086 0x0e9c [ 2FE0D5DB69014980A970D3BF9A85D2B1, 3837F176B0CB7FEA2689D90B50B62F660FE579A5EB1E47C827DFA95596B72D1E ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 18:31:19.0119 0x0e9c aspnet_state - ok 18:31:19.0144 0x0e9c [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:31:19.0243 0x0e9c AsyncMac - ok 18:31:19.0291 0x0e9c [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys 18:31:19.0302 0x0e9c atapi - ok 18:31:19.0680 0x0e9c [ F53B89A4B976B534DAA8AEDAFEAF8EA3, 1973FC771B69ADEE17A3405B7961958B8DF135506D60554BD233325EC1C46AA6 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 18:31:19.0942 0x0e9c atikmdag - ok 18:31:20.0019 0x0e9c [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 18:31:20.0071 0x0e9c AudioEndpointBuilder - ok 18:31:20.0110 0x0e9c [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll 18:31:20.0141 0x0e9c Audiosrv - ok 18:31:20.0204 0x0e9c [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll 18:31:20.0283 0x0e9c AxInstSV - ok 18:31:20.0334 0x0e9c [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 18:31:20.0405 0x0e9c b06bdrv - ok 18:31:20.0452 0x0e9c [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 18:31:20.0475 0x0e9c b57nd60x - ok 18:31:20.0530 0x0e9c [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll 18:31:20.0555 0x0e9c BDESVC - ok 18:31:20.0571 0x0e9c [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys 18:31:20.0608 0x0e9c Beep - ok 18:31:20.0677 0x0e9c [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll 18:31:20.0731 0x0e9c BFE - ok 18:31:20.0803 0x0e9c [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll 18:31:20.0885 0x0e9c BITS - ok 18:31:20.0919 0x0e9c [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 18:31:20.0947 0x0e9c blbdrive - ok 18:31:21.0033 0x0e9c [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 18:31:21.0053 0x0e9c Bonjour Service - ok 18:31:21.0095 0x0e9c [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:31:21.0108 0x0e9c bowser - ok 18:31:21.0126 0x0e9c [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 18:31:21.0150 0x0e9c BrFiltLo - ok 18:31:21.0173 0x0e9c [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 18:31:21.0199 0x0e9c BrFiltUp - ok 18:31:21.0263 0x0e9c [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll 18:31:21.0329 0x0e9c Browser - ok 18:31:21.0382 0x0e9c [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys 18:31:21.0445 0x0e9c Brserid - ok 18:31:21.0465 0x0e9c [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 18:31:21.0496 0x0e9c BrSerWdm - ok 18:31:21.0520 0x0e9c [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 18:31:21.0531 0x0e9c BrUsbMdm - ok 18:31:21.0538 0x0e9c [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 18:31:21.0578 0x0e9c BrUsbSer - ok 18:31:21.0598 0x0e9c [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 18:31:21.0627 0x0e9c BTHMODEM - ok 18:31:21.0676 0x0e9c [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll 18:31:21.0714 0x0e9c bthserv - ok 18:31:21.0748 0x0e9c [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:31:21.0791 0x0e9c cdfs - ok 18:31:21.0856 0x0e9c [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 18:31:21.0908 0x0e9c cdrom - ok 18:31:21.0983 0x0e9c [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll 18:31:22.0043 0x0e9c CertPropSvc - ok 18:31:22.0080 0x0e9c [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 18:31:22.0099 0x0e9c circlass - ok 18:31:22.0141 0x0e9c [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys 18:31:22.0164 0x0e9c CLFS - ok 18:31:22.0222 0x0e9c [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:31:22.0232 0x0e9c clr_optimization_v2.0.50727_32 - ok 18:31:22.0292 0x0e9c [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:31:22.0305 0x0e9c clr_optimization_v4.0.30319_32 - ok 18:31:22.0419 0x0e9c [ C669A972248A5DE9708A01B992E13F42, 40BF8A74B0CCD31011EAA0557EACD15C58213A1810B5805A70ACF21F5AC427DC ] CltMngSvc C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe 18:31:22.0619 0x0e9c CltMngSvc - ok 18:31:22.0644 0x0e9c [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 18:31:22.0671 0x0e9c CmBatt - ok 18:31:22.0693 0x0e9c [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys 18:31:22.0703 0x0e9c cmdide - ok 18:31:22.0760 0x0e9c [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys 18:31:22.0792 0x0e9c CNG - ok 18:31:22.0807 0x0e9c [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 18:31:22.0817 0x0e9c Compbatt - ok 18:31:22.0880 0x0e9c [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 18:31:22.0914 0x0e9c CompositeBus - ok 18:31:22.0935 0x0e9c COMSysApp - ok 18:31:22.0962 0x0e9c [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 18:31:22.0971 0x0e9c crcdisk - ok 18:31:23.0028 0x0e9c [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:31:23.0092 0x0e9c CryptSvc - ok 18:31:23.0143 0x0e9c [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys 18:31:23.0193 0x0e9c CSC - ok 18:31:23.0241 0x0e9c [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll 18:31:23.0280 0x0e9c CscService - ok 18:31:23.0314 0x0e9c [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll 18:31:23.0364 0x0e9c DcomLaunch - ok 18:31:23.0403 0x0e9c [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll 18:31:23.0451 0x0e9c defragsvc - ok 18:31:23.0511 0x0e9c [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 18:31:23.0553 0x0e9c DfsC - ok 18:31:23.0619 0x0e9c [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll 18:31:23.0690 0x0e9c Dhcp - ok 18:31:23.0713 0x0e9c [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys 18:31:23.0754 0x0e9c discache - ok 18:31:23.0797 0x0e9c [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys 18:31:23.0806 0x0e9c Disk - ok 18:31:23.0844 0x0e9c [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:31:23.0894 0x0e9c Dnscache - ok 18:31:23.0935 0x0e9c [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll 18:31:23.0980 0x0e9c dot3svc - ok 18:31:24.0036 0x0e9c [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll 18:31:24.0081 0x0e9c DPS - ok 18:31:24.0121 0x0e9c [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:31:24.0140 0x0e9c drmkaud - ok 18:31:24.0195 0x0e9c [ 651554E483712B708EDE864D0CA1AA73, A016C03D630A2FF7FC44B826DEA890F5AC09DD270588CEAD05F63A5A0AC79249 ] DrvAgent32 C:\Windows\system32\Drivers\DrvAgent32.sys 18:31:24.0224 0x0e9c DrvAgent32 - detected UnsignedFile.Multi.Generic ( 1 ) 18:31:27.0055 0x0e9c Detect skipped due to KSN trusted 18:31:27.0056 0x0e9c DrvAgent32 - ok 18:31:27.0144 0x0e9c [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:31:27.0197 0x0e9c DXGKrnl - ok 18:31:27.0234 0x0e9c EagleXNt - ok 18:31:27.0271 0x0e9c [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll 18:31:27.0323 0x0e9c EapHost - ok 18:31:27.0468 0x0e9c [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 18:31:27.0677 0x0e9c ebdrv - ok 18:31:27.0717 0x0e9c [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] EFS C:\Windows\System32\lsass.exe 18:31:27.0762 0x0e9c EFS - ok 18:31:27.0855 0x0e9c [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe 18:31:27.0968 0x0e9c ehRecvr - ok 18:31:28.0007 0x0e9c [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe 18:31:28.0075 0x0e9c ehSched - ok 18:31:28.0195 0x0e9c [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 18:31:28.0258 0x0e9c elxstor - ok 18:31:28.0293 0x0e9c [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys 18:31:28.0343 0x0e9c ErrDev - ok 18:31:28.0403 0x0e9c [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll 18:31:28.0451 0x0e9c EventSystem - ok 18:31:28.0506 0x0e9c [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys 18:31:28.0571 0x0e9c exfat - ok 18:31:28.0614 0x0e9c [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:31:28.0726 0x0e9c fastfat - ok 18:31:28.0876 0x0e9c [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe 18:31:29.0066 0x0e9c Fax - ok 18:31:29.0124 0x0e9c [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 18:31:29.0227 0x0e9c fdc - ok 18:31:29.0476 0x0e9c [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll 18:31:29.0544 0x0e9c fdPHost - ok 18:31:29.0568 0x0e9c [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll 18:31:29.0635 0x0e9c FDResPub - ok 18:31:29.0676 0x0e9c [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:31:29.0717 0x0e9c FileInfo - ok 18:31:29.0789 0x0e9c [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:31:30.0010 0x0e9c Filetrace - ok 18:31:30.0036 0x0e9c [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 18:31:30.0097 0x0e9c flpydisk - ok 18:31:30.0129 0x0e9c [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:31:30.0144 0x0e9c FltMgr - ok 18:31:30.0270 0x0e9c [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll 18:31:30.0654 0x0e9c FontCache - ok 18:31:30.0783 0x0e9c [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 18:31:30.0793 0x0e9c FontCache3.0.0.0 - ok 18:31:30.0902 0x0e9c [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 18:31:30.0918 0x0e9c FsDepends - ok 18:31:31.0123 0x0e9c [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:31:31.0144 0x0e9c Fs_Rec - ok 18:31:31.0316 0x0e9c [ 8A73E79089B282100B9393B644CB853B, 844DC5AADFABBD050B967904B796BA06BFD64C9112616EA26229D084F8B3AD41 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 18:31:31.0357 0x0e9c fvevol - ok 18:31:31.0616 0x0e9c [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 18:31:31.0661 0x0e9c gagp30kx - ok 18:31:31.0717 0x0e9c [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 18:31:31.0727 0x0e9c GEARAspiWDM - ok 18:31:31.0804 0x0e9c [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll 18:31:31.0970 0x0e9c gpsvc - ok 18:31:32.0123 0x0e9c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 18:31:32.0143 0x0e9c gupdate - ok 18:31:32.0178 0x0e9c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 18:31:32.0202 0x0e9c gupdatem - ok 18:31:32.0307 0x0e9c [ 833051C6C6C42117191935F734CFBD97, 5EB5672ABC7994A4AFF855A572158B8BE4FC6E541CFD4B9BE4FF2739A9A6AFB8 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys 18:31:32.0316 0x0e9c hamachi - ok 18:31:32.0352 0x0e9c [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 18:31:32.0392 0x0e9c hcw85cir - ok 18:31:32.0459 0x0e9c [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 18:31:32.0510 0x0e9c HdAudAddService - ok 18:31:32.0536 0x0e9c [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 18:31:32.0550 0x0e9c HDAudBus - ok 18:31:32.0575 0x0e9c [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 18:31:32.0585 0x0e9c HidBatt - ok 18:31:32.0599 0x0e9c [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 18:31:32.0627 0x0e9c HidBth - ok 18:31:32.0658 0x0e9c [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 18:31:32.0684 0x0e9c HidIr - ok 18:31:32.0725 0x0e9c [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll 18:31:32.0767 0x0e9c hidserv - ok 18:31:32.0836 0x0e9c [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 18:31:32.0881 0x0e9c HidUsb - ok 18:31:32.0935 0x0e9c [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll 18:31:32.0988 0x0e9c hkmsvc - ok 18:31:33.0031 0x0e9c [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll 18:31:33.0059 0x0e9c HomeGroupListener - ok 18:31:33.0100 0x0e9c [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 18:31:33.0149 0x0e9c HomeGroupProvider - ok 18:31:33.0245 0x0e9c [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 18:31:33.0282 0x0e9c HpSAMD - ok 18:31:33.0383 0x0e9c [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:31:33.0429 0x0e9c HTTP - ok 18:31:33.0500 0x0e9c [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 18:31:33.0508 0x0e9c hwpolicy - ok 18:31:33.0552 0x0e9c [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 18:31:33.0636 0x0e9c i8042prt - ok 18:31:33.0726 0x0e9c [ A3CAE5D281DB4CFF7CFF8233507EE5AD, 2666107220B9F301193F2CF85A3D6B09E6E42CC150152D10A8886E47A3FD9B0D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 18:31:33.0763 0x0e9c iaStorV - ok 18:31:33.0872 0x0e9c [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 18:31:33.0924 0x0e9c idsvc - ok 18:31:33.0972 0x0e9c [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 18:31:33.0982 0x0e9c iirsp - ok 18:31:34.0050 0x0e9c [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll 18:31:34.0127 0x0e9c IKEEXT - ok 18:31:34.0404 0x0e9c [ 3914EA9111DBEFFAF1C68200817768AD, 56ECF70477CB0E4630ADEE2E5ECEEBC34F3DAF7CB73AB227BD7DD876170A21CA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 18:31:34.0600 0x0e9c IntcAzAudAddService - ok 18:31:34.0656 0x0e9c [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys 18:31:34.0666 0x0e9c intelide - ok 18:31:34.0701 0x0e9c [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 18:31:34.0713 0x0e9c intelppm - ok 18:31:34.0738 0x0e9c [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 18:31:34.0779 0x0e9c IPBusEnum - ok 18:31:34.0805 0x0e9c [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:31:34.0843 0x0e9c IpFilterDriver - ok 18:31:34.0926 0x0e9c [ 4D65A07B795D6674312F879D09AA7663, 8D72FE0B51A6FF71F85D2602DB3AE91C8749F70869B6789552F047BA81411EDA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 18:31:34.0982 0x0e9c iphlpsvc - ok 18:31:35.0017 0x0e9c [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 18:31:35.0029 0x0e9c IPMIDRV - ok 18:31:35.0056 0x0e9c [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 18:31:35.0100 0x0e9c IPNAT - ok 18:31:35.0174 0x0e9c [ 066F2BBE2EEC9A42B065B552BF356B4E, AE86DB5BFD4748C54C0C224E7FBEA3C032F1071A39303DF35AA04869D3950B7A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 18:31:35.0211 0x0e9c iPod Service - ok 18:31:35.0252 0x0e9c [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:31:35.0264 0x0e9c IRENUM - ok 18:31:35.0287 0x0e9c [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys 18:31:35.0298 0x0e9c isapnp - ok 18:31:35.0342 0x0e9c [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 18:31:35.0357 0x0e9c iScsiPrt - ok 18:31:35.0389 0x0e9c [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 18:31:35.0400 0x0e9c kbdclass - ok 18:31:35.0431 0x0e9c [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 18:31:35.0459 0x0e9c kbdhid - ok 18:31:35.0481 0x0e9c [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] KeyIso C:\Windows\system32\lsass.exe 18:31:35.0491 0x0e9c KeyIso - ok 18:31:35.0532 0x0e9c [ F286830298323272260332D6ABC905C1, FF4CD182A95CA53119B228690D682EE9214BE131A0DBCB09B6189FBEBBFF902C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:31:35.0547 0x0e9c KSecDD - ok 18:31:35.0569 0x0e9c [ D7C760D57B1656DD748B9E4AB6CB5A51, F8AE4185A6A9F7005DEFF1FDC03F395C6189825B482B8C650637FD29DE93AB68 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 18:31:35.0583 0x0e9c KSecPkg - ok 18:31:35.0623 0x0e9c [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll 18:31:35.0676 0x0e9c KtmRm - ok 18:31:35.0709 0x0e9c [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll 18:31:35.0761 0x0e9c LanmanServer - ok 18:31:35.0791 0x0e9c [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:31:35.0830 0x0e9c LanmanWorkstation - ok 18:31:35.0872 0x0e9c [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:31:35.0912 0x0e9c lltdio - ok 18:31:35.0948 0x0e9c [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:31:35.0979 0x0e9c lltdsvc - ok 18:31:36.0000 0x0e9c [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll 18:31:36.0040 0x0e9c lmhosts - ok 18:31:36.0077 0x0e9c [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 18:31:36.0089 0x0e9c LSI_FC - ok 18:31:36.0102 0x0e9c [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 18:31:36.0113 0x0e9c LSI_SAS - ok 18:31:36.0127 0x0e9c [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 18:31:36.0137 0x0e9c LSI_SAS2 - ok 18:31:36.0144 0x0e9c [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 18:31:36.0156 0x0e9c LSI_SCSI - ok 18:31:36.0173 0x0e9c [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys 18:31:36.0215 0x0e9c luafv - ok 18:31:36.0282 0x0e9c [ 144011D14BD35F4E36136AE057B1AADD, 63917B1E00FE5C320259A03E52A8E4A22E1B3C08E69EF3DEDD3B9F5043994291 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys 18:31:36.0295 0x0e9c LUsbFilt - ok 18:31:36.0351 0x0e9c [ D8C0B2EB928D57C928522EFF500C4BA8, B7261AB2DD262140489087C1A8F1A1DA5EE6373D453E5BC8A3F7B93A5540CE6C ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv.sys 18:31:36.0393 0x0e9c ManyCam - ok 18:31:36.0457 0x0e9c [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 18:31:36.0482 0x0e9c MBAMProtector - ok 18:31:36.0578 0x0e9c [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 18:31:36.0606 0x0e9c MBAMScheduler - ok 18:31:36.0650 0x0e9c [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 18:31:36.0678 0x0e9c MBAMService - ok 18:31:36.0728 0x0e9c [ DFAA87E30868FE4CB7D335837A4BF39C, 7BB65D4DC5CA2A4B4FE531F23E217CFA8BCFFE20E78BF18B04486345FC1E0B6E ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv.sys 18:31:36.0768 0x0e9c mcaudrv_simple - ok 18:31:36.0805 0x0e9c [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 18:31:36.0818 0x0e9c Mcx2Svc - ok 18:31:36.0841 0x0e9c [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 18:31:36.0850 0x0e9c megasas - ok 18:31:36.0890 0x0e9c [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 18:31:36.0916 0x0e9c MegaSR - ok 18:31:37.0015 0x0e9c [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 18:31:37.0040 0x0e9c Microsoft Office Groove Audit Service - ok 18:31:37.0073 0x0e9c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll 18:31:37.0124 0x0e9c MMCSS - ok 18:31:37.0144 0x0e9c [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys 18:31:37.0185 0x0e9c Modem - ok 18:31:37.0223 0x0e9c [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 18:31:37.0263 0x0e9c monitor - ok 18:31:37.0296 0x0e9c [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 18:31:37.0306 0x0e9c mouclass - ok 18:31:37.0372 0x0e9c [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 18:31:37.0406 0x0e9c mouhid - ok 18:31:37.0459 0x0e9c [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 18:31:37.0471 0x0e9c mountmgr - ok 18:31:37.0559 0x0e9c [ 8A7C8F4C713E70D73946833D76B77035, 75D07F56B8F7D50E85F6576427E8DAA3A27384F53AC31753B6213CBD011C1DEF ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 18:31:37.0595 0x0e9c MozillaMaintenance - ok 18:31:37.0646 0x0e9c [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys 18:31:37.0662 0x0e9c mpio - ok 18:31:37.0697 0x0e9c [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:31:37.0741 0x0e9c mpsdrv - ok 18:31:37.0853 0x0e9c [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll 18:31:37.0981 0x0e9c MpsSvc - ok 18:31:38.0022 0x0e9c [ CEB46AB7C01C9F825F8CC6BABC18166A, AA98898204FC58878502C170FE6ED8BA681396DDD8BF3689D0C3642DEA87BEF8 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:31:38.0042 0x0e9c MRxDAV - ok 18:31:38.0090 0x0e9c [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:31:38.0218 0x0e9c mrxsmb - ok 18:31:38.0327 0x0e9c [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:31:38.0367 0x0e9c mrxsmb10 - ok 18:31:38.0436 0x0e9c [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:31:38.0489 0x0e9c mrxsmb20 - ok 18:31:38.0560 0x0e9c [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys 18:31:38.0578 0x0e9c msahci - ok 18:31:38.0623 0x0e9c [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys 18:31:38.0635 0x0e9c msdsm - ok 18:31:38.0659 0x0e9c [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe 18:31:38.0745 0x0e9c MSDTC - ok 18:31:38.0833 0x0e9c [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:31:38.0886 0x0e9c Msfs - ok 18:31:38.0928 0x0e9c [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 18:31:38.0955 0x0e9c mshidkmdf - ok 18:31:39.0011 0x0e9c [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 18:31:39.0044 0x0e9c msisadrv - ok 18:31:39.0095 0x0e9c [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:31:39.0150 0x0e9c MSiSCSI - ok 18:31:39.0159 0x0e9c msiserver - ok 18:31:39.0199 0x0e9c [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:31:39.0241 0x0e9c MSKSSRV - ok 18:31:39.0282 0x0e9c [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:31:39.0318 0x0e9c MSPCLOCK - ok 18:31:39.0347 0x0e9c [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:31:39.0369 0x0e9c MSPQM - ok 18:31:39.0394 0x0e9c [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:31:39.0409 0x0e9c MsRPC - ok 18:31:39.0459 0x0e9c [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 18:31:39.0468 0x0e9c mssmbios - ok 18:31:39.0488 0x0e9c [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:31:39.0509 0x0e9c MSTEE - ok 18:31:39.0553 0x0e9c [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 18:31:39.0589 0x0e9c MTConfig - ok 18:31:39.0624 0x0e9c [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys 18:31:39.0647 0x0e9c Mup - ok 18:31:39.0689 0x0e9c [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll 18:31:39.0727 0x0e9c napagent - ok 18:31:39.0769 0x0e9c [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:31:39.0790 0x0e9c NativeWifiP - ok 18:31:39.0850 0x0e9c [ E7C54812A2AAF43316EB6930C1FFA108, C8A6FC1957FA29A3B372132FEA9145538BC767044A11D77316D3D1A3EAA60630 ] NDIS C:\Windows\system32\drivers\ndis.sys 18:31:39.0889 0x0e9c NDIS - ok 18:31:39.0915 0x0e9c [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 18:31:39.0949 0x0e9c NdisCap - ok 18:31:39.0983 0x0e9c [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:31:40.0025 0x0e9c NdisTapi - ok 18:31:40.0055 0x0e9c [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:31:40.0106 0x0e9c Ndisuio - ok 18:31:40.0151 0x0e9c [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:31:40.0241 0x0e9c NdisWan - ok 18:31:40.0278 0x0e9c [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:31:40.0306 0x0e9c NDProxy - ok 18:31:40.0349 0x0e9c [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:31:40.0395 0x0e9c NetBIOS - ok 18:31:40.0435 0x0e9c [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 18:31:40.0479 0x0e9c NetBT - ok 18:31:40.0504 0x0e9c [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] Netlogon C:\Windows\system32\lsass.exe 18:31:40.0513 0x0e9c Netlogon - ok 18:31:40.0541 0x0e9c [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll 18:31:40.0573 0x0e9c Netman - ok 18:31:40.0629 0x0e9c [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 18:31:40.0644 0x0e9c NetMsmqActivator - ok 18:31:40.0654 0x0e9c [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 18:31:40.0666 0x0e9c NetPipeActivator - ok 18:31:40.0697 0x0e9c [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll 18:31:40.0738 0x0e9c netprofm - ok 18:31:40.0762 0x0e9c [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 18:31:40.0775 0x0e9c NetTcpActivator - ok 18:31:40.0783 0x0e9c [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 18:31:40.0796 0x0e9c NetTcpPortSharing - ok 18:31:40.0829 0x0e9c [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 18:31:40.0839 0x0e9c nfrd960 - ok 18:31:40.0889 0x0e9c [ 912084381D30D8B89EC4E293053F4710, 99B8CD043DF531D4B9725ED167F63CED220608B2FED3EE8250C217D15762DFD7 ] NlaSvc C:\Windows\System32\nlasvc.dll 18:31:40.0980 0x0e9c NlaSvc - ok 18:31:41.0009 0x0e9c [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:31:41.0055 0x0e9c Npfs - ok 18:31:41.0089 0x0e9c [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll 18:31:41.0135 0x0e9c nsi - ok 18:31:41.0172 0x0e9c [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:31:41.0194 0x0e9c nsiproxy - ok 18:31:41.0273 0x0e9c [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:31:41.0345 0x0e9c Ntfs - ok 18:31:41.0359 0x0e9c [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys 18:31:41.0394 0x0e9c Null - ok 18:31:41.0457 0x0e9c [ B5E37E31C053BC9950455A257526514B, 16E2880621F3AA12BDADE71CD7682CA79E2A199D3C9E3E5927C49DCEF0F6183B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys 18:31:41.0520 0x0e9c NVENETFD - ok 18:31:41.0549 0x0e9c [ AF2EEC9580C1D32FB7EAF105D9784061, 6DAAE3BCA048ACD7FFD26A65C793C461933179070F03855FE3DC3C01F968163A ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:31:41.0563 0x0e9c nvraid - ok 18:31:41.0603 0x0e9c [ 9283C58EBAA2618F93482EB5DABCEC82, 0BC119D4EAFDEA879E4C1CFBA5402499DBD1970EDF963C6D2034D4867C34D15E ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:31 Link to comment Share on other sites More sharing options...
Juliet Posted January 17, 2014 Share Posted January 17, 2014 I want you to run this next scanner and we'll try to take out the infection this way first. Of course if it doesn't work we'll run TDSSKiller again.  The BSOD logs so far indicating a couple of major problems. So let's try to do this first and see if we can clear those issues up.    If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution. Emergency Backup Procedure - Tech Support Forum  Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.  How to use ComboFix  Download ComboFix from here: Link 1 Link 2 Link 3  Place ComboFix.exe on your Desktop <--Important Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. You can get help on disabling your protection programs here Double click on ComboFix.exe & follow the prompts. You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this) Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.  Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer  --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. --------------------------------------------------------------------------------------------- If there are Internet issues after running ComboFix: Internet Explorer: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok. Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself. Chrome: Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself. Safari Launch Safari Go to general settings menu Then in Preferences/ Advanced Then on line click Proxies change settings ... Click Internet Options, then click the Connections tab, click Network Settings. Disable option (uncheck) for the use of proxy server ... Link to comment Share on other sites More sharing options...
Juliet Posted January 18, 2014 Share Posted January 18, 2014 still with me? Link to comment Share on other sites More sharing options...
Timmy Posted January 19, 2014 Author Share Posted January 19, 2014 Its taken me over 2 days to finally get my computer working if it works now i'll try hopefully it doesn't crash again. Sometimes it just crashes or sometimes it just ends up freezing and going to front page than getting stuck. Link to comment Share on other sites More sharing options...
Juliet Posted January 19, 2014 Share Posted January 19, 2014 try running the tool in normal mode, but since it sounds like things are getting worse... Â might do better trying safe mode. Â If it gets to where we can't get anything to run, nothing we do helps, a reformat might be in your best interest here. Link to comment Share on other sites More sharing options...
Timmy Posted January 19, 2014 Author Share Posted January 19, 2014 What do you mean by reformat? And I did the scan but I accidentally cancelled the log where is it saved and whats the title of it? Link to comment Share on other sites More sharing options...
.png.9d4b89b15b2cd5e65edd93a0e6823dce.png)
Recommended Posts