|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Browsers suddenly running slow
My Browsers (IE and Firefox) have both been quite slow lately. Whether loading a page or responding to commands. After making sure everything is up to date, disabling any addons that may be causing an issue, and clearing temp folders, I'm still experiencing the issue. Other than the slowness there are no other signs of potential malware but I'm not sure what else to do. Any help you may offer would be appreciated.
|
#2
|
||||
|
||||
Hello unforgiven1977 and Welcome to the CyberTechHelp Forums. .
I will be helping you fixing your problems. Please take note of some guidelines for this fix: 1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short. Thanks for your understanding. 2- Perform everything in the correct order. Sometimes one step requires the previous one. 3- Please open as administrator the computer. How is open as administrator the computer? 4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here How to disable your security applications. 5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" 6- Back up all your private data / important files on another (external) drive before using our tools (if possible). 7- Please subscribe to this thread if you have not done so already, and please don't do any other scans on your own and don't install or remove software. 8- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Thanks ************************************************** ******************************************* Let's check. I Would like you to do the following Step 1: Scan with Zemana AntiMalware Free:
PC restart now. Next >> Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
|
#3
|
|||
|
|||
Zemana AntiMalware 2.19.2.852 (Installed)
------------------------------------------------------- Scan Result : Completed Scan Date : 2016/2/12 Operating System : Windows 7 64-bit Processor : 4X AMD Athlon(tm) II X4 650 Processor BIOS Mode : Legacy CUID : 00CBAFC550080D471B2650 Scan Type : Deep Scan Duration : 35m 25s Scanned Objects : 344914 Detected Objects : 21 Excluded Objects : 0 Read Level : SCSI Auto Upload : Yes Include All Extensions : Yes Scan Documents : No Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- Default Status : Scanned Object : %programfiles%\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} MD5 : - Publisher : - Size : - Version : - Detection : Browser Extension Cleaning Action : Repair Traces : Browser Extension - Default Adblock Plus Status : Scanned Object : %appdata%\mozilla\firefox\profiles\gvhci303.defaul t\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi MD5 : F4741D13447199718BB610E392A9DECD Publisher : - Size : 1001911 Version : - Detection : Browser Extension Cleaning Action : Repair Traces : Browser Extension - Adblock Plus File - %appdata%\mozilla\firefox\profiles\gvhci303.defaul t\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi Youtube Best Video Downloader 2 Status : Scanned Object : %appdata%\mozilla\firefox\profiles\gvhci303.defaul t\extensions\{170503fa-3349-4f17-bc86-001888a5c8e2}.xpi MD5 : 56DCE77F61409C46B4BD504CF8EC015F Publisher : - Size : 43831 Version : - Detection : Browser Extension Cleaning Action : Repair Traces : Browser Extension - Youtube Best Video Downloader 2 File - %appdata%\mozilla\firefox\profiles\gvhci303.defaul t\extensions\{170503fa-3349-4f17-bc86-001888a5c8e2}.xpi FlashGot Status : Scanned Object : %appdata%\mozilla\firefox\profiles\gvhci303.defaul t\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi MD5 : CD97E22BF9ACEDEB682FCCFCC5252F32 Publisher : - Size : 400336 Version : - Detection : Browser Extension Cleaning Action : Repair Traces : Browser Extension - FlashGot File - %appdata%\mozilla\firefox\profiles\gvhci303.defaul t\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi CouponPrinterService.exe Status : Scanned Object : %programfiles%\coupons\couponprinterservice.exe MD5 : 20914ECC765B897528B0E3951A773FD6 Publisher : Coupons, Inc. Size : 1413736 Version : 6.0.2.8 Detection : Adware:Win32/Coupons!Ep Cleaning Action : Quarantine Traces : File - %programfiles%\coupons\couponprinterservice.exe Process - 3416 - C:\Program Files (x86)\Coupons\CouponPrinterService.exe Registry Entry - HKLM\System\CurrentControlSet\Services\CouponPrint erService\ImagePath = C:\Program Files (x86)\Coupons\CouponPrinterService.exe CouponPrinter.exe Status : Scanned Object : %userprofile%\downloads\couponprinter.exe MD5 : 84A3B901DF1E2B5F138C21D509693D8D Publisher : Coupons, Inc. Size : 2809128 Version : 5.0.1.6 Detection : Adware:Win32/Coupons!Ep Cleaning Action : Quarantine Traces : File - %userprofile%\downloads\couponprinter.exe CouponPrinter(1).exe Status : Scanned Object : %userprofile%\downloads\couponprinter(1).exe MD5 : 84A3B901DF1E2B5F138C21D509693D8D Publisher : Coupons, Inc. Size : 2809128 Version : 5.0.1.6 Detection : Adware:Win32/Coupons!Ep Cleaning Action : Quarantine Traces : File - %userprofile%\downloads\couponprinter(1).exe cbsidlm-tr1_9-MagicBlock-SEO-10838528.exe Status : Scanned Object : %userprofile%\downloads\cbsidlm-tr1_9-magicblock-seo-10838528.exe MD5 : B7D4020819DC6B923E5FE9D88231DD08 Publisher : CBS Interactive Size : 632952 Version : 2.8.0.1 Detection : Adware:Win32/CNETBundle!Ep Cleaning Action : Quarantine Traces : File - %userprofile%\downloads\cbsidlm-tr1_9-magicblock-seo-10838528.exe couponprinter_x64.ocx Status : Scanned Object : %systemroot%\couponprinter_x64.ocx MD5 : 459D396792ECF523870DBDED8C263E0B Publisher : Coupons, Inc. Size : 659048 Version : 5.0.2.8 Detection : Adware:Win32/Coupons!Ep Cleaning Action : Quarantine Traces : File - %systemroot%\couponprinter_x64.ocx Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}\InprocServer32\@ = C:\Windows\COUPON~2.OCX Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\InprocServer32\@ = C:\Windows\COUPON~2.OCX Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\@ = C:\Windows\COUPON~2.OCX CouponPrinter.ocx Status : Scanned Object : %systemroot%\couponprinter.ocx MD5 : CE0F193FE18CE21432B435EE4B1A077F Publisher : Coupons, Inc. Size : 444520 Version : 5.0.2.8 Detection : Adware:Win32/Coupons!Ep Cleaning Action : Quarantine Traces : File - %systemroot%\couponprinter.ocx Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\@ = C:\Windows\COUPON~1.OCX wajam_update[1].exe Status : Scanned Object : %systemroot%\syswow64\config\systemprofile\appdata \local\microsoft\windows\temporary internet files\content.ie5\vqkwb9xz\wajam_update[1].exe MD5 : A9ADBB9CF5EB800CA3D3A7D08136269A Publisher : Wajam Size : 69784 Version : - Detection : Adware:Win32/WajamAdCash!Ep Cleaning Action : Quarantine Traces : File - %systemroot%\syswow64\config\systemprofile\appdata \local\microsoft\windows\temporary internet files\content.ie5\vqkwb9xz\wajam_update[1].exe CouponPrinterServicex64.exe Status : Scanned Object : %temp%\_ir_sf_temp_0\couponprinterservicex64.exe MD5 : 20914ECC765B897528B0E3951A773FD6 Publisher : Coupons, Inc. Size : 1413736 Version : 6.0.2.8 Detection : Adware:Win32/Coupons!Ep Cleaning Action : Quarantine Traces : File - %temp%\_ir_sf_temp_0\couponprinterservicex64.exe CouponPrinterServiceWin32.exe Status : Scanned Object : %temp%\_ir_sf_temp_0\couponprinterservicewin32.exe MD5 : C18053779E16EED30F028916012BF994 Publisher : Coupons, Inc. Size : 1051240 Version : 6.0.2.8 Detection : Adware:Win32/Coupons!Ep Cleaning Action : Quarantine Traces : File - %temp%\_ir_sf_temp_0\couponprinterservicewin32.exe npMozCouponPrinter.dll Status : Scanned Object : %temp%\_ir_sf_temp_0\npmozcouponprinter.dll MD5 : B12E8BD446DC6CB9F3D4C7F54EB98DD9 Publisher : Coupons, Inc. Size : 247912 Version : 5.0.2.8 Detection : Adware:Win32/Coupons!Ep Cleaning Action : Quarantine Traces : File - %temp%\_ir_sf_temp_0\npmozcouponprinter.dll npCouponPrinter.dll Status : Scanned Object : %temp%\_ir_sf_temp_0\npcouponprinter.dll MD5 : FCB02678C3397912210F8F68A8CCC121 Publisher : Coupons, Inc. Size : 247912 Version : 5.0.2.8 Detection : Adware:Win32/Coupons!Ep Cleaning Action : Quarantine Traces : File - %temp%\_ir_sf_temp_0\npcouponprinter.dll 13072204882670352561.exe Status : Scanned Object : %temp%\13072204882670352561.exe MD5 : 407B0B79FB9AD6759CB1F2C18D25C6DF Publisher : - Size : 743842 Version : 0.0.0.0 Detection : Adware:Win32/InstallCore.Variant!Sig Cleaning Action : Quarantine Traces : File - %temp%\13072204882670352561.exe uninstall.exe Status : Scanned Object : %programfiles%\coupons\uninstall.exe MD5 : F6737D52E5DD12D3EC644A70BA4E45C2 Publisher : Coupons, Inc. Size : 586912 Version : 8.2.2.0 Detection : Adware:Win32/Coupons!Ep Cleaning Action : Quarantine Traces : File - %programfiles%\coupons\uninstall.exe Reference - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons\Uninstall Coupon Printer for Windows.lnk visic_coupon.dll Status : Scanned Object : %programfiles%\yahoo!\companion\installs\cpn0\visi c_coupon.dll MD5 : 044A218B9767F58851889C0F22B5FAA4 Publisher : Visicom Media Inc. Size : 370240 Version : 1.0.0.33 Detection : Adware:Win32/VisicomToolbar!Ep Cleaning Action : Quarantine Traces : File - %programfiles%\yahoo!\companion\installs\cpn0\visi c_coupon.dll npMozCouponPrinter.dll Status : Scanned Object : %programfiles%\mozilla firefox\browser\plugins\npmozcouponprinter.dll MD5 : B12E8BD446DC6CB9F3D4C7F54EB98DD9 Publisher : Coupons, Inc. Size : 247912 Version : 5.0.2.8 Detection : Adware:Win32/Coupons!Ep Cleaning Action : Quarantine Traces : File - %programfiles%\mozilla firefox\browser\plugins\npmozcouponprinter.dll Cake Mania.exe Status : Scanned Object : %programfiles%\hp games\cake mania\cake mania.exe MD5 : 5C4A5F4FA83DE23A011E10DAC395E6E8 Publisher : - Size : 110592 Version : 1.0.2.30 Detection : Malware:Win32/Cognito!Ramt Cleaning Action : Quarantine Traces : File - %programfiles%\hp games\cake mania\cake mania.exe Redacted.exe Status : Scanned Object : %homedrive%\games\call of duty black ops 2\redacted.exe MD5 : CA5ADBB3F1D71729F1F4440699EC6F2B Publisher : - Size : 142464 Version : 1.0.0.2 Detection : Trojan:Win32/Bundpill.A!Amam Cleaning Action : Quarantine Traces : File - %homedrive%\games\call of duty black ops 2\redacted.exe Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Jarhead on Fri 02/12/2016 at 21:19:05.07. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Jarhead\Desktop\zoek.exe Script used: C:\Users\Jarhead\Desktop\zoekscript.txt ==== System Restore Info ====================== 2/12/2016 9:24:51 PM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\360 deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\COMMON~1\AV deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully C:\PROGRA~3\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} deleted successfully C:\Users\Jarhead\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Jarhead\AppData\Roaming\Nuance deleted successfully C:\Users\Jarhead\AppData\Roaming\TP deleted successfully C:\Users\Jarhead\AppData\Local\Downloaded Installations deleted successfully C:\Users\Jarhead\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Jarhead\AppData\Local\EmieSiteList deleted successfully C:\Users\Jarhead\AppData\Local\EmieUserList deleted successfully C:\Users\Jarhead\AppData\Local\PDFC deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2125622828-1049889843-2400163364-1001\Software\Microsoft\Internet Explorer \SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_USERS\S-1-5-21-2125622828-1049889843-2400163364-1001\Software\Microsoft\Internet Explorer \SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} deleted successfully HKEY_USERS\S-1-5-21-2125622828-1049889843-2400163364-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Internet Explorer\SearchScopes \{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f- A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2- a955-ea576e553146} deleted successfully HKEY_CLASSES_ROOT\CLSID\{B69F34DD-F0F9-42DC-9EDD-957187DA688D} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Explorer\Browser Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default\prefs.js: user_pref("browser.startup.homepage", "http://www.msn.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename.US", "Search Provided by Yahoo"); user_pref("keyword.URL", ""); user_pref("browser.search.useDBForOrder", true); Added to C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default\prefs.js: ProfilePath: C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20160212_1012_.backup ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\360 not found C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found C:\PROGRA~3\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} not found C:\windows\SysNative\Tasks\AVG_SYS_TASK_1114av deleted C:\windows\SysNative\Tasks\AVG_SYS_TASK_1114av_DEL ETE deleted C:\Windows\tasks\AVG_SYS_TASK_1114av.job deleted C:\Windows\tasks\AVG_SYS_TASK_1114av_DELETE.job deleted C:\PROGRA~3\Yahoo! Companion deleted C:\PROGRA~2\Coupons deleted C:\PROGRA~2\Yahoo! deleted C:\PROGRA~3\Yahoo! deleted C:\PROGRA~3\Avg_Update_0814tb deleted C:\PROGRA~3\Avg_Update_1114av deleted C:\Users\Jarhead\AppData\Local\Unity deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deleted C:\Users\Jarhead\Downloads\avg_free_stb_all_2012_1 913_cnet.exe deleted C:\Users\Jarhead\Downloads\avg_free_stb_all_2014_4 158_cnet.exe deleted C:\Users\Jarhead\AppData\LocalLow\Unity deleted C:\Users\Jarhead\AppData\LocalLow\Yahoo! deleted C:\Users\Jarhead\AppData\LocalLow\Yahoo! Companion deleted C:\Windows\sysWoW64\config\systemprofile\AppData\L ocalLow\AVG SafeGuard toolbar deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\Syswow64\RENB046.tmp deleted C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default\searchplugins\search-provided- by-yahoo.xml deleted C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default\Yahoo Inc deleted "C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\ Profiles\gvhci303.default\yahooToolbarSettings" deleted ==== Firefox Extensions ====================== ==== Firefox Plugins ====================== Profilepath: C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default 6FE651F6E3025AD51CC1D54913AEEADC - C:\Windows\SysWOW64\Macromed\Flash \NPSWF32_20_0_0_306.dll - Shockwave Flash 3CD19649B2C3023D65E67C056457A2BC - C:\Users\Jarhead\AppData\Local\Facebook\Video\Skyp e \npFacebookVideoCalling.dll - Facebook Video Calling Plugin 6BBDF75F2CEC825523418547F7C32105 - C:\Users\Default\AppData\Local\HuluDesktop\instanc es \0.9.13.1\nphdplg.dll - Hulu Desktop ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Jarhead\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs- fullyhosted_003&type=wncy_ipad_15_41¶m1=1¶ m2=f%3D1%26b%3DIE%26cc%3Dus%26pa %3DWincy%26cd %3D2XzuyEtN2Y1L1QzutDzztB0EyD0FtD0F0E0E0FzytByCtCy BtN0D0Tzu0StCtAyByDtN1L2XzutAtFtCtBtF yDtFtAtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyCtCzztD0C yByDtGyE0F0A0DtGyE0AtDtCtGzy0B0FzytG tBtAtAyEyC0Fzz0CzyyDzyyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S 0C0AyC0DyB0EtD0DtG0DtBtByEtGyEtDzzy DtG0B0A0ByDtG0CyCyCzz0CtCyE0EyDzyyEtA2QtN0A0LzutB% 26cr%3D1492570255%26a %3Dwncy_ipad_15_41%26os%3DWindows%2B7%2BHome%2BPre mium" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\ Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f- A0FF-E1416B8B2E3A}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\ Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{20E6740E-07D0-403C-B434-82F09728D27A} - http://www.amazon.com/s/ref=azs_osd_...dex=aps&field- keywords={searchTerms} HKLM\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} - http://www.bing.com/search?q= {searchTerms}&FORM=IE8SRC HKLM\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.com/rover/1/711- 30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q= {searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q= {searchTerms}&src=IE-SearchBox&FORM=IE8SRC HKCU\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} - http://www.bing.com/search?q= {searchTerms}&src=IE-SearchBox&FORM=IE8SRC HKCU\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.com/rover/1/711- 30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} HKCU\Wow6432Node\SearchScopes "DefaultScope"="" HKCU\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC ==== Reset Google Chrome ====================== Nothing found to reset ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Uninstall\UnityWebPlayer deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\ Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.6 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files \Content.IE5 emptied successfully C:\Users\Jarhead\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5 emptied successfully C:\Users\Jarhead\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\ Local\Microsoft\Windows\Temporary Internet Files \Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\ Local\Microsoft\Windows\Temporary Internet Files \Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files \Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Lo cal\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files \Content.IE5\blank1E7KP9L9.htm will be deleted at reboot C:\Windows\sysWoW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files \Content.IE5\location_pickerCFV82EY7.htm will be deleted at reboot C:\Windows\sysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files \Content.IE5\blank1E7KP9L9.htm will be deleted at reboot C:\Windows\sysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files \Content.IE5\location_pickerCFV82EY7.htm will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Jarhead\AppData\Local\Mozilla\Firefox\Pro files\gvhci303.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=102 folders=22 48544187 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Jarhead\AppData\Local\Temp will be emptied at reboot C:\Users\Public\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\ Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Lo cal\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Jarhead\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\sysWoW64\config\systemprofile\AppData\ Local\Microsoft\Windows\Temporary Internet Files \Content.IE5\blank1E7KP9L9.htm" not found "C:\Windows\sysWoW64\config\systemprofile\AppData\ Local\Microsoft\Windows\Temporary Internet Files \Content.IE5\location_pickerCFV82EY7.htm" not found "C:\Windows\sysWOW64\config\systemprofile\AppData\ Local\Microsoft\Windows\Temporary Internet Files \Content.IE5\blank1E7KP9L9.htm" not found "C:\Windows\sysWOW64\config\systemprofile\AppData\ Local\Microsoft\Windows\Temporary Internet Files \Content.IE5\location_pickerCFV82EY7.htm" not found ==== EOF on Fri 02/12/2016 at 22:27:26.88 ====================== |
#4
|
|||
|
|||
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Jarhead (administrator) on JARHEAD-HP (12-02-2016 22:33:38) Running from C:\Users\Jarhead\Desktop Loaded Profiles: Jarhead (Available Profiles: Jarhead) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe () C:\Program Files (x86)\CrazyRemote\CrazyRemoteServer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe () C:\mjusbsp\srvany.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\BTTray.exe (Corel, Inc.) C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (magicJack L.P.) C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\mjusbsp\magicJack.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\System32\makecab.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-26] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSyst emStart HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12725488 2016-01-25] (Zemana Ltd.) HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-12] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [591512 2015-11-19] (Razer Inc.) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc) HKLM-x32\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [532808 2009-01-21] (Corel, Inc.) HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16712 2009-01-21] () HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation) HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\...\Run: [Easy Dock] => [X] HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe" HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\...\Run: [CrazyRemote] => C:\Program Files (x86)\CrazyRemote\CrazyRemote.exe [499992 2013-05-22] () HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\...\Run: [CrazyRemoteCommand] => C:\Program Files (x86)\CrazyRemote\CrazyRemoteCommand.exe [48920 2013-05-22] () HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1370624 2012-02-29] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [cdloader] => "C:\Windows\system32\config\systemprofile\AppData\ Roaming\mjusbsp\cdloader2.exe" MAGICJACK Lsa: [Notification Packages] scecli C:\Program Files\ASUS\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-04-08] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ASUS\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Jarhead\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\CurseClientStartup.ccip [2012-04-02] () Startup: C:\Users\Jarhead\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\magicBlock.lnk [2013-11-02] ShortcutTarget: magicBlock.lnk -> C:\Program Files (x86)\magicBlock\magicBlock.exe (vvisoft) Startup: C:\Users\Jarhead\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\RCA Detective.lnk [2014-06-19] ShortcutTarget: RCA Detective.lnk -> C:\Users\Jarhead\Documents\RCA Detective\RCADetective.exe (Audiovox Accessories Corp.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 209.18.47.62 209.18.47.61 Tcpip\..\Interfaces\{F92E336F-3802-486D-BBCA-7AEFA7894905}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{F9723135-7644-4DF2-863C-C143DBE6764B}: [DhcpNameServer] 192.168.1.1 209.18.47.62 209.18.47.61 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKU\S-1-5-21-2125622828-1049889843-2400163364-1001 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {20E6740E-07D0-403C-B434-82F09728D27A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-2125622828-1049889843-2400163364-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2125622828-1049889843-2400163364-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2125622828-1049889843-2400163364-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-18] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-01-17] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-17] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-10] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-01-17] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-10] (Oracle Corporation) DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_ 306.dll [2016-02-10] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_ 306.dll [2016-02-10] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1. dll [2016-02-10] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-10] (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-09-13] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-09-13] (NVIDIA Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp .dll [2015-08-19] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2125622828-1049889843-2400163364-1001: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesk top\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC) FF Plugin HKU\S-1-5-21-2125622828-1049889843-2400163364-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jarhead\AppData\Local\Facebook\Video\Skyp e\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-2125622828-1049889843-2400163364-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jarhead\AppData\LocalLow\Unity\WebPlayer\ loader\npUnity3D32.dll [No File] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 btwdins; C:\Program Files\ASUS\Bluetooth Software\btwdins.exe [1005944 2012-12-06] (Broadcom Corporation.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation) R2 CrazyRemoteServer; C:\Program Files (x86)\CrazyRemote\CrazyRemoteServer.exe [249112 2013-05-22] () S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-08-19] (WildTangent) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-26] (NVIDIA Corporation) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company) R2 magicJack; C:\mjusbsp\srvany.exe [8192 2012-02-29] () [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-26] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-26] (NVIDIA Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc) R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] () S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12725488 2016-01-25] (Zemana Ltd.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-29] (AVG Technologies) S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-24] (Broadcom Corporation.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-26] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation) R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-07] () R3 vhidmini; C:\Windows\System32\DRIVERS\crazyremote64.sys [67736 2013-05-22] () R1 ZAM; C:\Windows\System32\drivers\zam64.sys [202144 2016-02-12] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [202144 2016-02-12] (Zemana Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) |
#5
|
|||
|
|||
2016-02-12 22:33 - 2016-02-12 22:34 - 00021265 _____ C:\Users\Jarhead\Desktop\FRST.txt
2016-02-12 22:33 - 2016-02-12 22:33 - 00000000 ____D C:\FRST 2016-02-12 22:31 - 2016-02-12 22:32 - 02370560 _____ (Farbar) C:\Users\Jarhead\Desktop\FRST64.exe 2016-02-12 22:30 - 2016-02-12 22:30 - 00013470 _____ C:\Users\Jarhead\Desktop\zoek-results.txt 2016-02-12 22:27 - 2016-02-12 22:27 - 00000000 ____D C:\Users\Jarhead\AppData\Local\PDFC 2016-02-12 22:25 - 2016-02-12 21:18 - 00024064 _____ C:\Windows\zoek-delete.exe 2016-02-12 21:22 - 2016-02-12 21:22 - 00011681 _____ C:\Users\Jarhead\Desktop\2016.02.12-19.09.15-i0-t4294967295-d21.txt 2016-02-12 21:18 - 2016-02-12 22:12 - 00000000 ____D C:\zoek_backup 2016-02-12 21:08 - 2016-02-12 21:08 - 01309184 _____ C:\Users\Jarhead\Desktop\zoek.exe 2016-02-12 19:04 - 2016-02-12 22:27 - 00001125 _____ C:\Windows\ZAM.krnl.trace 2016-02-12 19:04 - 2016-02-12 22:26 - 00000119 _____ C:\Windows\ZAM_Guard.krnl.trace 2016-02-12 19:04 - 2016-02-12 19:04 - 00202144 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2016-02-12 19:04 - 2016-02-12 19:04 - 00202144 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys 2016-02-12 19:04 - 2016-02-12 19:04 - 00001114 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2016-02-12 19:04 - 2016-02-12 19:04 - 00000000 ____D C:\Users\Jarhead\AppData\Local\Zemana 2016-02-12 19:04 - 2016-02-12 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2016-02-12 19:04 - 2016-02-12 19:04 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2016-02-12 19:01 - 2016-02-12 19:01 - 05225112 _____ ( ) C:\Users\Jarhead\Downloads\Zemana.AntiMalware.Setu p.exe 2016-02-10 05:58 - 2016-02-06 05:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-02-10 05:58 - 2016-02-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-02-10 05:58 - 2016-02-06 05:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-02-10 05:58 - 2016-02-06 05:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-02-10 05:58 - 2016-02-06 05:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-02-10 05:58 - 2016-02-06 05:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-02-10 05:58 - 2016-02-06 04:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-02-10 05:58 - 2016-02-06 04:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-02-10 05:58 - 2016-02-06 04:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-02-10 05:58 - 2016-02-06 04:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-02-10 05:58 - 2016-02-06 04:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-02-10 05:58 - 2016-02-06 04:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-02-10 05:58 - 2016-02-06 04:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-02-10 05:58 - 2016-02-06 03:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-02-10 05:58 - 2016-01-22 15:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-02-10 05:58 - 2016-01-22 15:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-02-10 05:58 - 2016-01-22 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-02-10 05:58 - 2016-01-22 01:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-02-10 05:58 - 2016-01-22 01:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-02-10 05:58 - 2016-01-22 01:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-02-10 05:58 - 2016-01-22 01:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-02-10 05:58 - 2016-01-22 01:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-02-10 05:58 - 2016-01-22 01:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-02-10 05:58 - 2016-01-22 01:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-02-10 05:58 - 2016-01-22 01:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-02-10 05:58 - 2016-01-22 01:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-02-10 05:58 - 2016-01-22 01:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-02-10 05:58 - 2016-01-22 01:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-02-10 05:58 - 2016-01-22 01:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-02-10 05:58 - 2016-01-22 01:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-02-10 05:58 - 2016-01-22 01:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-02-10 05:58 - 2016-01-22 01:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-02-10 05:58 - 2016-01-22 01:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-02-10 05:58 - 2016-01-22 01:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-02-10 05:58 - 2016-01-22 01:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-02-10 05:58 - 2016-01-22 01:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-02-10 05:58 - 2016-01-22 01:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-02-10 05:58 - 2016-01-22 01:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-02-10 05:58 - 2016-01-22 01:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-02-10 05:58 - 2016-01-22 01:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-02-10 05:58 - 2016-01-22 01:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-02-10 05:58 - 2016-01-22 00:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-02-10 05:58 - 2016-01-22 00:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-02-10 05:58 - 2016-01-22 00:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-02-10 05:58 - 2016-01-22 00:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-02-10 05:58 - 2016-01-22 00:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-02-10 05:58 - 2016-01-22 00:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-02-10 05:58 - 2016-01-22 00:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-02-10 05:58 - 2016-01-22 00:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-02-10 05:58 - 2016-01-22 00:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-02-10 05:58 - 2016-01-22 00:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-02-10 05:58 - 2016-01-22 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-02-10 05:58 - 2016-01-22 00:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-02-10 05:58 - 2016-01-22 00:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-02-10 05:58 - 2016-01-22 00:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-02-10 05:58 - 2016-01-22 00:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-02-10 05:58 - 2016-01-22 00:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-02-10 05:58 - 2016-01-22 00:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-02-10 05:58 - 2016-01-22 00:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-02-10 05:58 - 2016-01-22 00:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-02-10 05:58 - 2016-01-22 00:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-02-10 05:58 - 2016-01-22 00:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-02-10 05:58 - 2016-01-22 00:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-02-10 05:58 - 2016-01-22 00:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-02-10 05:58 - 2016-01-22 00:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-02-10 05:58 - 2016-01-22 00:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-02-10 05:58 - 2016-01-16 14:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-02-10 05:58 - 2016-01-16 13:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-02-10 05:58 - 2016-01-11 09:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-02-10 05:58 - 2016-01-11 09:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-02-10 05:58 - 2016-01-11 09:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-02-10 05:58 - 2016-01-11 09:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-02-10 05:58 - 2016-01-11 09:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-02-10 05:58 - 2016-01-06 14:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2016-02-10 05:58 - 2016-01-06 14:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2016-02-10 05:58 - 2016-01-06 13:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2016-02-10 05:57 - 2016-01-22 01:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-02-10 05:57 - 2016-01-22 01:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-02-10 05:57 - 2016-01-22 01:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll 2016-02-10 05:57 - 2016-01-22 01:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll 2016-02-10 05:57 - 2016-01-22 01:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll 2016-02-10 05:57 - 2016-01-22 01:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll 2016-02-10 05:57 - 2016-01-16 14:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-02-10 05:57 - 2016-01-16 13:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-02-10 05:57 - 2016-01-11 14:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-02-10 05:57 - 2016-01-11 14:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-02-10 05:57 - 2016-01-11 14:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-02-10 05:57 - 2016-01-11 13:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2016-02-10 05:57 - 2016-01-11 13:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2016-02-10 05:57 - 2016-01-11 13:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-02-10 05:57 - 2016-01-11 13:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-02-10 05:57 - 2016-01-11 13:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-02-10 05:57 - 2016-01-11 13:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-02-10 05:57 - 2016-01-11 13:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-02-10 05:57 - 2016-01-11 13:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2016-02-10 05:57 - 2016-01-11 13:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2016-02-10 05:57 - 2016-01-11 13:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2016-02-10 05:57 - 2016-01-11 13:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2016-02-10 05:57 - 2016-01-11 13:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2016-02-10 05:57 - 2016-01-11 13:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2016-02-10 05:57 - 2016-01-07 12:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-02-10 05:57 - 2016-01-07 12:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2016-02-10 05:56 - 2016-01-22 01:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-02-10 05:56 - 2016-01-22 01:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-02-10 05:56 - 2016-01-22 01:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-02-10 05:56 - 2016-01-22 01:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-02-10 05:56 - 2016-01-22 01:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-02-10 05:56 - 2016-01-22 01:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-02-10 05:56 - 2016-01-22 01:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-02-10 05:56 - 2016-01-22 01:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-02-10 05:56 - 2016-01-22 01:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-02-10 05:56 - 2016-01-22 01:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-02-10 05:56 - 2016-01-22 01:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-02-10 05:56 - 2016-01-22 01:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-02-10 05:56 - 2016-01-22 01:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-02-10 05:56 - 2016-01-22 01:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-02-10 05:56 - 2016-01-22 01:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-02-10 05:56 - 2016-01-22 01:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-02-10 05:56 - 2016-01-22 01:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-02-10 05:56 - 2016-01-22 01:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-02-10 05:56 - 2016-01-22 01:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-02-10 05:56 - 2016-01-22 01:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll 2016-02-10 05:56 - 2016-01-22 01:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-02-10 05:56 - 2016-01-22 01:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-02-10 05:56 - 2016-01-22 01:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-02-10 05:56 - 2016-01-22 01:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2016-02-10 05:56 - 2016-01-22 01:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-02-10 05:56 - 2016-01-22 01:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-02-10 05:56 - 2016-01-22 01:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-02-10 05:56 - 2016-01-22 01:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-02-10 05:56 - 2016-01-22 01:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-02-10 05:56 - 2016-01-22 01:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-02-10 05:56 - 2016-01-22 01:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-02-10 05:56 - 2016-01-22 01:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 01:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-02-10 05:56 - 2016-01-22 01:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-02-10 05:56 - 2016-01-22 01:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-02-10 05:56 - 2016-01-22 01:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-02-10 05:56 - 2016-01-22 01:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-02-10 05:56 - 2016-01-22 01:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-02-10 05:56 - 2016-01-22 01:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-02-10 05:56 - 2016-01-22 01:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-02-10 05:56 - 2016-01-22 01:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-02-10 05:56 - 2016-01-22 01:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2016-02-10 05:56 - 2016-01-22 01:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-02-10 05:56 - 2016-01-22 01:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-02-10 05:56 - 2016-01-22 01:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-02-10 05:56 - 2016-01-22 01:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-02-10 05:56 - 2016-01-22 01:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-02-10 05:56 - 2016-01-22 01:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll 2016-02-10 05:56 - 2016-01-22 01:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-02-10 05:56 - 2016-01-22 01:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll 2016-02-10 05:56 - 2016-01-22 01:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-02-10 05:56 - 2016-01-22 01:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-02-10 05:56 - 2016-01-22 00:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2016-02-10 05:56 - 2016-01-22 00:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-02-10 05:56 - 2016-01-22 00:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2016-02-10 05:56 - 2016-01-22 00:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-02-10 05:56 - 2016-01-22 00:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-02-10 05:56 - 2016-01-22 00:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-02-10 05:56 - 2016-01-21 23:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-02-10 05:56 - 2016-01-21 23:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-02-10 05:56 - 2016-01-21 23:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-02-10 05:56 - 2016-01-21 23:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-02-10 05:56 - 2016-01-21 23:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-02-10 05:56 - 2016-01-21 23:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-02-10 05:56 - 2016-01-21 23:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-02-10 05:56 - 2016-01-21 23:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-02-10 05:56 - 2016-01-21 23:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-02-10 05:56 - 2016-01-21 23:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-02-10 05:56 - 2016-01-21 23:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-02-10 05:56 - 2016-01-21 23:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-02-10 05:56 - 2016-01-21 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-02-10 05:56 - 2016-01-21 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-02-10 04:38 - 2016-02-10 04:38 - 08817344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2016-01-31 14:58 - 2016-02-10 14:17 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-01-31 14:57 - 2016-01-31 14:57 - 00643680 _____ (Oracle Corporation) C:\Users\Jarhead\Downloads\jxpiinstall.exe 2016-01-30 19:38 - 2016-01-30 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-01-30 19:37 - 2016-01-30 19:38 - 00000000 ____D C:\Program Files\iTunes 2016-01-30 19:37 - 2016-01-30 19:37 - 00000000 ____D C:\Program Files\iPod 2016-01-30 19:37 - 2016-01-30 19:37 - 00000000 ____D C:\Program Files (x86)\iTunes ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-12 22:27 - 2011-12-01 15:19 - 00000000 ____D C:\ProgramData\PDFC 2016-02-12 22:26 - 2012-02-29 08:51 - 00000000 ____D C:\ProgramData\NVIDIA 2016-02-12 22:26 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-02-12 22:13 - 2012-07-26 06:16 - 00000000 ____D C:\Users\Jarhead\AppData\Local\Google 2016-02-12 22:12 - 2014-06-17 17:25 - 00000000 ____D C:\Users\Jarhead\AppData\Roaming\Yahoo! 2016-02-12 22:00 - 2012-03-07 10:25 - 00000000 ____D C:\Users\Jarhead\AppData\Local\CrashDumps 2016-02-12 21:38 - 2012-04-01 12:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-02-12 19:39 - 2012-03-30 18:29 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2125622828-1049889843-2400163364-1001UA.job 2016-02-12 19:39 - 2012-03-30 18:29 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2125622828-1049889843-2400163364-1001Core.job 2016-02-12 17:35 - 2012-07-30 20:37 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronizatio n-{6AE2506A-9C88-4076-859D-D33125FC91D9} 2016-02-12 16:32 - 2014-08-21 09:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-02-12 15:19 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-02-12 15:19 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-02-11 19:47 - 2012-03-01 17:04 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJarhead 2016-02-11 19:47 - 2012-03-01 17:04 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForJarhead.job 2016-02-11 04:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2016-02-11 03:41 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI 2016-02-11 03:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf 2016-02-11 03:34 - 2009-07-13 23:45 - 00435872 _____ C:\Windows\system32\FNTCACHE.DAT 2016-02-11 03:31 - 2014-12-10 03:22 - 00000000 ____D C:\Windows\system32\appraiser 2016-02-11 03:31 - 2014-05-07 02:00 - 00000000 ___SD C:\Windows\system32\CompatTel 2016-02-11 03:31 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal 2016-02-11 03:16 - 2013-07-25 02:00 - 00000000 ____D C:\Windows\system32\MRT 2016-02-11 03:11 - 2012-03-03 03:55 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-02-10 14:18 - 2015-09-03 02:09 - 00000000 ____D C:\Users\Jarhead\.oracle_jre_usage 2016-02-10 14:18 - 2014-10-31 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-02-10 14:18 - 2012-03-03 12:56 - 00000000 ____D C:\Program Files (x86)\Java 2016-02-10 04:38 - 2012-04-01 12:54 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-02-10 04:38 - 2012-04-01 12:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-02-10 04:38 - 2012-03-01 07:59 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-02-06 18:17 - 2011-12-01 14:58 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2016-01-31 15:02 - 2013-11-01 10:01 - 00000000 ____D C:\ProgramData\Oracle 2016-01-31 15:01 - 2014-11-21 21:38 - 00000000 ____D C:\Program Files\Java 2016-01-30 19:38 - 2015-07-15 02:17 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk 2016-01-30 19:37 - 2015-01-29 03:06 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-01-29 03:59 - 2015-11-15 17:07 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-01-29 03:58 - 2011-12-01 15:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-01-21 17:20 - 2012-07-13 19:20 - 00000000 ____D C:\Program Files (x86)\Steam 2016-01-15 12:02 - 2015-11-24 19:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-01-15 12:02 - 2014-12-29 10:00 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-01-15 12:00 - 2014-09-28 10:58 - 00000000 ____D C:\Users\Jarhead\AppData\Local\Adobe 2016-01-13 03:30 - 2013-03-13 02:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-01-13 03:30 - 2013-03-13 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-01-13 03:12 - 2013-03-13 02:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight ==================== Files in the root of some directories ======= 2013-12-10 20:07 - 2014-03-20 23:08 - 0003744 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml 2012-06-26 21:03 - 2013-11-25 06:49 - 0013824 _____ () C:\Users\Jarhead\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-05-28 06:43 - 2013-05-28 06:43 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-11-06 20:45 - 2014-11-06 20:45 - 0000272 _____ () C:\ProgramData\INSTALL_TOR.URL ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-02-08 17:28 ==================== End of FRST.txt ============================ |
#6
|
|||
|
|||
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Jarhead (2016-02-12 22:34:48) Running from C:\Users\Jarhead\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2012-02-29 13:44:32) Boot Mode: Normal ================================================== ======== ==================== Accounts: ============================= Administrator (S-1-5-21-2125622828-1049889843-2400163364-500 - Administrator - Disabled) Guest (S-1-5-21-2125622828-1049889843-2400163364-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2125622828-1049889843-2400163364-1002 - Limited - Enabled) Jarhead (S-1-5-21-2125622828-1049889843-2400163364-1001 - Administrator - Enabled) => C:\Users\Jarhead ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) ASUS Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3700 - ASUS) ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Call of Duty: Black Ops III (HKLM-x32\...\Steam App 311210) (Version: - Treyarch) ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation) Curse Client (HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version: - Blizzard Entertainment) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{A3E89C5B-BB3A-433A-A878-D1310BB13EAD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard) HP Deskjet 1000 J110 series Product Improvement Study (HKLM\...\{EEC82191-E879-4906-9D6B-D9665CF030CD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent) HP LinkUp (HKLM-x32\...\{C1AD9241-3ADD-483F-914D-071F3E50855A}) (Version: 2.01.026 - Hewlett-Packard) HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife) HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden Hulu Desktop (HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC) iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.) Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.) LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden magicBlock (HKLM-x32\...\magicBlock) (Version: - ) magicJack (HKU\.DEFAULT\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.) magicJack (HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.) Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6366.2062 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) mIRC (HKLM-x32\...\mIRC) (Version: 7.38 - mIRC Co. Ltd.) Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation) NVIDIA 3D Vision Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.98 - NVIDIA Corporation) NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation) NVIDIA Graphics Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.) Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.) Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64) QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements) Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28188 - Razer Inc.) RCA Detective™ 3.0.4.0 (HKLM-x32\...\RCA Detective™_is1) (Version: - RCA) RCA easyRip 2.6.3.0 (HKLM-x32\...\RCA easyRip_is1) (Version: - RCA) RCA Updater 2.1.7.1 (HKLM-x32\...\RCA Updater_is1) (Version: - RCA) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard) RIFT (HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\...\RIFT) (Version: - Trion Worlds, Inc.) RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow) SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.) Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Torchlight (HKLM-x32\...\Steam App 41500) (Version: - Runic Games, Inc.) TWC Customer Controls (HKLM-x32\...\{A2E5F2AA-2996-41EA-BCCD-9FD0476A5326}) (Version: 11 - SupportSoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Warhammer 40,000 Space Marine (HKLM-x32\...\Steam App 55150) (Version: - Relic) Warhammer 40,000: Kill Team (HKLM-x32\...\Steam App 275610) (Version: - Nomad Games) Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}) (Version: 15.0.9411 - WinZip Computing, S.L. ) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.19.852 - Zemana Ltd.) Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70 529A702D19D.1) (Version: 4.0.3184 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01F05D17-DA7B-4F43-A4D8-3B256500E382} - System32\Tasks\4868 => C:\Windows\system32\wscript.exe [2013-10-11] (Microsoft Corporation) <==== ATTENTION Task: {035081BA-6671-469A-92E3-84EA2E3368D4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2125622828-1049889843-2400163364-1001UA => C:\Users\Jarhead\AppData\Local\Facebook\Update\Fac ebookUpdate.exe [2012-07-11] (Facebook Inc.) Task: {06BF1157-E86D-4F20-9DBE-667D9ECE0B22} - System32\Tasks\{DFCC1CFB-FDF3-EC57-C350-0E86CB383AEE} => /s "C:\Users\Jarhead\AppData\Roaming\ebafg.dll" Task: {146E029E-598A-4E52-AA3F-0FD0483AFD60} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.) Task: {1613608E-61DF-4A65-A90E-8A261E2B864D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarra ntyAlert.exe Task: {17FFD212-51CE-44A8-B19D-F4A5323232BD} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-01-29] (Oracle Corporation) Task: {22AF6A95-38AC-4C06-B6CB-6FC58A3FFD83} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe Task: {254FEDC9-E883-4607-9A44-50C5504EA505} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {31DE081D-1B4E-45D6-9F71-F69554EBBF0F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2125622828-1049889843-2400163364-1001 Task: {32C1D65F-5049-44DD-ABD3-D27A65786B1D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers \ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {36C1C7E9-5A5F-4250-AB41-6995F440181C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarra ntyAlert.exe Task: {3E31DC76-A98B-40D5-923B-8201B032C140} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2016-02-10] (Adobe Systems Incorporated) Task: {3F01ECBE-10B5-409A-8C23-515B290B4560} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company) Task: {443C14E5-7751-48AD-A9FD-FC8020559E31} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard) Task: {625C0F88-3DAA-4731-A61B-ED3895FD694E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2125622828-1049889843-2400163364-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {69F05950-AA54-4DE6-BB0B-00B8382AD762} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.) Task: {793C458F-B7FF-4E72-9121-2EDB81C5893B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation) Task: {7D83677B-6DBD-45A5-A74D-208E49DA1C6D} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {80AD2AC1-872F-424F-9C1B-AAF793AECB24} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe Task: {859495EC-218D-401F-9710-4F011E858370} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation) Task: {96218DB4-1523-4F59-BD81-327512698AA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard) Task: {980E3072-D9FE-46C6-ACFC-3FA647DCF327} - System32\Tasks\HPCeeScheduleForJarhead => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {98F471A7-9C73-4585-86B5-1B99AF532F3F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2125622828-1049889843-2400163364-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {B2972E54-187B-49C2-B24C-D938F10C752E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-01-19] (Microsoft Corporation) Task: {D3F7941E-6F0E-4D5C-8CCA-766D9C124798} - System32\Tasks\{47EEF2BB-37EE-413E-940E-3BA5FAA08EE6} => pcalua.exe -a C:\Users\Jarhead\Downloads\setup.exe -d C:\Users\Jarhead\Desktop Task: {E0282C13-47F5-42B1-958B-AC44A398BE7E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {F1C9378E-F51F-4BC8-BB8C-291B0C0C3608} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers \ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {F235A922-AEB2-4934-827F-2777E11B0428} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2125622828-1049889843-2400163364-1001Core => C:\Users\Jarhead\AppData\Local\Facebook\Update\Fac ebookUpdate.exe [2012-07-11] (Facebook Inc.) Task: {F7907102-AB45-4C9F-AFE0-5200036F6242} - System32\Tasks\{721BEFDF-D4F8-DA45-4F42-02AA69ABA537} => /s "C:\Users\Jarhead\AppData\Roaming\queqth.dll" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2125622828-1049889843-2400163364-1001Core.job => C:\Users\Jarhead\AppData\Local\Facebook\Update\Fac ebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2125622828-1049889843-2400163364-1001UA.job => C:\Users\Jarhead\AppData\Local\Facebook\Update\Fac ebookUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForJarhead.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2012-02-29 09:11 - 2015-09-13 17:09 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-11-15 17:04 - 2016-01-17 14:46 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2013-05-22 23:57 - 2013-05-22 23:57 - 00249112 _____ () C:\Program Files (x86)\CrazyRemote\CrazyRemoteServer.exe 2012-02-29 09:29 - 2012-02-29 09:26 - 00008192 _____ () C:\mjusbsp\srvany.exe 2015-11-04 19:11 - 2015-11-04 19:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2016-01-29 03:57 - 2016-01-17 18:07 - 08913088 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-02-12 19:04 - 2016-02-12 19:04 - 00118640 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll 2009-01-21 16:34 - 2009-01-21 16:34 - 00016712 ____R () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe 2009-06-08 19:45 - 2009-06-08 19:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2011-12-01 15:06 - 2011-12-01 15:06 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDispl ay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CL I.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-03-24 07:21 - 2011-03-24 07:21 - 02278912 _____ () C:\Program Files (x86)\CrazyRemote\QtCore4.dll 2011-03-24 07:21 - 2011-03-24 07:21 - 00911872 _____ () C:\Program Files (x86)\CrazyRemote\QtNetwork4.dll 2012-01-09 03:31 - 2012-01-09 03:31 - 00105984 _____ () C:\Program Files (x86)\CrazyRemote\ScienPixWCL.dll 2012-03-21 00:27 - 2012-03-21 00:27 - 00897024 _____ () C:\Program Files (x86)\CrazyRemote\CRTunnel.dll 2015-04-08 10:10 - 2015-08-26 19:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-10-01 01:28 - 2015-10-01 01:28 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRp t1402.dll |
#7
|
|||
|
|||
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SprtListen => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SprtListenPush => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SupportSoft RemoteAssist => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2014-11-10 02:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jarhead\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg DNS Servers: 192.168.1.1 - 209.18.47.62 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{08F1D697-E22E-4B09-A66F-DFBA613DF34F}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{CE6BD73B-FEC5-464F-B37B-5112CDBE39AB}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{8814CE33-0F46-4A08-AD16-A4E0FC484021}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{DAE3C373-4106-441E-B81D-B4CA69F57DD0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{8A9C02ED-43C7-43F8-ABB9-9427EBFE2BF7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{27213019-ABB9-463E-BEDB-0C7B458A6E5C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{9396C420-9067-456D-9E4F-2626646CE1F4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{2B18729A-5071-4B8D-8EB4-CF2D5D37CEED}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{E1F82AAB-1956-44B3-A9DC-5711EB99CA0B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{2E0D7E19-4FC9-4A73-B6F2-C703BA0C95A7}] => (Allow) LPort=2869 FirewallRules: [{3AB9B21B-7AD2-435D-8D9C-500D29670EBA}] => (Allow) LPort=1900 FirewallRules: [{DC06D84E-D5B4-4386-AE90-439D1D91FADA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{2CE8D778-F021-492B-85FD-59E8B2145FB8}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [TCP Query User{F2F7AC03-E84C-4F58-A77E-2FDA3CD48E01}C:\users\jarhead\appdata\roaming\mjus bsp\magicjack.exe] => (Allow) C:\users\jarhead\appdata\roaming\mjusbsp\magicjack .exe FirewallRules: [UDP Query User{9B742421-AF7E-4BE0-8D8A-7168345FC8B2}C:\users\jarhead\appdata\roaming\mjus bsp\magicjack.exe] => (Allow) C:\users\jarhead\appdata\roaming\mjusbsp\magicjack .exe FirewallRules: [{E5AB89F0-CF25-4CD7-A53C-54443F534F70}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{09E9F397-10C4-41AE-93F9-C03C66D7F794}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{C0687086-BA1F-41D7-9650-9D2B6B49991A}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{22190E80-0D4C-41C8-8E57-737EE336EBF8}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{0872D22E-CA7A-40C5-8E8B-58804BBD7089}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [TCP Query User{1A405A93-538D-43F1-A481-BF8D424CCD76}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe FirewallRules: [UDP Query User{4A8D5AE8-D207-4E38-A62B-22BE0069E9C1}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe FirewallRules: [{9573ED27-69F2-47B0-AB0A-A248AF357EF8}] => (Allow) C:\Program Files (x86)\Diablo III Beta\Diablo III.exe FirewallRules: [{CF02D742-398E-476F-B012-412F57C7D098}] => (Allow) C:\Program Files (x86)\Diablo III Beta\Diablo III.exe FirewallRules: [TCP Query User{D54F6ADC-5DE2-4D5E-9DA9-7983815B2EA1}C:\users\jarhead\downloads\downloader _diablo2_enus.exe] => (Allow) C:\users\jarhead\downloads\downloader_diablo2_enus .exe FirewallRules: [UDP Query User{4E28CC58-837B-4C81-8052-CA0D9C253286}C:\users\jarhead\downloads\downloader _diablo2_enus.exe] => (Allow) C:\users\jarhead\downloads\downloader_diablo2_enus .exe FirewallRules: [{04014E2D-840B-46B1-B0FD-2444B8FFEC52}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe FirewallRules: [{804F6BF8-0D31-4424-8BAF-8A521BF8494E}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe FirewallRules: [{42F8450D-4FCC-466F-B63E-9A2E525F9D64}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{35C7ECEC-92E9-4E46-A597-3B0158E28700}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{067E6D6A-A7E8-4C98-BE12-754C67B044A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe FirewallRules: [{25930D2E-D97F-446E-989C-66286A38783B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe FirewallRules: [TCP Query User{6B993A51-0C38-44FE-8FA1-F05886A568F0}C:\users\jarhead\downloads\gw2.exe] => (Allow) C:\users\jarhead\downloads\gw2.exe FirewallRules: [UDP Query User{87069AF3-99C9-41AE-9338-8DFD8ED594B6}C:\users\jarhead\downloads\gw2.exe] => (Allow) C:\users\jarhead\downloads\gw2.exe FirewallRules: [{53D40DBD-8626-4001-85A9-F5ACBB2DC147}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\Torchlight2.exe FirewallRules: [{796EF3BF-6AA0-4A72-A229-023B2E2173FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\Torchlight2.exe FirewallRules: [{D082AA40-AE5E-430A-8F28-D813748AD468}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\torchlight\Torchlight .exe FirewallRules: [{70E5BBF1-8CF1-47F7-9DE9-CD79E0CE8B25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\torchlight\Torchlight .exe FirewallRules: [{328D486B-6928-4926-A376-7BEF162E9833}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe FirewallRules: [{6C8A4014-26C9-48E8-84DF-848F2F8251CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe FirewallRules: [{DAE42AAF-02BE-4D56-A727-1C0642173EC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe FirewallRules: [{321C0168-52FB-4EDD-A111-C6D58DF6E30C}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe FirewallRules: [TCP Query User{635D44AC-1963-4381-A17B-049C264AD6B7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{F3751AFC-8B3F-4B12-9BC3-AA7E519016AA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [{A5B9F267-F90A-4C62-A7EE-7F2FE9A5F63E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{2FF88BAF-D77E-43C4-A140-EDB9308ECDF6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{9AAAD438-D00B-4962-9F31-C47CD4CF511D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{0A174538-5AFE-463A-A135-32AF54635D3E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{8F43752A-785A-4A27-AC7C-CCA03C279DF9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{5D9FCB7A-D6FB-41D2-97EB-B8FFB46831C7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.e xe FirewallRules: [{9806DE5E-8F8B-455D-A943-77F6546AD141}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.e xe FirewallRules: [{DBEFD0BC-90E1-4363-B517-474EA1094A62}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetect ion3.exe FirewallRules: [{7596E882-0C88-4DC2-9F37-F0723D438737}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.e xe FirewallRules: [{92F2B47D-4EA4-46FC-B80F-098E8AE8E99E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.e xe FirewallRules: [{315BFB83-56F4-4243-AF09-99CF365969A1}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{B22ADE99-D6F8-4CF1-93D1-FD1E18CEFD67}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{F83E055E-F071-4BA4-8FCD-779D9E6BED55}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{BF717BA0-ABEB-49EA-ADEA-86DE24E421B8}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{524EE482-3226-4953-942C-6D8617FB8448}] => (Allow) C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\mjusbsp\magicJack.exe FirewallRules: [{7764CF45-ACFD-4B09-8F68-C73FD4060191}] => (Allow) C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\mjusbsp\magicJack.exe FirewallRules: [{BB7A9246-26B7-4F52-B751-A155B3B53484}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.e xe FirewallRules: [{9541E830-77B6-42AE-BB75-60A72C1ED4F3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.e xe FirewallRules: [{969EE6BC-8F8F-44E8-880C-FA5DEC99F63C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Ag ent.exe FirewallRules: [{6F9A6011-2BA0-4C05-A9FA-D7ECF52BD852}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Ag ent.exe FirewallRules: [TCP Query User{BDA4870A-A95D-4244-9742-D1FA149464FA}C:\programdata\battle.net\agent\agent .beta.2753\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2753\ag ent.exe FirewallRules: [UDP Query User{13731808-453A-4811-A4BB-457D7DE0897F}C:\programdata\battle.net\agent\agent .beta.2753\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2753\ag ent.exe FirewallRules: [{50298869-41D2-472C-A410-D98E41384242}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.e xe FirewallRules: [{CAAC3D3C-43FE-41C1-A962-E9C7EDD54303}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.e xe FirewallRules: [{0D85E1F1-6A64-4623-AD84-10338D44111E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Ag ent.exe FirewallRules: [{C31ABD18-60C1-49B8-98E4-3D83526F2792}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Ag ent.exe FirewallRules: [{52D0540E-7E84-43BA-954E-DAD3A5A6452F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{CC3A9BC2-2B49-4815-AED1-94C804802598}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{BEBA3D48-E2E6-4C66-8C4F-30108E61AD5A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{957032AA-3422-4CB2-B820-750E5C43B262}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{B7ED899F-68B6-4F9C-AF0A-49241D847567}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.e xe FirewallRules: [{A9CDB76F-0B45-415C-9F50-F0FBFE49996A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.e xe FirewallRules: [{1F8A153E-7073-4BC8-8D3C-7143591B70DC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.e xe FirewallRules: [{A8AA204F-8064-410B-84F4-62C268F4F272}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.e xe FirewallRules: [TCP Query User{46B9498D-4165-45D4-825C-CB5FEC4057C2}C:\programdata\battle.net\agent\agent .2880\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2880\agent.e xe FirewallRules: [UDP Query User{3342769D-E1B1-4334-9265-6042A1371BCC}C:\programdata\battle.net\agent\agent .2880\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2880\agent.e xe FirewallRules: [{60624A38-1FDE-4A5E-BB22-DE8946EEC898}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{946BAF3B-66C3-467E-AE2B-E99E2A24BBFA}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [TCP Query User{96D4BC34-0FAA-4FF5-B05E-CE82D199E07D}C:\programdata\battle.net\agent\agent .3023\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3023\agent.e xe FirewallRules: [UDP Query User{F38A9267-33B2-47B5-A37A-EE0C92FABA7D}C:\programdata\battle.net\agent\agent .3023\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3023\agent.e xe FirewallRules: [TCP Query User{9A5E0981-DEF0-42BF-8697-82A72B6D412B}C:\programdata\battle.net\agent\agent .3109\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3109\agent.e xe FirewallRules: [UDP Query User{82CAC965-9E00-4020-BE59-EFD5F420C897}C:\programdata\battle.net\agent\agent .3109\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3109\agent.e xe FirewallRules: [{E71B4004-E26E-4021-8392-47506F72844E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.e xe FirewallRules: [{ED9E0C11-3DC4-4AAD-AE01-44E5FF4981E3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.e xe FirewallRules: [TCP Query User{0F7FB5AE-E4DF-4C8E-BECB-282108E939F3}C:\programdata\battle.net\agent\agent .3182\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3182\agent.e xe FirewallRules: [UDP Query User{C8ED3A65-92E2-4EF3-A948-21E3670B4135}C:\programdata\battle.net\agent\agent .3182\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3182\agent.e xe FirewallRules: [{9BBA1ED5-C373-493E-95E8-B356B903BDB9}] => (Allow) C:\Users\Jarhead\AppData\Local\Facebook\Video\Skyp e\FacebookVideoCalling.exe FirewallRules: [{BD4DFC8D-CC66-43E0-81C0-BA9E03309730}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.e xe FirewallRules: [{764ACF1E-5A10-4E45-8161-6705E9AFF89E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.e xe FirewallRules: [{119F5895-10B9-4EF4-B700-208DF75D30A0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{F8269206-9A63-4D42-8F4C-49ED5AB38807}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{14839B29-487F-440C-BB7D-016C17598B0F}C:\programdata\battle.net\agent\agent .3286\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3286\agent.e xe FirewallRules: [UDP Query User{D72ED449-FB07-4ABD-B2BC-E281A696E79D}C:\programdata\battle.net\agent\agent .3286\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3286\agent.e xe FirewallRules: [TCP Query User{036E8A23-6E8E-413F-B025-594AF9219C9C}C:\programdata\battle.net\agent\agent .3322\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3322\agent.e xe FirewallRules: [UDP Query User{3F2E9BD1-7E36-4241-B2A5-A5BF181977A0}C:\programdata\battle.net\agent\agent .3322\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3322\agent.e xe FirewallRules: [{A3769F85-B5B1-4DB6-B58D-9445C166F95A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.e xe FirewallRules: [{15730BA5-7B2E-4048-BD84-85C9C23E27FB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.e xe FirewallRules: [TCP Query User{E6F0B236-1853-44CA-A70D-DC64F166EC9C}C:\programdata\battle.net\agent\agent .3332\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3332\agent.e xe FirewallRules: [UDP Query User{04536ADA-EB06-48A1-BD17-F3E858B013C6}C:\programdata\battle.net\agent\agent .3332\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3332\agent.e xe FirewallRules: [{0625DBA0-A692-476A-AB01-BFFAC51D834A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.e xe FirewallRules: [{55D48C20-FBBE-4876-953D-EF84103C8B12}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.e xe FirewallRules: [TCP Query User{0E12822E-ADD8-460A-9D30-87A573492ADA}C:\programdata\battle.net\agent\agent .3346\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3346\agent.e xe FirewallRules: [UDP Query User{71C3D86B-344C-4AD2-B3CA-998A2B51CFE9}C:\programdata\battle.net\agent\agent .3346\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3346\agent.e xe FirewallRules: [{9BA85B50-925F-450A-B13B-25B90CE69BC6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.e xe FirewallRules: [{490E7AAB-3AA7-4C37-BC2D-820850E93512}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.e xe FirewallRules: [TCP Query User{57284803-BBED-45B7-B68F-70374EACDBEF}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{2206A26E-1DA3-4400-9D73-9CE36EE78FBA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{10CC8E51-FC9A-49DC-AD81-60AE862D934B}C:\programdata\battle.net\agent\agent .3427\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3427\agent.e xe FirewallRules: [UDP Query User{8BEB8B3F-859F-464A-8632-B945CCD57BB7}C:\programdata\battle.net\agent\agent .3427\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3427\agent.e xe FirewallRules: [TCP Query User{04FAA59E-BDA1-4858-AAAB-423DD96766FB}C:\programdata\battle.net\agent\agent .3454\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3454\agent.e xe FirewallRules: [UDP Query User{4674A3E9-112A-43D4-BB1B-48F3CD932523}C:\programdata\battle.net\agent\agent .3454\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3454\agent.e xe FirewallRules: [{2A472398-2645-4B5E-88FD-E9CE79AC4A64}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.e xe FirewallRules: [{2F6A8B54-6F3A-4F3D-AFD3-A7B875F5D45B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.e xe FirewallRules: [{3CB9D1ED-26BB-4551-8E96-11483C4D813C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.e xe FirewallRules: [{B1A15FFC-04AB-4B73-A556-FB259C8A86ED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.e xe FirewallRules: [TCP Query User{D1F4509B-F365-4EE6-B506-7251F7CF47C1}C:\users\jarhead\appdata\local\svcxdc l32.exe] => (Block) C:\users\jarhead\appdata\local\svcxdcl32.exe FirewallRules: [UDP Query User{4C30B56A-7DF5-4BF0-A989-523CDB56EBB9}C:\users\jarhead\appdata\local\svcxdc l32.exe] => (Block) C:\users\jarhead\appdata\local\svcxdcl32.exe FirewallRules: [TCP Query User{96EA1BA7-6E4F-45FD-AABC-50A74F345DB9}C:\programdata\windows genuine advantage\{067ed324-2127-4225-9878-cf84c9c21e00}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{067ed324-2127-4225-9878-cf84c9c21e00}\msiexec.exe FirewallRules: [UDP Query User{8C4AF939-1945-45AB-BBB6-3F946958FF55}C:\programdata\windows genuine advantage\{067ed324-2127-4225-9878-cf84c9c21e00}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{067ed324-2127-4225-9878-cf84c9c21e00}\msiexec.exe FirewallRules: [{B183E10B-5C67-4D5A-AFCB-31BCCB9462B7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.e xe FirewallRules: [{39410EC1-87CA-427F-97F8-B3AD75BFDF43}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.e xe FirewallRules: [TCP Query User{A9677D15-384F-4F86-8F7A-5B9FCE390129}C:\programdata\battle.net\agent\agent .3632\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3632\agent.e xe FirewallRules: [UDP Query User{D0554385-FAF3-47EC-997B-C1E40475D534}C:\programdata\battle.net\agent\agent .3632\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3632\agent.e xe FirewallRules: [{AE1BE147-782F-4984-8126-56BEC13E959E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.e xe FirewallRules: [{60E887C5-835E-41D8-ADE9-6A2BFCA8D638}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.e xe FirewallRules: [{14303E0F-22F2-4F7C-AE88-E7B1BD673AFC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.e xe FirewallRules: [{F25F4EA1-B5F6-4B59-8621-E58D5195AB55}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.e xe FirewallRules: [{0E34014B-E0E5-4A29-9E2C-7B7D731EB2A5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.e xe FirewallRules: [{255A4A7D-5B24-49F9-A507-C690CAC9B1D8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.e xe FirewallRules: [{E0CF787C-3601-440C-9835-C45D8D0A3C9B}] => (Allow) C:\Program Files (x86)\CrazyRemote\CrazyRemoteServer.exe FirewallRules: [{09B96DCD-A73F-4AA2-A344-7DF7BA01DDC5}] => (Allow) C:\Program Files (x86)\CrazyRemote\CrazyRemoteServer.exe FirewallRules: [{4024921D-DD91-47F8-89B5-2574F7324AC9}] => (Allow) C:\Program Files (x86)\CrazyRemote\CrazyRemote.exe FirewallRules: [{BF082DD3-12FD-4399-831B-5665BAA2F5E6}] => (Allow) C:\Program Files (x86)\CrazyRemote\CrazyRemoteServer.exe FirewallRules: [{4A849CA8-BEED-46E7-8E2C-6DF4A860EBC0}] => (Allow) C:\Program Files (x86)\CrazyRemote\CrazyRemoteServer.exe FirewallRules: [{4203655B-23F3-4383-B466-9041A8D9A50F}] => (Allow) C:\Program Files (x86)\CrazyRemote\CRHelper.exe FirewallRules: [{3B178693-29A0-4830-AE4F-2A2A7647D4B6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.e xe FirewallRules: [{1100979F-FE2E-41D8-A839-E749C2E73918}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.e xe FirewallRules: [{FC7342EA-B1BA-424C-A406-231CDB556698}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.e xe FirewallRules: [{57F81076-6613-4148-A5BB-2E279ECA9186}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.e xe FirewallRules: [{FC9A66C5-D82D-46AA-A85F-64852D60234D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D6E4BEEC-9479-4C12-AFEF-A13827DD9127}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{14812DB5-EC58-485B-87BC-F6282C08EE9B}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [UDP Query User{20261E96-A4FA-4D35-88DA-9B84EE525E98}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [TCP Query User{22AE59CF-7ED1-4F20-8AEB-DFF1EFDC3FA6}C:\users\jarhead\downloads\dolphin-4.0-win64\dolphin.exe] => (Block) C:\users\jarhead\downloads\dolphin-4.0-win64\dolphin.exe FirewallRules: [UDP Query User{6F235F32-EE2A-4E5B-8CAA-4A95DD4ABF0B}C:\users\jarhead\downloads\dolphin-4.0-win64\dolphin.exe] => (Block) C:\users\jarhead\downloads\dolphin-4.0-win64\dolphin.exe FirewallRules: [TCP Query User{72834F12-C859-44F6-82BB-48DC704812E6}C:\games\call of duty black ops 2\sp.exe] => (Allow) C:\games\call of duty black ops 2\sp.exe FirewallRules: [UDP Query User{6481978D-EF58-4C41-A750-40430DE6F974}C:\games\call of duty black ops 2\sp.exe] => (Allow) C:\games\call of duty black ops 2\sp.exe FirewallRules: [TCP Query User{0C148A13-3EE5-455A-9703-7AA568733A04}C:\games\call of duty black ops 2\t6zm.exe] => (Allow) C:\games\call of duty black ops 2\t6zm.exe FirewallRules: [UDP Query User{7FDE9CE1-D1F5-4491-9DB2-F6D254354F4B}C:\games\call of duty black ops 2\t6zm.exe] => (Allow) C:\games\call of duty black ops 2\t6zm.exe FirewallRules: [TCP Query User{F714D022-FABF-4817-BC15-818A63F70EDF}C:\games\call of duty black ops 2\t6mp.exe] => (Allow) C:\games\call of duty black ops 2\t6mp.exe FirewallRules: [UDP Query User{AA11F348-9910-4F8E-8823-271541FF6510}C:\games\call of duty black ops 2\t6mp.exe] => (Allow) C:\games\call of duty black ops 2\t6mp.exe FirewallRules: [TCP Query User{0D9BA6C4-FC2B-4092-8C5D-B738F5D13742}C:\games\call of duty black ops 2\t6sp.exe] => (Block) C:\games\call of duty black ops 2\t6sp.exe FirewallRules: [UDP Query User{07D90EF2-9BE5-48DC-9CF3-3296ED6CC833}C:\games\call of duty black ops 2\t6sp.exe] => (Block) C:\games\call of duty black ops 2\t6sp.exe FirewallRules: [{12BF8754-6E2F-47E0-A6FC-5BAE7737F089}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\W40K Kill Team\killteam.exe FirewallRules: [{6AE26D84-584D-4E09-9FE1-650C617445EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\W40K Kill Team\killteam.exe FirewallRules: [TCP Query User{6AF8255A-F93D-404D-B33A-0DC35DC1154A}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{06226DA1-3C8E-4D50-957F-E8E6C2F4469E}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe FirewallRules: [TCP Query User{FF2DC1F7-2981-467A-A897-68C3E2CAE388}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{BEFD5260-0EB7-43A8-9BAE-6B4FEDF6889E}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe FirewallRules: [{3258C848-BF94-4FA8-98FF-BE005B9EC2CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{C6F90EB8-43CC-4AEE-B622-89D47A7C8156}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{CE73A838-D110-4BD3-84A2-75454B0D1304}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{499DDD26-128A-491D-80E9-C8BE900AF5AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{4C8610E3-7E2E-4A32-9599-D438AED8C1C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{29404B08-303F-4E77-AE19-B10D4BF7ECF6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{1E213E50-9932-4281-B9A4-845EF593817F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{57CB3094-B39E-4769-BBAE-66A6E232F44B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{EF9B8D53-A550-4ABD-9822-6189E24DD7A6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{39E3E0D2-A789-4173-83F6-6AA928AD4292}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_60\bin\javaw.exe FirewallRules: [UDP Query User{99750EA4-E9CF-479D-ACF7-4A3312C3559E}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_60\bin\javaw.exe FirewallRules: [{026158D3-4B5B-4DC7-926F-76DEA818C4A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E2C0EFCE-A6E6-44BC-9634-6D4F9652317A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{EF7CE248-3F6F-4DA0-8F42-792635245CF7}] => (Allow) C:\Users\Jarhead\AppData\Local\Temp\7zS606F\HPDiag nosticCoreUI.exe FirewallRules: [{0C02EFCE-E4B5-4824-9CB4-7203730D6F00}] => (Allow) C:\Users\Jarhead\AppData\Local\Temp\7zS606F\HPDiag nosticCoreUI.exe FirewallRules: [{BA2A81BA-4DA4-4F68-89D7-5B2B550EF334}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe FirewallRules: [{81B038EA-3590-4E70-9FE2-71CAE4CCAA9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe FirewallRules: [{557B6E61-4C4E-4748-9CBF-2138EE7361A7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{7EFD94CB-F1B9-40FD-9EC5-C0803AAD111E}] => (Allow) C:\mjusbsp\magicJack.exe FirewallRules: [{849A3223-B6F6-4181-8FCA-69D7E7F400C2}] => (Allow) C:\mjusbsp\magicJack.exe FirewallRules: [{7D32D541-B02F-49BA-8544-4DE1046A1813}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{3F0EFB39-1DD6-49CE-9DB6-0DA0F3600672}] => (Allow) C:\mjusbsp\magicJack.exe FirewallRules: [{4ECD131C-C0A8-4E1D-BAF0-701E674FE80C}] => (Allow) C:\mjusbsp\magicJack.exe FirewallRules: [{1F37ACCA-D35C-4B46-8BAB-9F0362066E46}] => (Allow) C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\mjusbsp\magicJack.exe FirewallRules: [{4DE0EB96-F35E-45A2-B8D4-EDE22DD66873}] => (Allow) C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\mjusbsp\magicJack.exe ==================== Restore Points ========================= 01-02-2016 18:56:38 Windows Update 05-02-2016 18:57:01 Windows Update 09-02-2016 18:56:34 Windows Update 11-02-2016 03:00:13 Windows Update 12-02-2016 21:06:03 Zemana AntiMalware 2/12/2016 9:06:01 PM 12-02-2016 21:24:44 zoek.exe restore point ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/12/2016 10:28:00 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/12/2016 09:24:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: DaS_21.exe, version: 2.1.0.4, time stamp: 0x540c90b2 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x000007fe8f892f4c Faulting process id: 0x1130 Faulting application start time: 0xDaS_21.exe0 Faulting application path: DaS_21.exe1 Faulting module path: DaS_21.exe2 Report Id: DaS_21.exe3 Error: (02/12/2016 09:24:57 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: DaS_21.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException Stack: at DriverAndServicesOut.GetProcess.GetPathName(System .String) at DriverAndServicesOut.GetProcess.GetAllServices(Sys tem.String) at DriverAndServicesOut.Program.Main(System.String[]) Error: (02/12/2016 09:24:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service Coupon Printer Service since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Error: (02/12/2016 06:47:48 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418220 Error: (02/11/2016 06:47:53 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418220 Error: (02/11/2016 03:34:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/10/2016 06:47:48 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418220 Error: (02/09/2016 02:21:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 43.0.4.5848, time stamp: 0x568c88bd Faulting module name: mozglue.dll, version: 43.0.4.5848, time stamp: 0x568c7b16 Exception code: 0x80000003 Fault offset: 0x0000ed44 Faulting process id: 0xb80 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (02/09/2016 06:47:48 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418220 System errors: ============= Error: (02/12/2016 10:12:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (02/12/2016 10:12:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (02/12/2016 10:12:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (02/12/2016 10:12:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (02/12/2016 10:12:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (02/12/2016 09:06:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Coupon Printer Service service terminated unexpectedly. It has done this 1 time(s). Error: (01/12/2016 07:53:50 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 7:52:07 PM on 1/12/2016 was unexpected. Error: (01/11/2016 02:38:36 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (01/02/2016 08:55:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Power service terminated with service-specific error %%0. Error: (01/02/2016 08:55:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Diagnostic Service Host service failed to start due to the following error: %%1069 CodeIntegrity: =================================== Date: 2014-11-10 02:13:05.264 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-10 02:13:05.241 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-10 02:13:05.217 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-10 02:13:05.194 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-10 02:04:44.250 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-10 02:04:44.226 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-10 02:04:44.203 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-10 02:04:44.180 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-08 20:45:00.440 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-08 20:45:00.415 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X4 650 Processor Percentage of memory in use: 36% Total physical RAM: 8191.29 MB Available physical RAM: 5234.66 MB Total Virtual: 16380.78 MB Available Virtual: 13570.13 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:920.27 GB) (Free:454.44 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:11.15 GB) (Free:1.36 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ================================================== ====== Disk: 0 (Size: 931.5 GB) (Disk ID: 8D3FF166) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=920.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=11.1 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ |
#8
|
||||
|
||||
Hi unforgiven1977,
Uninstall: Yahoo! Toolbar =========================== If you want uninstall the Zemana AntiMalware software ============================================== Step1: Run FRST fixlist Please open notepad (Start > All Programs > Accessories > Notepad) Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad. Save it to the Desktop, and name it: fixlist.txt Code:
CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\...\Run: [Easy Dock] => [X] HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKU\S-1-5-21-2125622828-1049889843-2400163364-1001 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {20E6740E-07D0-403C-B434-82F09728D27A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-2125622828-1049889843-2400163364-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} FF ProfilePath: C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin HKU\S-1-5-21-2125622828-1049889843-2400163364-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jarhead\AppData\LocalLow\Unity\WebPlayer\ loader\npUnity3D32.dll [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] C:\Users\Jarhead\AppData\Local\PDFC 2016-02-12 22:12 - 2014-06-17 17:25 - 00000000 ____D C:\Users\Jarhead\AppData\Roaming\Yahoo! 2016-02-12 22:00 - 2012-03-07 10:25 - 00000000 ____D C:\Users\Jarhead\AppData\Local\CrashDumps 2013-12-10 20:07 - 2014-03-20 23:08 - 0003744 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml 2013-05-28 06:43 - 2013-05-28 06:43 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-11-06 20:45 - 2014-11-06 20:45 - 0000272 _____ () C:\ProgramData\INSTALL_TOR.URL Task: {01F05D17-DA7B-4F43-A4D8-3B256500E382} - System32\Tasks\4868 => C:\Windows\system32\wscript.exe [2013-10-11] (Microsoft Corporation) <==== ATTENTION Task: {06BF1157-E86D-4F20-9DBE-667D9ECE0B22} - System32\Tasks\{DFCC1CFB-FDF3-EC57-C350-0E86CB383AEE} => /s "C:\Users\Jarhead\AppData\Roaming\ebafg.dll" Task: {254FEDC9-E883-4607-9A44-50C5504EA505} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {F7907102-AB45-4C9F-AFE0-5200036F6242} - System32\Tasks\{721BEFDF-D4F8-DA45-4F42-02AA69ABA537} => /s "C:\Users\Jarhead\AppData\Roaming\queqth.dll" Task: C:\Windows\Tasks\HPCeeScheduleForJarhead.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe FirewallRules: [TCP Query User{635D44AC-1963-4381-A17B-049C264AD6B7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{F3751AFC-8B3F-4B12-9BC3-AA7E519016AA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{57284803-BBED-45B7-B68F-70374EACDBEF}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{2206A26E-1DA3-4400-9D73-9CE36EE78FBA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin FirewallRules: [TCP Query User{D1F4509B-F365-4EE6-B506-7251F7CF47C1}C:\users\jarhead\appdata\local\svcxdc l32.exe] => (Block) C:\users\jarhead\appdata\local\svcxdcl32.exe FirewallRules: [UDP Query User{4C30B56A-7DF5-4BF0-A989-523CDB56EBB9}C:\users\jarhead\appdata\local\svcxdc l32.exe] => (Block) C:\users\jarhead\appdata\local\svcxdcl32.exe CMD: ipconfig /flushdns EmptyTemp: Running this on another computer may cause damage to the Operating System. Now, please run FRST, and press theFix button, just once, and wait. When done, the tool creates a report on the Desktop called: Fixlog.txt >> Please post the Fixlog.txt in your reply. Step2: Please download AdwCleaner by Xplode onto your desktop.
Please download Junkware Removal Tool to your desktop.
|
#9
|
|||
|
|||
Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Jarhead (2016-02-13 10:43:59) Run:1 Running from C:\Users\Jarhead\Desktop Loaded Profiles: Jarhead (Available Profiles: Jarhead) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\...\Run: [Easy Dock] => [X] HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKU\S-1-5-21-2125622828-1049889843-2400163364-1001 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {20E6740E-07D0-403C-B434-82F09728D27A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-2125622828-1049889843-2400163364-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} FF ProfilePath: C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin HKU\S-1-5-21-2125622828-1049889843-2400163364-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jarhead\AppData\LocalLow\Unity\WebPlayer\ loader\npUnity3D32.dll [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] C:\Users\Jarhead\AppData\Local\PDFC 2016-02-12 22:12 - 2014-06-17 17:25 - 00000000 ____D C:\Users\Jarhead\AppData\Roaming\Yahoo! 2016-02-12 22:00 - 2012-03-07 10:25 - 00000000 ____D C:\Users\Jarhead\AppData\Local\CrashDumps 2013-12-10 20:07 - 2014-03-20 23:08 - 0003744 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml 2013-05-28 06:43 - 2013-05-28 06:43 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-11-06 20:45 - 2014-11-06 20:45 - 0000272 _____ () C:\ProgramData\INSTALL_TOR.URL Task: {01F05D17-DA7B-4F43-A4D8-3B256500E382} - System32\Tasks\4868 => C:\Windows\system32\wscript.exe [2013-10-11] (Microsoft Corporation) <==== ATTENTION Task: {06BF1157-E86D-4F20-9DBE-667D9ECE0B22} - System32\Tasks\{DFCC1CFB-FDF3-EC57-C350-0E86CB383AEE} => /s "C:\Users\Jarhead\AppData\Roaming\ebafg.dll" Task: {254FEDC9-E883-4607-9A44-50C5504EA505} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {F7907102-AB45-4C9F-AFE0-5200036F6242} - System32\Tasks\{721BEFDF-D4F8-DA45-4F42-02AA69ABA537} => /s "C:\Users\Jarhead\AppData\Roaming\queqth.dll" Task: C:\Windows\Tasks\HPCeeScheduleForJarhead.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe FirewallRules: [TCP Query User{635D44AC-1963-4381-A17B-049C264AD6B7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{F3751AFC-8B3F-4B12-9BC3-AA7E519016AA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{57284803-BBED-45B7-B68F-70374EACDBEF}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{2206A26E-1DA3-4400-9D73-9CE36EE78FBA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin FirewallRules: [TCP Query User{D1F4509B-F365-4EE6-B506-7251F7CF47C1}C:\users\jarhead\appdata\local\svcxdc l32.exe] => (Block) C:\users\jarhead\appdata\local\svcxdcl32.exe FirewallRules: [UDP Query User{4C30B56A-7DF5-4BF0-A989-523CDB56EBB9}C:\users\jarhead\appdata\local\svcxdc l32.exe] => (Block) C:\users\jarhead\appdata\local\svcxdcl32.exe CMD: ipconfig /flushdns EmptyTemp: ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Run\\ => value removed successfully HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\Software\Microsoft\Windows\CurrentVersion\Run \\Easy Dock => value removed successfully "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully "HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value removed successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{20E6740E-07D0-403C-B434-82F09728D27A}" => key removed successfully HKCR\CLSID\{20E6740E-07D0-403C-B434-82F09728D27A} => key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. "HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. FF ProfilePath: C:\Users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default => FRST is scripted not to move this directory. "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@messeng er.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6" => key removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@microso ft.com/GENUINE" => key removed successfully "HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0" => key removed successfully C:\Users\Jarhead\AppData\LocalLow\Unity\WebPlayer\ loader\npUnity3D32.dll => not found. HKLM\Software\Wow6432Node\MozillaPlugins\@microsof t.com/GENUINE => key not found. C:\Users\Jarhead\AppData\Local\PDFC => moved successfully C:\Users\Jarhead\AppData\Roaming\Yahoo! => moved successfully C:\Users\Jarhead\AppData\Local\CrashDumps => moved successfully C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml => moved successfully C:\ProgramData\Ament.ini => moved successfully C:\ProgramData\INSTALL_TOR.URL => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01F05D 17-DA7B-4F43-A4D8-3B256500E382}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01F05D 17-DA7B-4F43-A4D8-3B256500E382}" => key removed successfully C:\Windows\System32\Tasks\4868 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4868" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{06BF11 57-E86D-4F20-9DBE-667D9ECE0B22}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06BF11 57-E86D-4F20-9DBE-667D9ECE0B22}" => key removed successfully C:\Windows\System32\Tasks\{DFCC1CFB-FDF3-EC57-C350-0E86CB383AEE} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DFCC1CF B-FDF3-EC57-C350-0E86CB383AEE}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{254FED C9-E883-4607-9A44-50C5504EA505}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{254FED C9-E883-4607-9A44-50C5504EA505}" => key removed successfully C:\Windows\System32\Tasks\0 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F79071 02-AB45-4C9F-AFE0-5200036F6242}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F79071 02-AB45-4C9F-AFE0-5200036F6242}" => key removed successfully C:\Windows\System32\Tasks\{721BEFDF-D4F8-DA45-4F42-02AA69ABA537} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{721BEFD F-D4F8-DA45-4F42-02AA69ABA537}" => key removed successfully C:\Windows\Tasks\HPCeeScheduleForJarhead.job => moved successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{635D44AC-1963-4381-A17B-049C264AD6B7}C:\program files (x86)\java\jre7\bin\javaw.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F3751AFC-8B3F-4B12-9BC3-AA7E519016AA}C:\program files (x86)\java\jre7\bin\javaw.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{57284803-BBED-45B7-B68F-70374EACDBEF}C:\program files (x86)\java\jre7\bin\javaw.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2206A26E-1DA3-4400-9D73-9CE36EE78FBA}C:\program files (x86)\java\jre7\bin\javaw.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D1F4509B-F365-4EE6-B506-7251F7CF47C1}C:\users\jarhead\appdata\local\svcxdc l32.exe => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4C30B56A-7DF5-4BF0-A989-523CDB56EBB9}C:\users\jarhead\appdata\local\svcxdc l32.exe => value not found. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= EmptyTemp: => 278.8 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 10:45:02 ==== |
#10
|
|||
|
|||
# AdwCleaner v5.033 - Logfile created 13/02/2016 at 10:51:50
# Updated 07/02/2016 by Xplode # Database : 2016-02-07.2 [Server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Jarhead - JARHEAD-HP # Running from : C:\Users\Jarhead\Desktop\AdwCleaner.exe # Option : Scan # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Mozilla\Extends Key Found : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\a vgsh Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} Key Found : HKCU\Software\Mozilla\Extends Key Found : HKCU\Software\PRODUCTSETUP Key Found : HKCU\Software\Yahoo\Companion Key Found : HKCU\Software\Yahoo\YFriendsBar Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion Key Found : HKLM\SOFTWARE\Yahoo\Companion Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Yahoo! Toolbar Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\adbabylon.com Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.adbabylon.com Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\craftcrawlers.com Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\dotomi.com Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\quizzes.ask.com Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com ***** [ Web browsers ] ***** ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2672 bytes] ########## |
#11
|
|||
|
|||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.2 (01.06.2016) Operating System: Windows 7 Home Premium x64 Ran by Jarhead (Administrator) on Sat 02/13/2016 at 10:57:27.98 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~ File System: 4 Successfully deleted: C:\Users\Jarhead\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\6Y1HHSAO (Folder) Successfully deleted: C:\Users\Jarhead\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\O0VP2ZHU (Folder) Successfully deleted: C:\Users\Jarhead\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\QKA7C1J5 (Folder) Successfully deleted: C:\Users\Jarhead\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\WRDVS0WK (Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~ Scan was completed on Sat 02/13/2016 at 10:59:55.86 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~ |
#12
|
||||
|
||||
Hi unforgiven1977,
Thanks for the Logs. Step 1: Scan with Malwarebytes Antimalware: Please download Malwarebytes Anti-Malware to your desktop.
ComboFix run: Please be sure to run our tools with administrator rights. * IMPORTAN: 1Place ComboFix.exe on your Desktop * IMPORTAN: 2Ensure your external and/or USB drives are inserted during the scan Next, downloadComboFix Save to the Desktop
Step 3: RogueKiller by Tigzy
|
#13
|
|||
|
|||
Malwarebytes Anti-Malware
www.malwarebytes.org Scan Date: 2/15/2016 Scan Time: 12:29 PM Logfile: Administrator: Yes Version: 2.2.0.1024 Malware Database: v2016.02.15.03 Rootkit Database: v2016.02.08.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Jarhead Scan Type: Threat Scan Result: Completed Objects Scanned: 396920 Time Elapsed: 22 min, 25 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.InstallCore, HKU\S-1-5-21-2125622828-1049889843-2400163364-1001\SOFTWARE\ICSW1.14, Quarantined, [8b74491753461422a3a726c30bf89769], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 2 PUP.Optional.WinYahoo, C:\Users\Jarhead\AppData\LocalLow\Microsoft\Intern et Explorer\Services\WinYahoo.ico, Quarantined, [1ae5a4bc2b6eb28447f2f2d3927143bd], PUP.Optional.WinYahoo, C:\Users\Jarhead\AppData\LocalLow\Microsoft\Intern et Explorer\Services\Wincy.ico, Quarantined, [8c73e67a4d4c71c53bf944d48d778878], Physical Sectors: 0 (No malicious items detected) (end) ComboFix 16-02-15.01 - Jarhead 02/16/2016 12:22:11.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5696 [GMT -5:00] Running from: c:\users\Jarhead\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2016-01-16 to 2016-02-16 ))))))))))))))))))))))))))))))) . . 2016-02-16 17:35 . 2016-02-16 17:35 -------- d-----w- c:\users\Public\AppData\Local\temp 2016-02-16 17:35 . 2016-02-16 17:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2016-02-16 16:04 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A04995B7-A5B5-4EA3-AB2F-B4EEDEFEDFD6}\mpengine.dll 2016-02-15 16:04 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2016-02-13 15:47 . 2016-02-13 15:47 -------- d-----w- c:\users\Jarhead\AppData\Local\PDFC 2016-02-13 03:33 . 2016-02-13 15:47 -------- d-----w- C:\FRST 2016-02-13 03:25 . 2016-02-13 02:18 24064 ----a-w- c:\windows\zoek-delete.exe 2016-02-13 03:25 . 2016-02-16 17:36 -------- d-----w- c:\users\Jarhead\AppData\Local\Temp 2016-02-13 02:18 . 2016-02-13 03:12 -------- d-----w- C:\zoek_backup 2016-02-13 00:04 . 2016-02-13 00:04 202144 ----a-w- c:\windows\system32\drivers\zamguard64.sys 2016-02-13 00:04 . 2016-02-13 00:04 202144 ----a-w- c:\windows\system32\drivers\zam64.sys 2016-02-13 00:04 . 2016-02-13 00:04 -------- d-----w- c:\program files (x86)\Zemana AntiMalware 2016-02-13 00:04 . 2016-02-13 00:04 -------- d-----w- c:\users\Jarhead\AppData\Local\Zemana 2016-02-10 10:57 . 2016-01-07 17:42 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys 2016-02-10 10:56 . 2016-01-22 06:17 159744 ----a-w- c:\windows\system32\mtxoci.dll 2016-02-10 09:38 . 2016-02-10 09:38 8817344 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2016-02-05 23:57 . 2015-07-02 11:18 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{899D80A6-6C9A-4E89-B244-33662F876A62}\gapaengine.dll 2016-01-31 19:58 . 2016-02-10 19:17 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2016-01-31 00:37 . 2016-01-31 00:37 -------- d-----w- c:\program files\iPod 2016-01-31 00:37 . 2016-01-31 00:37 -------- d-----w- c:\program files (x86)\iTunes 2016-01-31 00:37 . 2016-01-31 00:38 -------- d-----w- c:\program files\iTunes 2016-01-17 22:51 . 2016-01-17 22:51 212176 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 2016-01-17 22:51 . 2016-01-17 22:51 363808 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE 2016-01-17 22:51 . 2016-01-17 22:51 25336 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2016-02-15 17:27 . 2014-03-25 14:59 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2016-02-11 08:11 . 2012-03-03 08:55 146614896 ----a-w- c:\windows\system32\MRT.exe 2016-02-10 09:38 . 2012-04-01 17:54 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2016-02-10 09:38 . 2012-03-01 12:59 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2016-01-22 05:59 . 2016-02-10 10:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2016-01-17 22:01 . 2015-11-15 22:06 2444576 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2015-12-21 07:55 . 2015-12-21 07:55 9728 ----a-w- c:\windows\SysWow64\RzStats.IPC.dll 2015-12-14 22:24 . 2014-11-22 02:52 130880 ----a-w- c:\windows\system32\drivers\rzpnk.sys 2015-12-09 03:39 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe 2015-12-08 21:54 . 2016-01-12 21:10 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2015-12-08 21:54 . 2016-01-12 21:10 902144 ----a-w- c:\windows\SysWow64\WMADMOD.DLL 2015-12-08 21:54 . 2016-01-12 21:10 815616 ----a-w- c:\windows\SysWow64\WMADMOE.DLL 2015-12-08 21:54 . 2016-01-12 21:10 739328 ----a-w- c:\windows\SysWow64\WMSPDMOD.DLL 2015-12-08 21:54 . 2016-01-12 21:10 541184 ----a-w- c:\windows\SysWow64\WMVSDECD.DLL 2015-12-08 21:54 . 2016-01-12 21:10 740352 ----a-w- c:\windows\SysWow64\wmpmde.dll 2015-12-08 21:54 . 2016-01-12 21:10 1568768 ----a-w- c:\windows\SysWow64\WMVENCOD.DLL 2015-12-08 21:54 . 2016-01-12 21:10 665088 ----a-w- c:\windows\SysWow64\WMVXENCD.DLL 2015-12-08 21:54 . 2016-01-12 21:10 358400 ----a-w- c:\windows\SysWow64\WMVSENCD.DLL 2015-12-08 21:54 . 2016-01-12 21:10 1325056 ----a-w- c:\windows\SysWow64\WMSPDMOE.DLL 2015-12-08 21:54 . 2016-01-12 21:10 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2015-12-08 21:54 . 2016-01-12 21:10 154112 ----a-w- c:\windows\SysWow64\VIDRESZR.DLL 2015-12-08 21:53 . 2016-01-12 21:10 206848 ----a-w- c:\windows\SysWow64\RESAMPLEDMO.DLL 2015-12-08 21:53 . 2016-01-12 21:10 509952 ----a-w- c:\windows\SysWow64\qedit.dll 2015-12-08 21:53 . 2016-01-12 21:10 519680 ----a-w- c:\windows\SysWow64\qdvd.dll 2015-12-08 21:53 . 2016-01-12 21:10 1329664 ----a-w- c:\windows\SysWow64\quartz.dll 2015-12-08 21:53 . 2016-01-12 21:10 206848 ----a-w- c:\windows\SysWow64\qasf.dll 2015-12-08 21:53 . 2016-01-12 21:10 970240 ----a-w- c:\windows\SysWow64\msmpeg2adec.dll 2015-12-08 21:53 . 2016-01-12 21:10 829952 ----a-w- c:\windows\SysWow64\MSMPEG2ENC.DLL 2015-12-08 21:53 . 2016-01-12 21:10 241152 ----a-w- c:\windows\SysWow64\MPG4DECD.DLL 2015-12-08 21:53 . 2016-01-12 21:10 241152 ----a-w- c:\windows\SysWow64\MP43DECD.DLL 2015-12-08 21:53 . 2016-01-12 21:10 79872 ----a-w- c:\windows\SysWow64\MP3DMOD.DLL 2015-12-08 21:53 . 2016-01-12 21:10 415744 ----a-w- c:\windows\SysWow64\MP4SDECD.DLL 2015-12-08 21:53 . 2016-01-12 21:10 3209728 ----a-w- c:\windows\SysWow64\mf.dll 2015-12-08 21:53 . 2016-01-12 21:10 609280 ----a-w- c:\windows\SysWow64\MFWMAAEC.DLL 2015-12-08 21:53 . 2016-01-12 21:10 354816 ----a-w- c:\windows\SysWow64\mfplat.dll 2015-12-08 21:53 . 2016-01-12 21:10 53248 ----a-w- c:\windows\SysWow64\mfvdsp.dll 2015-12-08 21:53 . 2016-01-12 21:10 4608 ----a-w- c:\windows\SysWow64\ksuser.dll 2015-12-08 21:53 . 2016-01-12 21:10 103424 ----a-w- c:\windows\SysWow64\mfps.dll 2015-12-08 21:53 . 2016-01-12 21:10 489984 ----a-w- c:\windows\SysWow64\evr.dll 2015-12-08 21:53 . 2016-01-12 21:10 67584 ----a-w- c:\windows\SysWow64\devenum.dll 2015-12-08 21:53 . 2016-01-12 21:10 153600 ----a-w- c:\windows\SysWow64\COLORCNV.DLL 2015-12-08 21:53 . 2016-01-12 21:10 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe 2015-12-08 21:53 . 2016-01-12 21:10 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe 2015-12-08 21:53 . 2016-01-12 21:10 193536 ----a-w- c:\windows\SysWow64\ksproxy.ax 2015-12-08 21:52 . 2016-01-12 21:08 312320 ----a-w- c:\windows\SysWow64\gdi32.dll 2015-12-08 21:50 . 2016-01-12 21:10 2048 ----a-w- c:\windows\SysWow64\mferror.dll 2015-12-08 19:07 . 2016-01-12 21:10 978944 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2015-12-08 19:07 . 2016-01-12 21:10 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL 2015-12-08 19:07 . 2016-01-12 21:10 1232896 ----a-w- c:\windows\system32\WMADMOD.DLL 2015-12-08 19:07 . 2016-01-12 21:10 666112 ----a-w- c:\windows\system32\WMVSDECD.DLL 2015-12-08 19:07 . 2016-01-12 21:10 1153024 ----a-w- c:\windows\system32\WMADMOE.DLL 2015-12-08 19:07 . 2016-01-12 21:10 1955328 ----a-w- c:\windows\system32\WMVENCOD.DLL 2015-12-08 19:07 . 2016-01-12 21:10 1026048 ----a-w- c:\windows\system32\wmpmde.dll 2015-12-08 19:07 . 2016-01-12 21:10 642048 ----a-w- c:\windows\system32\WMVXENCD.DLL 2015-12-08 19:07 . 2016-01-12 21:10 447488 ----a-w- c:\windows\system32\WMVSENCD.DLL 2015-12-08 19:07 . 2016-01-12 21:10 1575424 ----a-w- c:\windows\system32\WMSPDMOE.DLL 2015-12-08 19:07 . 2016-01-12 21:10 1393152 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll 2015-12-08 19:07 . 2016-01-12 21:10 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2015-12-08 19:07 . 2016-01-12 21:10 292352 ----a-w- c:\windows\system32\VIDRESZR.DLL 2015-12-08 19:07 . 2016-01-12 21:10 378880 ----a-w- c:\windows\system32\SysFxUI.dll 2015-12-08 19:07 . 2016-01-12 21:10 225792 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL 2015-12-08 19:07 . 2016-01-12 21:10 624640 ----a-w- c:\windows\system32\qedit.dll 2015-12-08 19:07 . 2016-01-12 21:10 1573888 ----a-w- c:\windows\system32\quartz.dll 2015-12-08 19:07 . 2016-01-12 21:10 371712 ----a-w- c:\windows\system32\qdvd.dll 2015-12-08 19:07 . 2016-01-12 21:10 254464 ----a-w- c:\windows\system32\qasf.dll 2015-12-08 19:07 . 2016-01-12 21:10 1307136 ----a-w- c:\windows\system32\msmpeg2adec.dll 2015-12-08 19:07 . 2016-01-12 21:10 1160192 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL 2015-12-08 19:07 . 2016-01-12 21:10 4121600 ----a-w- c:\windows\system32\mf.dll 2015-12-08 19:07 . 2016-01-12 21:10 1010688 ----a-w- c:\windows\system32\mcmde.dll 2015-12-08 19:07 . 2016-01-12 21:10 653824 ----a-w- c:\windows\system32\MP4SDECD.DLL 2015-12-08 19:07 . 2016-01-12 21:10 484864 ----a-w- c:\windows\system32\MFWMAAEC.DLL 2015-12-08 19:07 . 2016-01-12 21:10 432128 ----a-w- c:\windows\system32\mfplat.dll 2015-12-08 19:07 . 2016-01-12 21:10 224768 ----a-w- c:\windows\system32\MPG4DECD.DLL 2015-12-08 19:07 . 2016-01-12 21:10 70144 ----a-w- c:\windows\system32\mfvdsp.dll 2015-12-08 19:07 . 2016-01-12 21:10 223744 ----a-w- c:\windows\system32\MP43DECD.DLL 2015-12-08 19:07 . 2016-01-12 21:10 100864 ----a-w- c:\windows\system32\MP3DMOD.DLL 2015-12-08 19:07 . 2016-01-12 21:10 206848 ----a-w- c:\windows\system32\mfps.dll 2015-12-08 19:07 . 2016-01-12 21:10 5120 ----a-w- c:\windows\system32\ksuser.dll 2015-12-08 19:07 . 2016-01-12 21:10 632320 ----a-w- c:\windows\system32\evr.dll 2015-12-08 19:07 . 2016-01-12 21:08 405504 ----a-w- c:\windows\system32\gdi32.dll 2015-12-08 19:07 . 2016-01-12 21:10 189952 ----a-w- c:\windows\system32\COLORCNV.DLL 2015-12-08 19:07 . 2016-01-12 21:10 76288 ----a-w- c:\windows\system32\devenum.dll 2015-12-08 19:07 . 2016-01-12 21:10 55808 ----a-w- c:\windows\system32\rrinstaller.exe 2015-12-08 19:06 . 2016-01-12 21:10 24576 ----a-w- c:\windows\system32\mfpmp.exe 2015-12-08 19:06 . 2016-01-12 21:10 250880 ----a-w- c:\windows\system32\ksproxy.ax 2015-12-08 19:04 . 2016-01-12 21:10 2048 ----a-w- c:\windows\system32\mferror.dll 2015-12-08 18:54 . 2016-01-12 21:10 116736 ----a-w- c:\windows\system32\drivers\drmk.sys 2015-12-08 18:12 . 2016-01-12 21:10 230400 ----a-w- c:\windows\system32\drivers\portcls.sys 2015-12-08 18:11 . 2016-01-12 21:10 5632 ----a-w- c:\windows\system32\drivers\drmkaud.sys 2015-11-20 19:40 . 2015-12-05 10:24 157696 ----a-w- c:\windows\ERUNT.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "CrazyRemote"="c:\program files (x86)\CrazyRemote\CrazyRemote.exe" [2013-05-23 499992] "CrazyRemoteCommand"="c:\program files (x86)\CrazyRemote\CrazyRemoteCommand.exe" [2013-05-23 48920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400] "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2015-11-19 591512] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920] "Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2009-01-21 532808] "Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-01-21 16712] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-01-29 594992] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "cdloader"="c:\windows\system32\config\systemprofi le\AppData\Roaming\mjusbsp\cdloader2.exe" [2014-07-04 51592] . c:\users\Jarhead\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\ CurseClientStartup.ccip [2012-4-2 0] magicBlock.lnk - c:\program files (x86)\magicBlock\magicBlock.exe [2008-5-3 479232] RCA Detective.lnk - c:\users\Jarhead\Documents\RCA Detective\RCADetective.exe [2012-6-6 866304] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ASUS\Bluetooth Software\BTTray.exe [2012-12-6 1393528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableSecureUIAPath"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\Bluetooth Software\BtwProximityCP.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x] R2 magicJack;magicJack;c:\mjusbsp\srvany.exe;c:\mjusb sp\srvany.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\ windows\SYSNATIVE\drivers\bcbtums.sys [x] R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c: \windows\SYSNATIVE\drivers\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c :\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] R3 GamesAppIntegrationService;GamesAppIntegrationServ ice;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\progra m files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\ windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.s ys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windo ws\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\ drivers\mwac.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys; c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c :\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\ windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c :\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c: \windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_ sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_ xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.s ys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\wi ndows\SYSNATIVE\drivers\zam64.sys [x] S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys; c:\windows\SYSNATIVE\drivers\zamguard64.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\window s\SYSNATIVE\atiesrxx.exe [x] S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x] S2 ClickToRunSvc;Microsoft Office Click-to-Run Service;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x] S2 CrazyRemoteServer;CrazyRemoteServer;c:\program files (x86)\CrazyRemote\CrazyRemoteServer.exe;c:\program files (x86)\CrazyRemote\CrazyRemoteServer.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows \SYSNATIVE\svchost.exe [x] S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c :\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\pro gram files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\pro gram files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x] S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x] S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgr k.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x] S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys; c:\windows\SYSNATIVE\drivers\rzpnk.sys [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x] S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\ windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c: \windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendp t.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x] S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\wi ndows\SYSNATIVE\DRIVERS\rzudd.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c :\windows\SYSNATIVE\drivers\usbfilter.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - NVSTREAMKMS . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}] 2015-12-18 15:42 286904 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll . Contents of the 'Scheduled Tasks' folder . 2016-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2012-04-01 09:38] . 2016-02-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2125622828-1049889843-2400163364-1001Core.job - c:\users\Jarhead\AppData\Local\Facebook\Update\Fac ebookUpdate.exe [2012-03-30 23:34] . 2016-02-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2125622828-1049889843-2400163364-1001UA.job - c:\users\Jarhead\AppData\Local\Facebook\Update\Fac ebookUpdate.exe [2012-03-30 23:34] . 2016-02-16 c:\windows\Tasks\HPCeeScheduleForJarhead.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2016-01-17 23:08 2093360 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2016-01-17 23:08 2093360 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2016-01-17 23:08 2093360 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-08-27 2634872] "ShadowPlay"="c:\windows\system32\nvspcap64.dl l" [2015-08-27 1710568] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-12-18 170256] "ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2016-01-26 12725488] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\program files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 209.18.47.62 209.18.47.61 Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL FF - ProfilePath - c:\users\Jarhead\AppData\Roaming\Mozilla\Firefox\P rofiles\gvhci303.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-Adobe Reader Synchronizer - c:\program files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe AddRemove-Yahoo! Messenger - c:\progra~2\Yahoo!\MESSEN~1\UNWISE.EXE . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p dfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il64_20_0_0_306_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_20_0_0_306_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _20_0_0_306.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.20" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _20_0_0_306.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _20_0_0_306.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _20_0_0_306.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security] @Denied: (Full) (Everyone) . Completion time: 2016-02-16 12:53:25 ComboFix-quarantined-files.txt 2016-02-16 17:53 . Pre-Run: 487,558,049,792 bytes free Post-Run: 487,085,682,688 bytes free . - - End Of File - - BDECBFBE80B0C234F87F88D32BFA1FA4 12AA7B560DD722627FB3D07C8E9CDA75 RogueKiller V11.0.12.0 [Feb 15 2016] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Jarhead [Administrator] Started from : C:\Users\Jarhead\Desktop\RogueKiller.exe Mode : Scan -- Date : 02/16/2016 14:15:56 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 8 ¤¤¤ [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Object -> Found [Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run | cdloader : "C:\Windows\system32\config\systemprofile\AppData\ Roaming\mjusbsp\cdloader2.exe" MAGICJACK [x][x] -> Found [Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run | cdloader : "C:\Windows\system32\config\systemprofile\AppData\ Roaming\mjusbsp\cdloader2.exe" MAGICJACK [x][x] -> Found [Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | cdloader : "C:\Windows\system32\config\systemprofile\AppData\ Roaming\mjusbsp\cdloader2.exe" MAGICJACK [x][x] -> Found [Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | cdloader : "C:\Windows\system32\config\systemprofile\AppData\ Roaming\mjusbsp\cdloader2.exe" MAGICJACK [x][x] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{F92E336F-3802-486D-BBCA-7AEFA7894905} | DhcpNameServer : 172.20.10.1 ([X]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters\Interfaces\{F92E336F-3802-486D-BBCA-7AEFA7894905} | DhcpNameServer : 172.20.10.1 ([X]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\T cpip\Parameters\Interfaces\{F92E336F-3802-486D-BBCA-7AEFA7894905} | DhcpNameServer : 172.20.10.1 ([X]) -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HDS721010CLA632 SATA Disk Device +++++ --- User --- [MBR] 516561e66654e768fc4787535c220826 [BSP] 9925b9d5e6989c3faa65989ea2beb7b9 : HP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 942354 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1930147840 | Size: 11413 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) |
#14
|
||||
|
||||
Thank you unforgiven1977,
Please scan your machine with ESET OnlineScan
How is the machine running now and any issues ? Please let me know. |
#15
|
|||
|
|||
The Eset scan listed no threats. The machine seems to be running normally now.
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
New Win 7 machine suddenly running slow | cnsjones | Malware Removal | 10 | March 29th, 2012 05:06 PM |
Newest Firefox & IE browsers are suddenly super slow! | NYKrumrie | Internet / Browsers | 1 | October 11th, 2008 12:27 AM |
My internet is suddenly running really slow. | Eruan | Internet / Browsers | 1 | May 10th, 2008 04:52 PM |
Internet connection is fine, but suddenly my browsers all quit working! | Zelemont | Windows XP | 8 | October 8th, 2007 08:50 PM |
Computer is suddenly running EXTREMELY slow.. | RastaMan | Windows XP | 3 | September 2nd, 2005 05:06 AM |
All times are GMT +1. The time now is 12:49 PM.