Not sure what's wrong?

[sanguillen72]

Hello,

 

First off, if I am posting this in the wrong location, please accept my apologies and let me know where I should post it.

 

Lately I've been running into an issue where there are times (not always, of course) when my laptop becomes so "busy" that I'm unable to run anything else and am forced to reboot, even though I'm not really running anything that should max my resources. The hard drive light will just stay on, and I can't open anything new (including Firefox) while the mouse cursor will just stay in the circular "thinking" swirl. Sometimes this might occur if I've been away from keyboard for awhile - at that point I can't even get the display (which has turned off after a certain period of inactivity) to turn back on (the hard drive light will be constantly on). I have run Spybot S & D, as well as the online PC Pitstop antivirus and TrendMicro malware scan, but they are not finding anything (they did prompt me to clean up my temp files and defrag and such, which I have done). Here are my logs as per your instructions:

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17937 BrowserJavaVersion: 11.31.2
Run by Matti at 5:52:43 on 2015-08-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.5108 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\lsm.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\System32\igfxtray.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\GWX\GWX.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=hp&installDate=28/04/2013
uWindow Title = Presented by TOSHIBA Leading Innovation >>>
uSearch Bar = about:blank
uSearch Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&q={searchTerms}&installDate=28/04/2013
uDefault_Page_URL = hxxp://www.toshiba.ca/welcome
uSearchAssistant = about:blank
mWinlogon: Userinit = userinit.exe
BHO: CouponDropDown: {11111111-1111-1111-1111-110011431152} -
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Device Detector] DevDetect.exe -autorun
uRun: [Dropbox Update] "C:\Users\Matti\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [spybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
mRun: [PC Pitstop PC Matic Reminder] C:\Program Files (x86)\PCPitstop\PC Matic\Reminder-PCMatic.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{1B4C4329-BFA5-49E5-95BE-99F7CB015D9D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{1B4C4329-BFA5-49E5-95BE-99F7CB015D9D}\736323132353 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{1B4C4329-BFA5-49E5-95BE-99F7CB015D9D}\A456E605F62747 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{1B4C4329-BFA5-49E5-95BE-99F7CB015D9D}\C4964747C65626F697 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [ACPW08EN] "C:\Program Files\ACD Systems\ACDSee Pro\8.0\acdIDInTouch2.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&installDate=28/04/2013&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-5-6 28992]
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1207020.003\symds64.sys [2012-6-11 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2012-6-11 912504]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2012-2-5 482384]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20150810.001\BHDrvx64.sys [2015-8-11 1650936]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20150814.001\IDSviA64.sys [2015-8-14 692984]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2012-6-11 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1207020.003\symnets.sys [2012-6-11 386168]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 DiagTrack;Diagnostics Tracking Service;C:\windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]
R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2015-8-15 198480]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2015-8-14 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2015-8-14 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2015-8-14 171928]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-12-8 267192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-5 2656280]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 CeKbFilter;CeKbFilter;C:\windows\System32\drivers\CeKbFilter.sys [2012-2-5 20592]
R3 enecir;ENE CIR Receiver;C:\windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 enecirhid;ENE CIR HID Receiver;C:\windows\System32\drivers\enecirhid.sys [2009-5-20 14848]
R3 enecirhidma;ENE CIR HIDmini Filter;C:\windows\System32\drivers\enecirhidma.sys [2008-4-24 6656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-7-28 153936]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2011-1-31 174168]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-2-5 38096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-20 822704]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-12-25 42392]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 Service KMSELDI;Service KMSELDI;C:\Program Files\KMSpico\Service_KMS.exe [2013-12-27 37888]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-8-17 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2015-8-12 114688]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-10-1 19456]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-2-5 54136]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-10-1 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2014-10-1 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-5-4 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-08-16 09:50:25 -------- d-----w- C:\HJT
2015-08-16 01:56:06 -------- d-----w- C:\ProgramData\PCPitstop
2015-08-16 01:56:06 -------- d-----w- C:\Program Files (x86)\PCPitstop
2015-08-16 01:42:58 307352 ----a-w- C:\windows\System32\drivers\tmcomm.sys
2015-08-15 03:10:13 -------- d-----w- C:\Program Files (x86)\NirSoft
2015-08-14 23:39:09 -------- d-----w- C:\Program Files\Common Files\AV
2015-08-14 23:28:36 21040 ----a-w- C:\windows\System32\sdnclean64.exe
2015-08-14 23:28:35 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2015-08-14 23:28:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-08-14 01:21:30 210088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\sandboxbroker.dll
2015-08-14 01:21:05 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\plugins\npqtplugin5.dll
2015-08-14 01:21:01 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\plugins\npqtplugin4.dll
2015-08-14 01:21:01 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\plugins\npqtplugin3.dll
2015-08-14 01:21:01 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\plugins\npqtplugin2.dll
2015-08-14 01:21:01 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\plugins\npqtplugin.dll
2015-08-14 01:19:10 229608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\plugins\nppdf32.dll
2015-08-14 01:18:57 34072 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\plugins\npMeetingJoinPluginOC.dll
2015-08-14 01:18:57 172200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\plugin-hang-ui.exe
2015-08-14 01:18:49 271016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\plugin-container.exe
2015-08-14 01:18:32 93864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\nssdbm3.dll
2015-08-14 01:13:50 970912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\msvcr120.dll
2015-08-14 01:13:50 455328 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\msvcp120.dll
2015-08-14 01:13:50 430760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\nssckbi.dll
2015-08-14 01:13:50 17064 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\mozalloc.dll
2015-08-14 01:13:50 1682600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\nss3.dll
2015-08-14 01:13:50 105640 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\mozglue.dll
2015-08-14 01:13:46 153096 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\maintenanceservice_installer.exe
2015-08-14 01:13:46 148136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\maintenanceservice.exe
2015-08-14 01:13:16 895656 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\libGLESv2.dll
2015-08-14 01:12:51 42152 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\libEGL.dll
2015-08-14 01:12:38 825512 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\icuuc52.dll
2015-08-14 01:12:13 1079976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\icuin52.dll
2015-08-14 01:11:43 188584 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\gmp-clearkey\0.1\clearkey.dll
2015-08-14 01:11:43 10397352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\icudt52.dll
2015-08-14 01:11:30 330920 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\freebl3.dll
2015-08-14 01:11:26 377000 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\firefox.exe
2015-08-14 01:10:35 3466856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\d3dcompiler_47.dll
2015-08-14 01:10:18 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\D3DCompiler_43.dll
2015-08-14 01:10:06 283304 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\crashreporter.exe
2015-08-14 01:07:21 51880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll
2015-08-14 01:06:59 109736 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2015-08-14 01:06:51 20648 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2015-08-12 10:57:12 124624 ----a-w- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 10:57:12 103120 ----a-w- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 07:49:58 5568960 ----a-w- C:\windows\System32\ntoskrnl.exe
2015-08-12 07:48:59 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2015-08-06 23:38:14 970912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr120.dll
2015-08-04 18:58:34 -------- d-----w- C:\Users\Matti\AppData\Roaming\webex
2015-08-04 18:58:17 -------- d-----w- C:\Users\Matti\AppData\Local\WebEx
2015-08-04 18:58:05 -------- d-----w- C:\ProgramData\WebEx
2015-08-02 16:38:58 -------- d-----w- C:\Users\Matti\AppData\Local\Dropbox
2015-08-02 16:38:58 -------- d-----w- C:\ProgramData\Dropbox
2015-07-26 20:32:02 -------- d-----w- C:\Users\Matti\AppData\Roaming\Tific
2015-07-26 20:30:18 -------- d-----w- C:\Users\Matti\AppData\Local\Symantec
2015-07-21 19:27:18 2731744 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL
2015-07-21 09:57:14 4379280 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL
.
==================== Find3M ====================
.
2015-08-13 09:48:40 778440 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2015-08-13 09:48:40 142536 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-30 18:06:57 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2015-07-30 18:06:57 1648128 ----a-w- C:\windows\System32\DWrite.dll
2015-07-30 18:06:57 1180160 ----a-w- C:\windows\System32\FntCache.dll
2015-07-30 18:06:42 41984 ----a-w- C:\windows\System32\lpk.dll
2015-07-30 18:06:39 100864 ----a-w- C:\windows\System32\fontsub.dll
2015-07-30 18:06:35 14336 ----a-w- C:\windows\System32\dciman32.dll
2015-07-30 18:06:34 46080 ----a-w- C:\windows\System32\atmlib.dll
2015-07-30 17:57:30 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- C:\windows\SysWow64\DWrite.dll
2015-07-30 17:57:08 70656 ----a-w- C:\windows\SysWow64\fontsub.dll
2015-07-30 17:57:05 10240 ----a-w- C:\windows\SysWow64\dciman32.dll
2015-07-30 17:57:02 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2015-07-30 17:55:56 25600 ----a-w- C:\windows\SysWow64\lpk.dll
2015-07-30 16:56:07 3208192 ----a-w- C:\windows\System32\win32k.sys
2015-07-30 16:52:53 372736 ----a-w- C:\windows\System32\atmfd.dll
2015-07-30 16:49:55 299520 ----a-w- C:\windows\SysWow64\atmfd.dll
2015-07-28 20:09:44 17344 ----a-w- C:\windows\System32\CompatTelRunner.exe
2015-07-28 20:05:53 774656 ----a-w- C:\windows\System32\invagent.dll
2015-07-28 20:05:50 743424 ----a-w- C:\windows\System32\generaltel.dll
2015-07-28 20:05:47 437760 ----a-w- C:\windows\System32\devinv.dll
2015-07-28 20:05:45 1116672 ----a-w- C:\windows\System32\appraiser.dll
2015-07-28 20:05:44 69120 ----a-w- C:\windows\System32\acmigration.dll
2015-07-28 20:05:44 227328 ----a-w- C:\windows\System32\aepdu.dll
2015-07-28 19:55:14 1148416 ----a-w- C:\windows\System32\aeinv.dll
2015-07-20 18:12:45 98304 ----a-w- C:\windows\System32\wudriver.dll
2015-07-20 18:12:45 3154944 ----a-w- C:\windows\System32\wucltux.dll
2015-07-20 18:12:45 192000 ----a-w- C:\windows\System32\wuwebv.dll
2015-07-20 18:12:16 91136 ----a-w- C:\windows\System32\WinSetupUI.dll
2015-07-20 18:12:05 12288 ----a-w- C:\windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02 37376 ----a-w- C:\windows\System32\wuapp.exe
2015-07-20 17:56:49 93184 ----a-w- C:\windows\SysWow64\wudriver.dll
2015-07-20 17:56:49 173056 ----a-w- C:\windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08 34816 ----a-w- C:\windows\SysWow64\wuapp.exe
2015-07-16 20:54:49 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2015-07-16 20:54:33 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2015-07-16 20:37:26 66560 ----a-w- C:\windows\System32\iesetup.dll
2015-07-16 20:36:31 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2015-07-16 20:36:22 417792 ----a-w- C:\windows\System32\html.iec
2015-07-16 20:36:21 584192 ----a-w- C:\windows\System32\vbscript.dll
2015-07-16 20:26:00 5923328 ----a-w- C:\windows\System32\jscript9.dll
2015-07-16 20:21:50 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2015-07-16 20:21:47 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2015-07-16 20:21:25 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2015-07-16 20:12:23 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2015-07-16 20:06:43 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2015-07-16 20:00:07 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2015-07-16 19:51:47 504320 ----a-w- C:\windows\SysWow64\vbscript.dll
2015-07-16 19:51:46 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2015-07-16 19:50:54 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2015-07-16 19:50:38 341504 ----a-w- C:\windows\SysWow64\html.iec
2015-07-16 19:49:37 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2015-07-16 19:39:20 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2015-07-16 19:38:51 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2015-07-16 19:33:23 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2015-07-16 19:32:53 2125824 ----a-w- C:\windows\System32\inetcpl.cpl
2015-07-16 19:24:03 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-07-16 19:12:42 2427904 ----a-w- C:\windows\System32\wininet.dll
2015-07-16 19:12:39 4520448 ----a-w- C:\windows\SysWow64\jscript9.dll
2015-07-16 19:12:29 856064 ----a-w- C:\windows\SysWow64\rdvidcrl.dll
2015-07-16 19:12:29 53248 ----a-w- C:\windows\SysWow64\tsgqec.dll
2015-07-16 19:12:28 6131200 ----a-w- C:\windows\SysWow64\mstscax.dll
2015-07-16 19:11:27 62976 ----a-w- C:\windows\System32\tsgqec.dll
2015-07-16 19:11:26 7077376 ----a-w- C:\windows\System32\mstscax.dll
2015-07-16 19:11:26 1057792 ----a-w- C:\windows\System32\rdvidcrl.dll
2015-07-16 19:06:06 2052608 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2015-07-16 19:05:15 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2015-07-16 18:42:02 1951232 ----a-w- C:\windows\SysWow64\wininet.dll
2015-07-15 18:15:11 94656 ----a-w- C:\windows\System32\drivers\mountmgr.sys
2015-07-15 18:15:10 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2015-07-15 18:15:10 155584 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2015-07-15 18:12:09 1730496 ----a-w- C:\windows\System32\ntdll.dll
2015-07-15 18:11:14 362496 ----a-w- C:\windows\System32\wow64win.dll
2015-07-15 18:11:14 243712 ----a-w- C:\windows\System32\wow64.dll
2015-07-15 18:11:14 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2015-07-15 18:11:13 215040 ----a-w- C:\windows\System32\winsrv.dll
2015-07-15 18:11:01 210944 ----a-w- C:\windows\System32\wdigest.dll
2015-07-15 18:09:57 338432 ----a-w- C:\windows\System32\conhost.exe
2015-07-15 18:09:52 64000 ----a-w- C:\windows\System32\auditpol.exe
2015-07-15 18:05:47 60416 ----a-w- C:\windows\System32\msobjs.dll
2015-07-15 18:05:26 146432 ----a-w- C:\windows\System32\msaudite.dll
2015-07-15 17:59:45 3989952 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2015-07-15 17:59:45 3934656 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2015-07-15 17:56:24 1311768 ----a-w- C:\windows\SysWow64\ntdll.dll
2015-07-15 17:55:07 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2015-07-15 17:55:04 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2015-07-15 17:55:02 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2015-07-15 17:55:00 248832 ----a-w- C:\windows\SysWow64\schannel.dll
2015-07-15 17:55:00 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2015-07-15 17:54:56 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2015-07-15 17:54:55 221184 ----a-w- C:\windows\SysWow64\ncrypt.dll
2015-07-15 17:54:54 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2015-07-15 17:54:49 552960 ----a-w- C:\windows\SysWow64\kerberos.dll
2015-07-15 17:54:43 36864 ----a-w- C:\windows\SysWow64\cryptbase.dll
2015-07-15 17:54:43 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2015-07-15 17:54:40 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2015-07-15 17:54:22 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2015-07-15 17:53:53 50176 ----a-w- C:\windows\SysWow64\auditpol.exe
2015-07-15 17:53:37 5120 ----a-w- C:\windows\SysWow64\wow32.dll
.
============= FINISH: 5:53:28.22 ===============

attach.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 03/05/2012 11:21:33 PM
System Uptime: 16/08/2015 3:36:04 AM (2 hours ago)
.
Motherboard: TOSHIBA | | PEQAA
Processor: Intel® Core i7-2670QM CPU @ 2.20GHz | CPU 1 | 2201/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 685 GiB total, 528.628 GiB free.
D: is CDROM ()
H: is FIXED (NTFS) - 2795 GiB total, 611.853 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP416: 15/08/2015 1:31:05 AM - Scheduled Checkpoint
RP417: 15/08/2015 9:28:06 PM - Removed Arkadin Softphone 2.0.1.3
.
==== Installed Programs ======================
.
ACDSee 8
ACDSee Photo Manager 12
Adobe Flash Player 11 ActiveX 64-bit
Adobe Flash Player 18 NPAPI
Adobe Reader XI (11.0.12)
Adobe Refresh Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Baldur's Gate - Enhanced Edition
Battle.net
Bejeweled 2 Deluxe
Bing Bar
Bonjour
boxscore
Cake Mania - Lights, Camera, Action!
Chuzzle Deluxe
CompuApps SwissKnife V3
CouponDropDown
D3DX10
Definition Update for Microsoft Office 2013 (KB3055013) 64-Bit Edition
DelinvFile - 5.01 [64-bit]
Diablo III
Directory Lister Pro 64bit v1.68
Directory Lister Pro v1.68
DOOM 3 BFG Edition
Dropbox
Duke Nukem - Manhattan Project
ENE CIR Receiver Driver
ExtractNow
Far Cry
Far Cry (Patch 1.4)
FATE - The Traitor Soul
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker 2 Premium Edition
HP Officejet 6500 E710n-z Basic Device Software
HP Officejet 6500 E710n-z Help
HP Officejet 6500 E710n-z Product Improvement Study
HP Update
I.R.I.S. OCR
Intel PROSet Wireless
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® Wireless Display
iTunes
Java 8 Update 31
Java Auto Updater
JDownloader 0.9
JDownloader 2.0
Jewel Quest - Heritage
JMicron Flash Media Controller Driver
Junk Mail filter update
KMSpico 4.1
LeapFrog Connect
LeapFrog My Pals Plugin
Marketsplash Shortcuts
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.2
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Application Error Reporting
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Primary Interoperability Assemblies 2005
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Word MUI (English) 2013
Mozilla Firefox 40.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Mystery P.I. - The London Caper
NirSoft ShellExView
Norton Internet Security
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 296.10
NVIDIA Control Panel 296.10
NVIDIA Graphics Driver 296.10
NVIDIA Install Application
NVIDIA Optimus 1.7.11
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Update Components
OpenAL
Outils de vérification linguistique 2013 de Microsoft Office - Français
PC Matic 1.1.0.55
PC Pitstop Info Center 1.0.0.18
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Polar Bowler
QuickTime 7
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4.5.2 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.2 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)
Security Update for Microsoft Excel 2013 (KB3054991) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2910941) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB3039734) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB3039749) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB3039798) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB3054816) 64-Bit Edition
Security Update for Microsoft PowerPoint 2013 (KB3055029) 64-Bit Edition
Security Update for Microsoft Word 2013 (KB3055030) 64-Bit Edition
Security Update for Skype for Business 2015 (KB3055014) 64-Bit Edition
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition
Skype Toolbars
Skype™ 7.0
Slingo Supreme
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA PC Health Monitor
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Remote Control Manager
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA VIDEO PLAYER
TOSHIBA Web Camera Application
TOSHIBA Wireless Display Monitor
TOSHIBA Wireless LAN Indicator
Update for Microsoft Access 2013 (KB3055016) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760371) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837654) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880487) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881076) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883095) 64-Bit Edition
Update for Microsoft Office 2013 (KB2889863) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899498) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899522) 64-Bit Edition
Update for Microsoft Office 2013 (KB2956152) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965271) 64-Bit Edition
Update for Microsoft Office 2013 (KB2975869) 64-Bit Edition
Update for Microsoft Office 2013 (KB3023052) 64-Bit Edition
Update for Microsoft Office 2013 (KB3023054) 64-Bit Edition
Update for Microsoft Office 2013 (KB3039718) 64-Bit Edition
Update for Microsoft Office 2013 (KB3039762) 64-Bit Edition
Update for Microsoft Office 2013 (KB3039792) 64-Bit Edition
Update for Microsoft Office 2013 (KB3054774) 64-Bit Edition
Update for Microsoft Office 2013 (KB3054783) 64-Bit Edition
Update for Microsoft Office 2013 (KB3054807) 64-Bit Edition
Update for Microsoft Office 2013 (KB3054856) 64-Bit Edition
Update for Microsoft Office 2013 (KB3054935) 64-Bit Edition
Update for Microsoft Office 2013 (KB3054938) 64-Bit Edition
Update for Microsoft Office 2013 (KB3054939) 64-Bit Edition
Update for Microsoft Office 2013 (KB3055000) 64-Bit Edition
Update for Microsoft Office 2013 (KB3055001) 64-Bit Edition
Update for Microsoft Office 2013 (KB3055017) 64-Bit Edition
Update for Microsoft OneDrive for Business (KB3055020) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB3055008) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB3055012) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2013 (KB3054854) 64-Bit Edition
Update for Microsoft Project 2013 (KB3055022) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2883048) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
Utility Common Driver
VLC media player
WildTangent Games
WildTangent ORB Game Console
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Zero Assumption Recovery Version 9
.
==== Event Viewer Messages From Past Week ========
.
15/08/2015 9:22:45 PM, Error: Service Control Manager [7034] - The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
15/08/2015 8:42:56 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
15/08/2015 5:49:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
15/08/2015 5:49:03 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/08/2015 4:50:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.
15/08/2015 4:44:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
15/08/2015 4:41:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
15/08/2015 2:54:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service BBUpdate with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
15/08/2015 2:54:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the BBUpdate service to connect.
15/08/2015 2:54:25 PM, Error: Service Control Manager [7000] - The BBUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/08/2015 2:51:01 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
15/08/2015 2:48:57 PM, Error: Service Control Manager [7022] - The NVIDIA Update Service Daemon service hung on starting.
15/08/2015 11:42:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
15/08/2015 11:42:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
15/08/2015 11:42:24 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
14/08/2015 4:54:07 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
13/08/2015 3:43:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
13/08/2015 3:43:44 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/08/2015 6:03:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wercplsupport service.
12/08/2015 6:03:38 PM, Error: Service Control Manager [7000] - The Problem Reports and Solutions Control Panel Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/08/2015 6:03:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
12/08/2015 6:02:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wercplsupport with arguments "" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
12/08/2015 5:54:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application User Notification Service service to connect.
12/08/2015 5:54:04 PM, Error: Service Control Manager [7000] - The Intel® Management and Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/08/2015 7:43:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
.
==== End Of File ===========================

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01
Ran by Matti (administrator) on MATTI-PC (16-08-2015 05:57:34)
Running from C:\Users\Matti\Downloads
Loaded Profiles: Matti & UpdatusUser (Available Profiles: Matti & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA C

Edited August 16, 2015 by sanguillen72

[sanguillen72]

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01
Ran by Matti (administrator) on MATTI-PC (16-08-2015 05:57:34)
Running from C:\Users\Matti\Downloads
Loaded Profiles: Matti & UpdatusUser (Available Profiles: Matti & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(ACD Systems International Inc.) C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2011-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ACPW08EN] => "C:\Program Files\ACD Systems\ACDSee Pro\8.0\acdIDInTouch2.exe"
HKLM-x32\...\Run: [sVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [TRCMan] => C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [714104 2010-11-02] (TOSHIBA Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [info Center] => C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [28792 2013-12-26] (PC Pitstop LLC)
HKLM-x32\...\Run: [PC Pitstop PC Matic Reminder] => C:\Program Files (x86)\PCPitstop\PC Matic\Reminder-PCMatic.exe [325968 2015-07-30] (PC Pitstop LLC)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-530971516-643861663-3778466986-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-05] (Google Inc.)
HKU\S-1-5-21-530971516-643861663-3778466986-1001\...\Run: [Device Detector] => DevDetect.exe -autorun
HKU\S-1-5-21-530971516-643861663-3778466986-1001\...\Run: [Dropbox Update] => C:\Users\Matti\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-02] (Dropbox, Inc.)
HKU\S-1-5-21-530971516-643861663-3778466986-1001\...\Run: [spybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [260416 2012-02-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [215360 2012-02-29] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matti\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matti\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matti\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matti\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matti\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matti\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matti\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [s-1-5-21-530971516-643861663-3778466986-1001] => http://wpad.com.gr/proxy.pac
HKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=hp&installDate=28/04/2013
HKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&q={searchTerms}&installDate=28/04/2013
HKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshiba.ca/welcome
HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=hp&installDate=28/04/2013
HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKU\S-1-5-21-530971516-643861663-3778466986-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA_enCA482
SearchScopes: HKU\S-1-5-21-530971516-643861663-3778466986-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA_enCA482
SearchScopes: HKU\S-1-5-21-530971516-643861663-3778466986-1004 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-530971516-643861663-3778466986-1004 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-16] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: CouponDropDown -> {11111111-1111-1111-1111-110011431152} -> C:\Program Files (x86)\CouponDropDown\CouponDropDown.dll No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-30] (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05] (<TOSHIBA>)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-16] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-530971516-643861663-3778466986-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-530971516-643861663-3778466986-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1B4C4329-BFA5-49E5-95BE-99F7CB015D9D}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default
FF NewTab: about:blank
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.ca/
FF Keyword.URL: hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&installDate=28/04/2013&q=
FF NetworkProxy: "autoconfig_url", "https://mediahint.com/default.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-13] (Apple Inc.)
FF SearchPlugin: C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\searchplugins\Web Search.xml [2013-04-28]
FF Extension: Media Hint - C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\Extensions\mediahint@jetpack.xpi [2013-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2015-08-15]

Chrome:
=======
CHR Profile: C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-30]
CHR Extension: (Google Drive) - C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-30]
CHR Extension: (YouTube) - C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-30]
CHR Extension: (Google Search) - C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-30]
CHR Extension: (CouponDropDown) - C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjkndgpgkiomekpgdaclpoecngmjonhe [2013-07-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-22]
CHR Extension: (Gmail) - C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-30]
CHR HKLM-x32\...\Chrome\Extension: [fjkndgpgkiomekpgdaclpoecngmjonhe] - C:\Users\Matti\AppData\Local\CouponDropDown\Chrome\CouponDropDown.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [198480 2015-07-30] (PC Pitstop LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [37888 2013-03-03] () [File not signed]
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [526848 2010-12-25] (TOSHIBA Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20150810.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-28] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20150814.001\IDSvia64.sys [692984 2015-06-19] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20150815.001\ENG64.SYS [138488 2015-06-23] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20150815.001\EX64.SYS [2146040 2015-06-23] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-05-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [307352 2015-05-29] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-16 05:57 - 2015-08-16 05:57 - 00053212 _____ C:\Users\Matti\Downloads\Addition.txt
2015-08-16 05:56 - 2015-08-16 05:57 - 00030145 _____ C:\Users\Matti\Downloads\FRST.txt
2015-08-16 05:56 - 2015-08-16 05:57 - 00000000 ____D C:\FRST
2015-08-16 05:55 - 2015-08-16 05:55 - 02173952 _____ (Farbar) C:\Users\Matti\Downloads\FRST64.exe
2015-08-16 05:53 - 2015-08-16 05:53 - 00037014 _____ C:\Users\Matti\Desktop\dds.txt
2015-08-16 05:53 - 2015-08-16 05:53 - 00015101 _____ C:\Users\Matti\Desktop\attach.txt
2015-08-16 05:52 - 2015-08-16 05:52 - 00688992 ____R (Swearware) C:\Users\Matti\Downloads\dds.scr
2015-08-16 05:50 - 2015-08-16 05:50 - 00000000 ____D C:\HJT
2015-08-15 21:56 - 2015-08-16 05:36 - 00000000 ____D C:\ProgramData\PCPitstop
2015-08-15 21:56 - 2015-08-15 21:56 - 00001251 _____ C:\Users\Matti\Desktop\PC Matic.lnk
2015-08-15 21:56 - 2015-08-15 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Pitstop
2015-08-15 21:56 - 2015-08-15 21:56 - 00000000 ____D C:\Program Files (x86)\PCPitstop
2015-08-15 21:55 - 2015-08-15 21:55 - 00469738 _____ C:\Users\Matti\AppData\Local\census.cache
2015-08-15 21:55 - 2015-08-15 21:55 - 00229185 _____ C:\Users\Matti\AppData\Local\ars.cache
2015-08-15 21:50 - 2015-08-15 21:50 - 00000010 _____ C:\Users\Matti\AppData\Local\sponge.last.runtime.cache
2015-08-15 21:42 - 2015-08-15 21:42 - 02494944 _____ (Trend Micro Inc.) C:\Users\Matti\Downloads\HousecallLauncher64.exe
2015-08-15 21:42 - 2015-08-15 21:42 - 00000036 _____ C:\Users\Matti\AppData\Local\housecall.guid.cache
2015-08-15 21:42 - 2015-05-29 03:43 - 00307352 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2015-08-15 18:33 - 2015-08-15 18:36 - 02030552 _____ (PC Pitstop LLC ) C:\Users\Matti\Downloads\pcmatic-setup-0000.exe
2015-08-14 23:10 - 2015-08-14 23:10 - 00000000 ____D C:\Users\Matti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
2015-08-14 23:10 - 2015-08-14 23:10 - 00000000 ____D C:\Program Files (x86)\NirSoft
2015-08-14 23:09 - 2015-08-14 23:09 - 00141296 _____ C:\Users\Matti\Downloads\shexview_setup.exe
2015-08-14 19:39 - 2015-08-14 19:39 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-14 19:39 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-08-14 19:28 - 2015-08-14 21:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-14 19:28 - 2015-08-14 19:49 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-08-14 19:28 - 2015-08-14 19:28 - 00001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-08-14 19:28 - 2015-08-14 19:28 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-08-14 19:28 - 2015-08-14 19:28 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2015-08-14 19:28 - 2015-08-14 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-08-14 19:28 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2015-08-14 19:26 - 2015-08-14 19:27 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Matti\Downloads\spybot-2.4.exe
2015-08-12 06:57 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 06:57 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 03:50 - 2015-07-28 16:09 - 00017344 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-08-12 03:50 - 2015-07-28 16:05 - 01116672 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-08-12 03:50 - 2015-07-28 16:05 - 00774656 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-08-12 03:50 - 2015-07-28 16:05 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-08-12 03:50 - 2015-07-28 16:05 - 00437760 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-08-12 03:50 - 2015-07-28 16:05 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-08-12 03:50 - 2015-07-28 16:05 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-08-12 03:50 - 2015-07-28 15:55 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-08-12 03:50 - 2015-07-16 15:12 - 06131200 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-08-12 03:50 - 2015-07-16 15:12 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-08-12 03:50 - 2015-07-16 15:12 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-08-12 03:50 - 2015-07-16 15:11 - 07077376 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-12 03:50 - 2015-07-16 15:11 - 01057792 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-08-12 03:50 - 2015-07-16 15:11 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-08-12 03:50 - 2015-07-11 09:15 - 00429568 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2015-08-12 03:49 - 2015-07-20 20:39 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-08-12 03:49 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-08-12 03:49 - 2015-07-16 16:54 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-08-12 03:49 - 2015-07-16 16:54 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-08-12 03:49 - 2015-07-16 16:37 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-08-12 03:49 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-12 03:49 - 2015-07-16 16:36 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-08-12 03:49 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-12 03:49 - 2015-07-16 16:27 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-08-12 03:49 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-12 03:49 - 2015-07-16 16:26 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-08-12 03:49 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-08-12 03:49 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-12 03:49 - 2015-07-16 16:21 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-08-12 03:49 - 2015-07-16 16:21 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-08-12 03:49 - 2015-07-16 16:21 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-08-12 03:49 - 2015-07-16 16:20 - 19870208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-08-12 03:49 - 2015-07-16 16:12 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-08-12 03:49 - 2015-07-16 16:08 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-08-12 03:49 - 2015-07-16 16:06 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-08-12 03:49 - 2015-07-16 16:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 03:49 - 2015-07-16 15:54 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-08-12 03:49 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-08-12 03:49 - 2015-07-16 15:51 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-08-12 03:49 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-08-12 03:49 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-08-12 03:49 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-08-12 03:49 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-08-12 03:49 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-08-12 03:49 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-08-12 03:49 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-08-12 03:49 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-08-12 03:49 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-08-12 03:49 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-08-12 03:49 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-08-12 03:49 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-12 03:49 - 2015-07-16 15:35 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-08-12 03:49 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-12 03:49 - 2015-07-16 15:33 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-08-12 03:49 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-12 03:49 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-08-12 03:49 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 03:49 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-08-12 03:49 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-08-12 03:49 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-08-12 03:49 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-08-12 03:49 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-12 03:49 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-08-12 03:49 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-08-12 03:49 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-08-12 03:49 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-08-12 03:49 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-12 03:49 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-08-12 03:49 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-08-12 03:49 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-08-12 03:49 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-08-12 03:49 - 2015-07-15 14:15 - 05568960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-12 03:49 - 2015-07-15 14:15 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-08-12 03:49 - 2015-07-15 14:15 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-08-12 03:49 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-12 03:49 - 2015-07-15 14:12 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-12 03:49 - 2015-07-15 14:11 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-08-12 03:49 - 2015-07-15 14:11 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-08-12 03:49 - 2015-07-15 14:11 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-08-12 03:49 - 2015-07-15 14:11 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-08-12 03:49 - 2015-07-15 14:11 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-08-12 03:49 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-12 03:49 - 2015-07-15 14:10 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-08-12 03:49 - 2015-07-15 14:10 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-08-12 03:49 - 2015-07-15 14:10 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-08-12 03:49 - 2015-07-15 14:10 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-08-12 03:49 - 2015-07-15 14:10 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-08-12 03:49 - 2015-07-15 14:10 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-08-12 03:49 - 2015-07-15 14:10 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-08-12 03:49 - 2015-07-15 14:10 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-08-12 03:49 - 2015-07-15 14:10 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-08-12 03:49 - 2015-07-15 14:10 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-08-12 03:49 - 2015-07-15 14:10 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-08-12 03:49 - 2015-07-15 14:10 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-08-12 03:49 - 2015-07-15 14:10 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-08-12 03:49 - 2015-07-15 14:10 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-08-12 03:49 - 2015-07-15 14:10 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-08-12 03:49 - 2015-07-15 14:10 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-12 03:49 - 2015-07-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-08-12 03:49 - 2015-07-15 14:10 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-08-12 03:49 - 2015-07-15 14:10 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-08-12 03:49 - 2015-07-15 14:10 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-08-12 03:49 - 2015-07-15 14:10 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-08-12 03:49 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-08-12 03:49 - 2015-07-15 14:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-08-12 03:49 - 2015-07-15 14:09 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-08-12 03:49 - 2015-07-15 14:05 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-08-12 03:49 - 2015-07-15 14:05 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-08-12 03:49 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-08-12 03:49 - 2015-07-15 13:56 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-08-12 03:49 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-08-12 03:49 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-08-12 03:49 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-08-12 03:49 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-08-12 03:49 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-08-12 03:49 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-08-12 03:49 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-08-12 03:49 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-08-12 03:49 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-08-12 03:49 - 2015-07-15 13:54 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-08-12 03:49 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-08-12 03:49 - 2015-07-15 13:54 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-08-12 03:49 - 2015-07-15 13:53 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-08-12 03:49 - 2015-07-15 13:53 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-08-12 03:49 - 2015-07-15 13:53 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-08-12 03:49 - 2015-07-15 13:53 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-08-12 03:49 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-08-12 03:49 - 2015-07-15 13:53 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-08-12 03:49 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-08-12 03:49 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 12:46 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-08-12 03:49 - 2015-07-15 12:46 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-08-12 03:49 - 2015-07-15 12:46 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-08-12 03:49 - 2015-07-15 12:37 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-08-12 03:49 - 2015-07-15 12:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-08-12 03:49 - 2015-07-15 12:34 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 12:34 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 12:34 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 03:49 - 2015-07-15 12:34 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 03:49 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-12 03:48 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-08-12 03:48 - 2015-07-30 14:06 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-12 03:48 - 2015-07-30 14:06 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-12 03:48 - 2015-07-30 14:06 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-08-12 03:48 - 2015-07-30 14:06 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-12 03:48 - 2015-07-30 14:06 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-08-12 03:48 - 2015-07-30 14:06 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-08-12 03:48 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-08-12 03:48 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-08-12 03:48 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-08-12 03:48 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-08-12 03:48 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-08-12 03:48 - 2015-07-30 13:55 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-08-12 03:48 - 2015-07-30 12:56 - 03208192 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-12 03:48 - 2015-07-30 12:52 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-12 03:48 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-08-12 03:48 - 2015-07-20 14:12 - 03154944 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-08-12 03:48 - 2015-07-20 14:12 - 02606080 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-08-12 03:48 - 2015-07-20 14:12 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-08-12 03:48 - 2015-07-20 14:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-08-12 03:48 - 2015-07-20 14:12 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-08-12 03:48 - 2015-07-20 14:12 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-08-12 03:48 - 2015-07-20 14:12 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-08-12 03:48 - 2015-07-20 14:12 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-08-12 03:48 - 2015-07-20 14:12 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-08-12 03:48 - 2015-07-20 14:12 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-08-12 03:48 - 2015-07-20 14:12 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-08-12 03:48 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-08-12 03:48 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-08-12 03:48 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-08-12 03:48 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-08-12 03:48 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-08-12 03:48 - 2015-07-16 17:14 - 25192448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-12 03:48 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-08-12 03:48 - 2015-07-16 16:35 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-08-12 03:48 - 2015-07-16 15:55 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-08-12 03:48 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-12 03:48 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-12 03:48 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-08-12 03:48 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-08-12 03:48 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-08-12 03:48 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-08-12 03:48 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2015-08-12 03:48 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-08-12 03:48 - 2015-07-10 13:51 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-08-12 03:48 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-08-12 03:48 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-12 03:48 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-12 03:48 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-08-12 03:48 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-12 03:48 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-12 03:48 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-08-12 03:48 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-08-11 18:18 - 2015-08-11 18:18 - 00000000 ____D C:\Users\Matti\AppData

[Juliet]

Hi and welcome

 

NOTE: It is good practice to copy and paste the instructions into notepad and save to desktop and/or print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions

 

Click on the Start button and then select Control Panel. For Windows 8 you can access the Control Panel by searching for Control Panel at the Start Screen. When the Control Panel opens, double-click on one of the options below depending on your version of Windows

 

For Windows Vista, Windows 7 and Windows 8, double-click on the Uninstall Program option.

When the Add or Remove Programs or the Uninstall Program screen is displayed, please scroll through the list of programs and double-click on

 

CouponDropDown

 

please follow the default prompts and allow it to remove all files and all configuration information related to this program.

 

~~~

 

 

Running from C:\Users\Matti\Downloads

 

It's best we move Farbar's to desktop.

 

Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT

Go to an open spot on your desktop, right click and select PASTE

You should now have Farbar Recovery Scan Tool on your desktop.

 

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

 

 

 

start

CreateRestorePoint:

CloseProcesses:

HKLM\...\Run: [] => [X]

HKLM-x32\...\Run: [] => [X]

AutoConfigURL: [s-1-5-21-530971516-643861663-3778466986-1001] => http://wpad.com.gr/proxy.pac

HKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=hp&installDate=28/04/2013

HKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&q={searchTerms}&installDate=28/04/2013

HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=hp&installDate=28/04/2013

HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&q={searchTerms}&installDate=28/04/2013

BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)

BHO-x32: CouponDropDown -> {11111111-1111-1111-1111-110011431152} -> C:\Program Files (x86)\CouponDropDown\CouponDropDown.dll No File

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)

Toolbar: HKU\S-1-5-21-530971516-643861663-3778466986-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

FF SearchPlugin: C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\searchplugins\Web Search.xml [2013-04-28]

CHR Extension: (CouponDropDown) - C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjkndgpgkiomekpgdaclpoecngmjonhe [2013-07-30]

CHR HKLM-x32\...\Chrome\Extension: [fjkndgpgkiomekpgdaclpoecngmjonhe] - C:\Users\Matti\AppData\Local\CouponDropDown\Chrome\CouponDropDown.crx <not found>

C:\Users\Matti\AppData\Local\Temp\ose00000.exe

EmptyTemp:

End

Open FRST/FRST64 and press the > Fix < button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

~~~~~~~~~~~~~~~~~~~`

 

- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

 

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the

"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder

and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and

select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

 

~~~~~~~~~~~~`

 

AdwCleaner

• Please download AdwCleaner and save the file to your Desktop.
• Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
• Follow the prompts.
• Click Scan.
• Upon completion, click Report. A log (AdwCleaner[sX].txt) will open. Briefly check the log for anything you know to be legitimate.
• Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
• Follow the prompts and allow your computer to reboot.
• After rebooting, a log (AdwCleaner[sX].txt) will open. Copy the contents of the log and paste in your next reply.
• -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

   

  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   

   

  

  Please download Junkware Removal Tool

  or from here http://downloads.malwarebytes.org/file/jrt

  to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  ~~~
  • Please download CKScanner and save the file to your Desktop.
  • Right-Click CKScanner.exe and select Run as administrator to run the programme.
  • Click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Please run this programme only once.
  • A log (CKFiles.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.
  ~~~

   

  please post

  Fixlog.txt

  AdwCleaner[CX].txt

  JRT.txt

  CKFiles.txt

[sanguillen72]

Hi Juliet,

 

Thank you for the reply. Here are the logs you requested:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by Matti (2015-08-16 16:16:57) Run:1
Running from C:\Users\Matti\Desktop
Loaded Profiles: Matti & UpdatusUser (Available Profiles: Matti & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
AutoConfigURL: [s-1-5-21-530971516-643861663-3778466986-1001] => http://wpad.com.gr/proxy.pac
HKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=hp&installDate=28/04/2013
HKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&q={searchTerms}&installDate=28/04/2013
HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=hp&installDate=28/04/2013
HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&q={searchTerms}&installDate=28/04/2013
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: CouponDropDown -> {11111111-1111-1111-1111-110011431152} -> C:\Program Files (x86)\CouponDropDown\CouponDropDown.dll No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-530971516-643861663-3778466986-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF SearchPlugin: C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\searchplugins\Web Search.xml [2013-04-28]
CHR Extension: (CouponDropDown) - C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjkndgpgkiomekpgdaclpoecngmjonhe [2013-07-30]
CHR HKLM-x32\...\Chrome\Extension: [fjkndgpgkiomekpgdaclpoecngmjonhe] - C:\Users\Matti\AppData\Local\CouponDropDown\Chrome\CouponDropDown.crx <not found>
C:\Users\Matti\AppData\Local\Temp\ose00000.exe
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully
HKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Main\\Search Page => Error setting value.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => key removed successfully
"HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011431152}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110011431152}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => value removed successfully
"HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => value removed successfully
"HKCR\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}" => key removed successfully
HKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\searchplugins\Web Search.xml => moved successfully.
C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjkndgpgkiomekpgdaclpoecngmjonhe => moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fjkndgpgkiomekpgdaclpoecngmjonhe" => key removed successfully
C:\Users\Matti\AppData\Local\Temp\ose00000.exe => moved successfully.
EmptyTemp: => 760.6 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 16:22:07 ====

 

# AdwCleaner v5.000 - Logfile created 16/08/2015 at 16:45:15
# Updated 14/08/2015 by Xplode
# Database : 2015-08-16.2 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Matti - MATTI-PC
# Running from : C:\Users\Matti\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Partner

***** [ Files ] *****

[-] File Deleted : C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_fjkndgpgkiomekpgdaclpoecngmjonhe_0

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004352.BHO
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004352.BHO.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004352.Sandbox
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004352.Sandbox.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044434452}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011431152}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011431152}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011431152}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011431152}
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\Softonic
[!] Key Not Deleted : [x64] HKCU\Software\InstalledBrowserExtensions
[!] Key Not Deleted : [x64] HKCU\Software\Softonic
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data Restored : HKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Restored : HKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[!] Data Not Restored : HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Main [start Page]
[!] Data Not Restored : HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Main [search Page]
[!] Data Not Restored : HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[!] Data Not Restored : HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\SearchUrl [Default]

***** [ Web browsers ] *****

[-] [C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\prefs.js] [Preference] Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[-] [C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossrider.bic", "13bc8229201c384ac70acf32f8cb9a8e");
[-] [C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.Country", "Canada");
[-] [C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
[-] [C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.LastHiddenTime", 22786552);
[-] [C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.SmartbarDisabled", true);
[-] [C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[-] [C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.UserID", "0c344832-d3d5-47d1-b142-a1b70293ebaa");
[-] [C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.Visibility", true);
[-] [C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&installDate=28/04/2013&q=");
[-] [C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : feed.snap.do
[-] [C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ca.rogers.yahoo.com
[-] [C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com
[-] [C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=hp&installDate=28/04/2013

*************************

:: Proxy settings cleared
:: Winsock settings cleared

*************************

C:\AdwCleaner[C1].txt - [6083 octets] - [16/08/2015 16:45:15]
C:\AdwCleaner[s1].txt - [7264 octets] - [16/08/2015 16:42:41]

########## EOF - C:\AdwCleaner[C1].txt - [6209 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.6 (08.10.2015:1)
OS: Windows 7 Home Premium x64
Ran by Matti on 16/08/2015 at 16:52:30.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022432252}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550055435552}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066436652}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220022432252}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550055435552}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660066436652}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550055435552}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660066436652}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550055435552}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066436652}



~~~ Files

Successfully deleted: [File] C:\Program Files (x86)\GUT508.tmp



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Matti\Appdata\Local\{99E43573-ACF8-461A-9F06-88F8B877AB9F}
Successfully deleted: [Folder] C:\ProgramData\google



~~~ FireFox

Successfully deleted the following from C:\Users\Matti\AppData\Roaming\mozilla\firefox\profiles\32cpz8z1.default\prefs.js

user_pref(browser.uiCustomization.state, {\placements\:{\PanelUI-contents\:[\edit-controls\,\zoom-controls\,\new-window-button\,\privatebrowsing-button\,\save-
Emptied folder: C:\Users\Matti\AppData\Roaming\mozilla\firefox\profiles\32cpz8z1.default\minidumps [185 files]



~~~ Chrome


[C:\Users\Matti\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Matti\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Matti\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Matti\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/08/2015 at 16:57:59.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\kmspico\5ctrphcfxo4.exe
c:\program files\kmspico\c6qe1mqhhgo.exe
c:\program files\kmspico\check_activation_all.cmd
c:\program files\kmspico\cjwohvxyzs8.exe
c:\program files\kmspico\dpoaduaf8s1.exe
c:\program files\kmspico\h25ik5t2dop.exe
c:\program files\kmspico\install_service.cmd
c:\program files\kmspico\ipaddresscontrollib.dll
c:\program files\kmspico\j2mbeqyi3gk.exe
c:\program files\kmspico\klpzb53owxw.exe
c:\program files\kmspico\kmseldi.exe
c:\program files\kmspico\kmspico.log
c:\program files\kmspico\log.cmd
c:\program files\kmspico\mkpt55pxujn.exe
c:\program files\kmspico\qt38rsunywp.exe
c:\program files\kmspico\rnfnpgenfj2.exe
c:\program files\kmspico\service_kms.exe
c:\program files\kmspico\triggerkms.exe
c:\program files\kmspico\unins000.dat
c:\program files\kmspico\unins000.exe
c:\program files\kmspico\uninstall_service.cmd
c:\program files\kmspico\z24v7imbsik.exe
c:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\project.reg
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\proplus.reg
c:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\visio.reg
c:\program files\kmspico\cert\office2010vl\office14reginfo.reg
c:\program files\kmspico\cert\office2010vl\tokens.dat
c:\program files\kmspico\sounds\affirmative.mp3
c:\program files\kmspico\sounds\begin.mp3
c:\program files\kmspico\sounds\complete.mp3
c:\program files\kmspico\sounds\diagnostic.mp3
c:\program files\kmspico\sounds\transfer.mp3
c:\program files\kmspico\sounds\verified.mp3
c:\program files\kmspico\sounds\warning.mp3
c:\program files\kmspico\tokensbackup\tokens.dat
c:\program files\kmspico\tokensbackup\cache\cache.dat
c:\program files (x86)\diablo 2\jdownloader\jd\plugins\hoster\crackedcom.class
c:\users\matti\desktop\kms office 2013.exe
c:\users\matti\desktop\me\pof\7-14\crackagirl.doc
c:\users\matti\downloads\daemon_tools_pro_5.5.0.0388___crack.zip
scanner sequence 3.ZZ.11.QEAPOZ
----- EOF -----

[Juliet]

Your logs show signs of having cracked software on your system. This can be the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Please remove all the programs (that are cracks/keygens) that you downloaded.

 

We do not condone piracy and further help will be declined should you choose to use them.

 

 

 

~~~~~~~~~~~~~~`

 

Download Malwarebytes' Anti-Malware TO YOUR DESKTOP

• Windows XP : Double click on the icon to run it.
• Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

   

   

   

   

  

   

   

• On the Dashboard click on Update Now
• Go to the Setting Tab
• Under Setting go to Detection and Protection
• Under PUP and PUM make sure both are set to show Treat Detections as Malware
• Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
• Then on the Dashboard click on Scan
• Make sure to select THREAT SCAN
• Then click on Scan
• When the scan is finished and the log pops up...select Copy to Clipboard
• Please paste the log back into this thread for review
• Exit Malwarebytes

~~~~~~~~~~~~~~~~~~~~~~``

 

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.

Most reliable and thorough.

The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.

This scanner can take quite a bit of time to run, depending of course how full your computer is.

 

 

 

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

 

ESET Online Scan

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

• Please download ESET Online Scan and save the file to your Desktop.
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Double-click esetsmartinstaller_enu.exe to run the programme.
• Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
• Agree to the Terms of Use once more and click Start. Allow components to download.
• Place a checkmark next to Enable detection of potentially unwanted applications.
• Click Advanced settings. Place a checkmark next to:
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• Ensure Remove found threats is unchecked.
• Click Start.
• Wait for the scan to finish. Please be patient as this can take some time.
• Upon completion, click . If no threats were found, skip the next two bullet points.
• Click and save the file to your Desktop, naming it something such as "MyEsetScan".
• Push the Back button.
• Place a checkmark next to and click .
• Re-enable your anti-virus software.
• Copy the contents of the log and paste in your next reply.

Please post these 2 logs when finished.

 

How is your computer now?

[sanguillen72]

Hi Juliet,

 

My apologies, and lesson learned. I think I've removed them all - if you see evidence of something I've missed, please let me know. So far, my system seems to be running better (nothing has gotten stuck yet). Regarding your third last bullet point (the one before "Re-enable your anti-virus software"), there are no places in ESET to put a checkmark? Anyway, here are the two logs you requested and I didn't delete anything when the two scans completed:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 16/08/2015
Scan Time: 8:48 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.16.03
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Matti

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 412925
Time Elapsed: 2 hr, 11 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110011431152}, , [85fed534395242f4905c584cfe0648b8],

Registry Values: 2
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110011431152}|AppName, CouponDropDown-bg.exe, , [85fed534395242f4905c584cfe0648b8]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-530971516-643861663-3778466986-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, , [c5be30d9ed9ea88e15accb7c47bc3dc3]

Registry Data: 2
PUP.Optional.Snapdo, HKU\S-1-5-21-530971516-643861663-3778466986-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=hp&installDate=28/04/2013, Good: (www.google.com), Bad: (http://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=hp&installDate=28/04/2013),,[e2a14abfed9e4beb624bb69b09fc4cb4]
PUP.Optional.Snapdo, HKU\S-1-5-21-530971516-643861663-3778466986-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&q={searchTerms}&installDate=28/04/2013, Good: (www.google.com), Bad: (http://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&q={searchTerms}&installDate=28/04/2013),,[236052b75239ca6c337a97ba0bfae61a]

Folders: 1
PUP.Optional.CrossRider.A, C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_fjkndgpgkiomekpgdaclpoecngmjonhe_0, , [4e359277bfccce6832317a733ac80ff1],

Files: 1
PUP.RiskWare.Patcher, C:\Users\Matti\Downloads\WoW.rar, , [7a0923e6494262d434a4b21721e0cd33],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

C:\FRST\Quarantine\C\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjkndgpgkiomekpgdaclpoecngmjonhe\1.20.50_0\js\background.js JS/Toolbar.Crossrider.E potentially unwanted application
C:\FRST\Quarantine\C\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjkndgpgkiomekpgdaclpoecngmjonhe\1.20.50_0\js\lib\cookie_store.js JS/Toolbar.Crossrider.H potentially unwanted application
C:\FRST\Quarantine\C\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjkndgpgkiomekpgdaclpoecngmjonhe\1.20.50_0\js\lib\data_store.js JS/Toolbar.Crossrider.H potentially unwanted application
C:\FRST\Quarantine\C\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjkndgpgkiomekpgdaclpoecngmjonhe\1.20.50_0\js\lib\reports.js JS/Toolbar.Crossrider.H potentially unwanted application
C:\Program Files\KMSpico\5CTRPHCFXO4.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe application
C:\Program Files\KMSpico\C6QE1MQHHGO.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe application
C:\Program Files\KMSpico\CJWOHVXYZS8.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe application
C:\Program Files\KMSpico\DPOADUAF8S1.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe application
C:\Program Files\KMSpico\H25IK5T2DOP.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe application
C:\Program Files\KMSpico\J2MBEQYI3GK.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe application
C:\Program Files\KMSpico\KLPZB53OWXW.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe application
C:\Program Files\KMSpico\KMSELDI.exe a variant of MSIL/HackTool.IdleKMS.A potentially unsafe application
C:\Program Files\KMSpico\MKPT55PXUJN.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe application
C:\Program Files\KMSpico\QT38RSUNYWP.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe application
C:\Program Files\KMSpico\RNFNPGENFJ2.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe application
C:\Program Files\KMSpico\Z24V7IMBSIK.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe application
C:\Users\Matti\Downloads\cbsidlm-cbsi176-ExtractNow-BP-10038365.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Matti\Downloads\WoW.rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Users\Matti\Downloads\Matti\Misc\Programs\Brothersoft_downloader_For_ExtractNow.exe a variant of Win32/BSDownloader potentially unwanted application
C:\Users\Matti\Downloads\WoW\DelinvFile 5.01 + Patch\purgeie.delinvfile.5.01.111.[32-64bit]-patch.rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application

[Juliet]

S2 Service KMSELDI;Service KMSELDI;C:\Program Files\KMSpico\Service_KMS.exe

 

http://technology-decoded.blogspot.com/2013/11/why-you-probably-shouldnt-use.html

KMSpico 4.1

 

 

http://forums.pcpitstop.com/index.php?/topic/36065-before-posting-in-this-forum-read-this/

Please! Don't request help if you're running an un-licensed/un-validated copy of Windows.

 

We WILL NOT HELP anyone who is running a 'pirated' copy of Windows.

 

 

 

You need to uninstall KMSpico 4.1

 

 

C:\Program Files\KMSpico <-- delete this folder

 

 

DelFix

• Please download DelFix or from Here and save the file to your Desktop.
• Double-click DelFix.exe to run the programme.
• Place a checkmark next to the following items:
• Remove disinfection tools
• Click the Run button.
• -- This will remove the specialized tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

   

   

   

  I'm sorry but since you have evidence of cracked or pirated Operating System (Windows) software you're using on the system, this thread will be closed.

   

   

[Juliet]

Hi Juliet,

I understand your stance regarding pirated copies of Windows. Rest assured, my copy of Windows is NOT pirated. It came with the laptop I purchased from Best Buy close to three years ago. I think the KMSPICO came with the version of Office that was indeed illegitimate - I uninstalled the whole Office package last night (along with any of the games I had that were from the same place), before running MalwareBytes and ESET.

I ask that, in light of this, you consider unlocking my thread. As I said earlier, I've learned a valuable lesson in all of this and will not be using those methods anymore.

You need to uninstall KMSpico 4.1

 

C:\Program Files\KMSpico <-- delete this folder

 

 

 

Have you run Delfix?

 

If you have, please find and delete these files

 

C:\Users\Matti\Downloads\WoW.rar

C:\Users\Matti\Downloads\Matti\Misc\Programs\Brothersoft_downloader_For_ExtractNow.exe

C:\Users\Matti\Downloads\WoW\DelinvFile 5.01 + Patch\purgeie.delinvfile.5.01.111.[32-64bit]-patch.rar

 

 

How's the computer now?

[sanguillen72]

Hi Juliet,

I understand your stance regarding pirated copies of Windows, and can only re-emphasize that my copy of Windows is NOT pirated. It came with the laptop I purchased from Best Buy close to three years ago. I think the KMSPICO came with the version of Office that was indeed illegitimate. I feel sheepish enough as it is, because I should have known better than to have done this - believe me, I won't be trying that again! But I'm not nearly smart enough to try and even fiddle with Windows, much less try and install a pirated version of that.

Regarding anything unresolved - I'll have a better idea tonight after I get home from work. It seemed to be behaving better last night, but I'll remove that KMSPICO folder when I get home and will run Delfix, and will post my results after that. Thanks again for all your help!

[Juliet]

IF, you haven't run Delfix we can use FRST to remove folders and files.

 

Let me know.

[sanguillen72]

I still have FRST installed on my desktop so if that's easier then sure, we can do it that way.

[Juliet]

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

start

CreateRestorePoint:

CloseProcesses:

Folder:C:\Program Files\KMSpico

C:\Users\Matti\Downloads\WoW.rar

C:\Users\Matti\Downloads\Matti\Misc\Programs\Brothersoft_downloader_For_ExtractNow.exe

C:\Users\Matti\Downloads\WoW\DelinvFile 5.01 + Patch\purgeie.delinvfile.5.01.111.[32-64bit]-patch.rar

EmptyTemp:

Hosts:

End

Open FRST/FRST64 and press the > Fix < button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

[sanguillen72]

Hi Juliet,

 

Fix result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by Matti (2015-08-17 17:28:28) Run:2
Running from C:\Users\Matti\Desktop
Loaded Profiles: Matti & UpdatusUser (Available Profiles: Matti & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Folder:C:\Program Files\KMSpico
C:\Users\Matti\Downloads\WoW.rar
C:\Users\Matti\Downloads\Matti\Misc\Programs\Brothersoft_downloader_For_ExtractNow.exe
C:\Users\Matti\Downloads\WoW\DelinvFile 5.01 + Patch\purgeie.delinvfile.5.01.111.[32-64bit]-patch.rar
EmptyTemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.

========================= Folder:C:\Program Files\KMSpico ========================

folder not found
C:\Users\Matti\Downloads\WoW.rar => moved successfully.
C:\Users\Matti\Downloads\Matti\Misc\Programs\Brothersoft_downloader_For_ExtractNow.exe => moved successfully.
C:\Users\Matti\Downloads\WoW\DelinvFile 5.01 + Patch\purgeie.delinvfile.5.01.111.[32-64bit]-patch.rar => moved successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 42.3 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 17:30:37 ====

[Juliet]

How's the machine?

[sanguillen72]

Everything appears to be working much better. Thanks so much for your help!

[Juliet]

DelFix

• Please download DelFix or from Here and save the file to your Desktop.
• Double-click DelFix.exe to run the programme.
• Place a checkmark next to the following items:
• Activate UAC
• Remove disinfection tools
• Click the Run button.
• -- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

   

  ~~~~~~~~~~

   

• Answers to common security questions - Best Practices by quietman7, MVP
• How Malware Spreads - How did I get infected? by quietman7, MVP
• Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
• How to Prevent Malware by miekiemoes, MVP
• How to backup and restore your data using Cobian Backup by YourHighness
• Slow Computer/browser? It May Not Be Malware by quietman7, MVP

   

  The following programmes come highly recommended in the security community.

• AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
• CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
• Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
• Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
• NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
• Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
• Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
• SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
• Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

   

  Want to help others? Join the ClassRoom and learn how.

   

   

[sanguillen72]

Done - thank you again. Juliet!

[Juliet]

Glad we could help.

 

Since this issue appears resolved ... this Topic is closed.