sanguillen72 Posted August 16, 2015 Share Posted August 16, 2015 (edited) Hello, First off, if I am posting this in the wrong location, please accept my apologies and let me know where I should post it. Lately I've been running into an issue where there are times (not always, of course) when my laptop becomes so "busy" that I'm unable to run anything else and am forced to reboot, even though I'm not really running anything that should max my resources. The hard drive light will just stay on, and I can't open anything new (including Firefox) while the mouse cursor will just stay in the circular "thinking" swirl. Sometimes this might occur if I've been away from keyboard for awhile - at that point I can't even get the display (which has turned off after a certain period of inactivity) to turn back on (the hard drive light will be constantly on). I have run Spybot S & D, as well as the online PC Pitstop antivirus and TrendMicro malware scan, but they are not finding anything (they did prompt me to clean up my temp files and defrag and such, which I have done). Here are my logs as per your instructions: DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 11.0.9600.17937 BrowserJavaVersion: 11.31.2Run by Matti at 5:52:43 on 2015-08-16Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.5108 [GMT -4:00].AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\lsm.exeC:\windows\system32\nvvsvc.exeC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k GPSvcGroupC:\windows\system32\svchost.exe -k NetworkServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\windows\system32\nvvsvc.exeC:\windows\system32\WLANExt.exeC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\windows\system32\taskhost.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\windows\System32\svchost.exe -k utcsvcC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exeC:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exeC:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exeC:\Windows\System32\igfxtray.exeC:\windows\system32\igfxsrvc.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\TOSHIBA\Power Saver\TPwrMain.exeC:\Program Files\TOSHIBA\FlashCards\TCrdMain.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Realtek\Audio\HDA\RAVBg64.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\System32\ThpSrv.exeC:\Program Files\TOSHIBA\TECO\Teco.exeC:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exeC:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exeC:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exeC:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exeC:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exeC:\windows\system32\igfxext.exeC:\windows\system32\GWX\GWX.exeC:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exeC:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exeC:\windows\system32\svchost.exe -k imgsvcC:\windows\system32\ThpSrv.exeC:\windows\system32\TODDSrv.exeC:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\TOSHIBA\TECO\TecoService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exeC:\windows\system32\wbem\unsecapp.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\wbem\unsecapp.exeC:\windows\system32\taskeng.exeC:\Program Files (x86)\TOSHIBA\widimon\widimon.exeC:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exeC:\Program Files\iPod\bin\iPodService.exeC:\windows\system32\SearchIndexer.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exeC:\windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exeC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exeC:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exeC:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exeC:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exeC:\windows\servicing\TrustedInstaller.exeC:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exeC:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exeC:\windows\system32\taskeng.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\windows\system32\SearchProtocolHost.exeC:\windows\system32\SearchFilterHost.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=hp&installDate=28/04/2013uWindow Title = Presented by TOSHIBA Leading Innovation >>>uSearch Bar = about:blankuSearch Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&q={searchTerms}&installDate=28/04/2013uDefault_Page_URL = hxxp://www.toshiba.ca/welcomeuSearchAssistant = about:blankmWinlogon: Userinit = userinit.exeBHO: CouponDropDown: {11111111-1111-1111-1111-110011431152} -BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllBHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dllBHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLLBHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLLBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dllBHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [Device Detector] DevDetect.exe -autorunuRun: [Dropbox Update] "C:\Users\Matti\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /cuRun: [spybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTILmRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUPmRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCMmRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exemRun: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exemRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exemRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"mRun: [info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exemRun: [PC Pitstop PC Matic Reminder] C:\Program Files (x86)\PCPitstop\PC Matic\Reminder-PCMatic.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dllIE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dllDPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cabTCP: NameServer = 192.168.0.1TCP: Interfaces\{1B4C4329-BFA5-49E5-95BE-99F7CB015D9D} : DHCPNameServer = 192.168.0.1TCP: Interfaces\{1B4C4329-BFA5-49E5-95BE-99F7CB015D9D}\736323132353 : DHCPNameServer = 192.168.0.1TCP: Interfaces\{1B4C4329-BFA5-49E5-95BE-99F7CB015D9D}\A456E605F62747 : DHCPNameServer = 10.0.1.1TCP: Interfaces\{1B4C4329-BFA5-49E5-95BE-99F7CB015D9D}\C4964747C65626F697 : DHCPNameServer = 192.168.0.1Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllNotify: SDWinLogon - SDWinLogon.dllAppInit_DLLs= C:\windows\SysWOW64\nvinit.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLLx64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLLx64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dllx64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXEx64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exex64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exex64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [ThpSrv] C:\windows\System32\thpsrv /logonx64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /rx64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Trayx64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exex64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exex64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exex64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exex64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exex64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetchx64-Run: [ACPW08EN] "C:\Program Files\ACD Systems\ACDSee Pro\8.0\acdIDInTouch2.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dllx64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dllx64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dllx64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLx64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLLx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&installDate=28/04/2013&q=FF - prefs.js: network.proxy.type - 2FF - plugin: C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll.============= SERVICES / DRIVERS ===============.R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-5-6 28992]R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1207020.003\symds64.sys [2012-6-11 450680]R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2012-6-11 912504]R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2012-2-5 482384]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20150810.001\BHDrvx64.sys [2015-8-11 1650936]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20150814.001\IDSviA64.sys [2015-8-14 692984]R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2012-6-11 171128]R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1207020.003\symnets.sys [2012-6-11 386168]R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]R2 DiagTrack;Diagnostics Tracking Service;C:\windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2015-8-15 198480]R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2015-8-14 1738168]R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2015-8-14 2088408]R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2015-8-14 171928]R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-12-8 267192]R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-5 2656280]R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]R3 CeKbFilter;CeKbFilter;C:\windows\System32\drivers\CeKbFilter.sys [2012-2-5 20592]R3 enecir;ENE CIR Receiver;C:\windows\System32\drivers\enecir.sys [2009-6-29 70656]R3 enecirhid;ENE CIR HID Receiver;C:\windows\System32\drivers\enecirhid.sys [2009-5-20 14848]R3 enecirhidma;ENE CIR HIDmini Filter;C:\windows\System32\drivers\enecirhidma.sys [2008-4-24 6656]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-7-28 153936]R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2011-1-31 174168]R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-2-5 38096]R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-20 822704]R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-12-25 42392]S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]S2 Service KMSELDI;Service KMSELDI;C:\Program Files\KMSpico\Service_KMS.exe [2013-12-27 37888]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-8-17 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2015-8-12 114688]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-10-1 19456]S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-2-5 54136]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-10-1 56832]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2014-10-1 30208]S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-5-4 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2015-08-16 09:50:25 -------- d-----w- C:\HJT2015-08-16 01:56:06 -------- d-----w- C:\ProgramData\PCPitstop2015-08-16 01:56:06 -------- d-----w- C:\Program Files (x86)\PCPitstop2015-08-16 01:42:58 307352 ----a-w- C:\windows\System32\drivers\tmcomm.sys2015-08-15 03:10:13 -------- d-----w- C:\Program Files (x86)\NirSoft2015-08-14 23:39:09 -------- d-----w- C:\Program Files\Common Files\AV2015-08-14 23:28:36 21040 ----a-w- C:\windows\System32\sdnclean64.exe2015-08-14 23:28:35 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy2015-08-14 23:28:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 22015-08-14 01:21:30 210088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\sandboxbroker.dll2015-08-14 01:21:05 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\plugins\npqtplugin5.dll2015-08-14 01:21:01 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\plugins\npqtplugin4.dll2015-08-14 01:21:01 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\plugins\npqtplugin3.dll2015-08-14 01:21:01 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\plugins\npqtplugin2.dll2015-08-14 01:21:01 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\plugins\npqtplugin.dll2015-08-14 01:19:10 229608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\plugins\nppdf32.dll2015-08-14 01:18:57 34072 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\plugins\npMeetingJoinPluginOC.dll2015-08-14 01:18:57 172200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\plugin-hang-ui.exe2015-08-14 01:18:49 271016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\plugin-container.exe2015-08-14 01:18:32 93864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\nssdbm3.dll2015-08-14 01:13:50 970912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\msvcr120.dll2015-08-14 01:13:50 455328 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\msvcp120.dll2015-08-14 01:13:50 430760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\nssckbi.dll2015-08-14 01:13:50 17064 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\mozalloc.dll2015-08-14 01:13:50 1682600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\nss3.dll2015-08-14 01:13:50 105640 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\mozglue.dll2015-08-14 01:13:46 153096 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\maintenanceservice_installer.exe2015-08-14 01:13:46 148136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\maintenanceservice.exe2015-08-14 01:13:16 895656 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\libGLESv2.dll2015-08-14 01:12:51 42152 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\libEGL.dll2015-08-14 01:12:38 825512 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\icuuc52.dll2015-08-14 01:12:13 1079976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\icuin52.dll2015-08-14 01:11:43 188584 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\gmp-clearkey\0.1\clearkey.dll2015-08-14 01:11:43 10397352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\icudt52.dll2015-08-14 01:11:30 330920 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\freebl3.dll2015-08-14 01:11:26 377000 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\firefox.exe2015-08-14 01:10:35 3466856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\d3dcompiler_47.dll2015-08-14 01:10:18 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\D3DCompiler_43.dll2015-08-14 01:10:06 283304 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\crashreporter.exe2015-08-14 01:07:21 51880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll2015-08-14 01:06:59 109736 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\breakpadinjector.dll2015-08-14 01:06:51 20648 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll2015-08-12 10:57:12 124624 ----a-w- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll2015-08-12 10:57:12 103120 ----a-w- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll2015-08-12 07:49:58 5568960 ----a-w- C:\windows\System32\ntoskrnl.exe2015-08-12 07:48:59 88064 ----a-w- C:\windows\System32\MshtmlDac.dll2015-08-06 23:38:14 970912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr120.dll2015-08-04 18:58:34 -------- d-----w- C:\Users\Matti\AppData\Roaming\webex2015-08-04 18:58:17 -------- d-----w- C:\Users\Matti\AppData\Local\WebEx2015-08-04 18:58:05 -------- d-----w- C:\ProgramData\WebEx2015-08-02 16:38:58 -------- d-----w- C:\Users\Matti\AppData\Local\Dropbox2015-08-02 16:38:58 -------- d-----w- C:\ProgramData\Dropbox2015-07-26 20:32:02 -------- d-----w- C:\Users\Matti\AppData\Roaming\Tific2015-07-26 20:30:18 -------- d-----w- C:\Users\Matti\AppData\Local\Symantec2015-07-21 19:27:18 2731744 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL2015-07-21 09:57:14 4379280 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL.==================== Find3M ====================.2015-08-13 09:48:40 778440 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2015-08-13 09:48:40 142536 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2015-07-30 18:06:57 2565120 ----a-w- C:\windows\System32\d3d10warp.dll2015-07-30 18:06:57 1648128 ----a-w- C:\windows\System32\DWrite.dll2015-07-30 18:06:57 1180160 ----a-w- C:\windows\System32\FntCache.dll2015-07-30 18:06:42 41984 ----a-w- C:\windows\System32\lpk.dll2015-07-30 18:06:39 100864 ----a-w- C:\windows\System32\fontsub.dll2015-07-30 18:06:35 14336 ----a-w- C:\windows\System32\dciman32.dll2015-07-30 18:06:34 46080 ----a-w- C:\windows\System32\atmlib.dll2015-07-30 17:57:30 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll2015-07-30 17:57:30 1251328 ----a-w- C:\windows\SysWow64\DWrite.dll2015-07-30 17:57:08 70656 ----a-w- C:\windows\SysWow64\fontsub.dll2015-07-30 17:57:05 10240 ----a-w- C:\windows\SysWow64\dciman32.dll2015-07-30 17:57:02 34304 ----a-w- C:\windows\SysWow64\atmlib.dll2015-07-30 17:55:56 25600 ----a-w- C:\windows\SysWow64\lpk.dll2015-07-30 16:56:07 3208192 ----a-w- C:\windows\System32\win32k.sys2015-07-30 16:52:53 372736 ----a-w- C:\windows\System32\atmfd.dll2015-07-30 16:49:55 299520 ----a-w- C:\windows\SysWow64\atmfd.dll2015-07-28 20:09:44 17344 ----a-w- C:\windows\System32\CompatTelRunner.exe2015-07-28 20:05:53 774656 ----a-w- C:\windows\System32\invagent.dll2015-07-28 20:05:50 743424 ----a-w- C:\windows\System32\generaltel.dll2015-07-28 20:05:47 437760 ----a-w- C:\windows\System32\devinv.dll2015-07-28 20:05:45 1116672 ----a-w- C:\windows\System32\appraiser.dll2015-07-28 20:05:44 69120 ----a-w- C:\windows\System32\acmigration.dll2015-07-28 20:05:44 227328 ----a-w- C:\windows\System32\aepdu.dll2015-07-28 19:55:14 1148416 ----a-w- C:\windows\System32\aeinv.dll2015-07-20 18:12:45 98304 ----a-w- C:\windows\System32\wudriver.dll2015-07-20 18:12:45 3154944 ----a-w- C:\windows\System32\wucltux.dll2015-07-20 18:12:45 192000 ----a-w- C:\windows\System32\wuwebv.dll2015-07-20 18:12:16 91136 ----a-w- C:\windows\System32\WinSetupUI.dll2015-07-20 18:12:05 12288 ----a-w- C:\windows\System32\wu.upgrade.ps.dll2015-07-20 18:12:02 37376 ----a-w- C:\windows\System32\wuapp.exe2015-07-20 17:56:49 93184 ----a-w- C:\windows\SysWow64\wudriver.dll2015-07-20 17:56:49 173056 ----a-w- C:\windows\SysWow64\wuwebv.dll2015-07-20 17:56:08 34816 ----a-w- C:\windows\SysWow64\wuapp.exe2015-07-16 20:54:49 2724864 ----a-w- C:\windows\System32\mshtml.tlb2015-07-16 20:54:33 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll2015-07-16 20:37:26 66560 ----a-w- C:\windows\System32\iesetup.dll2015-07-16 20:36:31 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll2015-07-16 20:36:22 417792 ----a-w- C:\windows\System32\html.iec2015-07-16 20:36:21 584192 ----a-w- C:\windows\System32\vbscript.dll2015-07-16 20:26:00 5923328 ----a-w- C:\windows\System32\jscript9.dll2015-07-16 20:21:50 114688 ----a-w- C:\windows\System32\ieetwcollector.exe2015-07-16 20:21:47 144384 ----a-w- C:\windows\System32\ieUnatt.exe2015-07-16 20:21:25 814080 ----a-w- C:\windows\System32\jscript9diag.dll2015-07-16 20:12:23 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe2015-07-16 20:06:43 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb2015-07-16 20:00:07 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll2015-07-16 19:51:47 504320 ----a-w- C:\windows\SysWow64\vbscript.dll2015-07-16 19:51:46 62464 ----a-w- C:\windows\SysWow64\iesetup.dll2015-07-16 19:50:54 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll2015-07-16 19:50:38 341504 ----a-w- C:\windows\SysWow64\html.iec2015-07-16 19:49:37 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll2015-07-16 19:39:20 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe2015-07-16 19:38:51 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll2015-07-16 19:33:23 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll2015-07-16 19:32:53 2125824 ----a-w- C:\windows\System32\inetcpl.cpl2015-07-16 19:24:03 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll2015-07-16 19:12:42 2427904 ----a-w- C:\windows\System32\wininet.dll2015-07-16 19:12:39 4520448 ----a-w- C:\windows\SysWow64\jscript9.dll2015-07-16 19:12:29 856064 ----a-w- C:\windows\SysWow64\rdvidcrl.dll2015-07-16 19:12:29 53248 ----a-w- C:\windows\SysWow64\tsgqec.dll2015-07-16 19:12:28 6131200 ----a-w- C:\windows\SysWow64\mstscax.dll2015-07-16 19:11:27 62976 ----a-w- C:\windows\System32\tsgqec.dll2015-07-16 19:11:26 7077376 ----a-w- C:\windows\System32\mstscax.dll2015-07-16 19:11:26 1057792 ----a-w- C:\windows\System32\rdvidcrl.dll2015-07-16 19:06:06 2052608 ----a-w- C:\windows\SysWow64\inetcpl.cpl2015-07-16 19:05:15 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll2015-07-16 18:42:02 1951232 ----a-w- C:\windows\SysWow64\wininet.dll2015-07-15 18:15:11 94656 ----a-w- C:\windows\System32\drivers\mountmgr.sys2015-07-15 18:15:10 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys2015-07-15 18:15:10 155584 ----a-w- C:\windows\System32\drivers\ksecpkg.sys2015-07-15 18:12:09 1730496 ----a-w- C:\windows\System32\ntdll.dll2015-07-15 18:11:14 362496 ----a-w- C:\windows\System32\wow64win.dll2015-07-15 18:11:14 243712 ----a-w- C:\windows\System32\wow64.dll2015-07-15 18:11:14 13312 ----a-w- C:\windows\System32\wow64cpu.dll2015-07-15 18:11:13 215040 ----a-w- C:\windows\System32\winsrv.dll2015-07-15 18:11:01 210944 ----a-w- C:\windows\System32\wdigest.dll2015-07-15 18:09:57 338432 ----a-w- C:\windows\System32\conhost.exe2015-07-15 18:09:52 64000 ----a-w- C:\windows\System32\auditpol.exe2015-07-15 18:05:47 60416 ----a-w- C:\windows\System32\msobjs.dll2015-07-15 18:05:26 146432 ----a-w- C:\windows\System32\msaudite.dll2015-07-15 17:59:45 3989952 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe2015-07-15 17:59:45 3934656 ----a-w- C:\windows\SysWow64\ntoskrnl.exe2015-07-15 17:56:24 1311768 ----a-w- C:\windows\SysWow64\ntdll.dll2015-07-15 17:55:07 172032 ----a-w- C:\windows\SysWow64\wdigest.dll2015-07-15 17:55:04 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll2015-07-15 17:55:02 43008 ----a-w- C:\windows\SysWow64\srclient.dll2015-07-15 17:55:00 248832 ----a-w- C:\windows\SysWow64\schannel.dll2015-07-15 17:55:00 22016 ----a-w- C:\windows\SysWow64\secur32.dll2015-07-15 17:54:56 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll2015-07-15 17:54:55 221184 ----a-w- C:\windows\SysWow64\ncrypt.dll2015-07-15 17:54:54 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll2015-07-15 17:54:49 552960 ----a-w- C:\windows\SysWow64\kerberos.dll2015-07-15 17:54:43 36864 ----a-w- C:\windows\SysWow64\cryptbase.dll2015-07-15 17:54:43 17408 ----a-w- C:\windows\SysWow64\credssp.dll2015-07-15 17:54:40 44032 ----a-w- C:\windows\apppatch\acwow64.dll2015-07-15 17:54:22 25600 ----a-w- C:\windows\SysWow64\setup16.exe2015-07-15 17:53:53 50176 ----a-w- C:\windows\SysWow64\auditpol.exe2015-07-15 17:53:37 5120 ----a-w- C:\windows\SysWow64\wow32.dll.============= FINISH: 5:53:28.22 =============== attach.txt .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 03/05/2012 11:21:33 PMSystem Uptime: 16/08/2015 3:36:04 AM (2 hours ago).Motherboard: TOSHIBA | | PEQAAProcessor: Intel® Core i7-2670QM CPU @ 2.20GHz | CPU 1 | 2201/400mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 685 GiB total, 528.628 GiB free.D: is CDROM ()H: is FIXED (NTFS) - 2795 GiB total, 611.853 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP416: 15/08/2015 1:31:05 AM - Scheduled CheckpointRP417: 15/08/2015 9:28:06 PM - Removed Arkadin Softphone 2.0.1.3.==== Installed Programs ======================.ACDSee 8ACDSee Photo Manager 12Adobe Flash Player 11 ActiveX 64-bitAdobe Flash Player 18 NPAPIAdobe Reader XI (11.0.12)Adobe Refresh ManagerApple Application SupportApple Mobile Device SupportApple Software UpdateBaldur's Gate - Enhanced EditionBattle.netBejeweled 2 DeluxeBing BarBonjourboxscoreCake Mania - Lights, Camera, Action!Chuzzle DeluxeCompuApps SwissKnife V3CouponDropDownD3DX10Definition Update for Microsoft Office 2013 (KB3055013) 64-Bit EditionDelinvFile - 5.01 [64-bit]Diablo IIIDirectory Lister Pro 64bit v1.68Directory Lister Pro v1.68DOOM 3 BFG EditionDropboxDuke Nukem - Manhattan ProjectENE CIR Receiver DriverExtractNowFar CryFar Cry (Patch 1.4)FATE - The Traitor SoulGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperGovernor of Poker 2 Premium EditionHP Officejet 6500 E710n-z Basic Device SoftwareHP Officejet 6500 E710n-z HelpHP Officejet 6500 E710n-z Product Improvement StudyHP UpdateI.R.I.S. OCRIntel PROSet WirelessIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® PROSet/Wireless WiFi SoftwareIntel® Rapid Storage TechnologyIntel® Wireless DisplayiTunesJava 8 Update 31Java Auto UpdaterJDownloader 0.9JDownloader 2.0Jewel Quest - HeritageJMicron Flash Media Controller DriverJunk Mail filter updateKMSpico 4.1LeapFrog ConnectLeapFrog My Pals PluginMarketsplash ShortcutsMesh RuntimeMessenger CompanionMicrosoft .NET Framework 4.5.2Microsoft Access MUI (English) 2013Microsoft Access Setup Metadata MUI (English) 2013Microsoft Application Error ReportingMicrosoft DCF MUI (English) 2013Microsoft Excel MUI (English) 2013Microsoft Groove MUI (English) 2013Microsoft InfoPath MUI (English) 2013Microsoft Lync MUI (English) 2013Microsoft Office 32-bit Components 2013Microsoft Office OSM MUI (English) 2013Microsoft Office OSM UX MUI (English) 2013Microsoft Office Professional Plus 2013Microsoft Office Proofing (English) 2013Microsoft Office Proofing Tools 2013 - EnglishMicrosoft Office Proofing Tools 2013 - EspañolMicrosoft Office Shared 32-bit MUI (English) 2013Microsoft Office Shared MUI (English) 2013Microsoft Office Shared Setup Metadata MUI (English) 2013Microsoft OneNote MUI (English) 2013Microsoft Outlook MUI (English) 2013Microsoft PowerPoint MUI (English) 2013Microsoft Primary Interoperability Assemblies 2005Microsoft Publisher MUI (English) 2013Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual Studio 2010 Tools for Office Runtime (x64)Microsoft Word MUI (English) 2013Mozilla Firefox 40.0.2 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64Mystery P.I. - The London CaperNirSoft ShellExViewNorton Internet SecurityNVIDIA 3D Vision Controller DriverNVIDIA 3D Vision Controller Driver 296.10NVIDIA Control Panel 296.10NVIDIA Graphics Driver 296.10NVIDIA Install ApplicationNVIDIA Optimus 1.7.11NVIDIA PhysXNVIDIA PhysX System Software 9.12.0213NVIDIA Update ComponentsOpenALOutils de vérification linguistique 2013 de Microsoft Office - FrançaisPC Matic 1.1.0.55PC Pitstop Info Center 1.0.0.18Plants vs. Zombies - Game of the YearPlayReady PC Runtime amd64Polar BowlerQuickTime 7Realtek Ethernet Controller DriverRealtek High Definition Audio DriverRenesas Electronics USB 3.0 Host Controller DriverSecurity Update for Microsoft .NET Framework 4.5.2 (KB3023224)Security Update for Microsoft .NET Framework 4.5.2 (KB3035490)Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)Security Update for Microsoft Excel 2013 (KB3054991) 64-Bit EditionSecurity Update for Microsoft Office 2013 (KB2910941) 64-Bit EditionSecurity Update for Microsoft Office 2013 (KB3039734) 64-Bit EditionSecurity Update for Microsoft Office 2013 (KB3039749) 64-Bit EditionSecurity Update for Microsoft Office 2013 (KB3039798) 64-Bit EditionSecurity Update for Microsoft Office 2013 (KB3054816) 64-Bit EditionSecurity Update for Microsoft PowerPoint 2013 (KB3055029) 64-Bit EditionSecurity Update for Microsoft Word 2013 (KB3055030) 64-Bit EditionSecurity Update for Skype for Business 2015 (KB3055014) 64-Bit EditionService Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit EditionSkype ToolbarsSkype™ 7.0Slingo SupremeSpybot - Search & DestroySynaptics Pointing Device DriverTOSHIBA AssistTOSHIBA Bulletin BoardTOSHIBA ConfigFreeTOSHIBA Disc CreatorTOSHIBA eco UtilityTOSHIBA Face RecognitionTOSHIBA Flash Cards Support UtilityTOSHIBA Hardware SetupTOSHIBA HDD ProtectionTOSHIBA HDD/SSD AlertTOSHIBA Media ControllerTOSHIBA Media Controller Plug-inTOSHIBA PC Health MonitorTOSHIBA Recovery Media CreatorTOSHIBA ReelTimeTOSHIBA Remote Control ManagerTOSHIBA Resolution+ Plug-in for Windows Media PlayerTOSHIBA Service StationTOSHIBA Sleep UtilityTOSHIBA Speech System ApplicationsTOSHIBA Speech System SR Engine(U.S.) Version1.0TOSHIBA Speech System TTS Engine(U.S.) Version1.0TOSHIBA Supervisor PasswordTOSHIBA Value Added PackageTOSHIBA VIDEO PLAYERTOSHIBA Web Camera ApplicationTOSHIBA Wireless Display MonitorTOSHIBA Wireless LAN IndicatorUpdate for Microsoft Access 2013 (KB3055016) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760344) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760371) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760544) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2837654) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2880487) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2881076) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2883036) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2883095) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2889863) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2899498) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2899522) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2956152) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2965271) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2975869) 64-Bit EditionUpdate for Microsoft Office 2013 (KB3023052) 64-Bit EditionUpdate for Microsoft Office 2013 (KB3023054) 64-Bit EditionUpdate for Microsoft Office 2013 (KB3039718) 64-Bit EditionUpdate for Microsoft Office 2013 (KB3039762) 64-Bit EditionUpdate for Microsoft Office 2013 (KB3039792) 64-Bit EditionUpdate for Microsoft Office 2013 (KB3054774) 64-Bit EditionUpdate for Microsoft Office 2013 (KB3054783) 64-Bit EditionUpdate for Microsoft Office 2013 (KB3054807) 64-Bit EditionUpdate for Microsoft Office 2013 (KB3054856) 64-Bit EditionUpdate for Microsoft Office 2013 (KB3054935) 64-Bit EditionUpdate for Microsoft Office 2013 (KB3054938) 64-Bit EditionUpdate for Microsoft Office 2013 (KB3054939) 64-Bit EditionUpdate for Microsoft Office 2013 (KB3055000) 64-Bit EditionUpdate for Microsoft Office 2013 (KB3055001) 64-Bit EditionUpdate for Microsoft Office 2013 (KB3055017) 64-Bit EditionUpdate for Microsoft OneDrive for Business (KB3055020) 64-Bit EditionUpdate for Microsoft OneNote 2013 (KB3055008) 64-Bit EditionUpdate for Microsoft Outlook 2013 (KB3055012) 64-Bit EditionUpdate for Microsoft Outlook Social Connector 2013 (KB3054854) 64-Bit EditionUpdate for Microsoft Project 2013 (KB3055022) 64-Bit EditionUpdate for Microsoft Publisher 2013 (KB2883048) 64-Bit EditionUpdate for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit EditionUpdate for Microsoft Word 2013 (KB2878319) 64-Bit EditionUpdate for Skype for Business 2015 (KB2889853) 64-Bit EditionUse the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)Utility Common DriverVLC media playerWildTangent GamesWildTangent ORB Game ConsoleWindows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)Windows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWinRAR archiverZero Assumption Recovery Version 9.==== Event Viewer Messages From Past Week ========.15/08/2015 9:22:45 PM, Error: Service Control Manager [7034] - The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).15/08/2015 8:42:56 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.15/08/2015 5:49:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.15/08/2015 5:49:03 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.15/08/2015 4:50:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.15/08/2015 4:44:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.15/08/2015 4:41:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.15/08/2015 2:54:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service BBUpdate with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}15/08/2015 2:54:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the BBUpdate service to connect.15/08/2015 2:54:25 PM, Error: Service Control Manager [7000] - The BBUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.15/08/2015 2:51:01 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.15/08/2015 2:48:57 PM, Error: Service Control Manager [7022] - The NVIDIA Update Service Daemon service hung on starting.15/08/2015 11:42:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}15/08/2015 11:42:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.15/08/2015 11:42:24 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.14/08/2015 4:54:07 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.13/08/2015 3:43:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.13/08/2015 3:43:44 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.12/08/2015 6:03:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wercplsupport service.12/08/2015 6:03:38 PM, Error: Service Control Manager [7000] - The Problem Reports and Solutions Control Panel Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.12/08/2015 6:03:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.12/08/2015 6:02:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wercplsupport with arguments "" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}12/08/2015 5:54:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application User Notification Service service to connect.12/08/2015 5:54:04 PM, Error: Service Control Manager [7000] - The Intel® Management and Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.09/08/2015 7:43:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service..==== End Of File =========================== FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01Ran by Matti (administrator) on MATTI-PC (16-08-2015 05:57:34)Running from C:\Users\Matti\DownloadsLoaded Profiles: Matti & UpdatusUser (Available Profiles: Matti & UpdatusUser)Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA C Edited August 16, 2015 by sanguillen72 Link to comment Share on other sites More sharing options...
sanguillen72 Posted August 16, 2015 Author Share Posted August 16, 2015 FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01Ran by Matti (administrator) on MATTI-PC (16-08-2015 05:57:34)Running from C:\Users\Matti\DownloadsLoaded Profiles: Matti & UpdatusUser (Available Profiles: Matti & UpdatusUser)Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe(ACD Systems International Inc.) C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [] => [X]HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logonHKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2011-01-28] (TOSHIBA Corporation)HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel® Corporation)HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-13] (TOSHIBA Corporation)HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [ACPW08EN] => "C:\Program Files\ACD Systems\ACDSee Pro\8.0\acdIDInTouch2.exe"HKLM-x32\...\Run: [sVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)HKLM-x32\...\Run: [TRCMan] => C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [714104 2010-11-02] (TOSHIBA Corporation)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)HKLM-x32\...\Run: [info Center] => C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [28792 2013-12-26] (PC Pitstop LLC)HKLM-x32\...\Run: [PC Pitstop PC Matic Reminder] => C:\Program Files (x86)\PCPitstop\PC Matic\Reminder-PCMatic.exe [325968 2015-07-30] (PC Pitstop LLC)Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-530971516-643861663-3778466986-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-05] (Google Inc.)HKU\S-1-5-21-530971516-643861663-3778466986-1001\...\Run: [Device Detector] => DevDetect.exe -autorunHKU\S-1-5-21-530971516-643861663-3778466986-1001\...\Run: [Dropbox Update] => C:\Users\Matti\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-02] (Dropbox, Inc.)HKU\S-1-5-21-530971516-643861663-3778466986-1001\...\Run: [spybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [260416 2012-02-29] (NVIDIA Corporation)AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [215360 2012-02-29] (NVIDIA Corporation)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matti\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matti\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matti\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matti\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matti\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matti\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matti\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)BootExecute: autocheck autochk * sdnclean64.exe==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)AutoConfigURL: [s-1-5-21-530971516-643861663-3778466986-1001] => http://wpad.com.gr/proxy.pacHKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=hp&installDate=28/04/2013HKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&q={searchTerms}&installDate=28/04/2013HKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshiba.ca/welcomeHKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=hp&installDate=28/04/2013HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&q={searchTerms}&installDate=28/04/2013SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCASearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCASearchScopes: HKU\S-1-5-21-530971516-643861663-3778466986-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA_enCA482SearchScopes: HKU\S-1-5-21-530971516-643861663-3778466986-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA_enCA482SearchScopes: HKU\S-1-5-21-530971516-643861663-3778466986-1004 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =SearchScopes: HKU\S-1-5-21-530971516-643861663-3778466986-1004 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCABHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-16] (Google Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)BHO-x32: CouponDropDown -> {11111111-1111-1111-1111-110011431152} -> C:\Program Files (x86)\CouponDropDown\CouponDropDown.dll No FileBHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-30] (Symantec Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05] (<TOSHIBA>)Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-16] (Google Inc.)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)Toolbar: HKU\S-1-5-21-530971516-643861663-3778466986-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-16] (Google Inc.)Toolbar: HKU\S-1-5-21-530971516-643861663-3778466986-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileDPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{1B4C4329-BFA5-49E5-95BE-99F7CB015D9D}: [DhcpNameServer] 192.168.0.1FireFox:========FF ProfilePath: C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.defaultFF NewTab: about:blankFF DefaultSearchEngine: GoogleFF DefaultSearchEngine.US: GoogleFF Homepage: hxxp://www.google.ca/FF Keyword.URL: hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&installDate=28/04/2013&q=FF NetworkProxy: "autoconfig_url", "https://mediahint.com/default.pac"FF NetworkProxy: "type", 2FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-13] ()FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-13] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-13] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-13] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-13] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-13] (Apple Inc.)FF SearchPlugin: C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\searchplugins\Web Search.xml [2013-04-28]FF Extension: Media Hint - C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\Extensions\mediahint@jetpack.xpi [2013-07-14]FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2015-08-15]Chrome:=======CHR Profile: C:\Users\Matti\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-30]CHR Extension: (Google Drive) - C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-30]CHR Extension: (YouTube) - C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-30]CHR Extension: (Google Search) - C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-30]CHR Extension: (CouponDropDown) - C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjkndgpgkiomekpgdaclpoecngmjonhe [2013-07-30]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]CHR Extension: (Google Wallet) - C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-22]CHR Extension: (Gmail) - C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-30]CHR HKLM-x32\...\Chrome\Extension: [fjkndgpgkiomekpgdaclpoecngmjonhe] - C:\Users\Matti\AppData\Local\CouponDropDown\Chrome\CouponDropDown.crx <not found>==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [198480 2015-07-30] (PC Pitstop LLC)R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [37888 2013-03-03] () [File not signed]R2 Thpsrv; C:\windows\system32\ThpSrv.exe [526848 2010-12-25] (TOSHIBA Corporation) [File not signed]S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20150810.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-28] (Symantec Corporation)R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20150814.001\IDSvia64.sys [692984 2015-06-19] (Symantec Corporation)R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20150815.001\ENG64.SYS [138488 2015-06-23] (Symantec Corporation)R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20150815.001\EX64.SYS [2146040 2015-06-23] (Symantec Corporation)R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-05-03] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [307352 2015-05-29] (Trend Micro Inc.)==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-08-16 05:57 - 2015-08-16 05:57 - 00053212 _____ C:\Users\Matti\Downloads\Addition.txt2015-08-16 05:56 - 2015-08-16 05:57 - 00030145 _____ C:\Users\Matti\Downloads\FRST.txt2015-08-16 05:56 - 2015-08-16 05:57 - 00000000 ____D C:\FRST2015-08-16 05:55 - 2015-08-16 05:55 - 02173952 _____ (Farbar) C:\Users\Matti\Downloads\FRST64.exe2015-08-16 05:53 - 2015-08-16 05:53 - 00037014 _____ C:\Users\Matti\Desktop\dds.txt2015-08-16 05:53 - 2015-08-16 05:53 - 00015101 _____ C:\Users\Matti\Desktop\attach.txt2015-08-16 05:52 - 2015-08-16 05:52 - 00688992 ____R (Swearware) C:\Users\Matti\Downloads\dds.scr2015-08-16 05:50 - 2015-08-16 05:50 - 00000000 ____D C:\HJT2015-08-15 21:56 - 2015-08-16 05:36 - 00000000 ____D C:\ProgramData\PCPitstop2015-08-15 21:56 - 2015-08-15 21:56 - 00001251 _____ C:\Users\Matti\Desktop\PC Matic.lnk2015-08-15 21:56 - 2015-08-15 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Pitstop2015-08-15 21:56 - 2015-08-15 21:56 - 00000000 ____D C:\Program Files (x86)\PCPitstop2015-08-15 21:55 - 2015-08-15 21:55 - 00469738 _____ C:\Users\Matti\AppData\Local\census.cache2015-08-15 21:55 - 2015-08-15 21:55 - 00229185 _____ C:\Users\Matti\AppData\Local\ars.cache2015-08-15 21:50 - 2015-08-15 21:50 - 00000010 _____ C:\Users\Matti\AppData\Local\sponge.last.runtime.cache2015-08-15 21:42 - 2015-08-15 21:42 - 02494944 _____ (Trend Micro Inc.) C:\Users\Matti\Downloads\HousecallLauncher64.exe2015-08-15 21:42 - 2015-08-15 21:42 - 00000036 _____ C:\Users\Matti\AppData\Local\housecall.guid.cache2015-08-15 21:42 - 2015-05-29 03:43 - 00307352 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys2015-08-15 18:33 - 2015-08-15 18:36 - 02030552 _____ (PC Pitstop LLC ) C:\Users\Matti\Downloads\pcmatic-setup-0000.exe2015-08-14 23:10 - 2015-08-14 23:10 - 00000000 ____D C:\Users\Matti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView2015-08-14 23:10 - 2015-08-14 23:10 - 00000000 ____D C:\Program Files (x86)\NirSoft2015-08-14 23:09 - 2015-08-14 23:09 - 00141296 _____ C:\Users\Matti\Downloads\shexview_setup.exe2015-08-14 19:39 - 2015-08-14 19:39 - 00000000 ____D C:\Program Files\Common Files\AV2015-08-14 19:39 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe2015-08-14 19:28 - 2015-08-14 21:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2015-08-14 19:28 - 2015-08-14 19:49 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 22015-08-14 19:28 - 2015-08-14 19:28 - 00001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2015-08-14 19:28 - 2015-08-14 19:28 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2015-08-14 19:28 - 2015-08-14 19:28 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking2015-08-14 19:28 - 2015-08-14 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22015-08-14 19:28 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe2015-08-14 19:26 - 2015-08-14 19:27 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Matti\Downloads\spybot-2.4.exe2015-08-12 06:57 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll2015-08-12 06:57 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2015-08-12 03:50 - 2015-07-28 16:09 - 00017344 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe2015-08-12 03:50 - 2015-07-28 16:05 - 01116672 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll2015-08-12 03:50 - 2015-07-28 16:05 - 00774656 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll2015-08-12 03:50 - 2015-07-28 16:05 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll2015-08-12 03:50 - 2015-07-28 16:05 - 00437760 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll2015-08-12 03:50 - 2015-07-28 16:05 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2015-08-12 03:50 - 2015-07-28 16:05 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll2015-08-12 03:50 - 2015-07-28 15:55 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2015-08-12 03:50 - 2015-07-16 15:12 - 06131200 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll2015-08-12 03:50 - 2015-07-16 15:12 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll2015-08-12 03:50 - 2015-07-16 15:12 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll2015-08-12 03:50 - 2015-07-16 15:11 - 07077376 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll2015-08-12 03:50 - 2015-07-16 15:11 - 01057792 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll2015-08-12 03:50 - 2015-07-16 15:11 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll2015-08-12 03:50 - 2015-07-11 09:15 - 00429568 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe2015-08-12 03:49 - 2015-07-20 20:39 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2015-08-12 03:49 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll2015-08-12 03:49 - 2015-07-16 16:54 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2015-08-12 03:49 - 2015-07-16 16:54 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2015-08-12 03:49 - 2015-07-16 16:37 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2015-08-12 03:49 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2015-08-12 03:49 - 2015-07-16 16:36 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2015-08-12 03:49 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2015-08-12 03:49 - 2015-07-16 16:27 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2015-08-12 03:49 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2015-08-12 03:49 - 2015-07-16 16:26 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2015-08-12 03:49 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2015-08-12 03:49 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2015-08-12 03:49 - 2015-07-16 16:21 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2015-08-12 03:49 - 2015-07-16 16:21 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2015-08-12 03:49 - 2015-07-16 16:21 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2015-08-12 03:49 - 2015-07-16 16:20 - 19870208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2015-08-12 03:49 - 2015-07-16 16:12 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2015-08-12 03:49 - 2015-07-16 16:08 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2015-08-12 03:49 - 2015-07-16 16:06 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2015-08-12 03:49 - 2015-07-16 16:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2015-08-12 03:49 - 2015-07-16 15:54 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2015-08-12 03:49 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2015-08-12 03:49 - 2015-07-16 15:51 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2015-08-12 03:49 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2015-08-12 03:49 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec2015-08-12 03:49 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2015-08-12 03:49 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll2015-08-12 03:49 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2015-08-12 03:49 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2015-08-12 03:49 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2015-08-12 03:49 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2015-08-12 03:49 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2015-08-12 03:49 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2015-08-12 03:49 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2015-08-12 03:49 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2015-08-12 03:49 - 2015-07-16 15:35 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2015-08-12 03:49 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2015-08-12 03:49 - 2015-07-16 15:33 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll2015-08-12 03:49 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2015-08-12 03:49 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2015-08-12 03:49 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2015-08-12 03:49 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2015-08-12 03:49 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2015-08-12 03:49 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2015-08-12 03:49 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2015-08-12 03:49 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2015-08-12 03:49 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2015-08-12 03:49 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2015-08-12 03:49 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2015-08-12 03:49 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll2015-08-12 03:49 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2015-08-12 03:49 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2015-08-12 03:49 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2015-08-12 03:49 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2015-08-12 03:49 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2015-08-12 03:49 - 2015-07-15 14:15 - 05568960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2015-08-12 03:49 - 2015-07-15 14:15 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys2015-08-12 03:49 - 2015-07-15 14:15 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys2015-08-12 03:49 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys2015-08-12 03:49 - 2015-07-15 14:12 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll2015-08-12 03:49 - 2015-07-15 14:11 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll2015-08-12 03:49 - 2015-07-15 14:11 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll2015-08-12 03:49 - 2015-07-15 14:11 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll2015-08-12 03:49 - 2015-07-15 14:11 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll2015-08-12 03:49 - 2015-07-15 14:11 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll2015-08-12 03:49 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll2015-08-12 03:49 - 2015-07-15 14:10 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll2015-08-12 03:49 - 2015-07-15 14:10 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll2015-08-12 03:49 - 2015-07-15 14:10 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll2015-08-12 03:49 - 2015-07-15 14:10 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll2015-08-12 03:49 - 2015-07-15 14:10 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll2015-08-12 03:49 - 2015-07-15 14:10 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll2015-08-12 03:49 - 2015-07-15 14:10 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll2015-08-12 03:49 - 2015-07-15 14:10 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll2015-08-12 03:49 - 2015-07-15 14:10 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll2015-08-12 03:49 - 2015-07-15 14:10 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe2015-08-12 03:49 - 2015-07-15 14:10 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll2015-08-12 03:49 - 2015-07-15 14:10 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe2015-08-12 03:49 - 2015-07-15 14:10 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll2015-08-12 03:49 - 2015-07-15 14:10 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll2015-08-12 03:49 - 2015-07-15 14:10 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll2015-08-12 03:49 - 2015-07-15 14:10 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll2015-08-12 03:49 - 2015-07-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe2015-08-12 03:49 - 2015-07-15 14:10 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll2015-08-12 03:49 - 2015-07-15 14:10 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll2015-08-12 03:49 - 2015-07-15 14:10 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll2015-08-12 03:49 - 2015-07-15 14:10 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll2015-08-12 03:49 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll2015-08-12 03:49 - 2015-07-15 14:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe2015-08-12 03:49 - 2015-07-15 14:09 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe2015-08-12 03:49 - 2015-07-15 14:05 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll2015-08-12 03:49 - 2015-07-15 14:05 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe2015-08-12 03:49 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe2015-08-12 03:49 - 2015-07-15 13:56 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll2015-08-12 03:49 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll2015-08-12 03:49 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll2015-08-12 03:49 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll2015-08-12 03:49 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll2015-08-12 03:49 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll2015-08-12 03:49 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll2015-08-12 03:49 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll2015-08-12 03:49 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll2015-08-12 03:49 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll2015-08-12 03:49 - 2015-07-15 13:54 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe2015-08-12 03:49 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll2015-08-12 03:49 - 2015-07-15 13:54 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll2015-08-12 03:49 - 2015-07-15 13:53 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll2015-08-12 03:49 - 2015-07-15 13:53 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll2015-08-12 03:49 - 2015-07-15 13:53 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll2015-08-12 03:49 - 2015-07-15 13:53 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll2015-08-12 03:49 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe2015-08-12 03:49 - 2015-07-15 13:53 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll2015-08-12 03:49 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll2015-08-12 03:49 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 12:46 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys2015-08-12 03:49 - 2015-07-15 12:46 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys2015-08-12 03:49 - 2015-07-15 12:46 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys2015-08-12 03:49 - 2015-07-15 12:37 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe2015-08-12 03:49 - 2015-07-15 12:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe2015-08-12 03:49 - 2015-07-15 12:34 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 12:34 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 12:34 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2015-08-12 03:49 - 2015-07-15 12:34 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2015-08-12 03:49 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll2015-08-12 03:48 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll2015-08-12 03:48 - 2015-07-30 14:06 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll2015-08-12 03:48 - 2015-07-30 14:06 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll2015-08-12 03:48 - 2015-07-30 14:06 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll2015-08-12 03:48 - 2015-07-30 14:06 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll2015-08-12 03:48 - 2015-07-30 14:06 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll2015-08-12 03:48 - 2015-07-30 14:06 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll2015-08-12 03:48 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll2015-08-12 03:48 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll2015-08-12 03:48 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll2015-08-12 03:48 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll2015-08-12 03:48 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll2015-08-12 03:48 - 2015-07-30 13:55 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll2015-08-12 03:48 - 2015-07-30 12:56 - 03208192 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2015-08-12 03:48 - 2015-07-30 12:52 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll2015-08-12 03:48 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll2015-08-12 03:48 - 2015-07-20 14:12 - 03154944 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll2015-08-12 03:48 - 2015-07-20 14:12 - 02606080 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll2015-08-12 03:48 - 2015-07-20 14:12 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll2015-08-12 03:48 - 2015-07-20 14:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll2015-08-12 03:48 - 2015-07-20 14:12 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe2015-08-12 03:48 - 2015-07-20 14:12 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll2015-08-12 03:48 - 2015-07-20 14:12 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll2015-08-12 03:48 - 2015-07-20 14:12 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll2015-08-12 03:48 - 2015-07-20 14:12 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe2015-08-12 03:48 - 2015-07-20 14:12 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll2015-08-12 03:48 - 2015-07-20 14:12 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll2015-08-12 03:48 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll2015-08-12 03:48 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll2015-08-12 03:48 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll2015-08-12 03:48 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe2015-08-12 03:48 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll2015-08-12 03:48 - 2015-07-16 17:14 - 25192448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2015-08-12 03:48 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec2015-08-12 03:48 - 2015-07-16 16:35 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll2015-08-12 03:48 - 2015-07-16 15:55 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2015-08-12 03:48 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll2015-08-12 03:48 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll2015-08-12 03:48 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll2015-08-12 03:48 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll2015-08-12 03:48 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll2015-08-12 03:48 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll2015-08-12 03:48 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll2015-08-12 03:48 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll2015-08-12 03:48 - 2015-07-10 13:51 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll2015-08-12 03:48 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll2015-08-12 03:48 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe2015-08-12 03:48 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\windows\notepad.exe2015-08-12 03:48 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe2015-08-12 03:48 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll2015-08-12 03:48 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll2015-08-12 03:48 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll2015-08-12 03:48 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll2015-08-11 18:18 - 2015-08-11 18:18 - 00000000 ____D C:\Users\Matti\AppData Link to comment Share on other sites More sharing options...
Juliet Posted August 16, 2015 Share Posted August 16, 2015 Hi and welcome NOTE: It is good practice to copy and paste the instructions into notepad and save to desktop and/or print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions Click on the Start button and then select Control Panel. For Windows 8 you can access the Control Panel by searching for Control Panel at the Start Screen. When the Control Panel opens, double-click on one of the options below depending on your version of Windows For Windows Vista, Windows 7 and Windows 8, double-click on the Uninstall Program option. When the Add or Remove Programs or the Uninstall Program screen is displayed, please scroll through the list of programs and double-click on CouponDropDown please follow the default prompts and allow it to remove all files and all configuration information related to this program. ~~~ Running from C:\Users\Matti\Downloads It's best we move Farbar's to desktop. Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT Go to an open spot on your desktop, right click and select PASTE You should now have Farbar Recovery Scan Tool on your desktop. Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below: To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow) start CreateRestorePoint: CloseProcesses: HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [] => [X] AutoConfigURL: [s-1-5-21-530971516-643861663-3778466986-1001] => http://wpad.com.gr/proxy.pac HKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=hp&installDate=28/04/2013 HKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&q={searchTerms}&installDate=28/04/2013 HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=hp&installDate=28/04/2013 HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&q={searchTerms}&installDate=28/04/2013 BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.) BHO-x32: CouponDropDown -> {11111111-1111-1111-1111-110011431152} -> C:\Program Files (x86)\CouponDropDown\CouponDropDown.dll No File BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.) Toolbar: HKU\S-1-5-21-530971516-643861663-3778466986-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FF SearchPlugin: C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\searchplugins\Web Search.xml [2013-04-28] CHR Extension: (CouponDropDown) - C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjkndgpgkiomekpgdaclpoecngmjonhe [2013-07-30] CHR HKLM-x32\...\Chrome\Extension: [fjkndgpgkiomekpgdaclpoecngmjonhe] - C:\Users\Matti\AppData\Local\CouponDropDown\Chrome\CouponDropDown.crx <not found> C:\Users\Matti\AppData\Local\Temp\ose00000.exe EmptyTemp: End Open FRST/FRST64 and press the > Fix < button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. ~~~~~~~~~~~~~~~~~~~` - Save ALL Tools to your Desktop- All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step. Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using. Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK. Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu. Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen. NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop. ~~~~~~~~~~~~` AdwCleaner Please download AdwCleaner and save the file to your Desktop. Right-Click AdwCleaner.exe and select Run as administrator to run the programme. Follow the prompts. Click Scan. Upon completion, click Report. A log (AdwCleaner[sX].txt) will open. Briefly check the log for anything you know to be legitimate. Ensure anything you know to be legitimate does not have a checkmark, and click Clean. Follow the prompts and allow your computer to reboot. After rebooting, a log (AdwCleaner[sX].txt) will open. Copy the contents of the log and paste in your next reply. -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please download Junkware Removal Tool or from here http://downloads.malwarebytes.org/file/jrt to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. ~~~Please download CKScanner and save the file to your Desktop. Right-Click CKScanner.exe and select Run as administrator to run the programme. Click Search For Files. When the cursor hourglass disappears, click Save List To File. A message box will verify the file saved. Please run this programme only once. A log (CKFiles.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply. ~~~ please post Fixlog.txt AdwCleaner[CX].txt JRT.txt CKFiles.txt Link to comment Share on other sites More sharing options...
sanguillen72 Posted August 16, 2015 Author Share Posted August 16, 2015 Hi Juliet, Thank you for the reply. Here are the logs you requested: Fix result of Farbar Recovery Scan Tool (x64) Version:16-08-2015Ran by Matti (2015-08-16 16:16:57) Run:1Running from C:\Users\Matti\DesktopLoaded Profiles: Matti & UpdatusUser (Available Profiles: Matti & UpdatusUser)Boot Mode: Normal==============================================fixlist content:*****************startCreateRestorePoint:CloseProcesses:HKLM\...\Run: [] => [X]HKLM-x32\...\Run: [] => [X]AutoConfigURL: [s-1-5-21-530971516-643861663-3778466986-1001] => http://wpad.com.gr/proxy.pacHKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=hp&installDate=28/04/2013HKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&q={searchTerms}&installDate=28/04/2013HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=hp&installDate=28/04/2013HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&q={searchTerms}&installDate=28/04/2013BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)BHO-x32: CouponDropDown -> {11111111-1111-1111-1111-110011431152} -> C:\Program Files (x86)\CouponDropDown\CouponDropDown.dll No FileBHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)Toolbar: HKU\S-1-5-21-530971516-643861663-3778466986-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileFF SearchPlugin: C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\searchplugins\Web Search.xml [2013-04-28]CHR Extension: (CouponDropDown) - C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjkndgpgkiomekpgdaclpoecngmjonhe [2013-07-30]CHR HKLM-x32\...\Chrome\Extension: [fjkndgpgkiomekpgdaclpoecngmjonhe] - C:\Users\Matti\AppData\Local\CouponDropDown\Chrome\CouponDropDown.crx <not found>C:\Users\Matti\AppData\Local\Temp\ose00000.exeEmptyTemp:End*****************Restore point was successfully created.Processes closed successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfullyHKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfullyHKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfullyHKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfullyHKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfullyHKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Main\\Search Page => Error setting value."HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => key removed successfully"HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => key removed successfully"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011431152}" => key removed successfully"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110011431152}" => key removed successfully"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => value removed successfully"HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}" => key removed successfullyHKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => value removed successfully"HKCR\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}" => key removed successfullyHKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfullyHKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\searchplugins\Web Search.xml => moved successfully.C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjkndgpgkiomekpgdaclpoecngmjonhe => moved successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fjkndgpgkiomekpgdaclpoecngmjonhe" => key removed successfullyC:\Users\Matti\AppData\Local\Temp\ose00000.exe => moved successfully.EmptyTemp: => 760.6 MB temporary data Removed.The system needed a reboot..==== End of Fixlog 16:22:07 ==== # AdwCleaner v5.000 - Logfile created 16/08/2015 at 16:45:15# Updated 14/08/2015 by Xplode# Database : 2015-08-16.2 [server]# Operating system : Windows 7 Home Premium Service Pack 1 (x64)# Username : Matti - MATTI-PC# Running from : C:\Users\Matti\Desktop\AdwCleaner.exe# Option : Cleaning***** [ Services ] ********** [ Folders ] *****[-] Folder Deleted : C:\ProgramData\Partner***** [ Files ] *****[-] File Deleted : C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_fjkndgpgkiomekpgdaclpoecngmjonhe_0***** [ Shortcuts ] ********** [ Scheduled tasks ] ********** [ Registry ] *****[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004352.BHO[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004352.BHO.1[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004352.Sandbox[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004352.Sandbox.1[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044434452}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011431152}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011431152}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011431152}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011431152}[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions[-] Key Deleted : HKCU\Software\Softonic[!] Key Not Deleted : [x64] HKCU\Software\InstalledBrowserExtensions[!] Key Not Deleted : [x64] HKCU\Software\Softonic[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL][-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default][-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default][-] Data Restored : HKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\Search [Default_Search_URL][-] Data Restored : HKU\S-1-5-21-530971516-643861663-3778466986-1001\Software\Microsoft\Internet Explorer\SearchUrl [Default][!] Data Not Restored : HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Main [start Page][!] Data Not Restored : HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Main [search Page][!] Data Not Restored : HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\Search [Default_Search_URL][!] Data Not Restored : HKU\S-1-5-21-530971516-643861663-3778466986-1004\Software\Microsoft\Internet Explorer\SearchUrl [Default]***** [ Web browsers ] *****[-] [C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\prefs.js] [Preference] Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...][-] [C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossrider.bic", "13bc8229201c384ac70acf32f8cb9a8e");[-] [C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.Country", "Canada");[-] [C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);[-] [C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.LastHiddenTime", 22786552);[-] [C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.SmartbarDisabled", true);[-] [C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);[-] [C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.UserID", "0c344832-d3d5-47d1-b142-a1b70293ebaa");[-] [C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.Visibility", true);[-] [C:\Users\Matti\AppData\Roaming\Mozilla\Firefox\Profiles\32cpz8z1.default\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&installDate=28/04/2013&q=");[-] [C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : feed.snap.do[-] [C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ca.rogers.yahoo.com[-] [C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com[-] [C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=hp&installDate=28/04/2013*************************:: Proxy settings cleared:: Winsock settings cleared*************************C:\AdwCleaner[C1].txt - [6083 octets] - [16/08/2015 16:45:15]C:\AdwCleaner[s1].txt - [7264 octets] - [16/08/2015 16:42:41]########## EOF - C:\AdwCleaner[C1].txt - [6209 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 7.5.6 (08.10.2015:1)OS: Windows 7 Home Premium x64Ran by Matti on 16/08/2015 at 16:52:30.15~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Tasks~~~ Registry ValuesSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022432252}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550055435552}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066436652}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220022432252}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550055435552}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660066436652}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550055435552}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660066436652}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550055435552}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066436652}~~~ FilesSuccessfully deleted: [File] C:\Program Files (x86)\GUT508.tmp~~~ FoldersSuccessfully deleted: [Empty Folder] C:\Users\Matti\Appdata\Local\{99E43573-ACF8-461A-9F06-88F8B877AB9F}Successfully deleted: [Folder] C:\ProgramData\google~~~ FireFoxSuccessfully deleted the following from C:\Users\Matti\AppData\Roaming\mozilla\firefox\profiles\32cpz8z1.default\prefs.jsuser_pref(browser.uiCustomization.state, {\placements\:{\PanelUI-contents\:[\edit-controls\,\zoom-controls\,\new-window-button\,\privatebrowsing-button\,\save-Emptied folder: C:\Users\Matti\AppData\Roaming\mozilla\firefox\profiles\32cpz8z1.default\minidumps [185 files]~~~ Chrome[C:\Users\Matti\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset[C:\Users\Matti\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:[C:\Users\Matti\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset[C:\Users\Matti\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:[]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 16/08/2015 at 16:57:59.31End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CKScanner 2.5 - Additional Security Risks - These are not necessarily badc:\program files\kmspico\5ctrphcfxo4.exec:\program files\kmspico\c6qe1mqhhgo.exec:\program files\kmspico\check_activation_all.cmdc:\program files\kmspico\cjwohvxyzs8.exec:\program files\kmspico\dpoaduaf8s1.exec:\program files\kmspico\h25ik5t2dop.exec:\program files\kmspico\install_service.cmdc:\program files\kmspico\ipaddresscontrollib.dllc:\program files\kmspico\j2mbeqyi3gk.exec:\program files\kmspico\klpzb53owxw.exec:\program files\kmspico\kmseldi.exec:\program files\kmspico\kmspico.logc:\program files\kmspico\log.cmdc:\program files\kmspico\mkpt55pxujn.exec:\program files\kmspico\qt38rsunywp.exec:\program files\kmspico\rnfnpgenfj2.exec:\program files\kmspico\service_kms.exec:\program files\kmspico\triggerkms.exec:\program files\kmspico\unins000.datc:\program files\kmspico\unins000.exec:\program files\kmspico\uninstall_service.cmdc:\program files\kmspico\z24v7imbsik.exec:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_bridge_office.xrm-msc:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_root.xrm-msc:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_root_bridge_test.xrm-msc:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_stil.xrm-msc:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_ul.xrm-msc:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_ul_oob.xrm-msc:\program files\kmspico\cert\kmscert2013\project\licenses.sl.pkeyconfig.signed.xrm-msc:\program files\kmspico\cert\kmscert2013\project\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.oob.xrm-msc:\program files\kmspico\cert\kmscert2013\project\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.pl.xrm-msc:\program files\kmspico\cert\kmscert2013\project\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.ppdlic.xrm-msc:\program files\kmspico\cert\kmscert2013\project\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.oob.xrm-msc:\program files\kmspico\cert\kmscert2013\project\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.phn.xrm-msc:\program files\kmspico\cert\kmscert2013\project\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.pl.xrm-msc:\program files\kmspico\cert\kmscert2013\project\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.ppdlic.xrm-msc:\program files\kmspico\cert\kmscert2013\project\project.regc:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_bridge_office.xrm-msc:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_root.xrm-msc:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_root_bridge_test.xrm-msc:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_stil.xrm-msc:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_ul.xrm-msc:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_ul_oob.xrm-msc:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.pkeyconfig.signed.xrm-msc:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.oob.xrm-msc:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.phn.xrm-msc:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.pl.xrm-msc:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.ppdlic.xrm-msc:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.oob.xrm-msc:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.pl.xrm-msc:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.ppdlic.xrm-msc:\program files\kmspico\cert\kmscert2013\proplus\proplus.regc:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_bridge_office.xrm-msc:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_root.xrm-msc:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_root_bridge_test.xrm-msc:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_stil.xrm-msc:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_ul.xrm-msc:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_ul_oob.xrm-msc:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.pkeyconfig.signed.xrm-msc:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.oob.xrm-msc:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.phn.xrm-msc:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.pl.xrm-msc:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.ppdlic.xrm-msc:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.oob.xrm-msc:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.pl.xrm-msc:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.ppdlic.xrm-msc:\program files\kmspico\cert\kmscert2013\visio\visio.regc:\program files\kmspico\cert\office2010vl\office14reginfo.regc:\program files\kmspico\cert\office2010vl\tokens.datc:\program files\kmspico\sounds\affirmative.mp3c:\program files\kmspico\sounds\begin.mp3c:\program files\kmspico\sounds\complete.mp3c:\program files\kmspico\sounds\diagnostic.mp3c:\program files\kmspico\sounds\transfer.mp3c:\program files\kmspico\sounds\verified.mp3c:\program files\kmspico\sounds\warning.mp3c:\program files\kmspico\tokensbackup\tokens.datc:\program files\kmspico\tokensbackup\cache\cache.datc:\program files (x86)\diablo 2\jdownloader\jd\plugins\hoster\crackedcom.classc:\users\matti\desktop\kms office 2013.exec:\users\matti\desktop\me\pof\7-14\crackagirl.docc:\users\matti\downloads\daemon_tools_pro_5.5.0.0388___crack.zipscanner sequence 3.ZZ.11.QEAPOZ ----- EOF ----- Link to comment Share on other sites More sharing options...
Juliet Posted August 16, 2015 Share Posted August 16, 2015 Your logs show signs of having cracked software on your system. This can be the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk. Please remove all the programs (that are cracks/keygens) that you downloaded. We do not condone piracy and further help will be declined should you choose to use them. ~~~~~~~~~~~~~~` Download Malwarebytes' Anti-Malware TO YOUR DESKTOP Windows XP : Double click on the icon to run it. Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" On the Dashboard click on Update Now Go to the Setting Tab Under Setting go to Detection and Protection Under PUP and PUM make sure both are set to show Treat Detections as Malware Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked Then on the Dashboard click on Scan Make sure to select THREAT SCAN Then click on Scan When the scan is finished and the log pops up...select Copy to Clipboard Please paste the log back into this thread for review Exit Malwarebytes ~~~~~~~~~~~~~~~~~~~~~~`` What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner. Most reliable and thorough. The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find. This scanner can take quite a bit of time to run, depending of course how full your computer is. Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled. ESET Online Scan Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled. Please download ESET Online Scan and save the file to your Desktop. Temporarily disable your anti-virus software. For instructions, please refer to the following link. Double-click esetsmartinstaller_enu.exe to run the programme. Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start. Agree to the Terms of Use once more and click Start. Allow components to download. Place a checkmark next to Enable detection of potentially unwanted applications. Click Advanced settings. Place a checkmark next to:Scan archives Scan for potentially unsafe applications Enable Anti-Stealth technology Ensure Remove found threats is unchecked. Click Start. Wait for the scan to finish. Please be patient as this can take some time. Upon completion, click . If no threats were found, skip the next two bullet points. Click and save the file to your Desktop, naming it something such as "MyEsetScan". Push the Back button. Place a checkmark next to and click . Re-enable your anti-virus software. Copy the contents of the log and paste in your next reply. Please post these 2 logs when finished. How is your computer now? Link to comment Share on other sites More sharing options...
sanguillen72 Posted August 17, 2015 Author Share Posted August 17, 2015 Hi Juliet, My apologies, and lesson learned. I think I've removed them all - if you see evidence of something I've missed, please let me know. So far, my system seems to be running better (nothing has gotten stuck yet). Regarding your third last bullet point (the one before "Re-enable your anti-virus software"), there are no places in ESET to put a checkmark? Anyway, here are the two logs you requested and I didn't delete anything when the two scans completed: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 16/08/2015Scan Time: 8:48 PMLogfile:Administrator: YesVersion: 2.1.8.1057Malware Database: v2015.08.16.03Rootkit Database: v2015.08.16.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: MattiScan Type: Threat ScanResult: CompletedObjects Scanned: 412925Time Elapsed: 2 hr, 11 min, 38 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 1PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110011431152}, , [85fed534395242f4905c584cfe0648b8],Registry Values: 2PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110011431152}|AppName, CouponDropDown-bg.exe, , [85fed534395242f4905c584cfe0648b8]PUP.Optional.Snapdo.T, HKU\S-1-5-21-530971516-643861663-3778466986-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, , [c5be30d9ed9ea88e15accb7c47bc3dc3]Registry Data: 2PUP.Optional.Snapdo, HKU\S-1-5-21-530971516-643861663-3778466986-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=hp&installDate=28/04/2013, Good: (www.google.com), Bad: (http://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=hp&installDate=28/04/2013),,[e2a14abfed9e4beb624bb69b09fc4cb4] PUP.Optional.Snapdo, HKU\S-1-5-21-530971516-643861663-3778466986-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&q={searchTerms}&installDate=28/04/2013, Good: (www.google.com), Bad: (http://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=CA&userid=0c344832-d3d5-47d1-b142-a1b70293ebaa&searchtype=ds&q={searchTerms}&installDate=28/04/2013),,[236052b75239ca6c337a97ba0bfae61a] Folders: 1PUP.Optional.CrossRider.A, C:\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_fjkndgpgkiomekpgdaclpoecngmjonhe_0, , [4e359277bfccce6832317a733ac80ff1],Files: 1PUP.RiskWare.Patcher, C:\Users\Matti\Downloads\WoW.rar, , [7a0923e6494262d434a4b21721e0cd33],Physical Sectors: 0(No malicious items detected)(end) C:\FRST\Quarantine\C\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjkndgpgkiomekpgdaclpoecngmjonhe\1.20.50_0\js\background.js JS/Toolbar.Crossrider.E potentially unwanted applicationC:\FRST\Quarantine\C\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjkndgpgkiomekpgdaclpoecngmjonhe\1.20.50_0\js\lib\cookie_store.js JS/Toolbar.Crossrider.H potentially unwanted applicationC:\FRST\Quarantine\C\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjkndgpgkiomekpgdaclpoecngmjonhe\1.20.50_0\js\lib\data_store.js JS/Toolbar.Crossrider.H potentially unwanted applicationC:\FRST\Quarantine\C\Users\Matti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjkndgpgkiomekpgdaclpoecngmjonhe\1.20.50_0\js\lib\reports.js JS/Toolbar.Crossrider.H potentially unwanted applicationC:\Program Files\KMSpico\5CTRPHCFXO4.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe applicationC:\Program Files\KMSpico\C6QE1MQHHGO.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe applicationC:\Program Files\KMSpico\CJWOHVXYZS8.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe applicationC:\Program Files\KMSpico\DPOADUAF8S1.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe applicationC:\Program Files\KMSpico\H25IK5T2DOP.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe applicationC:\Program Files\KMSpico\J2MBEQYI3GK.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe applicationC:\Program Files\KMSpico\KLPZB53OWXW.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe applicationC:\Program Files\KMSpico\KMSELDI.exe a variant of MSIL/HackTool.IdleKMS.A potentially unsafe applicationC:\Program Files\KMSpico\MKPT55PXUJN.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe applicationC:\Program Files\KMSpico\QT38RSUNYWP.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe applicationC:\Program Files\KMSpico\RNFNPGENFJ2.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe applicationC:\Program Files\KMSpico\Z24V7IMBSIK.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe applicationC:\Users\Matti\Downloads\cbsidlm-cbsi176-ExtractNow-BP-10038365.exe a variant of Win32/CNETInstaller.B potentially unwanted applicationC:\Users\Matti\Downloads\WoW.rar a variant of Win32/HackTool.Patcher.AD potentially unsafe applicationC:\Users\Matti\Downloads\Matti\Misc\Programs\Brothersoft_downloader_For_ExtractNow.exe a variant of Win32/BSDownloader potentially unwanted applicationC:\Users\Matti\Downloads\WoW\DelinvFile 5.01 + Patch\purgeie.delinvfile.5.01.111.[32-64bit]-patch.rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application Link to comment Share on other sites More sharing options...
Juliet Posted August 17, 2015 Share Posted August 17, 2015 S2 Service KMSELDI;Service KMSELDI;C:\Program Files\KMSpico\Service_KMS.exe http://technology-decoded.blogspot.com/2013/11/why-you-probably-shouldnt-use.html KMSpico 4.1 http://forums.pcpitstop.com/index.php?/topic/36065-before-posting-in-this-forum-read-this/ Please! Don't request help if you're running an un-licensed/un-validated copy of Windows. We WILL NOT HELP anyone who is running a 'pirated' copy of Windows. You need to uninstall KMSpico 4.1 C:\Program Files\KMSpico <-- delete this folder DelFix Please download DelFix or from Here and save the file to your Desktop. Double-click DelFix.exe to run the programme. Place a checkmark next to the following items: Remove disinfection tools Click the Run button. -- This will remove the specialized tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete). I'm sorry but since you have evidence of cracked or pirated Operating System (Windows) software you're using on the system, this thread will be closed. Link to comment Share on other sites More sharing options...
Juliet Posted August 17, 2015 Share Posted August 17, 2015 Hi Juliet, I understand your stance regarding pirated copies of Windows. Rest assured, my copy of Windows is NOT pirated. It came with the laptop I purchased from Best Buy close to three years ago. I think the KMSPICO came with the version of Office that was indeed illegitimate - I uninstalled the whole Office package last night (along with any of the games I had that were from the same place), before running MalwareBytes and ESET. I ask that, in light of this, you consider unlocking my thread. As I said earlier, I've learned a valuable lesson in all of this and will not be using those methods anymore. You need to uninstall KMSpico 4.1 C:\Program Files\KMSpico <-- delete this folder Have you run Delfix? If you have, please find and delete these files C:\Users\Matti\Downloads\WoW.rar C:\Users\Matti\Downloads\Matti\Misc\Programs\Brothersoft_downloader_For_ExtractNow.exe C:\Users\Matti\Downloads\WoW\DelinvFile 5.01 + Patch\purgeie.delinvfile.5.01.111.[32-64bit]-patch.rar How's the computer now? Link to comment Share on other sites More sharing options...
sanguillen72 Posted August 17, 2015 Author Share Posted August 17, 2015 Hi Juliet,I understand your stance regarding pirated copies of Windows, and can only re-emphasize that my copy of Windows is NOT pirated. It came with the laptop I purchased from Best Buy close to three years ago. I think the KMSPICO came with the version of Office that was indeed illegitimate. I feel sheepish enough as it is, because I should have known better than to have done this - believe me, I won't be trying that again! But I'm not nearly smart enough to try and even fiddle with Windows, much less try and install a pirated version of that. Regarding anything unresolved - I'll have a better idea tonight after I get home from work. It seemed to be behaving better last night, but I'll remove that KMSPICO folder when I get home and will run Delfix, and will post my results after that. Thanks again for all your help! Link to comment Share on other sites More sharing options...
Juliet Posted August 17, 2015 Share Posted August 17, 2015 IF, you haven't run Delfix we can use FRST to remove folders and files. Let me know. Link to comment Share on other sites More sharing options...
sanguillen72 Posted August 17, 2015 Author Share Posted August 17, 2015 I still have FRST installed on my desktop so if that's easier then sure, we can do it that way. Link to comment Share on other sites More sharing options...
Juliet Posted August 17, 2015 Share Posted August 17, 2015 Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below: To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow) start CreateRestorePoint: CloseProcesses: Folder:C:\Program Files\KMSpico C:\Users\Matti\Downloads\WoW.rar C:\Users\Matti\Downloads\Matti\Misc\Programs\Brothersoft_downloader_For_ExtractNow.exe C:\Users\Matti\Downloads\WoW\DelinvFile 5.01 + Patch\purgeie.delinvfile.5.01.111.[32-64bit]-patch.rar EmptyTemp: Hosts: End Open FRST/FRST64 and press the > Fix < button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. Link to comment Share on other sites More sharing options...
sanguillen72 Posted August 17, 2015 Author Share Posted August 17, 2015 Hi Juliet, Fix result of Farbar Recovery Scan Tool (x64) Version:16-08-2015Ran by Matti (2015-08-17 17:28:28) Run:2Running from C:\Users\Matti\DesktopLoaded Profiles: Matti & UpdatusUser (Available Profiles: Matti & UpdatusUser)Boot Mode: Normal==============================================fixlist content:*****************startCreateRestorePoint:CloseProcesses:Folder:C:\Program Files\KMSpicoC:\Users\Matti\Downloads\WoW.rarC:\Users\Matti\Downloads\Matti\Misc\Programs\Brothersoft_downloader_For_ExtractNow.exeC:\Users\Matti\Downloads\WoW\DelinvFile 5.01 + Patch\purgeie.delinvfile.5.01.111.[32-64bit]-patch.rarEmptyTemp:Hosts:End*****************Restore point was successfully created.Processes closed successfully.========================= Folder:C:\Program Files\KMSpico ========================folder not foundC:\Users\Matti\Downloads\WoW.rar => moved successfully.C:\Users\Matti\Downloads\Matti\Misc\Programs\Brothersoft_downloader_For_ExtractNow.exe => moved successfully.C:\Users\Matti\Downloads\WoW\DelinvFile 5.01 + Patch\purgeie.delinvfile.5.01.111.[32-64bit]-patch.rar => moved successfully.C:\Windows\System32\Drivers\etc\hosts => moved successfully.Hosts restored successfully.EmptyTemp: => 42.3 MB temporary data Removed.The system needed a reboot..==== End of Fixlog 17:30:37 ==== Link to comment Share on other sites More sharing options...
Juliet Posted August 17, 2015 Share Posted August 17, 2015 How's the machine? Link to comment Share on other sites More sharing options...
sanguillen72 Posted August 17, 2015 Author Share Posted August 17, 2015 Everything appears to be working much better. Thanks so much for your help! Link to comment Share on other sites More sharing options...
Juliet Posted August 17, 2015 Share Posted August 17, 2015 DelFix Please download DelFix or from Here and save the file to your Desktop. Double-click DelFix.exe to run the programme. Place a checkmark next to the following items: Activate UAC Remove disinfection tools Click the Run button. -- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete). ~~~~~~~~~~ Answers to common security questions - Best Practices by quietman7, MVP How Malware Spreads - How did I get infected? by quietman7, MVP Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP How to Prevent Malware by miekiemoes, MVP How to backup and restore your data using Cobian Backup by YourHighness Slow Computer/browser? It May Not Be Malware by quietman7, MVP The following programmes come highly recommended in the security community. AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads. CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted. Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software. Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution. NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you. Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you. SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies. Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website. Want to help others? Join the ClassRoom and learn how. Link to comment Share on other sites More sharing options...
sanguillen72 Posted August 18, 2015 Author Share Posted August 18, 2015 Done - thank you again. Juliet! Link to comment Share on other sites More sharing options...
Juliet Posted August 18, 2015 Share Posted August 18, 2015 Glad we could help. Since this issue appears resolved ... this Topic is closed. Link to comment Share on other sites More sharing options...
Recommended Posts