Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old February 11th, 2016, 07:53 PM
unforgiven1977 unforgiven1977 is offline
Senior Member
 
Join Date: Feb 2006
Posts: 118
Browsers suddenly running slow

My Browsers (IE and Firefox) have both been quite slow lately. Whether loading a page or responding to commands. After making sure everything is up to date, disabling any addons that may be causing an issue, and clearing temp folders, I'm still experiencing the issue. Other than the slowness there are no other signs of potential malware but I'm not sure what else to do. Any help you may offer would be appreciated.
Reply With Quote
  #2  
Old February 11th, 2016, 08:20 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hello unforgiven1977 and Welcome to the CyberTechHelp Forums. .
I will be helping you fixing your problems.

Please take note of some guidelines for this fix:

1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short. Thanks for your understanding.
2- Perform everything in the correct order. Sometimes one step requires the previous one.
3- Please open as administrator the computer. How is open as administrator the computer?
4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here
How to disable your security applications.
5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"
6- Back up all your private data / important files on another (external) drive before using our tools (if possible).
7- Please subscribe to this thread if you have not done so already, and please don't do any other scans on your own and don't install or remove software.
8- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal.

Thanks

************************************************** *******************************************
Let's check.

I Would like you to do the following

Step 1:
Scan with Zemana AntiMalware Free:
  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program.
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Include All Browser Extensions > Tick the box next
  • Smart scan settings to replace as deep scan
  • Close all open files, folders and browsers
  • Click scan now and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
Step 2:
  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).
http://hijackthis.nl/smeenk/
  • Attached to this message you will find a file called zoekscript
zoekscript.txt 188bytes 70 downloads
  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.
Step 3:
PC restart now.
Next >>
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Have a nice day.

Reply With Quote
  #3  
Old February 13th, 2016, 04:42 AM
unforgiven1977 unforgiven1977 is offline
Senior Member
 
Join Date: Feb 2006
Posts: 118
Zemana AntiMalware 2.19.2.852 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/2/12
Operating System : Windows 7 64-bit
Processor : 4X AMD Athlon(tm) II X4 650 Processor
BIOS Mode : Legacy
CUID : 00CBAFC550080D471B2650
Scan Type : Deep Scan
Duration : 35m 25s
Scanned Objects : 344914
Detected Objects : 21
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Yes
Include All Extensions : Yes
Scan Documents : No
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Default
Status : Scanned
Object : %programfiles%\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Traces :
Browser Extension - Default

Adblock Plus
Status : Scanned
Object : %appdata%\mozilla\firefox\profiles\gvhci303.defaul t\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
MD5 : F4741D13447199718BB610E392A9DECD
Publisher : -
Size : 1001911
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Traces :
Browser Extension - Adblock Plus
File - %appdata%\mozilla\firefox\profiles\gvhci303.defaul t\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Youtube Best Video Downloader 2
Status : Scanned
Object : %appdata%\mozilla\firefox\profiles\gvhci303.defaul t\extensions\{170503fa-3349-4f17-bc86-001888a5c8e2}.xpi
MD5 : 56DCE77F61409C46B4BD504CF8EC015F
Publisher : -
Size : 43831
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Traces :
Browser Extension - Youtube Best Video Downloader 2
File - %appdata%\mozilla\firefox\profiles\gvhci303.defaul t\extensions\{170503fa-3349-4f17-bc86-001888a5c8e2}.xpi

FlashGot
Status : Scanned
Object : %appdata%\mozilla\firefox\profiles\gvhci303.defaul t\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
MD5 : CD97E22BF9ACEDEB682FCCFCC5252F32
Publisher : -
Size : 400336
Version : -
Detection : Browser Extension
Cleaning Action : Repair
Traces :
Browser Extension - FlashGot
File - %appdata%\mozilla\firefox\profiles\gvhci303.defaul t\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

CouponPrinterService.exe
Status : Scanned
Object : %programfiles%\coupons\couponprinterservice.exe
MD5 : 20914ECC765B897528B0E3951A773FD6
Publisher : Coupons, Inc.
Size : 1413736
Version : 6.0.2.8
Detection : Adware:Win32/Coupons!Ep
Cleaning Action : Quarantine
Traces :
File - %programfiles%\coupons\couponprinterservice.exe
Process - 3416 - C:\Program Files (x86)\Coupons\CouponPrinterService.exe
Registry Entry - HKLM\System\CurrentControlSet\Services\CouponPrint erService\ImagePath = C:\Program Files (x86)\Coupons\CouponPrinterService.exe

CouponPrinter.exe
Status : Scanned
Object : %userprofile%\downloads\couponprinter.exe
MD5 : 84A3B901DF1E2B5F138C21D509693D8D
Publisher : Coupons, Inc.
Size : 2809128
Version : 5.0.1.6
Detection : Adware:Win32/Coupons!Ep
Cleaning Action : Quarantine
Traces :
File - %userprofile%\downloads\couponprinter.exe

CouponPrinter(1).exe
Status : Scanned
Object : %userprofile%\downloads\couponprinter(1).exe
MD5 : 84A3B901DF1E2B5F138C21D509693D8D
Publisher : Coupons, Inc.
Size : 2809128
Version : 5.0.1.6
Detection : Adware:Win32/Coupons!Ep
Cleaning Action : Quarantine
Traces :
File - %userprofile%\downloads\couponprinter(1).exe

cbsidlm-tr1_9-MagicBlock-SEO-10838528.exe
Status : Scanned
Object : %userprofile%\downloads\cbsidlm-tr1_9-magicblock-seo-10838528.exe
MD5 : B7D4020819DC6B923E5FE9D88231DD08
Publisher : CBS Interactive
Size : 632952
Version : 2.8.0.1
Detection : Adware:Win32/CNETBundle!Ep
Cleaning Action : Quarantine
Traces :
File - %userprofile%\downloads\cbsidlm-tr1_9-magicblock-seo-10838528.exe

couponprinter_x64.ocx
Status : Scanned
Object : %systemroot%\couponprinter_x64.ocx
MD5 : 459D396792ECF523870DBDED8C263E0B
Publisher : Coupons, Inc.
Size : 659048
Version : 5.0.2.8
Detection : Adware:Win32/Coupons!Ep
Cleaning Action : Quarantine
Traces :
File - %systemroot%\couponprinter_x64.ocx
Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}\InprocServer32\@ = C:\Windows\COUPON~2.OCX
Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\InprocServer32\@ = C:\Windows\COUPON~2.OCX
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\@ = C:\Windows\COUPON~2.OCX

CouponPrinter.ocx
Status : Scanned
Object : %systemroot%\couponprinter.ocx
MD5 : CE0F193FE18CE21432B435EE4B1A077F
Publisher : Coupons, Inc.
Size : 444520
Version : 5.0.2.8
Detection : Adware:Win32/Coupons!Ep
Cleaning Action : Quarantine
Traces :
File - %systemroot%\couponprinter.ocx
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\@ = C:\Windows\COUPON~1.OCX

wajam_update[1].exe
Status : Scanned
Object : %systemroot%\syswow64\config\systemprofile\appdata \local\microsoft\windows\temporary internet files\content.ie5\vqkwb9xz\wajam_update[1].exe
MD5 : A9ADBB9CF5EB800CA3D3A7D08136269A
Publisher : Wajam
Size : 69784
Version : -
Detection : Adware:Win32/WajamAdCash!Ep
Cleaning Action : Quarantine
Traces :
File - %systemroot%\syswow64\config\systemprofile\appdata \local\microsoft\windows\temporary internet files\content.ie5\vqkwb9xz\wajam_update[1].exe

CouponPrinterServicex64.exe
Status : Scanned
Object : %temp%\_ir_sf_temp_0\couponprinterservicex64.exe
MD5 : 20914ECC765B897528B0E3951A773FD6
Publisher : Coupons, Inc.
Size : 1413736
Version : 6.0.2.8
Detection : Adware:Win32/Coupons!Ep
Cleaning Action : Quarantine
Traces :
File - %temp%\_ir_sf_temp_0\couponprinterservicex64.exe

CouponPrinterServiceWin32.exe
Status : Scanned
Object : %temp%\_ir_sf_temp_0\couponprinterservicewin32.exe
MD5 : C18053779E16EED30F028916012BF994
Publisher : Coupons, Inc.
Size : 1051240
Version : 6.0.2.8
Detection : Adware:Win32/Coupons!Ep
Cleaning Action : Quarantine
Traces :
File - %temp%\_ir_sf_temp_0\couponprinterservicewin32.exe

npMozCouponPrinter.dll
Status : Scanned
Object : %temp%\_ir_sf_temp_0\npmozcouponprinter.dll
MD5 : B12E8BD446DC6CB9F3D4C7F54EB98DD9
Publisher : Coupons, Inc.
Size : 247912
Version : 5.0.2.8
Detection : Adware:Win32/Coupons!Ep
Cleaning Action : Quarantine
Traces :
File - %temp%\_ir_sf_temp_0\npmozcouponprinter.dll

npCouponPrinter.dll
Status : Scanned
Object : %temp%\_ir_sf_temp_0\npcouponprinter.dll
MD5 : FCB02678C3397912210F8F68A8CCC121
Publisher : Coupons, Inc.
Size : 247912
Version : 5.0.2.8
Detection : Adware:Win32/Coupons!Ep
Cleaning Action : Quarantine
Traces :
File - %temp%\_ir_sf_temp_0\npcouponprinter.dll

13072204882670352561.exe
Status : Scanned
Object : %temp%\13072204882670352561.exe
MD5 : 407B0B79FB9AD6759CB1F2C18D25C6DF
Publisher : -
Size : 743842
Version : 0.0.0.0
Detection : Adware:Win32/InstallCore.Variant!Sig
Cleaning Action : Quarantine
Traces :
File - %temp%\13072204882670352561.exe

uninstall.exe
Status : Scanned
Object : %programfiles%\coupons\uninstall.exe
MD5 : F6737D52E5DD12D3EC644A70BA4E45C2
Publisher : Coupons, Inc.
Size : 586912
Version : 8.2.2.0
Detection : Adware:Win32/Coupons!Ep
Cleaning Action : Quarantine
Traces :
File - %programfiles%\coupons\uninstall.exe
Reference - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons\Uninstall Coupon Printer for Windows.lnk

visic_coupon.dll
Status : Scanned
Object : %programfiles%\yahoo!\companion\installs\cpn0\visi c_coupon.dll
MD5 : 044A218B9767F58851889C0F22B5FAA4
Publisher : Visicom Media Inc.
Size : 370240
Version : 1.0.0.33
Detection : Adware:Win32/VisicomToolbar!Ep
Cleaning Action : Quarantine
Traces :
File - %programfiles%\yahoo!\companion\installs\cpn0\visi c_coupon.dll

npMozCouponPrinter.dll
Status : Scanned
Object : %programfiles%\mozilla firefox\browser\plugins\npmozcouponprinter.dll
MD5 : B12E8BD446DC6CB9F3D4C7F54EB98DD9
Publisher : Coupons, Inc.
Size : 247912
Version : 5.0.2.8
Detection : Adware:Win32/Coupons!Ep
Cleaning Action : Quarantine
Traces :
File - %programfiles%\mozilla firefox\browser\plugins\npmozcouponprinter.dll

Cake Mania.exe
Status : Scanned
Object : %programfiles%\hp games\cake mania\cake mania.exe
MD5 : 5C4A5F4FA83DE23A011E10DAC395E6E8
Publisher : -
Size : 110592
Version : 1.0.2.30
Detection : Malware:Win32/Cognito!Ramt
Cleaning Action : Quarantine
Traces :
File - %programfiles%\hp games\cake mania\cake mania.exe

Redacted.exe
Status : Scanned
Object : %homedrive%\games\call of duty black ops 2\redacted.exe
MD5 : CA5ADBB3F1D71729F1F4440699EC6F2B
Publisher : -
Size : 142464
Version : 1.0.0.2
Detection : Trojan:Win32/Bundpill.A!Amam
Cleaning Action : Quarantine
Traces :
File - %homedrive%\games\call of duty black ops 2\redacted.exe



Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Jarhead on Fri 02/12/2016 at 21:19:05.07.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jarhead\Desktop\zoek.exe
Script used: C:\Users\Jarhead\Desktop\zoekscript.txt

==== System Restore Info ======================

2/12/2016 9:24:51 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\360 deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\COMMON~1\AV deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully
C:\PROGRA~3\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} deleted successfully
C:\Users\Jarhead\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Jarhead\AppData\Roaming\Nuance deleted successfully
C:\Users\Jarhead\AppData\Roaming\TP deleted successfully
C:\Users\Jarhead\AppData\Local\Downloaded Installations deleted successfully
C:\Users\Jarhead\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Jarhead\AppData\Local\EmieSiteList deleted successfully
C:\Users\Jarhead\AppData\Local\EmieUserList deleted successfully
C:\Users\Jarhead\AppData\Local\PDFC deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2125622828-1049889843-2400163364-1001\Software\Microsoft\Internet Explorer

\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-2125622828-1049889843-2400163364-1001\Software\Microsoft\Internet Explorer

\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} deleted successfully
HKEY_USERS\S-1-5-21-2125622828-1049889843-2400163364-1001\Software\Microsoft\Internet Explorer\Low

Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Internet Explorer\SearchScopes

\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-

A0FF-E1416B8B2E3A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-

a955-ea576e553146} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{B69F34DD-F0F9-42DC-9EDD-957187DA688D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Explorer\Browser

Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.msn.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename.US", "Search Provided by Yahoo");
user_pref("keyword.URL", "");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default\prefs.js:

ProfilePath: C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20160212_1012_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\360 not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found
C:\PROGRA~3\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} not found
C:\windows\SysNative\Tasks\AVG_SYS_TASK_1114av deleted
C:\windows\SysNative\Tasks\AVG_SYS_TASK_1114av_DEL ETE deleted
C:\Windows\tasks\AVG_SYS_TASK_1114av.job deleted
C:\Windows\tasks\AVG_SYS_TASK_1114av_DELETE.job deleted
C:\PROGRA~3\Yahoo! Companion deleted
C:\PROGRA~2\Coupons deleted
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\Avg_Update_0814tb deleted
C:\PROGRA~3\Avg_Update_1114av deleted
C:\Users\Jarhead\AppData\Local\Unity deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deleted
C:\Users\Jarhead\Downloads\avg_free_stb_all_2012_1 913_cnet.exe deleted
C:\Users\Jarhead\Downloads\avg_free_stb_all_2014_4 158_cnet.exe deleted
C:\Users\Jarhead\AppData\LocalLow\Unity deleted
C:\Users\Jarhead\AppData\LocalLow\Yahoo! deleted
C:\Users\Jarhead\AppData\LocalLow\Yahoo! Companion deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\L ocalLow\AVG SafeGuard toolbar deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\RENB046.tmp deleted
C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default\searchplugins\search-provided-

by-yahoo.xml deleted
C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default\Yahoo Inc deleted
"C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\ Profiles\gvhci303.default\yahooToolbarSettings" deleted

==== Firefox Extensions ======================

==== Firefox Plugins ======================

Profilepath: C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default
6FE651F6E3025AD51CC1D54913AEEADC - C:\Windows\SysWOW64\Macromed\Flash

\NPSWF32_20_0_0_306.dll - Shockwave Flash
3CD19649B2C3023D65E67C056457A2BC - C:\Users\Jarhead\AppData\Local\Facebook\Video\Skyp e

\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
6BBDF75F2CEC825523418547F7C32105 - C:\Users\Default\AppData\Local\HuluDesktop\instanc es

\0.9.13.1\nphdplg.dll - Hulu Desktop


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Jarhead\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-

fullyhosted_003&type=wncy_ipad_15_41&param1=1&para m2=f%3D1%26b%3DIE%26cc%3Dus%26pa

%3DWincy%26cd

%3D2XzuyEtN2Y1L1QzutDzztB0EyD0FtD0F0E0E0FzytByCtCy BtN0D0Tzu0StCtAyByDtN1L2XzutAtFtCtBtF

yDtFtAtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyCtCzztD0C yByDtGyE0F0A0DtGyE0AtDtCtGzy0B0FzytG

tBtAtAyEyC0Fzz0CzyyDzyyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S 0C0AyC0DyB0EtD0DtG0DtBtByEtGyEtDzzy

DtG0B0A0ByDtG0CyCyCzz0CtCyE0EyDzyyEtA2QtN0A0LzutB% 26cr%3D1492570255%26a

%3Dwncy_ipad_15_41%26os%3DWindows%2B7%2BHome%2BPre mium"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\ Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-

A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\ Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{20E6740E-07D0-403C-B434-82F09728D27A} -

http://www.amazon.com/s/ref=azs_osd_...dex=aps&field-

keywords={searchTerms}
HKLM\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} - http://www.bing.com/search?q=

{searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.com/rover/1/711-

30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} -

http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q=

{searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q=

{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} - http://www.bing.com/search?q=

{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.com/rover/1/711-

30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
HKCU\Wow6432Node\SearchScopes "DefaultScope"=""
HKCU\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} -

http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Uninstall\UnityWebPlayer deleted

successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\ Windows\CurrentVersion\Uninstall\Coupon

Printer for Windows5.0.1.6 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files

\Content.IE5 emptied successfully
C:\Users\Jarhead\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5 emptied

successfully
C:\Users\Jarhead\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5 emptied

successfully
C:\Windows\SysNative\config\systemprofile\AppData\ Local\Microsoft\Windows\Temporary Internet Files

\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\ Local\Microsoft\Windows\Temporary Internet Files

\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files

\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Lo cal\Temp\Temporary Internet Files\Content.IE5 emptied

successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files

\Content.IE5\blank1E7KP9L9.htm will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files

\Content.IE5\location_pickerCFV82EY7.htm will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files

\Content.IE5\blank1E7KP9L9.htm will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files

\Content.IE5\location_pickerCFV82EY7.htm will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Jarhead\AppData\Local\Mozilla\Firefox\Pro files\gvhci303.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=102 folders=22 48544187 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Jarhead\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\ Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Lo cal\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Jarhead\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\sysWoW64\config\systemprofile\AppData\ Local\Microsoft\Windows\Temporary Internet Files

\Content.IE5\blank1E7KP9L9.htm" not found
"C:\Windows\sysWoW64\config\systemprofile\AppData\ Local\Microsoft\Windows\Temporary Internet Files

\Content.IE5\location_pickerCFV82EY7.htm" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\ Local\Microsoft\Windows\Temporary Internet Files

\Content.IE5\blank1E7KP9L9.htm" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\ Local\Microsoft\Windows\Temporary Internet Files

\Content.IE5\location_pickerCFV82EY7.htm" not found

==== EOF on Fri 02/12/2016 at 22:27:26.88 ======================
Reply With Quote
  #4  
Old February 13th, 2016, 04:43 AM
unforgiven1977 unforgiven1977 is offline
Senior Member
 
Join Date: Feb 2006
Posts: 118
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Jarhead (administrator) on JARHEAD-HP (12-02-2016 22:33:38)
Running from C:\Users\Jarhead\Desktop
Loaded Profiles: Jarhead (Available Profiles: Jarhead)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\CrazyRemote\CrazyRemoteServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\mjusbsp\srvany.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\BTTray.exe
(Corel, Inc.) C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
() C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(magicJack L.P.) C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\mjusbsp\magicJack.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-26] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSyst emStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12725488 2016-01-25] (Zemana Ltd.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [591512 2015-11-19] (Razer Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [532808 2009-01-21] (Corel, Inc.)
HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16712 2009-01-21] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\...\Run: [Easy Dock] => [X]
HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\...\Run: [CrazyRemote] => C:\Program Files (x86)\CrazyRemote\CrazyRemote.exe [499992 2013-05-22] ()
HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\...\Run: [CrazyRemoteCommand] => C:\Program Files (x86)\CrazyRemote\CrazyRemoteCommand.exe [48920 2013-05-22] ()
HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1370624 2012-02-29] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [cdloader] => "C:\Windows\system32\config\systemprofile\AppData\ Roaming\mjusbsp\cdloader2.exe" MAGICJACK
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-04-08]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ASUS\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Jarhead\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\CurseClientStartup.ccip [2012-04-02] ()
Startup: C:\Users\Jarhead\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\magicBlock.lnk [2013-11-02]
ShortcutTarget: magicBlock.lnk -> C:\Program Files (x86)\magicBlock\magicBlock.exe (vvisoft)
Startup: C:\Users\Jarhead\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\RCA Detective.lnk [2014-06-19]
ShortcutTarget: RCA Detective.lnk -> C:\Users\Jarhead\Documents\RCA Detective\RCADetective.exe (Audiovox Accessories Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{F92E336F-3802-486D-BBCA-7AEFA7894905}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{F9723135-7644-4DF2-863C-C143DBE6764B}: [DhcpNameServer] 192.168.1.1 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-2125622828-1049889843-2400163364-1001 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {20E6740E-07D0-403C-B434-82F09728D27A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2125622828-1049889843-2400163364-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2125622828-1049889843-2400163364-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2125622828-1049889843-2400163364-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-18] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-01-17] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-17] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-10] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-01-17] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-10] (Oracle Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_ 306.dll [2016-02-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_ 306.dll [2016-02-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1. dll [2016-02-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-10] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-09-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-09-13] (NVIDIA Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp .dll [2015-08-19] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2125622828-1049889843-2400163364-1001: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesk top\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-2125622828-1049889843-2400163364-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jarhead\AppData\Local\Facebook\Video\Skyp e\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2125622828-1049889843-2400163364-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jarhead\AppData\LocalLow\Unity\WebPlayer\ loader\npUnity3D32.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 btwdins; C:\Program Files\ASUS\Bluetooth Software\btwdins.exe [1005944 2012-12-06] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation)
R2 CrazyRemoteServer; C:\Program Files (x86)\CrazyRemote\CrazyRemoteServer.exe [249112 2013-05-22] ()
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-08-19] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-26] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 magicJack; C:\mjusbsp\srvany.exe [8192 2012-02-29] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-26] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-26] (NVIDIA Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12725488 2016-01-25] (Zemana Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-29] (AVG Technologies)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-24] (Broadcom Corporation.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-07] ()
R3 vhidmini; C:\Windows\System32\DRIVERS\crazyremote64.sys [67736 2013-05-22] ()
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [202144 2016-02-12] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [202144 2016-02-12] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)
Reply With Quote
  #5  
Old February 13th, 2016, 04:44 AM
unforgiven1977 unforgiven1977 is offline
Senior Member
 
Join Date: Feb 2006
Posts: 118
2016-02-12 22:33 - 2016-02-12 22:34 - 00021265 _____ C:\Users\Jarhead\Desktop\FRST.txt
2016-02-12 22:33 - 2016-02-12 22:33 - 00000000 ____D C:\FRST
2016-02-12 22:31 - 2016-02-12 22:32 - 02370560 _____ (Farbar) C:\Users\Jarhead\Desktop\FRST64.exe
2016-02-12 22:30 - 2016-02-12 22:30 - 00013470 _____ C:\Users\Jarhead\Desktop\zoek-results.txt
2016-02-12 22:27 - 2016-02-12 22:27 - 00000000 ____D C:\Users\Jarhead\AppData\Local\PDFC
2016-02-12 22:25 - 2016-02-12 21:18 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-02-12 21:22 - 2016-02-12 21:22 - 00011681 _____ C:\Users\Jarhead\Desktop\2016.02.12-19.09.15-i0-t4294967295-d21.txt
2016-02-12 21:18 - 2016-02-12 22:12 - 00000000 ____D C:\zoek_backup
2016-02-12 21:08 - 2016-02-12 21:08 - 01309184 _____ C:\Users\Jarhead\Desktop\zoek.exe
2016-02-12 19:04 - 2016-02-12 22:27 - 00001125 _____ C:\Windows\ZAM.krnl.trace
2016-02-12 19:04 - 2016-02-12 22:26 - 00000119 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-02-12 19:04 - 2016-02-12 19:04 - 00202144 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-02-12 19:04 - 2016-02-12 19:04 - 00202144 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-02-12 19:04 - 2016-02-12 19:04 - 00001114 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-02-12 19:04 - 2016-02-12 19:04 - 00000000 ____D C:\Users\Jarhead\AppData\Local\Zemana
2016-02-12 19:04 - 2016-02-12 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-02-12 19:04 - 2016-02-12 19:04 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-02-12 19:01 - 2016-02-12 19:01 - 05225112 _____ ( ) C:\Users\Jarhead\Downloads\Zemana.AntiMalware.Setu p.exe
2016-02-10 05:58 - 2016-02-06 05:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-10 05:58 - 2016-02-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-10 05:58 - 2016-02-06 05:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-10 05:58 - 2016-02-06 05:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-10 05:58 - 2016-02-06 05:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-10 05:58 - 2016-02-06 05:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-10 05:58 - 2016-02-06 04:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-10 05:58 - 2016-02-06 04:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-10 05:58 - 2016-02-06 04:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-10 05:58 - 2016-02-06 04:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-10 05:58 - 2016-02-06 04:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-10 05:58 - 2016-02-06 04:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-10 05:58 - 2016-02-06 04:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-10 05:58 - 2016-02-06 03:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-10 05:58 - 2016-01-22 15:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-10 05:58 - 2016-01-22 15:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-10 05:58 - 2016-01-22 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-10 05:58 - 2016-01-22 01:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-10 05:58 - 2016-01-22 01:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-10 05:58 - 2016-01-22 01:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-10 05:58 - 2016-01-22 01:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-10 05:58 - 2016-01-22 01:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-10 05:58 - 2016-01-22 01:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-10 05:58 - 2016-01-22 01:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-10 05:58 - 2016-01-22 01:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-10 05:58 - 2016-01-22 01:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-10 05:58 - 2016-01-22 01:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-10 05:58 - 2016-01-22 01:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-10 05:58 - 2016-01-22 01:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-10 05:58 - 2016-01-22 01:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-10 05:58 - 2016-01-22 01:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-10 05:58 - 2016-01-22 01:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-10 05:58 - 2016-01-22 01:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-10 05:58 - 2016-01-22 01:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-10 05:58 - 2016-01-22 01:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-10 05:58 - 2016-01-22 01:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-10 05:58 - 2016-01-22 01:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-10 05:58 - 2016-01-22 01:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-10 05:58 - 2016-01-22 01:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-10 05:58 - 2016-01-22 01:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-10 05:58 - 2016-01-22 01:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-10 05:58 - 2016-01-22 00:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-10 05:58 - 2016-01-22 00:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-10 05:58 - 2016-01-22 00:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-10 05:58 - 2016-01-22 00:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-10 05:58 - 2016-01-22 00:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-10 05:58 - 2016-01-22 00:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-10 05:58 - 2016-01-22 00:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-10 05:58 - 2016-01-22 00:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-10 05:58 - 2016-01-22 00:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-10 05:58 - 2016-01-22 00:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-10 05:58 - 2016-01-22 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-10 05:58 - 2016-01-22 00:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-10 05:58 - 2016-01-22 00:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-10 05:58 - 2016-01-22 00:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-10 05:58 - 2016-01-22 00:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-10 05:58 - 2016-01-22 00:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-10 05:58 - 2016-01-22 00:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-10 05:58 - 2016-01-22 00:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-10 05:58 - 2016-01-22 00:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-10 05:58 - 2016-01-22 00:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-10 05:58 - 2016-01-22 00:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-10 05:58 - 2016-01-22 00:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-10 05:58 - 2016-01-22 00:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-10 05:58 - 2016-01-22 00:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-10 05:58 - 2016-01-22 00:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-10 05:58 - 2016-01-16 14:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-10 05:58 - 2016-01-16 13:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-10 05:58 - 2016-01-11 09:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-10 05:58 - 2016-01-11 09:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-10 05:58 - 2016-01-11 09:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-10 05:58 - 2016-01-11 09:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-10 05:58 - 2016-01-11 09:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-10 05:58 - 2016-01-06 14:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-10 05:58 - 2016-01-06 14:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-10 05:58 - 2016-01-06 13:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-10 05:57 - 2016-01-22 01:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 05:57 - 2016-01-22 01:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 05:57 - 2016-01-22 01:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-10 05:57 - 2016-01-22 01:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 05:57 - 2016-01-22 01:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-10 05:57 - 2016-01-22 01:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-10 05:57 - 2016-01-16 14:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-10 05:57 - 2016-01-16 13:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-10 05:57 - 2016-01-11 14:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-10 05:57 - 2016-01-11 14:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-10 05:57 - 2016-01-11 14:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-10 05:57 - 2016-01-11 13:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-10 05:57 - 2016-01-11 13:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-10 05:57 - 2016-01-11 13:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-10 05:57 - 2016-01-11 13:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-10 05:57 - 2016-01-11 13:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-10 05:57 - 2016-01-11 13:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-10 05:57 - 2016-01-11 13:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-10 05:57 - 2016-01-11 13:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-10 05:57 - 2016-01-11 13:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-10 05:57 - 2016-01-11 13:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-10 05:57 - 2016-01-11 13:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-10 05:57 - 2016-01-11 13:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-10 05:57 - 2016-01-11 13:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-10 05:57 - 2016-01-07 12:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-10 05:57 - 2016-01-07 12:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 05:56 - 2016-01-22 01:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-10 05:56 - 2016-01-22 01:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-10 05:56 - 2016-01-22 01:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-10 05:56 - 2016-01-22 01:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-10 05:56 - 2016-01-22 01:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-10 05:56 - 2016-01-22 01:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-10 05:56 - 2016-01-22 01:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-10 05:56 - 2016-01-22 01:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-10 05:56 - 2016-01-22 01:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-10 05:56 - 2016-01-22 01:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-10 05:56 - 2016-01-22 01:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-10 05:56 - 2016-01-22 01:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-10 05:56 - 2016-01-22 01:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-10 05:56 - 2016-01-22 01:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-10 05:56 - 2016-01-22 01:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-10 05:56 - 2016-01-22 01:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-10 05:56 - 2016-01-22 01:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-10 05:56 - 2016-01-22 01:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-10 05:56 - 2016-01-22 01:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-10 05:56 - 2016-01-22 01:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 05:56 - 2016-01-22 01:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-10 05:56 - 2016-01-22 01:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-10 05:56 - 2016-01-22 01:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-10 05:56 - 2016-01-22 01:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-10 05:56 - 2016-01-22 01:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-10 05:56 - 2016-01-22 01:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 05:56 - 2016-01-22 01:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 05:56 - 2016-01-22 01:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-10 05:56 - 2016-01-22 01:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-10 05:56 - 2016-01-22 01:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-10 05:56 - 2016-01-22 01:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-10 05:56 - 2016-01-22 01:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 01:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-10 05:56 - 2016-01-22 01:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-10 05:56 - 2016-01-22 01:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-10 05:56 - 2016-01-22 01:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 05:56 - 2016-01-22 01:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-10 05:56 - 2016-01-22 01:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-10 05:56 - 2016-01-22 01:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-10 05:56 - 2016-01-22 01:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-10 05:56 - 2016-01-22 01:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-10 05:56 - 2016-01-22 01:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-10 05:56 - 2016-01-22 01:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-10 05:56 - 2016-01-22 01:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-10 05:56 - 2016-01-22 01:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 05:56 - 2016-01-22 01:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-10 05:56 - 2016-01-22 01:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-10 05:56 - 2016-01-22 01:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 05:56 - 2016-01-22 01:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-10 05:56 - 2016-01-22 01:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 05:56 - 2016-01-22 01:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-10 05:56 - 2016-01-22 01:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-10 05:56 - 2016-01-22 00:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-10 05:56 - 2016-01-22 00:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-10 05:56 - 2016-01-22 00:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-10 05:56 - 2016-01-22 00:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-10 05:56 - 2016-01-22 00:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-10 05:56 - 2016-01-22 00:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-10 05:56 - 2016-01-21 23:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-10 05:56 - 2016-01-21 23:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-10 05:56 - 2016-01-21 23:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-10 05:56 - 2016-01-21 23:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-10 05:56 - 2016-01-21 23:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-10 05:56 - 2016-01-21 23:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-10 05:56 - 2016-01-21 23:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-10 05:56 - 2016-01-21 23:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-10 05:56 - 2016-01-21 23:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-10 05:56 - 2016-01-21 23:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-10 05:56 - 2016-01-21 23:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-10 05:56 - 2016-01-21 23:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 05:56 - 2016-01-21 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 05:56 - 2016-01-21 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-10 04:38 - 2016-02-10 04:38 - 08817344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-01-31 14:58 - 2016-02-10 14:17 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-31 14:57 - 2016-01-31 14:57 - 00643680 _____ (Oracle Corporation) C:\Users\Jarhead\Downloads\jxpiinstall.exe
2016-01-30 19:38 - 2016-01-30 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-30 19:37 - 2016-01-30 19:38 - 00000000 ____D C:\Program Files\iTunes
2016-01-30 19:37 - 2016-01-30 19:37 - 00000000 ____D C:\Program Files\iPod
2016-01-30 19:37 - 2016-01-30 19:37 - 00000000 ____D C:\Program Files (x86)\iTunes

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-12 22:27 - 2011-12-01 15:19 - 00000000 ____D C:\ProgramData\PDFC
2016-02-12 22:26 - 2012-02-29 08:51 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-12 22:26 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-12 22:13 - 2012-07-26 06:16 - 00000000 ____D C:\Users\Jarhead\AppData\Local\Google
2016-02-12 22:12 - 2014-06-17 17:25 - 00000000 ____D C:\Users\Jarhead\AppData\Roaming\Yahoo!
2016-02-12 22:00 - 2012-03-07 10:25 - 00000000 ____D C:\Users\Jarhead\AppData\Local\CrashDumps
2016-02-12 21:38 - 2012-04-01 12:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-12 19:39 - 2012-03-30 18:29 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2125622828-1049889843-2400163364-1001UA.job
2016-02-12 19:39 - 2012-03-30 18:29 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2125622828-1049889843-2400163364-1001Core.job
2016-02-12 17:35 - 2012-07-30 20:37 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronizatio n-{6AE2506A-9C88-4076-859D-D33125FC91D9}
2016-02-12 16:32 - 2014-08-21 09:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-12 15:19 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-12 15:19 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-11 19:47 - 2012-03-01 17:04 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJarhead
2016-02-11 19:47 - 2012-03-01 17:04 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForJarhead.job
2016-02-11 04:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-02-11 03:41 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-11 03:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-11 03:34 - 2009-07-13 23:45 - 00435872 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-11 03:31 - 2014-12-10 03:22 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-11 03:31 - 2014-05-07 02:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-11 03:31 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-11 03:16 - 2013-07-25 02:00 - 00000000 ____D C:\Windows\system32\MRT
2016-02-11 03:11 - 2012-03-03 03:55 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-10 14:18 - 2015-09-03 02:09 - 00000000 ____D C:\Users\Jarhead\.oracle_jre_usage
2016-02-10 14:18 - 2014-10-31 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-10 14:18 - 2012-03-03 12:56 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-10 04:38 - 2012-04-01 12:54 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-10 04:38 - 2012-04-01 12:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-10 04:38 - 2012-03-01 07:59 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-06 18:17 - 2011-12-01 14:58 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-01-31 15:02 - 2013-11-01 10:01 - 00000000 ____D C:\ProgramData\Oracle
2016-01-31 15:01 - 2014-11-21 21:38 - 00000000 ____D C:\Program Files\Java
2016-01-30 19:38 - 2015-07-15 02:17 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-01-30 19:37 - 2015-01-29 03:06 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-01-29 03:59 - 2015-11-15 17:07 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-29 03:58 - 2011-12-01 15:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-21 17:20 - 2012-07-13 19:20 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-15 12:02 - 2015-11-24 19:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-15 12:02 - 2014-12-29 10:00 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-15 12:00 - 2014-09-28 10:58 - 00000000 ____D C:\Users\Jarhead\AppData\Local\Adobe
2016-01-13 03:30 - 2013-03-13 02:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 03:30 - 2013-03-13 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 03:12 - 2013-03-13 02:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2013-12-10 20:07 - 2014-03-20 23:08 - 0003744 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2012-06-26 21:03 - 2013-11-25 06:49 - 0013824 _____ () C:\Users\Jarhead\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-28 06:43 - 2013-05-28 06:43 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-11-06 20:45 - 2014-11-06 20:45 - 0000272 _____ () C:\ProgramData\INSTALL_TOR.URL

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-08 17:28

==================== End of FRST.txt ============================
Reply With Quote
  #6  
Old February 13th, 2016, 04:45 AM
unforgiven1977 unforgiven1977 is offline
Senior Member
 
Join Date: Feb 2006
Posts: 118
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Jarhead (2016-02-12 22:34:48)
Running from C:\Users\Jarhead\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-02-29 13:44:32)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-2125622828-1049889843-2400163364-500 - Administrator - Disabled)
Guest (S-1-5-21-2125622828-1049889843-2400163364-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2125622828-1049889843-2400163364-1002 - Limited - Enabled)
Jarhead (S-1-5-21-2125622828-1049889843-2400163364-1001 - Administrator - Enabled) => C:\Users\Jarhead

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3700 - ASUS)
ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Call of Duty: Black Ops III (HKLM-x32\...\Steam App 311210) (Version: - Treyarch)
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)
Curse Client (HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version: - Blizzard Entertainment)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{A3E89C5B-BB3A-433A-A878-D1310BB13EAD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Deskjet 1000 J110 series Product Improvement Study (HKLM\...\{EEC82191-E879-4906-9D6B-D9665CF030CD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP LinkUp (HKLM-x32\...\{C1AD9241-3ADD-483F-914D-071F3E50855A}) (Version: 2.01.026 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Hulu Desktop (HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
magicBlock (HKLM-x32\...\magicBlock) (Version: - )
magicJack (HKU\.DEFAULT\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
magicJack (HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6366.2062 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
mIRC (HKLM-x32\...\mIRC) (Version: 7.38 - mIRC Co. Ltd.)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.98 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28188 - Razer Inc.)
RCA Detective™ 3.0.4.0 (HKLM-x32\...\RCA Detective™_is1) (Version: - RCA)
RCA easyRip 2.6.3.0 (HKLM-x32\...\RCA easyRip_is1) (Version: - RCA)
RCA Updater 2.1.7.1 (HKLM-x32\...\RCA Updater_is1) (Version: - RCA)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RIFT (HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\...\RIFT) (Version: - Trion Worlds, Inc.)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Torchlight (HKLM-x32\...\Steam App 41500) (Version: - Runic Games, Inc.)
TWC Customer Controls (HKLM-x32\...\{A2E5F2AA-2996-41EA-BCCD-9FD0476A5326}) (Version: 11 - SupportSoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Warhammer 40,000 Space Marine (HKLM-x32\...\Steam App 55150) (Version: - Relic)
Warhammer 40,000: Kill Team (HKLM-x32\...\Steam App 275610) (Version: - Nomad Games)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}) (Version: 15.0.9411 - WinZip Computing, S.L. )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.19.852 - Zemana Ltd.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70 529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01F05D17-DA7B-4F43-A4D8-3B256500E382} - System32\Tasks\4868 => C:\Windows\system32\wscript.exe [2013-10-11] (Microsoft Corporation) <==== ATTENTION
Task: {035081BA-6671-469A-92E3-84EA2E3368D4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2125622828-1049889843-2400163364-1001UA => C:\Users\Jarhead\AppData\Local\Facebook\Update\Fac ebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {06BF1157-E86D-4F20-9DBE-667D9ECE0B22} - System32\Tasks\{DFCC1CFB-FDF3-EC57-C350-0E86CB383AEE} => /s "C:\Users\Jarhead\AppData\Roaming\ebafg.dll"
Task: {146E029E-598A-4E52-AA3F-0FD0483AFD60} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {1613608E-61DF-4A65-A90E-8A261E2B864D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarra ntyAlert.exe
Task: {17FFD212-51CE-44A8-B19D-F4A5323232BD} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-01-29] (Oracle Corporation)
Task: {22AF6A95-38AC-4C06-B6CB-6FC58A3FFD83} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe
Task: {254FEDC9-E883-4607-9A44-50C5504EA505} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {31DE081D-1B4E-45D6-9F71-F69554EBBF0F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2125622828-1049889843-2400163364-1001
Task: {32C1D65F-5049-44DD-ABD3-D27A65786B1D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers \ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {36C1C7E9-5A5F-4250-AB41-6995F440181C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarra ntyAlert.exe
Task: {3E31DC76-A98B-40D5-923B-8201B032C140} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {3F01ECBE-10B5-409A-8C23-515B290B4560} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {443C14E5-7751-48AD-A9FD-FC8020559E31} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {625C0F88-3DAA-4731-A61B-ED3895FD694E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2125622828-1049889843-2400163364-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {69F05950-AA54-4DE6-BB0B-00B8382AD762} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {793C458F-B7FF-4E72-9121-2EDB81C5893B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
Task: {7D83677B-6DBD-45A5-A74D-208E49DA1C6D} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {80AD2AC1-872F-424F-9C1B-AAF793AECB24} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe
Task: {859495EC-218D-401F-9710-4F011E858370} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
Task: {96218DB4-1523-4F59-BD81-327512698AA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {980E3072-D9FE-46C6-ACFC-3FA647DCF327} - System32\Tasks\HPCeeScheduleForJarhead => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {98F471A7-9C73-4585-86B5-1B99AF532F3F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2125622828-1049889843-2400163364-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B2972E54-187B-49C2-B24C-D938F10C752E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-01-19] (Microsoft Corporation)
Task: {D3F7941E-6F0E-4D5C-8CCA-766D9C124798} - System32\Tasks\{47EEF2BB-37EE-413E-940E-3BA5FAA08EE6} => pcalua.exe -a C:\Users\Jarhead\Downloads\setup.exe -d C:\Users\Jarhead\Desktop
Task: {E0282C13-47F5-42B1-958B-AC44A398BE7E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {F1C9378E-F51F-4BC8-BB8C-291B0C0C3608} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers \ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {F235A922-AEB2-4934-827F-2777E11B0428} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2125622828-1049889843-2400163364-1001Core => C:\Users\Jarhead\AppData\Local\Facebook\Update\Fac ebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {F7907102-AB45-4C9F-AFE0-5200036F6242} - System32\Tasks\{721BEFDF-D4F8-DA45-4F42-02AA69ABA537} => /s "C:\Users\Jarhead\AppData\Roaming\queqth.dll"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2125622828-1049889843-2400163364-1001Core.job => C:\Users\Jarhead\AppData\Local\Facebook\Update\Fac ebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2125622828-1049889843-2400163364-1001UA.job => C:\Users\Jarhead\AppData\Local\Facebook\Update\Fac ebookUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJarhead.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-02-29 09:11 - 2015-09-13 17:09 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-15 17:04 - 2016-01-17 14:46 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2013-05-22 23:57 - 2013-05-22 23:57 - 00249112 _____ () C:\Program Files (x86)\CrazyRemote\CrazyRemoteServer.exe
2012-02-29 09:29 - 2012-02-29 09:26 - 00008192 _____ () C:\mjusbsp\srvany.exe
2015-11-04 19:11 - 2015-11-04 19:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-01-29 03:57 - 2016-01-17 18:07 - 08913088 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-02-12 19:04 - 2016-02-12 19:04 - 00118640 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2009-01-21 16:34 - 2009-01-21 16:34 - 00016712 ____R () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
2009-06-08 19:45 - 2009-06-08 19:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-12-01 15:06 - 2011-12-01 15:06 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDispl ay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CL I.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-24 07:21 - 2011-03-24 07:21 - 02278912 _____ () C:\Program Files (x86)\CrazyRemote\QtCore4.dll
2011-03-24 07:21 - 2011-03-24 07:21 - 00911872 _____ () C:\Program Files (x86)\CrazyRemote\QtNetwork4.dll
2012-01-09 03:31 - 2012-01-09 03:31 - 00105984 _____ () C:\Program Files (x86)\CrazyRemote\ScienPixWCL.dll
2012-03-21 00:27 - 2012-03-21 00:27 - 00897024 _____ () C:\Program Files (x86)\CrazyRemote\CRTunnel.dll
2015-04-08 10:10 - 2015-08-26 19:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-10-01 01:28 - 2015-10-01 01:28 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRp t1402.dll
Reply With Quote
  #7  
Old February 13th, 2016, 04:46 AM
unforgiven1977 unforgiven1977 is offline
Senior Member
 
Join Date: Feb 2006
Posts: 118
==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SprtListenPush => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SupportSoft RemoteAssist => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-11-10 02:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jarhead\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg
DNS Servers: 192.168.1.1 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{08F1D697-E22E-4B09-A66F-DFBA613DF34F}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{CE6BD73B-FEC5-464F-B37B-5112CDBE39AB}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{8814CE33-0F46-4A08-AD16-A4E0FC484021}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{DAE3C373-4106-441E-B81D-B4CA69F57DD0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{8A9C02ED-43C7-43F8-ABB9-9427EBFE2BF7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{27213019-ABB9-463E-BEDB-0C7B458A6E5C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{9396C420-9067-456D-9E4F-2626646CE1F4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{2B18729A-5071-4B8D-8EB4-CF2D5D37CEED}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{E1F82AAB-1956-44B3-A9DC-5711EB99CA0B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2E0D7E19-4FC9-4A73-B6F2-C703BA0C95A7}] => (Allow) LPort=2869
FirewallRules: [{3AB9B21B-7AD2-435D-8D9C-500D29670EBA}] => (Allow) LPort=1900
FirewallRules: [{DC06D84E-D5B4-4386-AE90-439D1D91FADA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2CE8D778-F021-492B-85FD-59E8B2145FB8}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{F2F7AC03-E84C-4F58-A77E-2FDA3CD48E01}C:\users\jarhead\appdata\roaming\mjus bsp\magicjack.exe] => (Allow) C:\users\jarhead\appdata\roaming\mjusbsp\magicjack .exe
FirewallRules: [UDP Query User{9B742421-AF7E-4BE0-8D8A-7168345FC8B2}C:\users\jarhead\appdata\roaming\mjus bsp\magicjack.exe] => (Allow) C:\users\jarhead\appdata\roaming\mjusbsp\magicjack .exe
FirewallRules: [{E5AB89F0-CF25-4CD7-A53C-54443F534F70}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{09E9F397-10C4-41AE-93F9-C03C66D7F794}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{C0687086-BA1F-41D7-9650-9D2B6B49991A}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{22190E80-0D4C-41C8-8E57-737EE336EBF8}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{0872D22E-CA7A-40C5-8E8B-58804BBD7089}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [TCP Query User{1A405A93-538D-43F1-A481-BF8D424CCD76}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{4A8D5AE8-D207-4E38-A62B-22BE0069E9C1}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{9573ED27-69F2-47B0-AB0A-A248AF357EF8}] => (Allow) C:\Program Files (x86)\Diablo III Beta\Diablo III.exe
FirewallRules: [{CF02D742-398E-476F-B012-412F57C7D098}] => (Allow) C:\Program Files (x86)\Diablo III Beta\Diablo III.exe
FirewallRules: [TCP Query User{D54F6ADC-5DE2-4D5E-9DA9-7983815B2EA1}C:\users\jarhead\downloads\downloader _diablo2_enus.exe] => (Allow) C:\users\jarhead\downloads\downloader_diablo2_enus .exe
FirewallRules: [UDP Query User{4E28CC58-837B-4C81-8052-CA0D9C253286}C:\users\jarhead\downloads\downloader _diablo2_enus.exe] => (Allow) C:\users\jarhead\downloads\downloader_diablo2_enus .exe
FirewallRules: [{04014E2D-840B-46B1-B0FD-2444B8FFEC52}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{804F6BF8-0D31-4424-8BAF-8A521BF8494E}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{42F8450D-4FCC-466F-B63E-9A2E525F9D64}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{35C7ECEC-92E9-4E46-A597-3B0158E28700}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{067E6D6A-A7E8-4C98-BE12-754C67B044A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe
FirewallRules: [{25930D2E-D97F-446E-989C-66286A38783B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe
FirewallRules: [TCP Query User{6B993A51-0C38-44FE-8FA1-F05886A568F0}C:\users\jarhead\downloads\gw2.exe] => (Allow) C:\users\jarhead\downloads\gw2.exe
FirewallRules: [UDP Query User{87069AF3-99C9-41AE-9338-8DFD8ED594B6}C:\users\jarhead\downloads\gw2.exe] => (Allow) C:\users\jarhead\downloads\gw2.exe
FirewallRules: [{53D40DBD-8626-4001-85A9-F5ACBB2DC147}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\Torchlight2.exe
FirewallRules: [{796EF3BF-6AA0-4A72-A229-023B2E2173FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\Torchlight2.exe
FirewallRules: [{D082AA40-AE5E-430A-8F28-D813748AD468}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\torchlight\Torchlight .exe
FirewallRules: [{70E5BBF1-8CF1-47F7-9DE9-CD79E0CE8B25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\torchlight\Torchlight .exe
FirewallRules: [{328D486B-6928-4926-A376-7BEF162E9833}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe
FirewallRules: [{6C8A4014-26C9-48E8-84DF-848F2F8251CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{DAE42AAF-02BE-4D56-A727-1C0642173EC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{321C0168-52FB-4EDD-A111-C6D58DF6E30C}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [TCP Query User{635D44AC-1963-4381-A17B-049C264AD6B7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{F3751AFC-8B3F-4B12-9BC3-AA7E519016AA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{A5B9F267-F90A-4C62-A7EE-7F2FE9A5F63E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{2FF88BAF-D77E-43C4-A140-EDB9308ECDF6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9AAAD438-D00B-4962-9F31-C47CD4CF511D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0A174538-5AFE-463A-A135-32AF54635D3E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8F43752A-785A-4A27-AC7C-CCA03C279DF9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5D9FCB7A-D6FB-41D2-97EB-B8FFB46831C7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.e xe
FirewallRules: [{9806DE5E-8F8B-455D-A943-77F6546AD141}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.e xe
FirewallRules: [{DBEFD0BC-90E1-4363-B517-474EA1094A62}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetect ion3.exe
FirewallRules: [{7596E882-0C88-4DC2-9F37-F0723D438737}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.e xe
FirewallRules: [{92F2B47D-4EA4-46FC-B80F-098E8AE8E99E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.e xe
FirewallRules: [{315BFB83-56F4-4243-AF09-99CF365969A1}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{B22ADE99-D6F8-4CF1-93D1-FD1E18CEFD67}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{F83E055E-F071-4BA4-8FCD-779D9E6BED55}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{BF717BA0-ABEB-49EA-ADEA-86DE24E421B8}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{524EE482-3226-4953-942C-6D8617FB8448}] => (Allow) C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\mjusbsp\magicJack.exe
FirewallRules: [{7764CF45-ACFD-4B09-8F68-C73FD4060191}] => (Allow) C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\mjusbsp\magicJack.exe
FirewallRules: [{BB7A9246-26B7-4F52-B751-A155B3B53484}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.e xe
FirewallRules: [{9541E830-77B6-42AE-BB75-60A72C1ED4F3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.e xe
FirewallRules: [{969EE6BC-8F8F-44E8-880C-FA5DEC99F63C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Ag ent.exe
FirewallRules: [{6F9A6011-2BA0-4C05-A9FA-D7ECF52BD852}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Ag ent.exe
FirewallRules: [TCP Query User{BDA4870A-A95D-4244-9742-D1FA149464FA}C:\programdata\battle.net\agent\agent .beta.2753\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2753\ag ent.exe
FirewallRules: [UDP Query User{13731808-453A-4811-A4BB-457D7DE0897F}C:\programdata\battle.net\agent\agent .beta.2753\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2753\ag ent.exe
FirewallRules: [{50298869-41D2-472C-A410-D98E41384242}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.e xe
FirewallRules: [{CAAC3D3C-43FE-41C1-A962-E9C7EDD54303}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.e xe
FirewallRules: [{0D85E1F1-6A64-4623-AD84-10338D44111E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Ag ent.exe
FirewallRules: [{C31ABD18-60C1-49B8-98E4-3D83526F2792}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Ag ent.exe
FirewallRules: [{52D0540E-7E84-43BA-954E-DAD3A5A6452F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{CC3A9BC2-2B49-4815-AED1-94C804802598}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{BEBA3D48-E2E6-4C66-8C4F-30108E61AD5A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{957032AA-3422-4CB2-B820-750E5C43B262}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{B7ED899F-68B6-4F9C-AF0A-49241D847567}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.e xe
FirewallRules: [{A9CDB76F-0B45-415C-9F50-F0FBFE49996A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.e xe
FirewallRules: [{1F8A153E-7073-4BC8-8D3C-7143591B70DC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.e xe
FirewallRules: [{A8AA204F-8064-410B-84F4-62C268F4F272}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.e xe
FirewallRules: [TCP Query User{46B9498D-4165-45D4-825C-CB5FEC4057C2}C:\programdata\battle.net\agent\agent .2880\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2880\agent.e xe
FirewallRules: [UDP Query User{3342769D-E1B1-4334-9265-6042A1371BCC}C:\programdata\battle.net\agent\agent .2880\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2880\agent.e xe
FirewallRules: [{60624A38-1FDE-4A5E-BB22-DE8946EEC898}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{946BAF3B-66C3-467E-AE2B-E99E2A24BBFA}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{96D4BC34-0FAA-4FF5-B05E-CE82D199E07D}C:\programdata\battle.net\agent\agent .3023\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3023\agent.e xe
FirewallRules: [UDP Query User{F38A9267-33B2-47B5-A37A-EE0C92FABA7D}C:\programdata\battle.net\agent\agent .3023\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3023\agent.e xe
FirewallRules: [TCP Query User{9A5E0981-DEF0-42BF-8697-82A72B6D412B}C:\programdata\battle.net\agent\agent .3109\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3109\agent.e xe
FirewallRules: [UDP Query User{82CAC965-9E00-4020-BE59-EFD5F420C897}C:\programdata\battle.net\agent\agent .3109\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3109\agent.e xe
FirewallRules: [{E71B4004-E26E-4021-8392-47506F72844E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.e xe
FirewallRules: [{ED9E0C11-3DC4-4AAD-AE01-44E5FF4981E3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.e xe
FirewallRules: [TCP Query User{0F7FB5AE-E4DF-4C8E-BECB-282108E939F3}C:\programdata\battle.net\agent\agent .3182\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3182\agent.e xe
FirewallRules: [UDP Query User{C8ED3A65-92E2-4EF3-A948-21E3670B4135}C:\programdata\battle.net\agent\agent .3182\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3182\agent.e xe
FirewallRules: [{9BBA1ED5-C373-493E-95E8-B356B903BDB9}] => (Allow) C:\Users\Jarhead\AppData\Local\Facebook\Video\Skyp e\FacebookVideoCalling.exe
FirewallRules: [{BD4DFC8D-CC66-43E0-81C0-BA9E03309730}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.e xe
FirewallRules: [{764ACF1E-5A10-4E45-8161-6705E9AFF89E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.e xe
FirewallRules: [{119F5895-10B9-4EF4-B700-208DF75D30A0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F8269206-9A63-4D42-8F4C-49ED5AB38807}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{14839B29-487F-440C-BB7D-016C17598B0F}C:\programdata\battle.net\agent\agent .3286\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3286\agent.e xe
FirewallRules: [UDP Query User{D72ED449-FB07-4ABD-B2BC-E281A696E79D}C:\programdata\battle.net\agent\agent .3286\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3286\agent.e xe
FirewallRules: [TCP Query User{036E8A23-6E8E-413F-B025-594AF9219C9C}C:\programdata\battle.net\agent\agent .3322\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3322\agent.e xe
FirewallRules: [UDP Query User{3F2E9BD1-7E36-4241-B2A5-A5BF181977A0}C:\programdata\battle.net\agent\agent .3322\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3322\agent.e xe
FirewallRules: [{A3769F85-B5B1-4DB6-B58D-9445C166F95A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.e xe
FirewallRules: [{15730BA5-7B2E-4048-BD84-85C9C23E27FB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.e xe
FirewallRules: [TCP Query User{E6F0B236-1853-44CA-A70D-DC64F166EC9C}C:\programdata\battle.net\agent\agent .3332\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3332\agent.e xe
FirewallRules: [UDP Query User{04536ADA-EB06-48A1-BD17-F3E858B013C6}C:\programdata\battle.net\agent\agent .3332\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3332\agent.e xe
FirewallRules: [{0625DBA0-A692-476A-AB01-BFFAC51D834A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.e xe
FirewallRules: [{55D48C20-FBBE-4876-953D-EF84103C8B12}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.e xe
FirewallRules: [TCP Query User{0E12822E-ADD8-460A-9D30-87A573492ADA}C:\programdata\battle.net\agent\agent .3346\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3346\agent.e xe
FirewallRules: [UDP Query User{71C3D86B-344C-4AD2-B3CA-998A2B51CFE9}C:\programdata\battle.net\agent\agent .3346\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3346\agent.e xe
FirewallRules: [{9BA85B50-925F-450A-B13B-25B90CE69BC6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.e xe
FirewallRules: [{490E7AAB-3AA7-4C37-BC2D-820850E93512}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.e xe
FirewallRules: [TCP Query User{57284803-BBED-45B7-B68F-70374EACDBEF}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{2206A26E-1DA3-4400-9D73-9CE36EE78FBA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{10CC8E51-FC9A-49DC-AD81-60AE862D934B}C:\programdata\battle.net\agent\agent .3427\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3427\agent.e xe
FirewallRules: [UDP Query User{8BEB8B3F-859F-464A-8632-B945CCD57BB7}C:\programdata\battle.net\agent\agent .3427\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3427\agent.e xe
FirewallRules: [TCP Query User{04FAA59E-BDA1-4858-AAAB-423DD96766FB}C:\programdata\battle.net\agent\agent .3454\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3454\agent.e xe
FirewallRules: [UDP Query User{4674A3E9-112A-43D4-BB1B-48F3CD932523}C:\programdata\battle.net\agent\agent .3454\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3454\agent.e xe
FirewallRules: [{2A472398-2645-4B5E-88FD-E9CE79AC4A64}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.e xe
FirewallRules: [{2F6A8B54-6F3A-4F3D-AFD3-A7B875F5D45B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.e xe
FirewallRules: [{3CB9D1ED-26BB-4551-8E96-11483C4D813C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.e xe
FirewallRules: [{B1A15FFC-04AB-4B73-A556-FB259C8A86ED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.e xe
FirewallRules: [TCP Query User{D1F4509B-F365-4EE6-B506-7251F7CF47C1}C:\users\jarhead\appdata\local\svcxdc l32.exe] => (Block) C:\users\jarhead\appdata\local\svcxdcl32.exe
FirewallRules: [UDP Query User{4C30B56A-7DF5-4BF0-A989-523CDB56EBB9}C:\users\jarhead\appdata\local\svcxdc l32.exe] => (Block) C:\users\jarhead\appdata\local\svcxdcl32.exe
FirewallRules: [TCP Query User{96EA1BA7-6E4F-45FD-AABC-50A74F345DB9}C:\programdata\windows genuine advantage\{067ed324-2127-4225-9878-cf84c9c21e00}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{067ed324-2127-4225-9878-cf84c9c21e00}\msiexec.exe
FirewallRules: [UDP Query User{8C4AF939-1945-45AB-BBB6-3F946958FF55}C:\programdata\windows genuine advantage\{067ed324-2127-4225-9878-cf84c9c21e00}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{067ed324-2127-4225-9878-cf84c9c21e00}\msiexec.exe
FirewallRules: [{B183E10B-5C67-4D5A-AFCB-31BCCB9462B7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.e xe
FirewallRules: [{39410EC1-87CA-427F-97F8-B3AD75BFDF43}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.e xe
FirewallRules: [TCP Query User{A9677D15-384F-4F86-8F7A-5B9FCE390129}C:\programdata\battle.net\agent\agent .3632\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3632\agent.e xe
FirewallRules: [UDP Query User{D0554385-FAF3-47EC-997B-C1E40475D534}C:\programdata\battle.net\agent\agent .3632\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3632\agent.e xe
FirewallRules: [{AE1BE147-782F-4984-8126-56BEC13E959E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.e xe
FirewallRules: [{60E887C5-835E-41D8-ADE9-6A2BFCA8D638}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.e xe
FirewallRules: [{14303E0F-22F2-4F7C-AE88-E7B1BD673AFC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.e xe
FirewallRules: [{F25F4EA1-B5F6-4B59-8621-E58D5195AB55}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.e xe
FirewallRules: [{0E34014B-E0E5-4A29-9E2C-7B7D731EB2A5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.e xe
FirewallRules: [{255A4A7D-5B24-49F9-A507-C690CAC9B1D8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.e xe
FirewallRules: [{E0CF787C-3601-440C-9835-C45D8D0A3C9B}] => (Allow) C:\Program Files (x86)\CrazyRemote\CrazyRemoteServer.exe
FirewallRules: [{09B96DCD-A73F-4AA2-A344-7DF7BA01DDC5}] => (Allow) C:\Program Files (x86)\CrazyRemote\CrazyRemoteServer.exe
FirewallRules: [{4024921D-DD91-47F8-89B5-2574F7324AC9}] => (Allow) C:\Program Files (x86)\CrazyRemote\CrazyRemote.exe
FirewallRules: [{BF082DD3-12FD-4399-831B-5665BAA2F5E6}] => (Allow) C:\Program Files (x86)\CrazyRemote\CrazyRemoteServer.exe
FirewallRules: [{4A849CA8-BEED-46E7-8E2C-6DF4A860EBC0}] => (Allow) C:\Program Files (x86)\CrazyRemote\CrazyRemoteServer.exe
FirewallRules: [{4203655B-23F3-4383-B466-9041A8D9A50F}] => (Allow) C:\Program Files (x86)\CrazyRemote\CRHelper.exe
FirewallRules: [{3B178693-29A0-4830-AE4F-2A2A7647D4B6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.e xe
FirewallRules: [{1100979F-FE2E-41D8-A839-E749C2E73918}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.e xe
FirewallRules: [{FC7342EA-B1BA-424C-A406-231CDB556698}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.e xe
FirewallRules: [{57F81076-6613-4148-A5BB-2E279ECA9186}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.e xe
FirewallRules: [{FC9A66C5-D82D-46AA-A85F-64852D60234D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D6E4BEEC-9479-4C12-AFEF-A13827DD9127}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{14812DB5-EC58-485B-87BC-F6282C08EE9B}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{20261E96-A4FA-4D35-88DA-9B84EE525E98}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{22AE59CF-7ED1-4F20-8AEB-DFF1EFDC3FA6}C:\users\jarhead\downloads\dolphin-4.0-win64\dolphin.exe] => (Block) C:\users\jarhead\downloads\dolphin-4.0-win64\dolphin.exe
FirewallRules: [UDP Query User{6F235F32-EE2A-4E5B-8CAA-4A95DD4ABF0B}C:\users\jarhead\downloads\dolphin-4.0-win64\dolphin.exe] => (Block) C:\users\jarhead\downloads\dolphin-4.0-win64\dolphin.exe
FirewallRules: [TCP Query User{72834F12-C859-44F6-82BB-48DC704812E6}C:\games\call of duty black ops 2\sp.exe] => (Allow) C:\games\call of duty black ops 2\sp.exe
FirewallRules: [UDP Query User{6481978D-EF58-4C41-A750-40430DE6F974}C:\games\call of duty black ops 2\sp.exe] => (Allow) C:\games\call of duty black ops 2\sp.exe
FirewallRules: [TCP Query User{0C148A13-3EE5-455A-9703-7AA568733A04}C:\games\call of duty black ops 2\t6zm.exe] => (Allow) C:\games\call of duty black ops 2\t6zm.exe
FirewallRules: [UDP Query User{7FDE9CE1-D1F5-4491-9DB2-F6D254354F4B}C:\games\call of duty black ops 2\t6zm.exe] => (Allow) C:\games\call of duty black ops 2\t6zm.exe
FirewallRules: [TCP Query User{F714D022-FABF-4817-BC15-818A63F70EDF}C:\games\call of duty black ops 2\t6mp.exe] => (Allow) C:\games\call of duty black ops 2\t6mp.exe
FirewallRules: [UDP Query User{AA11F348-9910-4F8E-8823-271541FF6510}C:\games\call of duty black ops 2\t6mp.exe] => (Allow) C:\games\call of duty black ops 2\t6mp.exe
FirewallRules: [TCP Query User{0D9BA6C4-FC2B-4092-8C5D-B738F5D13742}C:\games\call of duty black ops 2\t6sp.exe] => (Block) C:\games\call of duty black ops 2\t6sp.exe
FirewallRules: [UDP Query User{07D90EF2-9BE5-48DC-9CF3-3296ED6CC833}C:\games\call of duty black ops 2\t6sp.exe] => (Block) C:\games\call of duty black ops 2\t6sp.exe
FirewallRules: [{12BF8754-6E2F-47E0-A6FC-5BAE7737F089}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\W40K Kill Team\killteam.exe
FirewallRules: [{6AE26D84-584D-4E09-9FE1-650C617445EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\W40K Kill Team\killteam.exe
FirewallRules: [TCP Query User{6AF8255A-F93D-404D-B33A-0DC35DC1154A}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{06226DA1-3C8E-4D50-957F-E8E6C2F4469E}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{FF2DC1F7-2981-467A-A897-68C3E2CAE388}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{BEFD5260-0EB7-43A8-9BAE-6B4FEDF6889E}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [{3258C848-BF94-4FA8-98FF-BE005B9EC2CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C6F90EB8-43CC-4AEE-B622-89D47A7C8156}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CE73A838-D110-4BD3-84A2-75454B0D1304}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{499DDD26-128A-491D-80E9-C8BE900AF5AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4C8610E3-7E2E-4A32-9599-D438AED8C1C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{29404B08-303F-4E77-AE19-B10D4BF7ECF6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1E213E50-9932-4281-B9A4-845EF593817F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{57CB3094-B39E-4769-BBAE-66A6E232F44B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EF9B8D53-A550-4ABD-9822-6189E24DD7A6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{39E3E0D2-A789-4173-83F6-6AA928AD4292}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [UDP Query User{99750EA4-E9CF-479D-ACF7-4A3312C3559E}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [{026158D3-4B5B-4DC7-926F-76DEA818C4A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E2C0EFCE-A6E6-44BC-9634-6D4F9652317A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF7CE248-3F6F-4DA0-8F42-792635245CF7}] => (Allow) C:\Users\Jarhead\AppData\Local\Temp\7zS606F\HPDiag nosticCoreUI.exe
FirewallRules: [{0C02EFCE-E4B5-4824-9CB4-7203730D6F00}] => (Allow) C:\Users\Jarhead\AppData\Local\Temp\7zS606F\HPDiag nosticCoreUI.exe
FirewallRules: [{BA2A81BA-4DA4-4F68-89D7-5B2B550EF334}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{81B038EA-3590-4E70-9FE2-71CAE4CCAA9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{557B6E61-4C4E-4748-9CBF-2138EE7361A7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{7EFD94CB-F1B9-40FD-9EC5-C0803AAD111E}] => (Allow) C:\mjusbsp\magicJack.exe
FirewallRules: [{849A3223-B6F6-4181-8FCA-69D7E7F400C2}] => (Allow) C:\mjusbsp\magicJack.exe
FirewallRules: [{7D32D541-B02F-49BA-8544-4DE1046A1813}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3F0EFB39-1DD6-49CE-9DB6-0DA0F3600672}] => (Allow) C:\mjusbsp\magicJack.exe
FirewallRules: [{4ECD131C-C0A8-4E1D-BAF0-701E674FE80C}] => (Allow) C:\mjusbsp\magicJack.exe
FirewallRules: [{1F37ACCA-D35C-4B46-8BAB-9F0362066E46}] => (Allow) C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\mjusbsp\magicJack.exe
FirewallRules: [{4DE0EB96-F35E-45A2-B8D4-EDE22DD66873}] => (Allow) C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\mjusbsp\magicJack.exe

==================== Restore Points =========================

01-02-2016 18:56:38 Windows Update
05-02-2016 18:57:01 Windows Update
09-02-2016 18:56:34 Windows Update
11-02-2016 03:00:13 Windows Update
12-02-2016 21:06:03 Zemana AntiMalware 2/12/2016 9:06:01 PM
12-02-2016 21:24:44 zoek.exe restore point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2016 10:28:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2016 09:24:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DaS_21.exe, version: 2.1.0.4, time stamp: 0x540c90b2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fe8f892f4c
Faulting process id: 0x1130
Faulting application start time: 0xDaS_21.exe0
Faulting application path: DaS_21.exe1
Faulting module path: DaS_21.exe2
Report Id: DaS_21.exe3

Error: (02/12/2016 09:24:57 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at DriverAndServicesOut.GetProcess.GetPathName(System .String)
at DriverAndServicesOut.GetProcess.GetAllServices(Sys tem.String)
at DriverAndServicesOut.Program.Main(System.String[])

Error: (02/12/2016 09:24:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Coupon Printer Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (02/12/2016 06:47:48 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (02/11/2016 06:47:53 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (02/11/2016 03:34:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2016 06:47:48 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (02/09/2016 02:21:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.4.5848, time stamp: 0x568c88bd
Faulting module name: mozglue.dll, version: 43.0.4.5848, time stamp: 0x568c7b16
Exception code: 0x80000003
Fault offset: 0x0000ed44
Faulting process id: 0xb80
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/09/2016 06:47:48 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220


System errors:
=============
Error: (02/12/2016 10:12:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/12/2016 10:12:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/12/2016 10:12:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/12/2016 10:12:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/12/2016 10:12:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/12/2016 09:06:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Coupon Printer Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/12/2016 07:53:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:52:07 PM on ‎1/‎12/‎2016 was unexpected.

Error: (01/11/2016 02:38:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/02/2016 08:55:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Power service terminated with service-specific error %%0.

Error: (01/02/2016 08:55:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1069


CodeIntegrity:
===================================
Date: 2014-11-10 02:13:05.264
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-11-10 02:13:05.241
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-11-10 02:13:05.217
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-11-10 02:13:05.194
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-11-10 02:04:44.250
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-11-10 02:04:44.226
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-11-10 02:04:44.203
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-11-10 02:04:44.180
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-11-08 20:45:00.440
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-11-08 20:45:00.415
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X4 650 Processor
Percentage of memory in use: 36%
Total physical RAM: 8191.29 MB
Available physical RAM: 5234.66 MB
Total Virtual: 16380.78 MB
Available Virtual: 13570.13 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:920.27 GB) (Free:454.44 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.15 GB) (Free:1.36 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 931.5 GB) (Disk ID: 8D3FF166)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Reply With Quote
  #8  
Old February 13th, 2016, 04:19 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hi unforgiven1977,

Uninstall: Yahoo! Toolbar
===========================
If you want uninstall the Zemana AntiMalware software
==============================================

Step1:
Run FRST fixlist

Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt
Code:
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\...\Run: [Easy Dock] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-2125622828-1049889843-2400163364-1001 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {20E6740E-07D0-403C-B434-82F09728D27A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2125622828-1049889843-2400163364-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
FF ProfilePath: C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-2125622828-1049889843-2400163364-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jarhead\AppData\LocalLow\Unity\WebPlayer\ loader\npUnity3D32.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\Jarhead\AppData\Local\PDFC
2016-02-12 22:12 - 2014-06-17 17:25 - 00000000 ____D C:\Users\Jarhead\AppData\Roaming\Yahoo!
2016-02-12 22:00 - 2012-03-07 10:25 - 00000000 ____D C:\Users\Jarhead\AppData\Local\CrashDumps
2013-12-10 20:07 - 2014-03-20 23:08 - 0003744 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-05-28 06:43 - 2013-05-28 06:43 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-11-06 20:45 - 2014-11-06 20:45 - 0000272 _____ () C:\ProgramData\INSTALL_TOR.URL
Task: {01F05D17-DA7B-4F43-A4D8-3B256500E382} - System32\Tasks\4868 => C:\Windows\system32\wscript.exe [2013-10-11] (Microsoft Corporation) <==== ATTENTION
Task: {06BF1157-E86D-4F20-9DBE-667D9ECE0B22} - System32\Tasks\{DFCC1CFB-FDF3-EC57-C350-0E86CB383AEE} => /s "C:\Users\Jarhead\AppData\Roaming\ebafg.dll"
Task: {254FEDC9-E883-4607-9A44-50C5504EA505} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {F7907102-AB45-4C9F-AFE0-5200036F6242} - System32\Tasks\{721BEFDF-D4F8-DA45-4F42-02AA69ABA537} => /s "C:\Users\Jarhead\AppData\Roaming\queqth.dll"
Task: C:\Windows\Tasks\HPCeeScheduleForJarhead.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
FirewallRules: [TCP Query User{635D44AC-1963-4381-A17B-049C264AD6B7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{F3751AFC-8B3F-4B12-9BC3-AA7E519016AA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{57284803-BBED-45B7-B68F-70374EACDBEF}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{2206A26E-1DA3-4400-9D73-9CE36EE78FBA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin
FirewallRules: [TCP Query User{D1F4509B-F365-4EE6-B506-7251F7CF47C1}C:\users\jarhead\appdata\local\svcxdc l32.exe] => (Block) C:\users\jarhead\appdata\local\svcxdcl32.exe
FirewallRules: [UDP Query User{4C30B56A-7DF5-4BF0-A989-523CDB56EBB9}C:\users\jarhead\appdata\local\svcxdc l32.exe] => (Block) C:\users\jarhead\appdata\local\svcxdcl32.exe
CMD: ipconfig /flushdns
EmptyTemp:
NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press theFix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.

Step2:
Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Step3:
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Reply With Quote
  #9  
Old February 13th, 2016, 05:04 PM
unforgiven1977 unforgiven1977 is offline
Senior Member
 
Join Date: Feb 2006
Posts: 118
Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Jarhead (2016-02-13 10:43:59) Run:1
Running from C:\Users\Jarhead\Desktop
Loaded Profiles: Jarhead (Available Profiles: Jarhead)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\...\Run: [Easy Dock] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-2125622828-1049889843-2400163364-1001 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {20E6740E-07D0-403C-B434-82F09728D27A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2125622828-1049889843-2400163364-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
FF ProfilePath: C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-2125622828-1049889843-2400163364-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jarhead\AppData\LocalLow\Unity\WebPlayer\ loader\npUnity3D32.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\Jarhead\AppData\Local\PDFC
2016-02-12 22:12 - 2014-06-17 17:25 - 00000000 ____D C:\Users\Jarhead\AppData\Roaming\Yahoo!
2016-02-12 22:00 - 2012-03-07 10:25 - 00000000 ____D C:\Users\Jarhead\AppData\Local\CrashDumps
2013-12-10 20:07 - 2014-03-20 23:08 - 0003744 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-05-28 06:43 - 2013-05-28 06:43 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-11-06 20:45 - 2014-11-06 20:45 - 0000272 _____ () C:\ProgramData\INSTALL_TOR.URL
Task: {01F05D17-DA7B-4F43-A4D8-3B256500E382} - System32\Tasks\4868 => C:\Windows\system32\wscript.exe [2013-10-11] (Microsoft Corporation) <==== ATTENTION
Task: {06BF1157-E86D-4F20-9DBE-667D9ECE0B22} - System32\Tasks\{DFCC1CFB-FDF3-EC57-C350-0E86CB383AEE} => /s "C:\Users\Jarhead\AppData\Roaming\ebafg.dll"
Task: {254FEDC9-E883-4607-9A44-50C5504EA505} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {F7907102-AB45-4C9F-AFE0-5200036F6242} - System32\Tasks\{721BEFDF-D4F8-DA45-4F42-02AA69ABA537} => /s "C:\Users\Jarhead\AppData\Roaming\queqth.dll"
Task: C:\Windows\Tasks\HPCeeScheduleForJarhead.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
FirewallRules: [TCP Query User{635D44AC-1963-4381-A17B-049C264AD6B7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{F3751AFC-8B3F-4B12-9BC3-AA7E519016AA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{57284803-BBED-45B7-B68F-70374EACDBEF}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{2206A26E-1DA3-4400-9D73-9CE36EE78FBA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin
FirewallRules: [TCP Query User{D1F4509B-F365-4EE6-B506-7251F7CF47C1}C:\users\jarhead\appdata\local\svcxdc l32.exe] => (Block) C:\users\jarhead\appdata\local\svcxdcl32.exe
FirewallRules: [UDP Query User{4C30B56A-7DF5-4BF0-A989-523CDB56EBB9}C:\users\jarhead\appdata\local\svcxdc l32.exe] => (Block) C:\users\jarhead\appdata\local\svcxdcl32.exe
CMD: ipconfig /flushdns
EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\Software\Microsoft\Windows\CurrentVersion\Run \\Easy Dock => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{20E6740E-07D0-403C-B434-82F09728D27A}" => key removed successfully
HKCR\CLSID\{20E6740E-07D0-403C-B434-82F09728D27A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
"HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
FF ProfilePath: C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default => FRST is scripted not to move this directory.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@messeng er.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microso ft.com/GENUINE" => key removed successfully
"HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0" => key removed successfully
C:\Users\Jarhead\AppData\LocalLow\Unity\WebPlayer\ loader\npUnity3D32.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsof t.com/GENUINE => key not found.
C:\Users\Jarhead\AppData\Local\PDFC => moved successfully
C:\Users\Jarhead\AppData\Roaming\Yahoo! => moved successfully
C:\Users\Jarhead\AppData\Local\CrashDumps => moved successfully
C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml => moved successfully
C:\ProgramData\Ament.ini => moved successfully
C:\ProgramData\INSTALL_TOR.URL => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01F05D 17-DA7B-4F43-A4D8-3B256500E382}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01F05D 17-DA7B-4F43-A4D8-3B256500E382}" => key removed successfully
C:\Windows\System32\Tasks\4868 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4868" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{06BF11 57-E86D-4F20-9DBE-667D9ECE0B22}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06BF11 57-E86D-4F20-9DBE-667D9ECE0B22}" => key removed successfully
C:\Windows\System32\Tasks\{DFCC1CFB-FDF3-EC57-C350-0E86CB383AEE} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DFCC1CF B-FDF3-EC57-C350-0E86CB383AEE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{254FED C9-E883-4607-9A44-50C5504EA505}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{254FED C9-E883-4607-9A44-50C5504EA505}" => key removed successfully
C:\Windows\System32\Tasks\0 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F79071 02-AB45-4C9F-AFE0-5200036F6242}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F79071 02-AB45-4C9F-AFE0-5200036F6242}" => key removed successfully
C:\Windows\System32\Tasks\{721BEFDF-D4F8-DA45-4F42-02AA69ABA537} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{721BEFD F-D4F8-DA45-4F42-02AA69ABA537}" => key removed successfully
C:\Windows\Tasks\HPCeeScheduleForJarhead.job => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{635D44AC-1963-4381-A17B-049C264AD6B7}C:\program files (x86)\java\jre7\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F3751AFC-8B3F-4B12-9BC3-AA7E519016AA}C:\program files (x86)\java\jre7\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{57284803-BBED-45B7-B68F-70374EACDBEF}C:\program files (x86)\java\jre7\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2206A26E-1DA3-4400-9D73-9CE36EE78FBA}C:\program files (x86)\java\jre7\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D1F4509B-F365-4EE6-B506-7251F7CF47C1}C:\users\jarhead\appdata\local\svcxdc l32.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4C30B56A-7DF5-4BF0-A989-523CDB56EBB9}C:\users\jarhead\appdata\local\svcxdc l32.exe => value not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 278.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 10:45:02 ====
Reply With Quote
  #10  
Old February 13th, 2016, 05:04 PM
unforgiven1977 unforgiven1977 is offline
Senior Member
 
Join Date: Feb 2006
Posts: 118
# AdwCleaner v5.033 - Logfile created 13/02/2016 at 10:51:50
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Jarhead - JARHEAD-HP
# Running from : C:\Users\Jarhead\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Mozilla\Extends
Key Found : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\a vgsh
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKCU\Software\Mozilla\Extends
Key Found : HKCU\Software\PRODUCTSETUP
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Yahoo! Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\adbabylon.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.adbabylon.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\craftcrawlers.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\dotomi.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\quizzes.ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com

***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2672 bytes] ##########
Reply With Quote
  #11  
Old February 13th, 2016, 05:05 PM
unforgiven1977 unforgiven1977 is offline
Senior Member
 
Join Date: Feb 2006
Posts: 118
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x64
Ran by Jarhead (Administrator) on Sat 02/13/2016 at 10:57:27.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~




File System: 4

Successfully deleted: C:\Users\Jarhead\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\6Y1HHSAO (Folder)
Successfully deleted: C:\Users\Jarhead\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\O0VP2ZHU (Folder)
Successfully deleted: C:\Users\Jarhead\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\QKA7C1J5 (Folder)
Successfully deleted: C:\Users\Jarhead\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\WRDVS0WK (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
Scan was completed on Sat 02/13/2016 at 10:59:55.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
Reply With Quote
  #12  
Old February 15th, 2016, 12:24 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hi unforgiven1977,

Thanks for the Logs.

Step 1:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply
Step 2:
ComboFix run:
Please be sure to run our tools with administrator rights.
* IMPORTAN: 1Place ComboFix.exe on your Desktop
* IMPORTAN: 2Ensure your external and/or USB drives are inserted during the scan

Next, downloadComboFix Save to the Desktop
  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.
Please provide the contents of the ComboFix report in your reply.


Step 3:
RogueKiller by Tigzy
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
Have a nice day.
Reply With Quote
  #13  
Old February 16th, 2016, 08:26 PM
unforgiven1977 unforgiven1977 is offline
Senior Member
 
Join Date: Feb 2006
Posts: 118
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/15/2016
Scan Time: 12:29 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.15.03
Rootkit Database: v2016.02.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jarhead

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 396920
Time Elapsed: 22 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.InstallCore, HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\SOFTWARE\ICSW1.14, Quarantined, [8b74491753461422a3a726c30bf89769],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.WinYahoo, C:\Users\Jarhead\AppData\LocalLow\Microsoft\Intern et Explorer\Services\WinYahoo.ico, Quarantined, [1ae5a4bc2b6eb28447f2f2d3927143bd],
PUP.Optional.WinYahoo, C:\Users\Jarhead\AppData\LocalLow\Microsoft\Intern et Explorer\Services\Wincy.ico, Quarantined, [8c73e67a4d4c71c53bf944d48d778878],

Physical Sectors: 0
(No malicious items detected)


(end)

ComboFix 16-02-15.01 - Jarhead 02/16/2016 12:22:11.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5696 [GMT -5:00]
Running from: c:\users\Jarhead\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2016-01-16 to 2016-02-16 )))))))))))))))))))))))))))))))
.
.
2016-02-16 17:35 . 2016-02-16 17:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-02-16 17:35 . 2016-02-16 17:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-16 16:04 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A04995B7-A5B5-4EA3-AB2F-B4EEDEFEDFD6}\mpengine.dll
2016-02-15 16:04 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-02-13 15:47 . 2016-02-13 15:47 -------- d-----w- c:\users\Jarhead\AppData\Local\PDFC
2016-02-13 03:33 . 2016-02-13 15:47 -------- d-----w- C:\FRST
2016-02-13 03:25 . 2016-02-13 02:18 24064 ----a-w- c:\windows\zoek-delete.exe
2016-02-13 03:25 . 2016-02-16 17:36 -------- d-----w- c:\users\Jarhead\AppData\Local\Temp
2016-02-13 02:18 . 2016-02-13 03:12 -------- d-----w- C:\zoek_backup
2016-02-13 00:04 . 2016-02-13 00:04 202144 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2016-02-13 00:04 . 2016-02-13 00:04 202144 ----a-w- c:\windows\system32\drivers\zam64.sys
2016-02-13 00:04 . 2016-02-13 00:04 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2016-02-13 00:04 . 2016-02-13 00:04 -------- d-----w- c:\users\Jarhead\AppData\Local\Zemana
2016-02-10 10:57 . 2016-01-07 17:42 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-02-10 10:56 . 2016-01-22 06:17 159744 ----a-w- c:\windows\system32\mtxoci.dll
2016-02-10 09:38 . 2016-02-10 09:38 8817344 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2016-02-05 23:57 . 2015-07-02 11:18 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{899D80A6-6C9A-4E89-B244-33662F876A62}\gapaengine.dll
2016-01-31 19:58 . 2016-02-10 19:17 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-01-31 00:37 . 2016-01-31 00:37 -------- d-----w- c:\program files\iPod
2016-01-31 00:37 . 2016-01-31 00:37 -------- d-----w- c:\program files (x86)\iTunes
2016-01-31 00:37 . 2016-01-31 00:38 -------- d-----w- c:\program files\iTunes
2016-01-17 22:51 . 2016-01-17 22:51 212176 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2016-01-17 22:51 . 2016-01-17 22:51 363808 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2016-01-17 22:51 . 2016-01-17 22:51 25336 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2016-02-15 17:27 . 2014-03-25 14:59 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-11 08:11 . 2012-03-03 08:55 146614896 ----a-w- c:\windows\system32\MRT.exe
2016-02-10 09:38 . 2012-04-01 17:54 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-02-10 09:38 . 2012-03-01 12:59 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-01-22 05:59 . 2016-02-10 10:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-01-17 22:01 . 2015-11-15 22:06 2444576 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-12-21 07:55 . 2015-12-21 07:55 9728 ----a-w- c:\windows\SysWow64\RzStats.IPC.dll
2015-12-14 22:24 . 2014-11-22 02:52 130880 ----a-w- c:\windows\system32\drivers\rzpnk.sys
2015-12-09 03:39 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-12-08 21:54 . 2016-01-12 21:10 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2015-12-08 21:54 . 2016-01-12 21:10 902144 ----a-w- c:\windows\SysWow64\WMADMOD.DLL
2015-12-08 21:54 . 2016-01-12 21:10 815616 ----a-w- c:\windows\SysWow64\WMADMOE.DLL
2015-12-08 21:54 . 2016-01-12 21:10 739328 ----a-w- c:\windows\SysWow64\WMSPDMOD.DLL
2015-12-08 21:54 . 2016-01-12 21:10 541184 ----a-w- c:\windows\SysWow64\WMVSDECD.DLL
2015-12-08 21:54 . 2016-01-12 21:10 740352 ----a-w- c:\windows\SysWow64\wmpmde.dll
2015-12-08 21:54 . 2016-01-12 21:10 1568768 ----a-w- c:\windows\SysWow64\WMVENCOD.DLL
2015-12-08 21:54 . 2016-01-12 21:10 665088 ----a-w- c:\windows\SysWow64\WMVXENCD.DLL
2015-12-08 21:54 . 2016-01-12 21:10 358400 ----a-w- c:\windows\SysWow64\WMVSENCD.DLL
2015-12-08 21:54 . 2016-01-12 21:10 1325056 ----a-w- c:\windows\SysWow64\WMSPDMOE.DLL
2015-12-08 21:54 . 2016-01-12 21:10 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-12-08 21:54 . 2016-01-12 21:10 154112 ----a-w- c:\windows\SysWow64\VIDRESZR.DLL
2015-12-08 21:53 . 2016-01-12 21:10 206848 ----a-w- c:\windows\SysWow64\RESAMPLEDMO.DLL
2015-12-08 21:53 . 2016-01-12 21:10 509952 ----a-w- c:\windows\SysWow64\qedit.dll
2015-12-08 21:53 . 2016-01-12 21:10 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2015-12-08 21:53 . 2016-01-12 21:10 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
2015-12-08 21:53 . 2016-01-12 21:10 206848 ----a-w- c:\windows\SysWow64\qasf.dll
2015-12-08 21:53 . 2016-01-12 21:10 970240 ----a-w- c:\windows\SysWow64\msmpeg2adec.dll
2015-12-08 21:53 . 2016-01-12 21:10 829952 ----a-w- c:\windows\SysWow64\MSMPEG2ENC.DLL
2015-12-08 21:53 . 2016-01-12 21:10 241152 ----a-w- c:\windows\SysWow64\MPG4DECD.DLL
2015-12-08 21:53 . 2016-01-12 21:10 241152 ----a-w- c:\windows\SysWow64\MP43DECD.DLL
2015-12-08 21:53 . 2016-01-12 21:10 79872 ----a-w- c:\windows\SysWow64\MP3DMOD.DLL
2015-12-08 21:53 . 2016-01-12 21:10 415744 ----a-w- c:\windows\SysWow64\MP4SDECD.DLL
2015-12-08 21:53 . 2016-01-12 21:10 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2015-12-08 21:53 . 2016-01-12 21:10 609280 ----a-w- c:\windows\SysWow64\MFWMAAEC.DLL
2015-12-08 21:53 . 2016-01-12 21:10 354816 ----a-w- c:\windows\SysWow64\mfplat.dll
2015-12-08 21:53 . 2016-01-12 21:10 53248 ----a-w- c:\windows\SysWow64\mfvdsp.dll
2015-12-08 21:53 . 2016-01-12 21:10 4608 ----a-w- c:\windows\SysWow64\ksuser.dll
2015-12-08 21:53 . 2016-01-12 21:10 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2015-12-08 21:53 . 2016-01-12 21:10 489984 ----a-w- c:\windows\SysWow64\evr.dll
2015-12-08 21:53 . 2016-01-12 21:10 67584 ----a-w- c:\windows\SysWow64\devenum.dll
2015-12-08 21:53 . 2016-01-12 21:10 153600 ----a-w- c:\windows\SysWow64\COLORCNV.DLL
2015-12-08 21:53 . 2016-01-12 21:10 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2015-12-08 21:53 . 2016-01-12 21:10 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2015-12-08 21:53 . 2016-01-12 21:10 193536 ----a-w- c:\windows\SysWow64\ksproxy.ax
2015-12-08 21:52 . 2016-01-12 21:08 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-12-08 21:50 . 2016-01-12 21:10 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2015-12-08 19:07 . 2016-01-12 21:10 978944 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2015-12-08 19:07 . 2016-01-12 21:10 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-12-08 19:07 . 2016-01-12 21:10 1232896 ----a-w- c:\windows\system32\WMADMOD.DLL
2015-12-08 19:07 . 2016-01-12 21:10 666112 ----a-w- c:\windows\system32\WMVSDECD.DLL
2015-12-08 19:07 . 2016-01-12 21:10 1153024 ----a-w- c:\windows\system32\WMADMOE.DLL
2015-12-08 19:07 . 2016-01-12 21:10 1955328 ----a-w- c:\windows\system32\WMVENCOD.DLL
2015-12-08 19:07 . 2016-01-12 21:10 1026048 ----a-w- c:\windows\system32\wmpmde.dll
2015-12-08 19:07 . 2016-01-12 21:10 642048 ----a-w- c:\windows\system32\WMVXENCD.DLL
2015-12-08 19:07 . 2016-01-12 21:10 447488 ----a-w- c:\windows\system32\WMVSENCD.DLL
2015-12-08 19:07 . 2016-01-12 21:10 1575424 ----a-w- c:\windows\system32\WMSPDMOE.DLL
2015-12-08 19:07 . 2016-01-12 21:10 1393152 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2015-12-08 19:07 . 2016-01-12 21:10 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-12-08 19:07 . 2016-01-12 21:10 292352 ----a-w- c:\windows\system32\VIDRESZR.DLL
2015-12-08 19:07 . 2016-01-12 21:10 378880 ----a-w- c:\windows\system32\SysFxUI.dll
2015-12-08 19:07 . 2016-01-12 21:10 225792 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2015-12-08 19:07 . 2016-01-12 21:10 624640 ----a-w- c:\windows\system32\qedit.dll
2015-12-08 19:07 . 2016-01-12 21:10 1573888 ----a-w- c:\windows\system32\quartz.dll
2015-12-08 19:07 . 2016-01-12 21:10 371712 ----a-w- c:\windows\system32\qdvd.dll
2015-12-08 19:07 . 2016-01-12 21:10 254464 ----a-w- c:\windows\system32\qasf.dll
2015-12-08 19:07 . 2016-01-12 21:10 1307136 ----a-w- c:\windows\system32\msmpeg2adec.dll
2015-12-08 19:07 . 2016-01-12 21:10 1160192 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL
2015-12-08 19:07 . 2016-01-12 21:10 4121600 ----a-w- c:\windows\system32\mf.dll
2015-12-08 19:07 . 2016-01-12 21:10 1010688 ----a-w- c:\windows\system32\mcmde.dll
2015-12-08 19:07 . 2016-01-12 21:10 653824 ----a-w- c:\windows\system32\MP4SDECD.DLL
2015-12-08 19:07 . 2016-01-12 21:10 484864 ----a-w- c:\windows\system32\MFWMAAEC.DLL
2015-12-08 19:07 . 2016-01-12 21:10 432128 ----a-w- c:\windows\system32\mfplat.dll
2015-12-08 19:07 . 2016-01-12 21:10 224768 ----a-w- c:\windows\system32\MPG4DECD.DLL
2015-12-08 19:07 . 2016-01-12 21:10 70144 ----a-w- c:\windows\system32\mfvdsp.dll
2015-12-08 19:07 . 2016-01-12 21:10 223744 ----a-w- c:\windows\system32\MP43DECD.DLL
2015-12-08 19:07 . 2016-01-12 21:10 100864 ----a-w- c:\windows\system32\MP3DMOD.DLL
2015-12-08 19:07 . 2016-01-12 21:10 206848 ----a-w- c:\windows\system32\mfps.dll
2015-12-08 19:07 . 2016-01-12 21:10 5120 ----a-w- c:\windows\system32\ksuser.dll
2015-12-08 19:07 . 2016-01-12 21:10 632320 ----a-w- c:\windows\system32\evr.dll
2015-12-08 19:07 . 2016-01-12 21:08 405504 ----a-w- c:\windows\system32\gdi32.dll
2015-12-08 19:07 . 2016-01-12 21:10 189952 ----a-w- c:\windows\system32\COLORCNV.DLL
2015-12-08 19:07 . 2016-01-12 21:10 76288 ----a-w- c:\windows\system32\devenum.dll
2015-12-08 19:07 . 2016-01-12 21:10 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2015-12-08 19:06 . 2016-01-12 21:10 24576 ----a-w- c:\windows\system32\mfpmp.exe
2015-12-08 19:06 . 2016-01-12 21:10 250880 ----a-w- c:\windows\system32\ksproxy.ax
2015-12-08 19:04 . 2016-01-12 21:10 2048 ----a-w- c:\windows\system32\mferror.dll
2015-12-08 18:54 . 2016-01-12 21:10 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-12-08 18:12 . 2016-01-12 21:10 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2015-12-08 18:11 . 2016-01-12 21:10 5632 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2015-11-20 19:40 . 2015-12-05 10:24 157696 ----a-w- c:\windows\ERUNT.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CrazyRemote"="c:\program files (x86)\CrazyRemote\CrazyRemote.exe" [2013-05-23 499992]
"CrazyRemoteCommand"="c:\program files (x86)\CrazyRemote\CrazyRemoteCommand.exe" [2013-05-23 48920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2015-11-19 591512]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]
"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2009-01-21 532808]
"Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-01-21 16712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-01-29 594992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"cdloader"="c:\windows\system32\config\systemprofi le\AppData\Roaming\mjusbsp\cdloader2.exe" [2014-07-04 51592]
.
c:\users\Jarhead\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-4-2 0]
magicBlock.lnk - c:\program files (x86)\magicBlock\magicBlock.exe [2008-5-3 479232]
RCA Detective.lnk - c:\users\Jarhead\Documents\RCA Detective\RCADetective.exe [2012-6-6 866304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ASUS\Bluetooth Software\BTTray.exe [2012-12-6 1393528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
R2 magicJack;magicJack;c:\mjusbsp\srvany.exe;c:\mjusb sp\srvany.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\ windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c: \windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c :\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 GamesAppIntegrationService;GamesAppIntegrationServ ice;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\progra m files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\ windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.s ys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windo ws\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\ drivers\mwac.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys; c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c :\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\ windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c :\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c: \windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_ sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_ xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.s ys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\wi ndows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys; c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\window s\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 ClickToRunSvc;Microsoft Office Click-to-Run Service;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S2 CrazyRemoteServer;CrazyRemoteServer;c:\program files (x86)\CrazyRemote\CrazyRemoteServer.exe;c:\program files (x86)\CrazyRemote\CrazyRemoteServer.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows \SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c :\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\pro gram files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\pro gram files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgr k.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys; c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\ windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c: \windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendp t.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\wi ndows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c :\windows\SYSNATIVE\drivers\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NVSTREAMKMS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-12-18 15:42 286904 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2012-04-01 09:38]
.
2016-02-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2125622828-1049889843-2400163364-1001Core.job
- c:\users\Jarhead\AppData\Local\Facebook\Update\Fac ebookUpdate.exe [2012-03-30 23:34]
.
2016-02-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2125622828-1049889843-2400163364-1001UA.job
- c:\users\Jarhead\AppData\Local\Facebook\Update\Fac ebookUpdate.exe [2012-03-30 23:34]
.
2016-02-16 c:\windows\Tasks\HPCeeScheduleForJarhead.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-01-17 23:08 2093360 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-01-17 23:08 2093360 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-01-17 23:08 2093360 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-08-27 2634872]
"ShadowPlay"="c:\windows\system32\nvspcap64.dl l" [2015-08-27 1710568]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-12-18 170256]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2016-01-26 12725488]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 209.18.47.62 209.18.47.61
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
FF - ProfilePath - c:\users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Adobe Reader Synchronizer - c:\program files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-Yahoo! Messenger - c:\progra~2\Yahoo!\MESSEN~1\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p dfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il64_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-02-16 12:53:25
ComboFix-quarantined-files.txt 2016-02-16 17:53
.
Pre-Run: 487,558,049,792 bytes free
Post-Run: 487,085,682,688 bytes free
.
- - End Of File - - BDECBFBE80B0C234F87F88D32BFA1FA4
12AA7B560DD722627FB3D07C8E9CDA75


RogueKiller V11.0.12.0 [Feb 15 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jarhead [Administrator]
Started from : C:\Users\Jarhead\Desktop\RogueKiller.exe
Mode : Scan -- Date : 02/16/2016 14:15:56

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Object -> Found
[Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run | cdloader : "C:\Windows\system32\config\systemprofile\AppData\ Roaming\mjusbsp\cdloader2.exe" MAGICJACK [x][x] -> Found
[Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run | cdloader : "C:\Windows\system32\config\systemprofile\AppData\ Roaming\mjusbsp\cdloader2.exe" MAGICJACK [x][x] -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | cdloader : "C:\Windows\system32\config\systemprofile\AppData\ Roaming\mjusbsp\cdloader2.exe" MAGICJACK [x][x] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | cdloader : "C:\Windows\system32\config\systemprofile\AppData\ Roaming\mjusbsp\cdloader2.exe" MAGICJACK [x][x] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{F92E336F-3802-486D-BBCA-7AEFA7894905} | DhcpNameServer : 172.20.10.1 ([X]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters\Interfaces\{F92E336F-3802-486D-BBCA-7AEFA7894905} | DhcpNameServer : 172.20.10.1 ([X]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\T cpip\Parameters\Interfaces\{F92E336F-3802-486D-BBCA-7AEFA7894905} | DhcpNameServer : 172.20.10.1 ([X]) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721010CLA632 SATA Disk Device +++++
--- User ---
[MBR] 516561e66654e768fc4787535c220826
[BSP] 9925b9d5e6989c3faa65989ea2beb7b9 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 942354 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1930147840 | Size: 11413 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
Reply With Quote
  #14  
Old February 16th, 2016, 09:49 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Thank you unforgiven1977,

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
================================================== =======================
How is the machine running now and any issues ? Please let me know.
Reply With Quote
  #15  
Old February 18th, 2016, 05:56 PM
unforgiven1977 unforgiven1977 is offline
Senior Member
 
Join Date: Feb 2006
Posts: 118
The Eset scan listed no threats. The machine seems to be running normally now.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
New Win 7 machine suddenly running slow cnsjones Malware Removal 10 March 29th, 2012 05:06 PM
Newest Firefox & IE browsers are suddenly super slow! NYKrumrie Internet / Browsers 1 October 11th, 2008 12:27 AM
My internet is suddenly running really slow. Eruan Internet / Browsers 1 May 10th, 2008 04:52 PM
Internet connection is fine, but suddenly my browsers all quit working! Zelemont Windows XP 8 October 8th, 2007 08:50 PM
Computer is suddenly running EXTREMELY slow.. RastaMan Windows XP 3 September 2nd, 2005 05:06 AM


All times are GMT +1. The time now is 12:44 PM.