Jump to content

Change Mode

possible malware?


Sweetpotato
 Share

Recommended Posts

I have been noticing that my computer seems to be crawling for a few weeks. I have done a few scans and did find some malaware. Got rid of that and still the same. Yesterday I tried to delete some things on my desktop, and everything I try to do it says windows explorer has stopped working and is trying to find a solution. It keeps doing that so I had stopped trying. Also my computer came up with a blue crash screen and had to restart it. Not sure what to do here. My battery is bad and I have another ordered. Not sure if a bad battery would cause these type of problems. I did a HJT scan and am posting the log. Allso,last night I did try and run Kaspersky rescue disk and it wouldn't update on my laptop, even when I wired it directly to the modem. I then updated it in the desktop and then stuck it in my laptop and it wouldn't run only for about 10 to 15 seconds before it said it was finished. Never had that scan go that fast.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:26:50 PM, on 1/1/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal
Running processes:
C:\Users\Ginny\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\LastPass\nplastpass.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Ginny\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [f.lux] "C:\Users\Ginny\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: LastPass - file://C:\Users\Ginny\AppData\LocalLow\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Ginny\AppData\LocalLow\LastPass\context.html?cmd=fillforms
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Virtual Keyboard - {09A10376-994C-4BBF-9121-F50CF7BA237E} - (no file)
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Kaspersky Anti-Virus Service 15.0.1 (AVP15.0.1) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9759 bytes
Edited by Sweetpotato
Link to comment
Share on other sites

  • Replies 135
  • Created
  • Last Reply

Top Posters In This Topic

It sounds like you could still be infected, I can't tell.

 

I have done a few scans and did find some malaware

By chance did you save the logs from the scanners you ran that said items were removed?



Download BlueScreenView
No installation required.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

Link to comment
Share on other sites

I tried to download the bluescreenview and double clicked the .exe file but it didn't scan anything. Is there something else I should do to get it to work? Also, here is the log from malwarebytes that I had done yesterday. Thank You,

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 1/1/2015
Scan Time: 4:14:19 PM
Logfile: malware log.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.01.06
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ginny
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325231
Time Elapsed: 9 min, 59 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 2
PUP.Optional.OpenCandy, C:\Program Files (x86)\FrostWire\frostwire-installer.exe, Quarantined, [37cac3a63448f83ebc863f6cdf26857b],
PUP.Optional.OpenCandy, C:\Users\Ginny\AppData\Local\Temp\is925820020\2EEFD6C0_stp.EXE, Quarantined, [d72aabbe5527ed4946fc2685ae57d22e],
Physical Sectors: 0
(No malicious items detected)
(end)
Link to comment
Share on other sites

Download AdwCleaner by Xplode and save to your Desktop.

 

Step 1.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Step 2.

Using AdwCleaner v3: Scan & Clean:

 

This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[s#].txt) will open automatically (where the largest value of # represents the most recent report).

Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder

 

******Post both .txt logs

Link to comment
Share on other sites

Any program on my desktop or elsewhere when I right click to try and run as the administrator, brings up that Windows Explorer has stopped working notice.I am getting this on everything that I try to right click on. Would I be able to run the scan without the run as admin? Thanks

Link to comment
Share on other sites

I'm going to guess that IObit is causing quite a few problems. Please see post #6 (by AdvancedSetup) here https://forums.malwarebytes.org/index.php?/topic/162748-possible-malware-remnants-on-my-computer/?hl=%2Bremove+%2Biobit&do=findComment&comment=924122

 

Uninstall IOBit, then see if you can run AdwCleaner as a 'user'. Make sure to check everything it finds for IOBit, when you run the cleaner.

Link to comment
Share on other sites

I was able to run as a user. I also uninstalled all of the iobit programs. Thank You. I had no idea.

 

# AdwCleaner v4.106 - Report created 03/01/2015 at 22:28:27
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ginny - GINNY-PC
# Running from : C:\Users\Ginny\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found : C:\Users\Ginny\AppData\LocalLow\Yahoo! Companion
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Google Chrome v39.0.2171.95
[C:\Users\Ginny\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Ginny\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [1021 octets] - [24/04/2014 20:50:12]
AdwCleaner[R1].txt - [1505 octets] - [25/08/2014 20:04:40]
AdwCleaner[R2].txt - [1188 octets] - [28/08/2014 21:22:02]
AdwCleaner[R3].txt - [1309 octets] - [01/09/2014 15:25:36]
AdwCleaner[R4].txt - [1303 octets] - [14/10/2014 16:05:32]
AdwCleaner[R5].txt - [1380 octets] - [18/11/2014 15:48:34]
AdwCleaner[R6].txt - [2077 octets] - [03/01/2015 22:28:27]
AdwCleaner[s0].txt - [1089 octets] - [24/04/2014 20:52:02]
AdwCleaner[s1].txt - [1724 octets] - [25/08/2014 20:06:46]
AdwCleaner[s2].txt - [1254 octets] - [28/08/2014 21:23:39]
AdwCleaner[s3].txt - [1375 octets] - [01/09/2014 15:30:28]
AdwCleaner[s4].txt - [1443 octets] - [18/11/2014 15:51:12]
########## EOF - C:\AdwCleaner\AdwCleaner[R6].txt - [2437 octets] ##########
Link to comment
Share on other sites

here is the log after cleaning. I still can't right click on anything on desktop or any other programs to work with them or change or delete them

# AdwCleaner v4.106 - Report created 03/01/2015 at 22:33:01
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ginny - GINNY-PC
# Running from : C:\Users\Ginny\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Ginny\AppData\LocalLow\Yahoo! Companion
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Google Chrome v39.0.2171.95
[C:\Users\Ginny\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Ginny\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [1021 octets] - [24/04/2014 20:50:12]
AdwCleaner[R1].txt - [1505 octets] - [25/08/2014 20:04:40]
AdwCleaner[R2].txt - [1188 octets] - [28/08/2014 21:22:02]
AdwCleaner[R3].txt - [1309 octets] - [01/09/2014 15:25:36]
AdwCleaner[R4].txt - [1303 octets] - [14/10/2014 16:05:32]
AdwCleaner[R5].txt - [1380 octets] - [18/11/2014 15:48:34]
AdwCleaner[R6].txt - [2525 octets] - [03/01/2015 22:28:27]
AdwCleaner[s0].txt - [1089 octets] - [24/04/2014 20:52:02]
AdwCleaner[s1].txt - [1724 octets] - [25/08/2014 20:06:46]
AdwCleaner[s2].txt - [1254 octets] - [28/08/2014 21:23:39]
AdwCleaner[s3].txt - [1375 octets] - [01/09/2014 15:30:28]
AdwCleaner[s4].txt - [1443 octets] - [18/11/2014 15:51:12]
AdwCleaner[s5].txt - [2458 octets] - [03/01/2015 22:33:01]
########## EOF - C:\AdwCleaner\AdwCleaner[s5].txt - [2518 octets] ##########
Edited by Sweetpotato
Link to comment
Share on other sites

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 6 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

It maybe necessary to boot into safe mode and try to run the tools again.
Link to comment
Share on other sites

I am running in safe mode now. So far I cannot get even one of the programs to run for me when I try to right click and run as administrator. On my last one as we speak. Its a different story if I want to just double click and run the program. Last program I also got nada. Still saying windows explorer is shutting down and restarts. ??? Weird. Thanks for the help.

Link to comment
Share on other sites

Nothing will work in safe mode either?

 

 

Run System File Checker (SFC) to check your files

Use System File Checker to scan your PC for missing or corrupt files. To do this, follow these steps:

 

Click Start, and then type cmd in the Search box.

In the results area, right-click cmd.exe, and then click Run as administrator. You may be prompted to type the password for an administrator account.

Click Continue if you are the administrator or type the administrator password and then, click Continue.

At the command prompt, type Sfc /scannow and then press ENTER.

 

 

The scan may take some time, so be patient. Windows will repair any corrupted or missing files that are found. If information from the installation CD is needed to repair the problem, you may be prompted to insert your Windows CD.

 

For more information about System File Checker (SFC) see the following KB article on the Microsoft website:

http://support.microsoft.com/kb/2694911

Link to comment
Share on other sites

See if you can boot up into safe mode (tap F8 repeatedly)

 

or Last known good configuration (tap F8 > arrow up to last known good)

 

If not, then do a system restore, pick a date before the errors started.

Link to comment
Share on other sites

ok. Last known good configuration did nothing so I did a system restore back to December 9th. I can right click on things now but out of nowhere, that Windows explorer error again. Should I run some of the other steps from above? I will wait to hear. Again, Thank YOU :)

Link to comment
Share on other sites

Let's try a tool.

 

 

 

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application

    tdss%20start.JPG

  • Then click on Change parameters.

     

    tdss%20Change%20param.JPG

  • Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
  • Click the Start Scan button.

     

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

     

    tdss%20threat.JPG

  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

     

    tdss%20report.JPG

  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • Please copy and paste its contents on your next reply.

     

     

     

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

     

    ******

    Next,

    Download Inherit save it directly to your desktop - (not a folder on the desktop - the commands are tailored for the desktop location.)

     

     

    Click Start>Run and copy/paste the following bolded text into the Run box and click OK:

     

    "%userprofile%\desktop\Inherit.exe" "C:\ComboFix.exe"

     

    Do the above after ComboFix is on desktop.

     

     

    How to use ComboFix

     

    Download ComboFix from here:

    Link 1

    Link 2

    Link 3

     

    Place ComboFix.exe on your Desktop <--Important

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

      * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

       

       

      Before saving Combofix to the Desktop re-name to Gotcha.exe as below:

       

      Cfix_Gotcha.jpg

    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review
    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

     

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

     

    *EXTRA NOTES*

    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)
    Post the logs from TDSSKiller and Combofix in next reply please...
Link to comment
Share on other sites

This is the first scan. Didn't find anything.Going on to the next. Also, tried to access the control panel to remove some of the programs I removed earlier and I can't access them now. I get the windows error and won't work.

16:49:45.0985 0x1840 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
16:49:50.0804 0x1840 ============================================================
16:49:50.0804 0x1840 Current date / time: 2015/01/04 16:49:50.0804
16:49:50.0804 0x1840 SystemInfo:
16:49:50.0804 0x1840
16:49:50.0804 0x1840 OS Version: 6.1.7601 ServicePack: 1.0
16:49:50.0804 0x1840 Product type: Workstation
16:49:50.0804 0x1840 ComputerName: GINNY-PC
16:49:50.0805 0x1840 UserName: Ginny
16:49:50.0805 0x1840 Windows directory: C:\Windows
16:49:50.0805 0x1840 System windows directory: C:\Windows
16:49:50.0805 0x1840 Running under WOW64
16:49:50.0805 0x1840 Processor architecture: Intel x64
16:49:50.0805 0x1840 Number of processors: 4
16:49:50.0805 0x1840 Page size: 0x1000
16:49:50.0805 0x1840 Boot type: Normal boot
16:49:50.0805 0x1840 ============================================================
16:49:53.0053 0x1840 KLMD registered as C:\Windows\system32\drivers\65248372.sys
16:49:53.0311 0x1840 System UUID: {AF17EA02-CE34-6A2A-D4BF-D2F96A9AB9C5}
16:49:53.0837 0x1840 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:49:53.0848 0x1840 ============================================================
16:49:53.0848 0x1840 \Device\Harddisk0\DR0:
16:49:53.0848 0x1840 MBR partitions:
16:49:53.0848 0x1840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:49:53.0848 0x1840 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
16:49:53.0848 0x1840 ============================================================
16:49:53.0861 0x1840 C: <-> \Device\Harddisk0\DR0\Partition2
16:49:53.0861 0x1840 ============================================================
16:49:53.0861 0x1840 Initialize success
16:49:53.0861 0x1840 ============================================================
16:50:26.0697 0x1584 ============================================================
16:50:26.0697 0x1584 Scan started
16:50:26.0697 0x1584 Mode: Manual; SigCheck; TDLFS;
16:50:26.0697 0x1584 ============================================================
16:50:26.0697 0x1584 KSN ping started
16:50:30.0569 0x1584 KSN ping finished: true
16:50:32.0243 0x1584 ================ Scan system memory ========================
16:50:32.0243 0x1584 System memory - ok
16:50:32.0244 0x1584 ================ Scan services =============================
16:50:32.0416 0x1584 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:50:32.0500 0x1584 1394ohci - ok
16:50:32.0545 0x1584 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:50:32.0567 0x1584 ACPI - ok
16:50:32.0583 0x1584 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:50:32.0601 0x1584 AcpiPmi - ok
16:50:32.0709 0x1584 [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:50:32.0733 0x1584 AdobeARMservice - ok
16:50:32.0866 0x1584 [ F79623288F2A357AB20288B5DC4F452A, AA6F70A4C12E390E08074D6FD0EA0D1856D8274DA833E56A8811BF820A2D41D4 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:50:32.0895 0x1584 AdobeFlashPlayerUpdateSvc - ok
16:50:32.0950 0x1584 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:50:32.0987 0x1584 adp94xx - ok
16:50:33.0006 0x1584 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:50:33.0029 0x1584 adpahci - ok
16:50:33.0047 0x1584 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:50:33.0065 0x1584 adpu320 - ok
16:50:33.0228 0x1584 [ CAC04FF26BD3D6521BE79B5B4EB2E53A, 35E48845D5C2D638130B8BD4E953C709C81B0B3AE1C89372A01484D0CC8094A3 ] AdvancedSystemCareService7 C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
16:50:33.0271 0x1584 AdvancedSystemCareService7 - ok
16:50:33.0294 0x1584 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:50:33.0336 0x1584 AeLookupSvc - ok
16:50:33.0393 0x1584 [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
16:50:33.0416 0x1584 AERTFilters - ok
16:50:33.0484 0x1584 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
16:50:33.0533 0x1584 AFD - ok
16:50:33.0554 0x1584 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
16:50:33.0568 0x1584 agp440 - ok
16:50:33.0582 0x1584 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
16:50:33.0602 0x1584 ALG - ok
16:50:33.0705 0x1584 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
16:50:33.0738 0x1584 aliide - ok
16:50:33.0763 0x1584 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
16:50:33.0822 0x1584 amdide - ok
16:50:33.0844 0x1584 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:50:33.0863 0x1584 AmdK8 - ok
16:50:33.0911 0x1584 [ BDE22ED645E77EFCD1D9897485383C5D, 0EAC368D5F6AA632A6C3AE6F7C94D4917836D974C0B05AEB76A02DAEFF250233 ] amdkmafd C:\Windows\system32\DRIVERS\amdkmafd.sys
16:50:36.0214 0x1584 amdkmafd - ok
16:50:36.0242 0x1584 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:50:36.0263 0x1584 AmdPPM - ok
16:50:36.0288 0x1584 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:50:36.0306 0x1584 amdsata - ok
16:50:36.0323 0x1584 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:50:36.0341 0x1584 amdsbs - ok
16:50:36.0352 0x1584 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:50:36.0365 0x1584 amdxata - ok
16:50:36.0398 0x1584 [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID C:\Windows\system32\drivers\appid.sys
16:50:36.0416 0x1584 AppID - ok
16:50:36.0426 0x1584 [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:50:36.0443 0x1584 AppIDSvc - ok
16:50:36.0458 0x1584 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
16:50:36.0476 0x1584 Appinfo - ok
16:50:36.0560 0x1584 [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:50:36.0584 0x1584 Apple Mobile Device - ok
16:50:36.0627 0x1584 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
16:50:36.0642 0x1584 arc - ok
16:50:36.0652 0x1584 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:50:36.0668 0x1584 arcsas - ok
16:50:36.0765 0x1584 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:50:36.0797 0x1584 aspnet_state - ok
16:50:36.0853 0x1584 [ 9BE9F2B83DE80E2752B1405CC427E2EC, 6015CA66553B3B882083B33F24FB338249A110D9769831C3D3D3C681AAFA9411 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
16:50:36.0870 0x1584 aswHwid - ok
16:50:36.0887 0x1584 [ 2DA1C1AEDF454F8E32A863A1AEACDD8C, F02E4D197AE00B9A9507CF6007A7B7BEA54AF0F255B752FBA7174FA2596D1CA9 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
16:50:36.0903 0x1584 aswMonFlt - ok
16:50:36.0911 0x1584 [ 4750016EF9CC1DEC6DA3FE5AF9A7F095, C4CF46246D8A3FF9BD8D2FE899685654ADD45EB9B032F33804D0B8131882BC74 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
16:50:36.0927 0x1584 aswRdr - ok
16:50:36.0938 0x1584 [ 1323269A92645705DEFA053F3596829D, 83EC58E0577A1E45D1FCBC0C0AF182099FB70B9005B9F8161166EBB4E9F58F35 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
16:50:36.0953 0x1584 aswRvrt - ok
16:50:37.0014 0x1584 [ E74FD717476B30E23F45354B8F3ACB30, 951D1655E1FA4CF0ACB29F2EEDDB3B42522D392F46DD826C63DCA8941E17ABA8 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
16:50:37.0053 0x1584 aswSnx - ok
16:50:37.0121 0x1584 [ B1881A01E301990B671694CA1623F1B6, 5299C713EA7CF96F0550943DB37E963CDA09258F65C471CCEEAB44C4736B7A08 ] aswSP C:\Windows\system32\drivers\aswSP.sys
16:50:37.0150 0x1584 aswSP - ok
16:50:37.0164 0x1584 [ 7509F07BA6F84C1E3B2C0D78A1F6F782, A90A36E8E23F58E430DE98B3623688DC09D34B62906EF7796DFC90F581FC385F ] aswStm C:\Windows\system32\drivers\aswStm.sys
16:50:37.0179 0x1584 aswStm - ok
16:50:37.0196 0x1584 [ 1A5BDDE65B648DC3AD48B6ECAA3AE9C8, 858F674C3B775F9C8C782B7AFAC0B02AE9410C9F3B7F5B3AE1C4AD3BF6448C14 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
16:50:37.0214 0x1584 aswVmm - ok
16:50:37.0228 0x1584 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:50:37.0266 0x1584 AsyncMac - ok
16:50:37.0280 0x1584 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
16:50:37.0293 0x1584 atapi - ok
16:50:37.0349 0x1584 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:50:37.0391 0x1584 AudioEndpointBuilder - ok
16:50:37.0411 0x1584 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:50:37.0440 0x1584 AudioSrv - ok
16:50:37.0484 0x1584 [ 37D17AE2936867F88EB3C4CBCBC6B8A1, E1F4D288CE1E5482A5594C8F9EEDE1E8134466F5E0C7DA32D88985497CD8588B ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:50:37.0502 0x1584 avast! Antivirus - ok
16:50:37.0586 0x1584 [ AB1AF0BA03DCB6A879BC22F472EACEEA, A75B73D0B1FE885F6DC2C7A0B755A6E12F9DC54CE702A1FFC3F283196793627A ] AVP15.0.1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
16:50:37.0621 0x1584 AVP15.0.1 - ok
16:50:37.0675 0x1584 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:50:37.0711 0x1584 AxInstSV - ok
16:50:37.0758 0x1584 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:50:37.0793 0x1584 b06bdrv - ok
16:50:37.0839 0x1584 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:50:37.0865 0x1584 b57nd60a - ok
16:50:37.0892 0x1584 [ 5C0F919666954885D7760DFFE4B29A25, 04E884E3820ED7D179C282BFB9346F1FBE1AE36F13087A422A7530C5902080AC ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
16:50:37.0908 0x1584 BCM42RLY - ok
16:50:38.0183 0x1584 [ D1ADE2E072B022E9353367407413DAEA, 1A00A6A610DF4F67AF30FDBC52E84077FD48FB56EA3A8123C0C0DE823C9E322E ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
16:50:38.0471 0x1584 BCM43XX - ok
16:50:38.0523 0x1584 [ D98F22C21D2969DAD4F1FAAD8CD4FAAC, 91A5132D1E34B59DB3B93F71036F86D7D0A18F9A7BBBA1C85CB39DAFBFAD65F3 ] BcmVWL C:\Windows\system32\DRIVERS\bcmvwl64.sys
16:50:38.0535 0x1584 BcmVWL - ok
16:50:38.0548 0x1584 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
16:50:38.0568 0x1584 BDESVC - ok
16:50:38.0612 0x1584 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
16:50:38.0672 0x1584 Beep - ok
16:50:38.0746 0x1584 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
16:50:38.0799 0x1584 BFE - ok
16:50:38.0842 0x1584 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
16:50:38.0937 0x1584 BITS - ok
16:50:38.0976 0x1584 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:50:38.0995 0x1584 blbdrive - ok
16:50:39.0104 0x1584 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:50:39.0140 0x1584 Bonjour Service - ok
16:50:39.0154 0x1584 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:50:39.0172 0x1584 bowser - ok
16:50:39.0191 0x1584 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:50:39.0210 0x1584 BrFiltLo - ok
16:50:39.0259 0x1584 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:50:39.0318 0x1584 BrFiltUp - ok
16:50:39.0360 0x1584 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
16:50:39.0383 0x1584 Browser - ok
16:50:39.0410 0x1584 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:50:39.0437 0x1584 Brserid - ok
16:50:39.0453 0x1584 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:50:39.0474 0x1584 BrSerWdm - ok
16:50:39.0485 0x1584 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:50:39.0505 0x1584 BrUsbMdm - ok
16:50:39.0515 0x1584 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:50:39.0532 0x1584 BrUsbSer - ok
16:50:39.0573 0x1584 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:50:39.0592 0x1584 BthEnum - ok
16:50:39.0609 0x1584 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:50:39.0632 0x1584 BTHMODEM - ok
16:50:39.0658 0x1584 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:50:39.0681 0x1584 BthPan - ok
16:50:39.0732 0x1584 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
16:50:39.0778 0x1584 BTHPORT - ok
16:50:39.0816 0x1584 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
16:50:39.0863 0x1584 bthserv - ok
16:50:39.0884 0x1584 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
16:50:39.0901 0x1584 BTHUSB - ok
16:50:39.0945 0x1584 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B, 2A2039DD524E989EA91B7C91D5F295C663D1E27ABD64777D2F3137EB1C42C258 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
16:50:39.0971 0x1584 btwaudio - ok
16:50:40.0021 0x1584 [ 82DC8B7C626E526681C1BEBED2BC3FF9, 58260E88CDD7388ABA563F9B8F2F3FA17022DB9E4C56EBA0761E99B919A8EAF8 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
16:50:40.0047 0x1584 btwavdt - ok
16:50:40.0116 0x1584 [ D65AA164ACD0F6706DBCFBBCC9731584, BC6E421E75CFF765D9152A8BAA847122DA1CA85A7CFDC8BE2082AD6CF1A2C7A9 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:50:40.0149 0x1584 btwdins - ok
16:50:40.0159 0x1584 [ 6149301DC3F81D6F9667A3FBAC410975, 120E201AFB07054C7F6321461D194843C695012431DBD791E36BBF73FDD41E8A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
16:50:40.0170 0x1584 btwl2cap - ok
16:50:40.0176 0x1584 [ 28E105AD3B79F440BF94780F507BF66A, EF4E6CCAB16765E2C88666625C13CB3299B668159A94CB201E3B44701A30640A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
16:50:40.0189 0x1584 btwrchid - ok
16:50:40.0309 0x1584 [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
16:50:40.0378 0x1584 c2cautoupdatesvc - ok
16:50:40.0438 0x1584 [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
16:50:40.0512 0x1584 c2cpnrsvc - ok
16:50:40.0545 0x1584 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:50:40.0586 0x1584 cdfs - ok
16:50:40.0631 0x1584 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:50:40.0648 0x1584 cdrom - ok
16:50:40.0684 0x1584 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
16:50:40.0730 0x1584 CertPropSvc - ok
16:50:40.0747 0x1584 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
16:50:40.0769 0x1584 circlass - ok
16:50:40.0812 0x1584 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
16:50:40.0835 0x1584 CLFS - ok
16:50:40.0919 0x1584 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:50:40.0944 0x1584 clr_optimization_v2.0.50727_32 - ok
16:50:40.0997 0x1584 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:50:41.0024 0x1584 clr_optimization_v2.0.50727_64 - ok
16:50:41.0107 0x1584 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:50:41.0136 0x1584 clr_optimization_v4.0.30319_32 - ok
16:50:41.0147 0x1584 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:50:41.0162 0x1584 clr_optimization_v4.0.30319_64 - ok
16:50:41.0193 0x1584 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:50:41.0211 0x1584 CmBatt - ok
16:50:41.0230 0x1584 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:50:41.0243 0x1584 cmdide - ok
16:50:41.0286 0x1584 [ AFA1BFF926592FD0C3AB97D838652EF9, C38BC4BBD4EDF779993B2FECF96C1FD55B085F3FBEB3E1AE3C892DFD369D611D ] cm_km_w C:\Windows\system32\DRIVERS\cm_km_w.sys
16:50:41.0307 0x1584 cm_km_w - ok
16:50:41.0393 0x1584 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
16:50:41.0437 0x1584 CNG - ok
16:50:41.0473 0x1584 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:50:41.0488 0x1584 Compbatt - ok
16:50:41.0525 0x1584 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:50:41.0544 0x1584 CompositeBus - ok
16:50:41.0565 0x1584 COMSysApp - ok
16:50:41.0583 0x1584 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:50:41.0597 0x1584 crcdisk - ok
16:50:41.0642 0x1584 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:50:41.0661 0x1584 CryptSvc - ok
16:50:41.0726 0x1584 [ ED5CF92396A62F4C15110DCDB5E854D9, CD26216B8B3F558A0466843C8161E86EEDB78E6031E1AC0A00DCDE700A2B6EE2 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:50:41.0762 0x1584 CtClsFlt - ok
16:50:41.0803 0x1584 [ 7AF9DAC504FBD047CBC3E64AE52C92BF, CA8F9564733DED4C3895CF7150BB254995D66889E6BE08D6654E4F897E4FF7A4 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
16:50:41.0832 0x1584 dc3d - ok
16:50:41.0872 0x1584 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:50:41.0928 0x1584 DcomLaunch - ok
16:50:41.0957 0x1584 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
16:50:42.0005 0x1584 defragsvc - ok
16:50:42.0018 0x1584 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:50:42.0058 0x1584 DfsC - ok
16:50:42.0078 0x1584 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:50:42.0102 0x1584 Dhcp - ok
16:50:42.0117 0x1584 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
16:50:42.0157 0x1584 discache - ok
16:50:42.0201 0x1584 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
16:50:42.0227 0x1584 Disk - ok
16:50:42.0279 0x1584 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:50:42.0300 0x1584 Dnscache - ok
16:50:42.0309 0x1584 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
16:50:42.0356 0x1584 dot3svc - ok
16:50:42.0391 0x1584 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
16:50:42.0439 0x1584 DPS - ok
16:50:42.0481 0x1584 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:50:42.0498 0x1584 drmkaud - ok
16:50:42.0561 0x1584 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:50:42.0611 0x1584 DXGKrnl - ok
16:50:42.0664 0x1584 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
16:50:42.0726 0x1584 EapHost - ok
16:50:42.0859 0x1584 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:50:42.0987 0x1584 ebdrv - ok
16:50:43.0031 0x1584 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
16:50:43.0052 0x1584 EFS - ok
16:50:43.0155 0x1584 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:50:43.0225 0x1584 ehRecvr - ok
16:50:43.0264 0x1584 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
16:50:43.0287 0x1584 ehSched - ok
16:50:43.0320 0x1584 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:50:43.0364 0x1584 elxstor - ok
16:50:43.0376 0x1584 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:50:43.0392 0x1584 ErrDev - ok
16:50:43.0448 0x1584 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
16:50:43.0498 0x1584 EventSystem - ok
16:50:43.0540 0x1584 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
16:50:43.0586 0x1584 exfat - ok
16:50:43.0602 0x1584 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:50:43.0648 0x1584 fastfat - ok
16:50:43.0677 0x1584 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
16:50:43.0720 0x1584 Fax - ok
16:50:43.0735 0x1584 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
16:50:43.0754 0x1584 fdc - ok
16:50:43.0769 0x1584 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
16:50:43.0809 0x1584 fdPHost - ok
16:50:43.0841 0x1584 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
16:50:43.0883 0x1584 FDResPub - ok
16:50:43.0916 0x1584 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:50:43.0977 0x1584 FileInfo - ok
16:50:44.0041 0x1584 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:50:44.0134 0x1584 Filetrace - ok
16:50:44.0150 0x1584 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:50:44.0168 0x1584 flpydisk - ok
16:50:44.0192 0x1584 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:50:44.0212 0x1584 FltMgr - ok
16:50:44.0311 0x1584 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
16:50:44.0377 0x1584 FontCache - ok
16:50:44.0423 0x1584 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:50:44.0446 0x1584 FontCache3.0.0.0 - ok
16:50:44.0462 0x1584 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:50:44.0478 0x1584 FsDepends - ok
16:50:44.0497 0x1584 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:50:44.0512 0x1584 Fs_Rec - ok
16:50:44.0536 0x1584 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:50:44.0559 0x1584 fvevol - ok
16:50:44.0577 0x1584 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:50:44.0592 0x1584 gagp30kx - ok
16:50:44.0660 0x1584 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:50:44.0681 0x1584 GEARAspiWDM - ok
16:50:44.0721 0x1584 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
16:50:44.0791 0x1584 gpsvc - ok
16:50:44.0842 0x1584 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:50:44.0867 0x1584 gupdate - ok
16:50:44.0872 0x1584 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:50:44.0884 0x1584 gupdatem - ok
16:50:44.0938 0x1584 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:50:44.0968 0x1584 gusvc - ok
16:50:44.0980 0x1584 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:50:45.0002 0x1584 hcw85cir - ok
16:50:45.0040 0x1584 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:50:45.0069 0x1584 HdAudAddService - ok
16:50:45.0084 0x1584 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:50:45.0107 0x1584 HDAudBus - ok
16:50:45.0153 0x1584 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:50:45.0167 0x1584 HECIx64 - ok
16:50:45.0178 0x1584 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:50:45.0197 0x1584 HidBatt - ok
16:50:45.0209 0x1584 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:50:45.0231 0x1584 HidBth - ok
16:50:45.0242 0x1584 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
16:50:45.0262 0x1584 HidIr - ok
16:50:45.0279 0x1584 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
16:50:45.0321 0x1584 hidserv - ok
16:50:45.0385 0x1584 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:50:45.0416 0x1584 HidUsb - ok
16:50:45.0441 0x1584 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:50:45.0493 0x1584 hkmsvc - ok
16:50:45.0514 0x1584 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:50:45.0536 0x1584 HomeGroupListener - ok
16:50:45.0557 0x1584 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:50:45.0581 0x1584 HomeGroupProvider - ok
16:50:45.0595 0x1584 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:50:45.0610 0x1584 HpSAMD - ok
16:50:45.0711 0x1584 HPSLPSVC - ok
16:50:45.0757 0x1584 [ A3E5E2967011E94A61499DF7A777FAC8, 4632AC66AA9257C1427A52C915B3FBE92336CB53A0231312B6AED9290FE7EE81 ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
16:50:45.0778 0x1584 HPSupportSolutionsFrameworkService - ok
16:50:45.0817 0x1584 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:50:45.0884 0x1584 HTTP - ok
16:50:45.0889 0x1584 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:50:45.0902 0x1584 hwpolicy - ok
16:50:45.0919 0x1584 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:50:45.0939 0x1584 i8042prt - ok
16:50:46.0025 0x1584 [ 42E00996DFC13C46366689C0EA8ABC5E, 1C73B7FADB3209D7C1CAA75531F789B47907129E418F91F23CBE9FC68B3056E4 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:50:46.0068 0x1584 iaStor - ok
16:50:46.0108 0x1584 [ 48362E5DB5CB2C000C514EE1F3890ACD, 561FB7BE085A624770832B0138DA1B9859981BCC66540A8F98D9F7D5B8EE6707 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
16:50:46.0121 0x1584 IAStorDataMgrSvc - ok
16:50:46.0178 0x1584 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:50:46.0231 0x1584 iaStorV - ok
16:50:46.0307 0x1584 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:50:46.0351 0x1584 idsvc - ok
16:50:46.0356 0x1584 IEEtwCollectorService - ok
16:50:46.0730 0x1584 [ F4F91789C7C7A159CE8215C1F69F2A85, E60155402FB647B55EAD6B090204A1AA497294D473A7CCF850BB21C0DCCCB49C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:50:47.0163 0x1584 igfx - ok
16:50:47.0256 0x1584 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:50:47.0283 0x1584 iirsp - ok
16:50:47.0333 0x1584 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
16:50:47.0387 0x1584 IKEEXT - ok
16:50:47.0430 0x1584 [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
16:50:47.0449 0x1584 Impcd - ok
16:50:47.0600 0x1584 [ 02674201AD9FE19AC3376705077882C6, 9AA800AA77EBA488FA537FF47D361F6B09E8063A99CCBF5AE2F754A6A648DF84 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:50:47.0748 0x1584 IntcAzAudAddService - ok
16:50:47.0789 0x1584 [ AE594CC17C33AC146739494615E14851, 0E4FA415C1B4065083D761A458450FAE9C6A6EE6E49B3A598B43871D6F01B3EC ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
16:50:47.0811 0x1584 IntcDAud - ok
16:50:47.0843 0x1584 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
16:50:47.0857 0x1584 intelide - ok
16:50:47.0894 0x1584 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:50:47.0932 0x1584 intelppm - ok
16:50:47.0995 0x1584 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:50:48.0058 0x1584 IPBusEnum - ok
16:50:48.0095 0x1584 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:50:48.0136 0x1584 IpFilterDriver - ok
16:50:48.0172 0x1584 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:50:48.0216 0x1584 iphlpsvc - ok
16:50:48.0236 0x1584 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:50:48.0254 0x1584 IPMIDRV - ok
16:50:48.0260 0x1584 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:50:48.0303 0x1584 IPNAT - ok
16:50:48.0383 0x1584 [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:50:48.0417 0x1584 iPod Service - ok
16:50:48.0456 0x1584 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:50:48.0477 0x1584 IRENUM - ok
16:50:48.0495 0x1584 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:50:48.0509 0x1584 isapnp - ok
16:50:48.0542 0x1584 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:50:48.0563 0x1584 iScsiPrt - ok
16:50:48.0587 0x1584 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:50:48.0601 0x1584 kbdclass - ok
16:50:48.0618 0x1584 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:50:48.0634 0x1584 kbdhid - ok
16:50:48.0665 0x1584 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
16:50:48.0682 0x1584 KeyIso - ok
16:50:48.0759 0x1584 [ D93E72DCC2A99E67931BB79485563146, 7EF496A82E69A53465ED7D45E890275E44C979AD5E9C5E482E0DBE5DC9AD9AD3 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
16:50:48.0801 0x1584 kl1 - ok
16:50:48.0829 0x1584 [ CEF0410B784E8CEB0175103CDE52E7FA, 729A45D76D1886E5ECDF23F96925CEBB90A31EFA5A798D69D9C5A684380B6E36 ] kldisk C:\Windows\system32\DRIVERS\kldisk.sys
16:50:48.0844 0x1584 kldisk - ok
16:50:48.0898 0x1584 [ 09F851161CB4B3D92CDE85B3845DCECC, C86EE26F13DB904CD0CB92BEE282188D5E56ECE071F4D6E53F9AAB6D911C5DE0 ] klflt C:\Windows\system32\DRIVERS\klflt.sys
16:50:48.0924 0x1584 klflt - ok
16:50:48.0986 0x1584 [ 7A64190934B66C17F41D3921353BAEDD, D212A6ECB1CBCC665336DF982B5061A72CD88CB5BF6B2EB14B11B8BE756A670E ] klhk C:\Windows\system32\DRIVERS\klhk.sys
16:50:49.0027 0x1584 klhk - ok
16:50:49.0085 0x1584 [ 150DEC2F6A081D2513B7428DC060B557, 7E5996530FD821D1FAF1879F1167CBDE0B562E17388FDC46939ABEFB8869D2CE ] KLIF C:\Windows\system32\DRIVERS\klif.sys
16:50:49.0175 0x1584 KLIF - ok
16:50:49.0187 0x1584 [ FEAD1F401CBE9383A642877A6EA1398F, 0529A96D406DAB1C0715692441BDBC1C05123EB62005B806A8EFF5B0B6DCD5DB ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
16:50:49.0201 0x1584 KLIM6 - ok
16:50:49.0210 0x1584 [ 3FAE739F2AFEA18BCBB9C5E7DC6E889D, 5990C074BCB8E2172AE0A2AC0A31E6636B3C3EF0A5BB1F593E62D22D53FC5BF0 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
16:50:49.0223 0x1584 klkbdflt - ok
16:50:49.0226 0x1584 klkbdflt2 - ok
16:50:49.0238 0x1584 [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
16:50:49.0251 0x1584 klmouflt - ok
16:50:49.0260 0x1584 [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd C:\Windows\system32\DRIVERS\klpd.sys
16:50:49.0272 0x1584 klpd - ok
16:50:49.0288 0x1584 [ 43957361D346A4263873932D572613F2, 719E61CADF6FB49C24370899329BDE198E55DEB175F5701382EE16311D8576D9 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
16:50:49.0300 0x1584 kltdi - ok
16:50:49.0310 0x1584 [ 926BA68DA79545EB6D99BB009B781E5E, EB1DB801044EB4228D38D85A8B6853EFE887B7D4E1EA1F0B8F75DD4886C96467 ] Klwtp C:\Windows\system32\DRIVERS\klwtp.sys
16:50:49.0323 0x1584 Klwtp - ok
16:50:49.0336 0x1584 [ D4CEEAC11C65F49D0F42E74440E829BF, 7E289BB5E400326BADDD61CBB99CB268A3E99103CF16968E1D9141C205EE309C ] kneps C:\Windows\system32\DRIVERS\kneps.sys
16:50:49.0352 0x1584 kneps - ok
16:50:49.0382 0x1584 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:50:49.0398 0x1584 KSecDD - ok
16:50:49.0438 0x1584 [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:50:49.0463 0x1584 KSecPkg - ok
16:50:49.0503 0x1584 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:50:49.0543 0x1584 ksthunk - ok
16:50:49.0572 0x1584 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
16:50:49.0628 0x1584 KtmRm - ok
16:50:49.0673 0x1584 [ 7867CACBF7B23AD04F5D18657BF15FA2, 153763A0C4A347526BCC2A502B5B0BC323AEC4035F1D7A8C85479FEDA0AD8A0C ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
16:50:49.0703 0x1584 L1C - ok
16:50:49.0748 0x1584 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:50:49.0811 0x1584 LanmanServer - ok
16:50:49.0829 0x1584 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:50:49.0872 0x1584 LanmanWorkstation - ok
16:50:50.0023 0x1584 [ D69FDDADA5CF0097966C4F52C2E6FEBA, 35FA7E4658AFCCE293F31E66B695D45D31A0ADF4C837DA1C801F7577B73754AC ] LiveUpdateSvc C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
16:50:50.0082 0x1584 LiveUpdateSvc - ok
16:50:50.0125 0x1584 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:50:50.0166 0x1584 lltdio - ok
16:50:50.0188 0x1584 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:50:50.0238 0x1584 lltdsvc - ok
16:50:50.0247 0x1584 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:50:50.0288 0x1584 lmhosts - ok
16:50:50.0363 0x1584 [ 7485FBCEF9136F530953575E2977859D, 5A6A67EE407C6ECE637C2B2AC21259BB86D032E47CE59F77AAF48D687B74CFCB ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:50:50.0392 0x1584 LMS - ok
16:50:50.0430 0x1584 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:50:50.0448 0x1584 LSI_FC - ok
16:50:50.0464 0x1584 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:50:50.0482 0x1584 LSI_SAS - ok
16:50:50.0498 0x1584 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:50:50.0513 0x1584 LSI_SAS2 - ok
16:50:50.0529 0x1584 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:50:50.0544 0x1584 LSI_SCSI - ok
16:50:50.0576 0x1584 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
16:50:50.0618 0x1584 luafv - ok
16:50:50.0667 0x1584 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:50:50.0697 0x1584 Mcx2Svc - ok
16:50:50.0715 0x1584 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
16:50:50.0732 0x1584 megasas - ok
16:50:50.0749 0x1584 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:50:50.0771 0x1584 MegaSR - ok
16:50:50.0789 0x1584 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
16:50:50.0832 0x1584 MMCSS - ok
16:50:50.0850 0x1584 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
16:50:50.0888 0x1584 Modem - ok
16:50:50.0921 0x1584 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:50:50.0939 0x1584 monitor - ok
16:50:50.0964 0x1584 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:50:50.0978 0x1584 mouclass - ok
16:50:51.0008 0x1584 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:50:51.0028 0x1584 mouhid - ok
16:50:51.0057 0x1584 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:50:51.0073 0x1584 mountmgr - ok
16:50:51.0094 0x1584 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
16:50:51.0113 0x1584 mpio - ok
16:50:51.0128 0x1584 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:50:51.0171 0x1584 mpsdrv - ok
16:50:51.0203 0x1584 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:50:51.0279 0x1584 MpsSvc - ok
16:50:51.0304 0x1584 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:50:51.0323 0x1584 MRxDAV - ok
16:50:51.0346 0x1584 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:50:51.0365 0x1584 mrxsmb - ok
16:50:51.0381 0x1584 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:50:51.0404 0x1584 mrxsmb10 - ok
16:50:51.0411 0x1584 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:50:51.0430 0x1584 mrxsmb20 - ok
16:50:51.0446 0x1584 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
16:50:51.0459 0x1584 msahci - ok
16:50:51.0477 0x1584 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:50:51.0494 0x1584 msdsm - ok
16:50:51.0511 0x1584 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
16:50:51.0533 0x1584 MSDTC - ok
16:50:51.0552 0x1584 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:50:51.0592 0x1584 Msfs - ok
16:50:51.0630 0x1584 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:50:51.0670 0x1584 mshidkmdf - ok
16:50:51.0691 0x1584 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:50:51.0704 0x1584 msisadrv - ok
16:50:51.0730 0x1584 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:50:51.0773 0x1584 MSiSCSI - ok
16:50:51.0778 0x1584 msiserver - ok
16:50:51.0813 0x1584 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
Link to comment
Share on other sites

ComboFix 15-01-04.01 - Ginny 01/04/2015 17:10:20.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5941.4188 [GMT -6:00]
Running from: c:\users\Ginny\Desktop\Gotcha.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-12-04 to 2015-01-04 )))))))))))))))))))))))))))))))
.
.
2015-01-04 23:16 . 2015-01-04 23:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-04 22:02 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE25986B-8B58-4299-8EE7-EFF35249DB9E}\mpengine.dll
2015-01-04 22:01 . 2014-11-18 02:04 364512 ----a-w- c:\windows\system32\aswBoot.exe
2015-01-03 02:28 . 2015-01-03 02:28 -------- d-----w- c:\program files (x86)\NirSoft
2015-01-01 21:13 . 2015-01-04 21:54 -------- d-----w- c:\program files (x86)\FrostWire
2014-12-31 23:57 . 2010-05-26 17:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2014-12-31 23:57 . 2010-05-26 17:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2014-12-31 23:57 . 2010-05-26 17:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2014-12-31 23:57 . 2010-05-26 17:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2014-12-31 23:56 . 2009-03-09 21:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2014-12-31 23:56 . 2009-03-09 21:27 1846632 ----a-w- c:\windows\SysWow64\D3DCompiler_41.dll
2014-12-31 23:55 . 2009-11-18 13:16 78936 ----a-w- c:\windows\system32\MBWrp64.dll
2014-12-31 23:55 . 2009-11-18 13:13 607832 ----a-w- c:\windows\system32\MBAPO64.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-30 17:20 . 2014-08-14 01:34 77512 ----a-w- c:\windows\system32\drivers\klwtp.sys
2014-11-30 17:20 . 2014-08-21 00:04 818888 ----a-w- c:\windows\system32\drivers\klif.sys
2014-11-30 17:20 . 2014-08-18 20:43 150536 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-11-27 15:56 . 2013-12-09 04:24 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-27 15:56 . 2013-12-09 04:24 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-26 02:12 . 2014-04-22 22:40 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-22 02:04 . 2013-11-27 22:53 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-18 02:04 . 2014-04-22 20:17 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-18 02:04 . 2013-12-26 02:55 116728 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-11-18 02:04 . 2013-11-27 22:53 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-18 02:04 . 2013-11-27 22:53 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-18 02:04 . 2013-11-27 22:53 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-18 02:04 . 2013-11-27 22:53 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-18 02:04 . 2013-11-27 22:53 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-18 02:04 . 2014-11-18 02:04 43152 ----a-w- c:\windows\avastSS.scr
2014-11-12 21:12 . 2013-11-28 00:57 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-11-11 03:08 . 2014-11-18 22:50 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-18 22:50 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-18 22:50 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-18 22:50 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-07 19:49 . 2014-11-12 00:07 388272 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-06 04:04 . 2014-11-12 00:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-06 04:03 . 2014-11-12 00:07 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-06 04:03 . 2014-11-12 00:07 25110016 ----a-w- c:\windows\system32\mshtml.dll
2014-11-06 03:47 . 2014-11-12 00:07 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-06 03:46 . 2014-11-12 00:07 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-06 03:46 . 2014-11-12 00:07 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-06 03:44 . 2014-11-12 00:07 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-06 03:43 . 2014-11-12 00:07 2884096 ----a-w- c:\windows\system32\iertutil.dll
2014-11-06 03:36 . 2014-11-12 00:07 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-06 03:35 . 2014-11-12 00:07 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-06 03:31 . 2014-11-12 00:07 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-06 03:30 . 2014-11-12 00:07 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-11-06 03:30 . 2014-11-12 00:07 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-06 03:29 . 2014-11-12 00:07 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-06 03:28 . 2014-11-12 00:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-06 03:23 . 2014-11-12 00:07 6040064 ----a-w- c:\windows\system32\jscript9.dll
2014-11-06 03:20 . 2014-11-12 00:07 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-06 03:16 . 2014-11-12 00:07 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-06 03:13 . 2014-11-12 00:07 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-06 03:13 . 2014-11-12 00:07 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-06 03:12 . 2014-11-12 00:07 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10 . 2014-11-12 00:07 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07 . 2014-11-12 00:07 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-06 03:02 . 2014-11-12 00:07 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-06 03:00 . 2014-11-12 00:07 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-06 02:59 . 2014-11-12 00:07 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-11-06 02:58 . 2014-11-12 00:07 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-06 02:57 . 2014-11-12 00:07 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-06 02:42 . 2014-11-12 00:07 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:41 . 2014-11-12 00:07 716800 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-06 02:41 . 2014-11-12 00:07 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-06 02:39 . 2014-11-12 00:07 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-06 02:38 . 2014-11-12 00:07 2124288 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-06 02:30 . 2014-11-12 00:07 14390272 ----a-w- c:\windows\system32\ieframe.dll
2014-11-06 02:21 . 2014-11-12 00:07 4298240 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-06 02:21 . 2014-11-12 00:07 2051072 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-06 02:20 . 2014-11-12 00:07 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17 . 2014-11-12 00:07 2365440 ----a-w- c:\windows\system32\wininet.dll
2014-11-06 02:04 . 2014-11-12 00:07 1550336 ----a-w- c:\windows\system32\urlmon.dll
2014-11-06 01:53 . 2014-11-12 00:07 799232 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-06 01:52 . 2014-11-12 00:07 1892864 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-05 17:56 . 2014-11-11 22:45 304640 ----a-w- c:\windows\system32\generaltel.dll
2014-11-05 17:56 . 2014-11-11 22:45 228864 ----a-w- c:\windows\system32\aepdu.dll
2014-11-05 17:52 . 2014-11-11 22:45 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-11-04 20:30 . 2010-11-21 03:27 275080 ----a-w- c:\windows\system32\MpSigStub.exe
2014-10-25 01:57 . 2014-11-11 22:39 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-11 22:39 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-20 21:30 . 2014-10-20 21:30 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-10-20 20:41 . 2014-08-25 02:31 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-18 02:05 . 2014-11-11 22:39 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-11 22:39 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-11 22:45 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-11 22:45 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-11 22:39 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-11 22:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-11 22:45 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-11 22:45 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-11 22:45 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-11 22:39 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-11 22:45 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-11 22:45 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-11 22:45 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-11 22:39 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-08-15 11:56 . 2014-03-14 02:23 15000576 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="c:\users\Ginny\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-04-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-04 3890208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2013-11-27 50688]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2014-3-13 15000576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmafd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmafd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 pikbd;Pluralinput Keyboard 0.8.6;c:\windows\system32\DRIVERS\pikbd.sys;c:\windows\SYSNATIVE\DRIVERS\pikbd.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
R4 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R4 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R4 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);c:\windows\system32\DRIVERS\cm_km_w.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km_w.sys [x]
S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys;c:\windows\SYSNATIVE\DRIVERS\MxEFUF64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 AVP15.0.1;Kaspersky Anti-Virus Service 15.0.1;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-26 01:02 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-09 15:56]
.
2015-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-27 22:53]
.
2015-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-27 22:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-08-29 12:59 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-22 20:17 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: LastPass - file://c:\users\Ginny\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Ginny\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{09A10376-994C-4BBF-9121-F50CF7BA237E} - {F2A56BFE-7911-451A-BC74-A9C3C2E95126} - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MpsSvc]
"ImagePath"="."
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2015-01-04 17:23:53 - machine was rebooted
ComboFix-quarantined-files.txt 2015-01-04 23:23
.
Pre-Run: 395,627,270,144 bytes free
Post-Run: 395,291,365,376 bytes free
.
- - End Of File - - DFA6F25E7489834CF711F4A3873ED663
A36C5E4F47E84449FF07ED3517B43A31
The combofix log.

Link to comment
Share on other sites

I also have a new thing come up on my computer when it started up. It says RealTimeProtector.exe system error. The programcan't start because rtl120bpl is missing from your computer. Try reinstalling to fix. Don't know what that is.

Link to comment
Share on other sites

avast! Antivirus

Kaspersky Lab\Kaspersky Internet Security

 

We've got to get this down to just 1 antivirus on the machine. Can cause tons of problems.

 

~~~~

 

realtimeprotector.exe --> This is typically installed with the program Advanced SystemCare 7 published by IObit.

First, Re:rtl120.bpl - Do you have a program called "TuneUp Utilities 2010." installed ? and it's possibly related to IObit.

CCleaner64 also has a registry cleaner in the program, don't use this it can cause more harm then good.

 

In the fix below I've created a script that should take out IOBIT.

 

 

 

Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.

Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.

This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

 

Click on this link Here to see a list of programs that should be disabled.

The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

 

Driver::

LiveUpdateSvc

AdvancedSystemCareService7

Folder::

c:\program files (x86)\IObit\Advanced SystemCare

c:\program files (x86)\IObit\LiveUpdate

File::

c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe

c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

 

 

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

If there are internet issues afterward:

 

*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

 

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

 

 

Chrome:

Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

Link to comment
Share on other sites

I am not sure if I have Tune up utility . Anytime I try and go to my control panel to look at anything The windows explorer error comes up and shuts it down. I have no access. Also, Google wont update now and I cant log into my last pass on google either. I am going to do the steps above and get back. Sorry I didn't respond last night. Have to work three thirty in morn. Thanks.

Link to comment
Share on other sites

I had a few things happen,before the compter would restart,two boxes came up, one said unable to create a backup of the current registry file C:\Windows\Syste32\config\software. Continue restoration of this file? I could not check yes as it wouldn't work, so I checked no and then this came up,Error restoring C:\Windows\erdnt\subs\software to C:\Windowss\System32\config\software! continue with next file? [ RegReplaceKey:5 -access is denied. Again I nothing happened if I tried to check yes, so I checked no and then the computer restarted.

ComboFix 15-01-04.01 - Ginny 01/05/2015 16:26:47.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5941.4414 [GMT -6:00]

Running from: c:\users\Ginny\Desktop\Gotcha.exe

Command switches used :: c:\users\Ginny\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}

FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}[/u]

 

FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

 

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

 

SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}

 

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

.

 

FILE ::

 

"c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe"

 

"c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe"

 

.

 

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

.

 

c:\program files (x86)\IObit\LiveUpdate

 

c:\program files (x86)\IObit\LiveUpdate\Language\Arabic.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Belarusian.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\ChineseSimp.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\ChineseTrad.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Czech.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Danish.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Dinka.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Dutch.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\English.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Finnish.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Flemish.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\French.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\German.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Greek.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Hebrew.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Hungarian.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Indonesia.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Italian.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Japanese.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Korean.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Latvian.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Malayalam.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Polish.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Portuguese(PT-BR).lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Portuguese(PT-PT).lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Romanian.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Russian.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Serbian (cyrillic).lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Serbian (latin).lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Slovak.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Slovenian.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Spanish.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Swedish.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Turkish.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Ukrainian.lng

 

c:\program files (x86)\IObit\LiveUpdate\Language\Vietnamese.lng

 

c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe

 

c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe.del

 

c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.log

 

c:\program files (x86)\IObit\LiveUpdate\LiveUpdateSrvUpt.log

 

c:\program files (x86)\IObit\LiveUpdate\ProductStatistics.dll

 

c:\program files (x86)\IObit\LiveUpdate\ProductUpt.log

 

c:\program files (x86)\IObit\LiveUpdate\system.ini

 

c:\program files (x86)\IObit\LiveUpdate\update\timer.db

 

c:\program files (x86)\IObit\LiveUpdate\update\update.spt

 

.

 

.

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

.

 

-------\Service_AdvancedSystemCareService7

 

-------\Service_LiveUpdateSvc

 

.

 

.

 

((((((((((((((((((((((((( Files Created from 2014-12-05 to 2015-01-05 )))))))))))))))))))))))))))))))

 

.

 

.

 

2015-01-05 22:33 . 2015-01-05 22:33 -------- d-----w- c:\users\Default\AppData\Local\temp

 

2015-01-05 01:36 . 2014-12-15 10:13 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12D71C22-4B57-46D6-A9CA-541881CE825A}\mpengine.dll

 

2015-01-05 01:30 . 2015-01-05 01:30 -------- d-----w- c:\windows\system32\appraiser

 

2015-01-05 01:25 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll

 

2015-01-05 01:25 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll

 

2015-01-04 23:42 . 2014-12-04 02:50 413184 ----a-w- c:\windows\system32\generaltel.dll

 

2015-01-04 23:42 . 2014-12-04 02:50 741376 ----a-w- c:\windows\system32\invagent.dll

 

2015-01-04 23:42 . 2014-12-04 02:50 192000 ----a-w- c:\windows\system32\aepic.dll

 

2015-01-04 23:42 . 2014-12-04 02:44 1083392 ----a-w- c:\windows\system32\aeinv.dll

 

2015-01-04 23:42 . 2014-12-01 23:28 1232040 ----a-w- c:\windows\system32\aitstatic.exe

 

2015-01-04 23:42 . 2014-12-04 02:50 396800 ----a-w- c:\windows\system32\devinv.dll

 

2015-01-04 23:42 . 2014-12-04 02:50 227328 ----a-w- c:\windows\system32\aepdu.dll

 

2015-01-04 23:05 . 2014-11-08 03:16 2048 ----a-w- c:\windows\system32\tzres.dll

 

2015-01-04 23:05 . 2014-11-08 02:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll

 

2015-01-04 22:55 . 2014-11-11 03:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

 

2015-01-04 22:55 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

 

2015-01-04 22:54 . 2014-11-11 01:46 119296 ----a-w- c:\windows\system32\drivers\tdx.sys

 

2015-01-04 22:42 . 2014-10-30 02:03 165888 ----a-w- c:\windows\system32\charmap.exe

 

2015-01-04 22:42 . 2014-10-30 01:45 155136 ----a-w- c:\windows\SysWow64\charmap.exe

 

2015-01-04 22:42 . 2014-10-03 02:12 310272 ----a-w- c:\windows\system32\WsmWmiPl.dll

 

2015-01-04 22:42 . 2014-10-03 02:12 2020352 ----a-w- c:\windows\system32\WsmSvc.dll

 

2015-01-04 22:42 . 2014-10-03 02:12 346624 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll

 

2015-01-04 22:42 . 2014-10-03 02:12 181248 ----a-w- c:\windows\system32\WsmAuto.dll

 

2015-01-04 22:42 . 2014-10-03 02:11 266240 ----a-w- c:\windows\system32\WSManHTTPConfig.exe

 

2015-01-04 22:42 . 2014-10-03 01:45 248832 ----a-w- c:\windows\SysWow64\WSManMigrationPlugin.dll

 

2015-01-04 22:42 . 2014-10-03 01:45 214016 ----a-w- c:\windows\SysWow64\WsmWmiPl.dll

 

2015-01-04 22:42 . 2014-10-03 01:45 145920 ----a-w- c:\windows\SysWow64\WsmAuto.dll

 

2015-01-04 22:42 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\SysWow64\WsmSvc.dll

 

2015-01-04 22:42 . 2014-10-03 01:44 198656 ----a-w- c:\windows\SysWow64\WSManHTTPConfig.exe

 

2015-01-04 22:01 . 2014-11-18 02:04 364512 ----a-w- c:\windows\system32\aswBoot.exe

 

2015-01-03 02:28 . 2015-01-03 02:28 -------- d-----w- c:\program files (x86)\NirSoft

 

2015-01-01 21:13 . 2015-01-04 21:54 -------- d-----w- c:\program files (x86)\FrostWire

 

2014-12-31 23:57 . 2010-05-26 17:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll

 

2014-12-31 23:57 . 2010-05-26 17:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll

 

2014-12-31 23:57 . 2010-05-26 17:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

 

2014-12-31 23:57 . 2010-05-26 17:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll

 

2014-12-31 23:56 . 2009-03-09 21:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll

 

2014-12-31 23:56 . 2009-03-09 21:27 1846632 ----a-w- c:\windows\SysWow64\D3DCompiler_41.dll

 

2014-12-31 23:55 . 2009-11-18 13:16 78936 ----a-w- c:\windows\system32\MBWrp64.dll

 

2014-12-31 23:55 . 2009-11-18 13:13 607832 ----a-w- c:\windows\system32\MBAPO64.dll

 

.

 

.

 

.

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

2015-01-05 01:26 . 2013-11-28 00:57 112710672 ----a-w- c:\windows\system32\MRT.exe

 

2014-11-30 17:20 . 2014-08-14 01:34 77512 ----a-w- c:\windows\system32\drivers\klwtp.sys

 

2014-11-30 17:20 . 2014-08-21 00:04 818888 ----a-w- c:\windows\system32\drivers\klif.sys

 

2014-11-30 17:20 . 2014-08-18 20:43 150536 ----a-w- c:\windows\system32\drivers\klflt.sys

 

2014-11-27 15:56 . 2013-12-09 04:24 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

 

2014-11-27 15:56 . 2013-12-09 04:24 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

 

2014-11-26 02:12 . 2014-04-22 22:40 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

 

2014-11-24 20:04 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe

 

2014-11-22 02:04 . 2013-11-27 22:53 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys

 

2014-11-18 02:04 . 2014-04-22 20:17 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys

 

2014-11-18 02:04 . 2013-12-26 02:55 116728 ----a-w- c:\windows\system32\drivers\aswstm.sys

 

2014-11-18 02:04 . 2013-11-27 22:53 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys

 

2014-11-18 02:04 . 2013-11-27 22:53 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

 

2014-11-18 02:04 . 2013-11-27 22:53 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

 

2014-11-18 02:04 . 2013-11-27 22:53 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

 

2014-11-18 02:04 . 2013-11-27 22:53 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys

 

2014-11-18 02:04 . 2014-11-18 02:04 43152 ----a-w- c:\windows\avastSS.scr

 

2014-11-11 03:08 . 2014-11-18 22:50 241152 ----a-w- c:\windows\system32\pku2u.dll

 

2014-11-11 03:08 . 2014-11-18 22:50 728064 ----a-w- c:\windows\system32\kerberos.dll

 

2014-11-11 02:44 . 2014-11-18 22:50 186880 ----a-w- c:\windows\SysWow64\pku2u.dll

 

2014-11-11 02:44 . 2014-11-18 22:50 550912 ----a-w- c:\windows\SysWow64\kerberos.dll

 

2014-11-07 19:49 . 2014-11-12 00:07 388272 ----a-w- c:\windows\system32\iedkcs32.dll

 

2014-11-06 04:04 . 2014-11-12 00:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb

 

2014-11-06 04:03 . 2014-11-12 00:07 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll

 

2014-11-06 04:03 . 2014-11-12 00:07 25110016 ----a-w- c:\windows\system32\mshtml.dll

 

2014-11-06 03:47 . 2014-11-12 00:07 66560 ----a-w- c:\windows\system32\iesetup.dll

 

2014-11-06 03:46 . 2014-11-12 00:07 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll

 

2014-11-06 03:46 . 2014-11-12 00:07 580096 ----a-w- c:\windows\system32\vbscript.dll

 

2014-11-06 03:44 . 2014-11-12 00:07 88064 ----a-w- c:\windows\system32\MshtmlDac.dll

 

2014-11-06 03:43 . 2014-11-12 00:07 2884096 ----a-w- c:\windows\system32\iertutil.dll

 

2014-11-06 03:36 . 2014-11-12 00:07 54784 ----a-w- c:\windows\system32\jsproxy.dll

 

2014-11-06 03:35 . 2014-11-12 00:07 34304 ----a-w- c:\windows\system32\iernonce.dll

 

2014-11-06 03:31 . 2014-11-12 00:07 633856 ----a-w- c:\windows\system32\ieui.dll

 

2014-11-06 03:30 . 2014-11-12 00:07 144384 ----a-w- c:\windows\system32\ieUnatt.exe

 

2014-11-06 03:30 . 2014-11-12 00:07 114688 ----a-w- c:\windows\system32\ieetwcollector.exe

 

2014-11-06 03:29 . 2014-11-12 00:07 814080 ----a-w- c:\windows\system32\jscript9diag.dll

 

2014-11-06 03:28 . 2014-11-12 00:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb

 

2014-11-06 03:23 . 2014-11-12 00:07 6040064 ----a-w- c:\windows\system32\jscript9.dll

 

2014-11-06 03:20 . 2014-11-12 00:07 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

 

2014-11-06 03:16 . 2014-11-12 00:07 490496 ----a-w- c:\windows\system32\dxtmsft.dll

 

2014-11-06 03:13 . 2014-11-12 00:07 501248 ----a-w- c:\windows\SysWow64\vbscript.dll

 

2014-11-06 03:13 . 2014-11-12 00:07 62464 ----a-w- c:\windows\SysWow64\iesetup.dll

 

2014-11-06 03:12 . 2014-11-12 00:07 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll

 

2014-11-06 03:10 . 2014-11-12 00:07 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll

 

2014-11-06 03:07 . 2014-11-12 00:07 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll

 

2014-11-06 03:02 . 2014-11-12 00:07 199680 ----a-w- c:\windows\system32\msrating.dll

 

2014-11-06 03:00 . 2014-11-12 00:07 92160 ----a-w- c:\windows\system32\mshtmled.dll

 

2014-11-06 02:59 . 2014-11-12 00:07 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe

 

2014-11-06 02:58 . 2014-11-12 00:07 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll

 

2014-11-06 02:57 . 2014-11-12 00:07 316928 ----a-w- c:\windows\system32\dxtrans.dll

 

2014-11-06 02:42 . 2014-11-12 00:07 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll

 

2014-11-06 02:41 . 2014-11-12 00:07 716800 ----a-w- c:\windows\system32\ie4uinit.exe

 

2014-11-06 02:41 . 2014-11-12 00:07 800768 ----a-w- c:\windows\system32\msfeeds.dll

 

2014-11-06 02:39 . 2014-11-12 00:07 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll

 

2014-11-06 02:38 . 2014-11-12 00:07 2124288 ----a-w- c:\windows\system32\inetcpl.cpl

 

2014-11-06 02:30 . 2014-11-12 00:07 14390272 ----a-w- c:\windows\system32\ieframe.dll

 

2014-11-06 02:21 . 2014-11-12 00:07 4298240 ----a-w- c:\windows\SysWow64\jscript9.dll

 

2014-11-06 02:21 . 2014-11-12 00:07 2051072 ----a-w- c:\windows\SysWow64\inetcpl.cpl

 

2014-11-06 02:20 . 2014-11-12 00:07 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

 

2014-11-06 02:17 . 2014-11-12 00:07 2365440 ----a-w- c:\windows\system32\wininet.dll

 

2014-11-06 02:04 . 2014-11-12 00:07 1550336 ----a-w- c:\windows\system32\urlmon.dll

 

2014-11-06 01:53 . 2014-11-12 00:07 799232 ----a-w- c:\windows\system32\ieapfltr.dll

 

2014-11-06 01:52 . 2014-11-12 00:07 1892864 ----a-w- c:\windows\SysWow64\wininet.dll

 

2014-10-25 01:57 . 2014-11-11 22:39 77824 ----a-w- c:\windows\system32\packager.dll

 

2014-10-25 01:32 . 2014-11-11 22:39 67584 ----a-w- c:\windows\SysWow64\packager.dll

 

2014-10-20 21:30 . 2014-10-20 21:30 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

 

2014-10-20 20:41 . 2014-08-25 02:31 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

 

2014-10-18 02:05 . 2014-11-11 22:39 861696 ----a-w- c:\windows\system32\oleaut32.dll

 

2014-10-18 01:33 . 2014-11-11 22:39 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

 

2014-10-14 02:16 . 2014-11-11 22:45 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

 

2014-10-14 02:13 . 2014-11-11 22:45 683520 ----a-w- c:\windows\system32\termsrv.dll

 

2014-10-14 02:13 . 2014-11-11 22:39 3241984 ----a-w- c:\windows\system32\msi.dll

 

2014-10-14 02:12 . 2014-11-11 22:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll

 

2014-10-14 02:09 . 2014-11-11 22:45 146432 ----a-w- c:\windows\system32\msaudite.dll

 

2014-10-14 02:07 . 2014-11-11 22:45 681984 ----a-w- c:\windows\system32\adtschema.dll

 

2014-10-14 01:50 . 2014-11-11 22:45 22016 ----a-w- c:\windows\SysWow64\secur32.dll

 

2014-10-14 01:50 . 2014-11-11 22:39 2363904 ----a-w- c:\windows\SysWow64\msi.dll

 

2014-10-14 01:49 . 2014-11-11 22:45 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

 

2014-10-14 01:47 . 2014-11-11 22:45 146432 ----a-w- c:\windows\SysWow64\msaudite.dll

 

2014-10-14 01:46 . 2014-11-11 22:45 681984 ----a-w- c:\windows\SysWow64\adtschema.dll

 

2014-10-10 00:57 . 2014-11-11 22:39 3198976 ----a-w- c:\windows\system32\win32k.sys

 

2014-08-15 11:56 . 2014-03-14 02:23 15000576 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe

 

.

 

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

.

 

*Note* empty entries & legit default entries are not shown

 

REGEDIT4

 

.

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

 

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

 

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

 

2014-06-24 22:04 131480 ----a-w- c:\users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

 

.

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

 

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

 

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

 

2014-06-24 22:04 131480 ----a-w- c:\users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

 

.

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

 

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

 

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

 

2014-06-24 22:04 131480 ----a-w- c:\users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

 

.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"f.lux"="c:\users\Ginny\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]

 

"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]

 

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-04-09 39408]

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

 

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-04 3890208]

 

.

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

 

Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2013-11-27 50688]

 

Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2014-3-13 15000576]

 

.

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

 

"ConsentPromptBehaviorAdmin"= 5 (0x5)

 

"ConsentPromptBehaviorUser"= 3 (0x3)

 

"EnableUIADesktopToggle"= 0 (0x0)

 

"PromptOnSecureDesktop"= 0 (0x0)

 

"SoftwareSASGeneration"= 1 (0x1)

 

.

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

 

"DisableMonitoring"=dword:00000001

 

.

 

R0 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmafd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmafd.sys [x]

 

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

 

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

 

R3 pikbd;Pluralinput Keyboard 0.8.6;c:\windows\system32\DRIVERS\pikbd.sys;c:\windows\SYSNATIVE\DRIVERS\pikbd.sys [x]

 

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

 

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

 

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]

 

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

 

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

 

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

 

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

 

R4 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]

 

R4 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]

 

R4 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]

 

R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

 

R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

 

R4 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]

 

S0 aswRvrt;avast! Revert; [x]

 

S0 aswVmm;avast! VM Monitor; [x]

 

S0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);c:\windows\system32\DRIVERS\cm_km_w.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km_w.sys [x]

 

S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys;c:\windows\SYSNATIVE\DRIVERS\MxEFUF64.sys [x]

 

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

 

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

 

S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]

 

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]

 

S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]

 

S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]

 

S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]

 

S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]

 

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]

 

S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]

 

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

 

S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

 

S2 AVP15.0.1;Kaspersky Anti-Virus Service 15.0.1;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [x]

 

S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]

 

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]

 

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

 

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]

 

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

 

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

 

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

 

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

 

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

 

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

 

S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]

 

S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]

 

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]

 

S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

 

S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]

 

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]

 

.

 

.

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

 

2015-01-05 22:10 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe

 

.

 

Contents of the 'Scheduled Tasks' folder

 

.

 

2015-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job

 

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-09 15:56]

 

.

 

2015-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

 

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-27 22:53]

 

.

 

2015-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

 

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-27 22:53]

 

.

 

.

 

--------- X64 Entries -----------

 

.

 

.

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

 

@="{472083B0-C522-11CF-8763-00608CC02F24}"

 

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

 

2014-04-22 20:17 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

 

.

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

 

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

 

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

 

2014-06-24 22:04 164760 ----a-w- c:\users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

 

.

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

 

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

 

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

 

2014-06-24 22:04 164760 ----a-w- c:\users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

 

.

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

 

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

 

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

 

2014-06-24 22:04 164760 ----a-w- c:\users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

 

.

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

 

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

 

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

 

2014-06-24 22:04 164760 ----a-w- c:\users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

 

.

 

------- Supplementary Scan -------

 

.

 

uLocal Page = c:\windows\system32\blank.htm

 

mLocal Page = c:\windows\SysWOW64\blank.htm

 

uInternet Settings,ProxyOverride = *.local

 

IE: LastPass - file://c:\users\Ginny\AppData\LocalLow\LastPass\context.html?cmd=lastpass

 

IE: LastPass Fill Forms - file://c:\users\Ginny\AppData\LocalLow\LastPass\context.html?cmd=fillforms

 

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

 

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

 

IE: {{09A10376-994C-4BBF-9121-F50CF7BA237E} - {F2A56BFE-7911-451A-BC74-A9C3C2E95126} - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll

 

TCP: DhcpNameServer = 192.168.1.1

 

.

 

- - - - ORPHANS REMOVED - - - -

 

.

 

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

 

.

 

.

 

.

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MpsSvc]

 

"ImagePath"="."

 

.

 

--------------------- LOCKED REGISTRY KEYS ---------------------

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

 

@Denied: (A 2) (Everyone)

 

@="FlashBroker"

 

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

 

"Enabled"=dword:00000001

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

 

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

 

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

 

@Denied: (A 2) (Everyone)

 

@="IFlashBroker6"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

 

@="{00020424-0000-0000-C000-000000000046}"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

 

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

"Version"="1.0"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

 

@Denied: (A 2) (Everyone)

 

@="FlashBroker"

 

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

 

"Enabled"=dword:00000001

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

 

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

 

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

 

@Denied: (A 2) (Everyone)

 

@="Shockwave Flash Object"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

 

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"

 

"ThreadingModel"="Apartment"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

 

@="0"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

 

@="ShockwaveFlash.ShockwaveFlash.15"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

 

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

 

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

 

@="1.0"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

 

@="ShockwaveFlash.ShockwaveFlash"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

 

@Denied: (A 2) (Everyone)

 

@="Macromedia Flash Factory Object"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

 

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"

 

"ThreadingModel"="Apartment"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

 

@="FlashFactory.FlashFactory.1"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

 

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

 

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

 

@="1.0"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

 

@="FlashFactory.FlashFactory"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

 

@Denied: (A 2) (Everyone)

 

@="IFlashBroker6"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

 

@="{00020424-0000-0000-C000-000000000046}"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

 

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

"Version"="1.0"

 

.

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

 

@Denied: (Full) (Everyone)

 

.

 

------------------------ Other Running Processes ------------------------

 

.

 

c:\program files\AVAST Software\Avast\AvastSvc.exe

 

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

 

c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

 

c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe

 

.

 

**************************************************************************

 

.

 

Completion time: 2015-01-05 16:45:17 - machine was rebooted

 

ComboFix-quarantined-files.txt 2015-01-05 22:45

 

ComboFix2.txt 2015-01-04 23:23

 

.

 

Pre-Run: 393,734,975,488 bytes free

 

Post-Run: 393,526,501,376 bytes free

 

.

 

- - End Of File - - 16D323D0AB126397147478B7E2C61E71

 

A36C5E4F47E84449FF07ED3517B43A31

Edited by Juliet
tried to edit underlines
Link to comment
Share on other sites

A couple of tools I would like to see if we can try to use.

 

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 6 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

~~~~~~~~~~~~`

 

xlK5Hdb.pngFarbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpgRun as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

     

Link to comment
Share on other sites

Here is the two logs. Did you also need the one from rkill.exe?

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by Ginny (administrator) on GINNY-PC on 05-01-2015 18:41:08
Running from C:\Users\Ginny\Desktop
Loaded Profile: Ginny (Available profiles: Ginny)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(LastPass) C:\Users\Ginny\AppData\LocalLow\LastPass\LastPassBroker.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1882920 2009-11-12] (Synaptics Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-07-04] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3370004212-2481374857-3576566069-1000\...\Run: [f.lux] => C:\Users\Ginny\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3370004212-2481374857-3576566069-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3370004212-2481374857-3576566069-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-09] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3370004212-2481374857-3576566069-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3370004212-2481374857-3576566069-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-3370004212-2481374857-3576566069-1000 -> {95D125B5-E050-4423-A551-DC08C5F20C26} URL = https://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll ()
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKU\S-1-5-21-3370004212-2481374857-3576566069-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKU\S-1-5-21-3370004212-2481374857-3576566069-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-27]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-11-30]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-11-30]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-11-30]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.aol.com/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Ginny\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Ginny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ginny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (WOT) - C:\Users\Ginny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-11-27]
CHR Extension: (YouTube) - C:\Users\Ginny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-27]
CHR Extension: (TypingWeb Typing Tutor) - C:\Users\Ginny\AppData\Local\Google\Chrome\User Data\Default\Extensions\clcgempicojkfhpnepfecmklndooebjk [2013-12-12]
CHR Extension: (Google Search) - C:\Users\Ginny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-27]
CHR Extension: (AdBlock) - C:\Users\Ginny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-27]
CHR Extension: (Bookmark Manager) - C:\Users\Ginny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-12-03]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ginny\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-11-27]
CHR Extension: (LastPass Vault) - C:\Users\Ginny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2014-01-09]
CHR Extension: (Google Wallet) - C:\Users\Ginny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27]
CHR Extension: (Gmail) - C:\Users\Ginny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-27]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-22] (AVAST Software)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2014-08-04] () [File not signed]
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2014-08-04] () [File not signed]
S3 MpsSvc; . [0 2015-01-05] () [File not signed]
S4 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2014-08-04] () [File not signed]
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2014-08-04] () [File not signed]
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2014-08-04] () [File not signed]
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-08-04] () [File not signed]
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2014-08-04] () [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-16] (Dell Inc.) [File not signed]
S2 HPSLPSVC; C:\Users\Ginny\AppData\Local\Temp\7zS513C\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21600 2013-03-14] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-17] ()
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-11-30] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2014-11-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-11-30] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-08-22] (Qualcomm Atheros Co., Ltd.)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)
S3 pikbd; C:\Windows\System32\DRIVERS\pikbd.sys [22880 2013-11-30] () [File not signed]
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-25] (Synaptics Incorporated)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 catchme; \??\C:\Gotcha\catchme.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 18:41 - 2015-01-05 18:41 - 00021746 _____ () C:\Users\Ginny\Desktop\FRST.txt
2015-01-05 18:40 - 2015-01-05 18:41 - 00000000 ____D () C:\FRST
2015-01-05 18:39 - 2015-01-05 18:40 - 02123776 _____ (Farbar) C:\Users\Ginny\Desktop\FRST64.exe
2015-01-05 18:35 - 2015-01-05 18:36 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Ginny\Desktop\rkill.exe
2015-01-05 16:45 - 2015-01-05 16:45 - 00033240 _____ () C:\ComboFix.txt
2015-01-04 19:30 - 2015-01-04 19:30 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-04 19:25 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-04 19:25 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-04 18:58 - 2015-01-04 18:59 - 00270416 _____ () C:\Windows\Minidump\010415-35490-01.dmp
2015-01-04 18:58 - 2015-01-04 18:58 - 502361546 _____ () C:\Windows\MEMORY.DMP
2015-01-04 18:13 - 2015-01-05 16:38 - 00002882 _____ () C:\Windows\PFRO.log
2015-01-04 17:42 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-04 17:42 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-04 17:42 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-04 17:42 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-04 17:42 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-04 17:42 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-04 17:42 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-04 17:42 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-04 17:17 - 2015-01-05 16:38 - 00000392 _____ () C:\Windows\setupact.log
2015-01-04 17:17 - 2015-01-04 17:17 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-04 17:08 - 2015-01-05 16:45 - 00000000 ____D () C:\Qoobox
2015-01-04 17:08 - 2015-01-05 16:33 - 00000000 ____D () C:\Windows\erdnt
2015-01-04 17:08 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-04 17:08 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-04 17:08 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-04 17:08 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-04 17:08 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-04 17:08 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-04 17:08 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-04 17:08 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-04 17:05 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-04 17:05 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-01-04 17:03 - 2015-01-04 17:05 - 05609858 ____R (Swearware) C:\Users\Ginny\Desktop\Gotcha.exe
2015-01-04 16:58 - 2015-01-04 16:58 - 00085504 _____ () C:\Users\Ginny\Desktop\Inherit.exe
2015-01-04 16:55 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-04 16:55 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-04 16:54 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-04 16:46 - 2015-01-04 16:48 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Ginny\Desktop\tdsskiller.exe
2015-01-04 16:42 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-04 16:42 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-04 16:42 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-04 16:42 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-04 16:42 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-04 16:42 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-04 16:42 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-04 16:42 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-04 16:42 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-04 16:42 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-04 16:42 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-04 16:42 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-04 16:06 - 2015-01-04 16:38 - 05317104 _____ (Piriform Ltd) C:\Users\Ginny\Downloads\ccsetup501.exe
2015-01-04 16:02 - 2015-01-04 16:02 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-04 16:02 - 2015-01-04 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-04 16:01 - 2014-11-17 20:04 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-04 10:53 - 2015-01-05 18:37 - 00002498 _____ () C:\Users\Ginny\Desktop\Rkill.txt
2015-01-04 10:52 - 2015-01-04 10:52 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Ginny\Desktop\WiNlOgOn.exe
2015-01-03 22:24 - 2015-01-03 22:24 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-01-02 20:28 - 2015-01-02 20:28 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2015-01-02 20:23 - 2015-01-04 15:53 - 00000000 ____D () C:\Users\Ginny\Desktop\bluescreenview-x64
2015-01-02 20:23 - 2015-01-02 20:23 - 00084917 _____ () C:\Users\Ginny\Desktop\bluescreenview-x64.zip
2015-01-01 15:32 - 2015-01-01 15:35 - 02073112 _____ (Trend Micro Inc.) C:\Users\Ginny\Downloads\HousecallLauncher (1).exe
2015-01-01 15:28 - 2015-01-01 15:28 - 00010278 _____ () C:\Users\Ginny\Downloads\hijackthis.log
2015-01-01 15:26 - 2015-01-01 15:26 - 00009760 _____ () C:\Users\Ginny\Desktop\hijackthis.log
2015-01-01 15:14 - 2015-01-04 15:53 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6
2015-01-01 15:13 - 2015-01-04 15:54 - 00000000 ____D () C:\Program Files (x86)\FrostWire
2014-12-31 17:57 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-12-31 17:57 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-12-31 17:57 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-12-31 17:57 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-12-31 17:56 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-12-31 17:56 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-12-31 17:55 - 2009-11-18 07:16 - 00078936 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2014-12-31 17:55 - 2009-11-18 07:13 - 00607832 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2014-12-31 14:32 - 2014-12-31 14:32 - 00000000 _____ () C:\asc_rdflag

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 18:06 - 2013-12-12 19:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-05 17:45 - 2013-11-27 16:54 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-05 16:47 - 2009-07-13 22:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 16:47 - 2009-07-13 22:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 16:45 - 2014-09-01 20:41 - 01235340 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 16:40 - 2014-11-30 11:12 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-05 16:40 - 2013-11-27 16:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 16:40 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-05 16:39 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 16:32 - 2014-02-13 13:13 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-05 16:11 - 2013-11-27 17:00 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-05 15:59 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2015-01-05 15:05 - 2013-11-27 17:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-04 19:30 - 2014-04-27 20:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-04 19:30 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-04 19:28 - 2013-11-27 18:57 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-04 19:26 - 2013-11-27 18:57 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-04 18:58 - 2013-12-11 07:43 - 00000000 ____D () C:\Windows\Minidump
2015-01-04 17:23 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Default
2015-01-04 16:38 - 2013-11-27 17:21 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-04 16:38 - 2013-11-27 17:21 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-04 15:56 - 2013-11-26 20:50 - 00000000 ____D () C:\Users\Ginny
2015-01-04 15:55 - 2014-10-16 14:36 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
2015-01-04 15:54 - 2014-11-30 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-01-04 15:54 - 2014-05-30 16:36 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-04 15:54 - 2014-05-15 07:14 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\ProductData
2015-01-04 15:54 - 2014-04-22 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-04 15:54 - 2014-04-22 16:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-04 15:54 - 2014-03-25 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-04 15:54 - 2014-03-25 19:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-04 15:54 - 2014-03-25 19:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-04 15:54 - 2014-02-13 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2015-01-04 15:54 - 2014-02-13 13:14 - 00000000 ____D () C:\ProgramData\IObit
2015-01-04 15:54 - 2013-12-10 18:23 - 00000000 ____D () C:\Program Files (x86)\FrostWire 5
2015-01-04 15:54 - 2013-12-08 22:24 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-04 15:54 - 2013-11-27 19:18 - 00000000 ____D () C:\Windows\pss
2015-01-04 15:54 - 2013-11-27 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-04 15:54 - 2013-11-27 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-04 15:54 - 2013-11-26 21:00 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-01-04 15:54 - 2013-11-26 21:00 - 00000000 ____D () C:\Windows\system32\SRSLabs
2015-01-04 15:54 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-04 15:54 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-04 15:54 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\servicing
2015-01-04 15:54 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-04 15:54 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-04 15:53 - 2014-02-13 13:14 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-04 15:53 - 2013-11-26 20:50 - 00000000 ____D () C:\Users\Ginny\AppData\Local\VirtualStore
2015-01-04 15:53 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2015-01-04 15:52 - 2014-05-30 19:51 - 00000000 ___RD () C:\Users\Ginny\Dropbox
2015-01-04 15:52 - 2014-05-30 16:24 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\Dropbox
2015-01-04 15:52 - 2014-02-13 13:13 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\IObit
2015-01-04 15:52 - 2013-12-10 18:23 - 00000000 ____D () C:\Users\Ginny\.frostwire5
2015-01-04 15:51 - 2013-11-27 16:53 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-03 22:33 - 2014-04-24 20:50 - 00000000 ____D () C:\AdwCleaner
2015-01-01 16:30 - 2014-08-04 10:34 - 00000010 _____ () C:\Users\Ginny\AppData\Local\sponge.last.runtime.cache
2015-01-01 15:07 - 2014-11-12 16:38 - 00000000 _____ () C:\Users\Ginny\Desktop\refer.txt
2014-12-31 14:32 - 2014-02-16 13:52 - 63844352 _____ () C:\Windows\system32\config\software.iodefrag.bak
2014-12-31 14:32 - 2014-02-16 13:52 - 00290816 _____ () C:\Windows\system32\config\default.iodefrag.bak
2014-12-31 14:32 - 2014-02-16 13:52 - 00028672 _____ () C:\Windows\system32\config\security.iodefrag.bak
2014-12-31 14:32 - 2014-02-16 13:52 - 00024576 _____ () C:\Windows\system32\config\sam.iodefrag.bak
2014-12-06 22:58 - 2014-06-17 15:17 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\Skype

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-04 09:37

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
Ran by Ginny at 2015-01-05 18:41:47
Running from C:\Users\Ginny\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.23 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Dropbox (HKU\S-1-5-21-3370004212-2481374857-3576566069-1000\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.18 - Dell Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
f.lux (HKU\S-1-5-21-3370004212-2481374857-3576566069-1000\...\Flux) (Version: - )
FrostWire 5.7.7 (HKLM-x32\...\FrostWire 5) (Version: 5.7.7.2 - FrostWire LLC)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2097 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.9.2622 - IObit)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.28.0 - Dell)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.5.1 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6622 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30098 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.15.0 - Synaptics Incorporated)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3370004212-2481374857-3576566069-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ginny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3370004212-2481374857-3576566069-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3370004212-2481374857-3576566069-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3370004212-2481374857-3576566069-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3370004212-2481374857-3576566069-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3370004212-2481374857-3576566069-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3370004212-2481374857-3576566069-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3370004212-2481374857-3576566069-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3370004212-2481374857-3576566069-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ginny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

14-12-2014 00:38:09 Windows Update
17-12-2014 18:10:01 Windows Update
23-12-2014 20:28:46 Windows Update
26-12-2014 21:14:36 Windows Update
31-12-2014 14:38:53 Windows Update
31-12-2014 17:52:14 Driver Booster : Dell Wireless 365 Bluetooth Module
31-12-2014 17:55:59 Installed DirectX
04-01-2015 15:47:45 Restore Operation
04-01-2015 15:57:11 avast! antivirus system restore point
04-01-2015 19:24:34 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-01-05 16:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DFF1B47-CAD6-494E-96A3-1F0E31981050} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {12EB2123-E131-489F-A8C6-36C8C546282C} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit)
Task: {2135B418-A76B-48D5-89C9-DF74FBD0C81A} - System32\Tasks\{DD217A2C-C937-400C-BEDE-18259E6699F5} => Chrome.exe http://ui.skype.com/ui/0/6.18.0.105/en/abandoninstall?source=lightinstaller&page=tsBing
Task: {2C65A4AD-BD0A-4671-BA3C-D3E123E3E896} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-27] (Adobe Systems Incorporated)
Task: {6370087C-89AC-4539-993C-9A091F68F48D} - System32\Tasks\ASC7_SkipUac_Ginny => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit)
Task: {6D5B46B2-E5B8-4992-8D25-D1E0B825D5F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-27] (Google Inc.)
Task: {9224F2A6-CEF4-4D5E-B86B-7AB306BA4702} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-17] (AVAST Software)
Task: {B1227B10-0593-460C-A38D-2BAF2B1A7923} - System32\Tasks\HP Deskjet 1050 J410 series.exe_{39556F38-5841-4AF9-845D-8A499BA4D1CA} => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HP Deskjet 1050 J410 series.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {B602B15D-31BC-47FE-96B4-BF9C9C3F68B0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CCA87929-ED06-4431-83D3-A2F469A71790} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-01-05 15:05 - 2015-01-05 15:05 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010501\algo.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2013-11-27 16:53 - 2013-11-27 16:53 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-02 13:40 - 2013-09-02 13:40 - 01430488 _____ () C:\Program Files (x86)\WOT\WOT.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService7 => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: IAStorDataMgrSvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TurboBoost => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Ginny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSystemDetect =>
MSCONFIG\startupreg: DriverMax =>
MSCONFIG\startupreg: DriverMax_RESTART =>
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3370004212-2481374857-3576566069-500 - Administrator - Disabled)
Ginny (S-1-5-21-3370004212-2481374857-3576566069-1000 - Administrator - Enabled) => C:\Users\Ginny
Guest (S-1-5-21-3370004212-2481374857-3576566069-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3370004212-2481374857-3576566069-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2015 06:32:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000003cbc8
Faulting process id: 0x7e8
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3

Error: (01/05/2015 04:40:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2015 04:05:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000003cbc8
Faulting process id: 0x864
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (01/05/2015 04:05:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000003cbc8
Faulting process id: 0x8fc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (01/05/2015 04:05:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000003cbc8
Faulting process id: 0x73c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (01/05/2015 03:55:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/05/2015 03:55:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/05/2015 03:04:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 07:33:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 07:00:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (01/05/2015 04:41:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (01/05/2015 04:41:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (01/05/2015 04:40:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/05/2015 04:39:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (01/05/2015 04:39:19 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.

Error: (01/05/2015 04:39:19 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Error: (01/05/2015 04:33:35 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/05/2015 04:

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share


×
×
  • Create New...