Errors, warnings, infections, trojans and junk

Posted 10/20/2014 8:46 PM
#97721
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 78
Please help with my PC, I keep getting pop ups saying I need help with my PC, I have checked my event viewer and there are so many errors and warnings I don't know how to fix, my Microsoft services are not enabled, I need to repair damages if possible and many applications need to be repaired. I am running Windows 8 Enterprise. PLEASE HELP!.
Posted 10/21/2014 1:38 PM
#97725
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Please download
Farbar Recovery Scan Tool

and save it to your Desktop.


[color=green]Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.[/color]


[LIST]
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy the log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).
Please also copy that along with the FRST.txt into your reply.
[/LIST]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/21/2014 8:55 PM
#97726
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 78
I was lucky to get this page to load, I finally got the tool so the log files should be in next few postings.
Posted 10/21/2014 8:56 PM
#97727
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 78
I have tried to download the farbar recovery scan tool but my PC will not allow it, the page just runs and runs but will not load. I was lucky to get this page open. Any suggestions?
Posted 10/21/2014 9:21 PM
#97728
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 78
I finally was able to get the download working, here is the first part of the logs:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/21/2014
Scan Time: 9:51:41 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.21.07
Rootkit Database: v2014.10.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: deb1

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330204
Time Elapsed: 18 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Groovorio.A, C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "https://search.conduit.com/?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPDC0B5DD9-CA94-430F-B747-E8AC71A4952F&SSPV=", "https://search.zonealarm.com/?Source=Homepage&oemCode=ZLN24358825550024-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=a8ed1c4c0000000000004c60de89b216", "https://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=34c2edc78b0a42549ec879b38507c8f9&tu=10GX0006L2B000s&sku=&tstsId=&ver=&", "https://www.searchnu.com/406", "https://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={DE3CE42F-98E6-11E2-9924-4C60DE89B216}", "https://mysearch.avg.com/?cid={B47FAD39-8EBA-40DD-A3A7-C167808ADBEB}&mid=5b32f84c36c24fa4a7d95434b9f611b2-a7838c850da87f6f818d8a7d6a1599588be899a1&lang=en&ds=hk018&pr=sa&d=2013-04-30%2009:13:25&v=15.1.0.2&pid=safeguard&sg=1&sap=hp", "https://groovorio.com/?f=7&a=grv_tuto19_14_41&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtC0AyB0FyByB0Dzy0DtDyDtN0D0Tzu0StCtDtCzytN1L2XzutAtFyDtFtCtFtCtN1L1Czu1N1C2X1V2Z2Y2Z1FtCzy1VtCyE1VyEtCtN1L1G1B1V1N2Y1L1Qzu2SyCtA0AtB0EzyyC0CtGyE0B0EyDtGtC0E0C0EtG0CtB0D0BtGyE0B0B0Fzy0FyC0A0FyB0AyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtByEtDyEtCyDzytG0EyE0DyDtGyEyByEyEtGzy0C0C0AtGyEtBtBtByEtBtCzy0FyB0AyD2Q&cr=826956710&ir=", "https://websearch.allsearches.info/?pid=2459&r=2014/10/18&hid=12662712063477400552&lg=EN&cc=US&unqvl=64" ],), Replaced,[df7ca770f78541f50e4762f99075c13f]

Physical Sectors: 0
(No malicious items detected)


(end)
Posted 10/21/2014 9:24 PM
#97729
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 78
This should be the rest of the log:


S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [329728 2012-07-25] (Microsoft Corporation) [File not signed]
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [474624 2012-07-25] (Microsoft Corporation) [File not signed]
S3 PrintNotify; C:\Windows\system32\svchost.exe [29696 2012-09-19] (Microsoft Corporation)
S3 PrintNotify; C:\Windows\SysWOW64\svchost.exe [23040 2012-09-19] (Microsoft Corporation)
R2 ProfSvc; C:\Windows\system32\profsvc.dll [209920 2012-07-25] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [268800 2012-07-25] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [99840 2012-07-25] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\Windows\System32\rasmans.dll [358400 2012-07-25] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [107520 2012-07-25] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [81920 2012-07-25] (Microsoft Corporation) [File not signed]
S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [159744 2012-07-25] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [9728 2012-07-25] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [817152 2012-07-25] (Microsoft Corporation) [File not signed]
S4 SCardSvr; C:\Windows\System32\SCardSvr.dll [196608 2012-07-25] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [149504 2012-07-25] (Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [148480 2012-07-25] (Microsoft Corporation) [File not signed]
S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2012-07-25] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [62976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [161792 2012-07-25] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [291328 2012-07-25] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [249344 2012-07-25] (Microsoft Corporation) [File not signed]
S4 SharedAccess; C:\Windows\System32\ipnathlp.dll [438784 2012-07-25] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [565760 2012-07-25] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [506368 2012-07-25] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14848 2012-07-25] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [769024 2012-07-25] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [266240 2012-07-25] (Microsoft Corporation) [File not signed]
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [81920 2012-07-25] (Microsoft Corporation) [File not signed]
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-06-06] (IObit)
R2 stisvc; C:\Windows\System32\wiaservc.dll [570880 2012-07-25] (Microsoft Corporation) [File not signed]
S3 StorSvc; C:\Windows\system32\storsvc.dll [20992 2012-07-25] (Microsoft Corporation) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation) [File not signed]
S3 svsvc; C:\Windows\system32\svsvc.dll [12800 2012-07-25] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [502784 2012-07-25] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [84480 2012-07-25] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [305664 2012-07-25] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [245760 2012-07-25] (Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [723968 2012-07-25] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [47104 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2012-07-25] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2012-07-25] (Microsoft Corporation) [File not signed]
S3 UmRdpService; C:\Windows\System32\umrdp.dll [250880 2012-07-25] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\System32\upnphost.dll [520704 2012-07-25] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\SysWOW64\upnphost.dll [409600 2012-07-25] (Microsoft Corporation) [File not signed]
S3 vmicheartbeat; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation) [File not signed]
S3 vmickvpexchange; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation) [File not signed]
S3 vmicrdv; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation) [File not signed]
S3 vmicshutdown; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation) [File not signed]
S3 vmictimesync; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation) [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [358400 2012-07-25] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1616896 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [335872 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [109568 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [96768 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\Windows\system32\wdi.dll [109568 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [96768 2012-07-25] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [218112 2012-07-25] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84992 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WiaRpc; C:\Windows\System32\wiarpc.dll [65536 2012-07-25] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [219648 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2836992 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [2042880 2012-07-25] (Microsoft Corporation) [File not signed]
R2 WLMS; C:\Windows\system32\wlms\wlms.exe [21504 2012-07-25] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [198144 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [11776 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10240 2012-07-25] (Microsoft Corporation) [File not signed]
S2 wuauserv; C:\Windows\system32\svchost.exe [29696 2012-09-19] (Microsoft Corporation)
S2 wuauserv; C:\Windows\SysWOW64\svchost.exe [23040 2012-09-19] (Microsoft Corporation)
R3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-25] (Microsoft Corporation) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 1394ohci; C:\Windows\System32\drivers\1394ohci.sys [226304 2012-07-25] (Microsoft Corporation) [File not signed]
S3 acpipagr; C:\Windows\System32\drivers\acpipagr.sys [10240 2012-07-25] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [12288 2012-07-25] (Microsoft Corporation) [File not signed]
S3 acpitime; C:\Windows\System32\drivers\acpitime.sys [10752 2012-07-25] (Microsoft Corporation) [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [79360 2012-07-25] (Microsoft Corporation) [File not signed]
S3 AsyncMac; C:\Windows\system32\DRIVERS\asyncmac.sys [26624 2012-07-25] (Microsoft Corporation) [File not signed]
R1 BasicDisplay; C:\Windows\System32\drivers\BasicDisplay.sys [48640 2012-07-25] (Microsoft Corporation) [File not signed]
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [29696 2012-07-25] (Microsoft Corporation) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [7680 2012-07-25] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [101888 2012-07-25] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [51200 2012-07-25] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [65536 2012-07-25] (Microsoft Corporation) [File not signed]
R4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [108544 2012-07-25] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\System32\drivers\cdrom.sys [174080 2012-07-25] (Microsoft Corporation) [File not signed]
S3 circlass; C:\Windows\System32\drivers\circlass.sys [45056 2012-07-25] (Microsoft Corporation) [File not signed]
S3 CmBatt; C:\Windows\System32\drivers\CmBatt.sys [25600 2012-07-25] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\Windows\System32\drivers\CompositeBus.sys [36352 2012-07-25] (Microsoft Corporation) [File not signed]
R3 condrv; C:\Windows\System32\drivers\condrv.sys [33792 2012-07-25] (Microsoft Corporation) [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [50688 2012-07-25] (Microsoft Corporation) [File not signed]
S3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [33280 2012-07-25] (Microsoft Corporation) [File not signed]
S3 ErrDev; C:\Windows\System32\drivers\errdev.sys [10240 2012-07-25] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [194560 2012-07-25] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\System32\drivers\fdc.sys [30720 2012-07-25] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34816 2012-07-25] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\Windows\System32\drivers\flpydisk.sys [24576 2012-07-25] (Microsoft Corporation) [File not signed]
S3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [12288 2012-07-25] (Microsoft Corporation) [File not signed]
S3 HidBatt; C:\Windows\System32\drivers\HidBatt.sys [27136 2012-07-25] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\System32\drivers\hidir.sys [46080 2012-07-25] (Microsoft Corporation) [File not signed]
S3 hyperkbd; C:\Windows\System32\drivers\hyperkbd.sys [11776 2012-07-25] (Microsoft Corporation) [File not signed]
S3 HyperVideo; C:\Windows\system32\DRIVERS\HyperVideo.sys [24576 2012-07-25] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [89088 2012-07-25] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [145920 2012-07-25] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2012-07-25] (Microsoft Corporation) [File not signed]
R3 kdnic; C:\Windows\system32\DRIVERS\kdnic.sys [18432 2012-07-25] (Microsoft Corporation) [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [21376 2012-07-25] (Microsoft Corporation) [File not signed]
S3 Linksys_adapter_H; C:\Windows\system32\DRIVERS\AE2500w764.sys [1254464 2011-03-29] (Broadcom Corporation)
R2 lltdio; C:\Windows\system32\DRIVERS\lltdio.sys [60416 2012-07-25] (Microsoft Corporation) [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [134144 2012-07-25] (Microsoft Corporation) [File not signed]
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-21] (Malwarebytes Corporation)
R3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2012-07-25] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [141312 2012-07-25] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [279552 2012-07-25] (Microsoft Corporation) [File not signed]
S3 MsBridge; C:\Windows\system32\DRIVERS\bridge.sys [129536 2012-07-25] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2012-07-25] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8704 2012-07-25] (Microsoft Corporation) [File not signed]
S3 mshidumdf; C:\Windows\System32\drivers\mshidumdf.sys [10752 2012-07-25] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\system32\drivers\MSKSSRV.sys [11008 2012-07-25] (Microsoft Corporation) [File not signed]
R3 MsLldp; C:\Windows\system32\DRIVERS\mslldp.sys [68608 2012-07-25] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\system32\drivers\MSPCLOCK.sys [7168 2012-07-25] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\system32\drivers\MSPQM.sys [6912 2012-07-25] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\system32\drivers\MSTEE.sys [8192 2012-07-25] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\System32\drivers\MTConfig.sys [14848 2012-07-25] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\Windows\system32\DRIVERS\nwifi.sys [427520 2012-07-25] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\Windows\system32\DRIVERS\ndiscap.sys [46592 2012-07-25] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\system32\DRIVERS\ndisuio.sys [58880 2012-07-25] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\system32\DRIVERS\ndiswan.sys [174080 2012-07-25] (Microsoft Corporation) [File not signed]
S3 NDISWANLEGACY; C:\Windows\system32\DRIVERS\ndiswan.sys [174080 2012-07-25] (Microsoft Corporation) [File not signed]
R2 Ndu; C:\Windows\System32\drivers\Ndu.sys [97792 2012-07-25] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [46080 2012-07-25] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [331776 2012-07-25] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [49152 2012-07-25] (Microsoft Corporation) [File not signed]
R1 npsvctrig; C:\Windows\System32\drivers\npsvctrig.sys [23552 2012-07-25] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [34304 2012-07-25] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [5632 2012-07-25] (Microsoft Corporation) [File not signed]
R3 Parport; C:\Windows\System32\drivers\parport.sys [105984 2012-07-25] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\system32\DRIVERS\raspptp.sys [114176 2012-07-25] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\system32\DRIVERS\pacer.sys [145408 2012-07-25] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2012-07-25] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [16384 2012-07-25] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\Windows\system32\DRIVERS\AgileVpn.sys [68608 2012-07-25] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\system32\DRIVERS\rasl2tp.sys [124928 2012-07-25] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\system32\DRIVERS\raspppoe.sys [81920 2012-07-25] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\system32\DRIVERS\rassstp.sys [92672 2012-07-25] (Microsoft Corporation) [File not signed]
R3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [22528 2012-07-25] (Microsoft Corporation) [File not signed]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [179712 2012-07-25] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [208384 2012-07-25] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\Windows\system32\DRIVERS\rspndr.sys [78848 2012-07-25] (Microsoft Corporation) [File not signed]
R3 RTL8023x64; C:\Windows\system32\DRIVERS\Rtnic64.sys [51712 2012-06-02] (Realtek Semiconductor Corporation ) [File not signed]
S3 s3cap; C:\Windows\System32\drivers\vms3cap.sys [7168 2012-07-25] (Microsoft Corporation) [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [36864 2012-07-25] (Microsoft Corporation) [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2012-07-26] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 SerCx; C:\Windows\System32\drivers\SerCx.sys [62976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 Serenum; C:\Windows\System32\drivers\serenum.sys [23040 2012-07-25] (Microsoft Corporation) [File not signed]
S3 Serial; C:\Windows\System32\drivers\serial.sys [76800 2012-07-25] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\System32\drivers\sfloppy.sys [16896 2012-07-25] (Microsoft Corporation) [File not signed]
S3 SpbCx; C:\Windows\System32\drivers\SpbCx.sys [59392 2012-07-25] (Microsoft Corporation) [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [416768 2012-07-25] (Microsoft Corporation) [File not signed]
S3 storvsp; C:\Windows\System32\drivers\storvsp.sys [67584 2012-07-25] (Microsoft Corporation) [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45056 2012-07-25] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\system32\DRIVERS\tdx.sys [117248 2012-07-25] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [57344 2012-07-25] (Microsoft Corporation) [File not signed]
S3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [30208 2012-07-25] (Microsoft Corporation) [File not signed]
S3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [115712 2012-07-25] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\Windows\system32\DRIVERS\tunnel.sys [149504 2012-07-25] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\System32\drivers\umbus.sys [48128 2012-07-25] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\System32\drivers\umpass.sys [11776 2012-07-25] (Microsoft Corporation) [File not signed]
S3 Vid; C:\Windows\System32\drivers\Vid.sys [203776 2012-07-25] (Microsoft Corporation) [File not signed]
S3 VMBusHID; C:\Windows\System32\drivers\VMBusHID.sys [22144 2012-07-25] (Microsoft Corporation) [File not signed]
S3 vmbusr; C:\Windows\System32\drivers\vmbusr.sys [117248 2012-07-25] (Microsoft Corporation) [File not signed]
S3 vpcivsp; C:\Windows\System32\drivers\vpcivsp.sys [66048 2012-07-25] (Microsoft Corporation) [File not signed]
R3 VST64HWBS2; C:\Windows\system32\DRIVERS\VSTBS26.SYS [411136 2012-06-02] (Conexant Systems, Inc.) [File not signed]
R3 VST64_DPV; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [1485312 2012-06-02] (Conexant Systems, Inc.) [File not signed]
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24064 2012-07-25] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\Windows\system32\DRIVERS\vwififlt.sys [64000 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\System32\drivers\wacompen.sys [27008 2012-07-25] (Microsoft Corporation) [File not signed]
R3 winachsf; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [740864 2012-06-02] (Conexant Systems, Inc.) [File not signed]
S3 WmiAcpi; C:\Windows\System32\drivers\wmiacpi.sys [17408 2012-07-25] (Microsoft Corporation) [File not signed]
S3 wpcfltr; C:\Windows\System32\DRIVERS\wpcfltr.sys [45056 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WpdUpFltr; C:\Windows\System32\drivers\WpdUpFltr.sys [19968 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WUDFRd; C:\Windows\System32\drivers\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 14:11 - 2014-10-21 14:13 - 00034514 _____ () C:\Users\deb1\Downloads\FRST.txt
2014-10-21 14:10 - 2014-10-21 14:12 - 00000000 ___DC () C:\FRST
2014-10-21 14:09 - 2014-10-21 14:09 - 02110976 _____ (Farbar) C:\Users\deb1\Downloads\FRST64.exe
2014-10-21 14:02 - 2014-10-21 14:03 - 01102336 _____ (Farbar) C:\Users\deb1\Downloads\FRST (1).exe
2014-10-21 14:00 - 2014-10-21 14:01 - 01102336 _____ (Farbar) C:\Users\deb1\Downloads\FRST.exe
2014-10-21 09:36 - 2014-10-21 09:48 - 00003047 _____ () C:\Windows\WindowsUpdate.log
2014-10-21 09:12 - 2014-10-21 09:30 - 00000000 ____D () C:\Windows\Minidump
2014-10-20 13:31 - 2014-10-20 13:31 - 00000048 _____ () C:\Users\deb1\Desktop\CERT TECH.txt
2014-10-20 13:10 - 2014-10-20 14:14 - 00000000 ____D () C:\Users\deb1\AppData\Local\LogMeIn Rescue Applet
2014-10-18 12:38 - 2014-10-18 12:52 - 00000000 ____D () C:\Users\deb1\AppData\Roaming\EZDownloader
2014-10-18 12:22 - 2014-10-19 02:47 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-10-18 12:20 - 2014-10-18 12:52 - 00000000 ____D () C:\ProgramData\39b9e6995228379
2014-10-18 12:20 - 2014-10-18 12:49 - 00000394 __RSH () C:\ProgramData\ntuser.pol
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\Guest
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\deb1\AppData\Local\Torch
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\deb1\AppData\Local\Comodo
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\deb1\AppData\Local\Chromatic Browser
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\Administrator
2014-10-16 21:59 - 2014-10-17 19:11 - 00000000 ____D () C:\ProgramData\YZBYwuUBhTU
2014-10-15 22:11 - 2014-10-15 22:11 - 00000000 ____D () C:\Program Files (x86)\predm
2014-10-15 22:06 - 2014-10-15 22:06 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-10-15 21:49 - 2014-10-15 21:49 - 00000000 ____D () C:\Users\deb1\AppData\Local\Plarium
2014-10-15 21:38 - 2014-10-15 21:38 - 00000000 ____D () C:\Program Files (x86)\Krab Web
2014-10-15 21:35 - 2014-10-15 22:05 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-15 21:33 - 2014-10-17 18:49 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-10-15 21:33 - 2014-10-15 21:33 - 00000000 ____D () C:\Users\deb1\AppData\Local\globalUpdate
2014-10-15 21:31 - 2014-10-17 09:49 - 00000000 ___HD () C:\Users\Public\Temp
2014-10-15 21:28 - 2014-10-15 21:38 - 00000004 ____C () C:\end
2014-10-15 20:44 - 2014-10-17 19:11 - 00000000 ____D () C:\Users\deb1\AppData\Roaming\uTorrent
2014-10-15 18:47 - 2014-10-15 18:47 - 00572538 _____ () C:\Users\deb1\Downloads\fry bread.htm
2014-10-15 12:45 - 2014-10-15 12:45 - 02166784 _____ () C:\Users\deb1\Documents\eventlogs error.evtx
2014-10-15 12:44 - 2014-10-15 12:45 - 00000000 ____D () C:\Users\deb1\Documents\LocaleMetaData
2014-10-15 12:44 - 2014-10-15 12:44 - 02166784 _____ () C:\Users\deb1\Documents\eventlogerrors.evtx
2014-10-15 11:33 - 2014-10-15 11:33 - 00000017 _____ () C:\Users\deb1\AppData\Local\resmon.resmoncfg
2014-10-15 05:19 - 2014-10-17 19:11 - 00000000 ____D () C:\Users\deb1\Downloads\How to Season a Cast Iron Skillet Health Positive_files
2014-10-15 05:19 - 2014-10-15 05:19 - 00068165 _____ () C:\Users\deb1\Downloads\How to Season a Cast Iron Skillet Health Positive.html
2014-10-15 05:16 - 2014-09-13 16:30 - 00511065 _____ () C:\Users\deb1\Documents\photo.htm
2014-10-11 15:15 - 2014-10-11 15:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-10-11 15:03 - 2014-10-11 15:04 - 00000000 ___DC () C:\Program Files\Microsoft Office 15
2014-10-11 13:35 - 2014-10-11 14:59 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-10-09 23:50 - 2014-10-09 23:50 - 00044062 _____ () C:\Users\deb1\Downloads\how-to-season-a-cast-iron-skillet.html
2014-10-09 19:41 - 2014-10-09 19:41 - 00599435 _____ () C:\Users\deb1\Downloads\easy and healthy shrimp.htm
2014-10-09 04:54 - 2014-10-09 04:54 - 00004293 _____ () C:\Users\deb1\Documents\patrick resume.odt
2014-10-09 04:51 - 2014-10-09 04:51 - 00004334 _____ () C:\Users\deb1\Documents\my resume - Copy.odt
2014-10-08 22:12 - 2014-10-08 22:12 - 00357733 _____ () C:\Users\deb1\Downloads\photo (2).htm
2014-10-08 22:06 - 2014-10-14 10:34 - 00000000 ____D () C:\Users\deb1\Downloads\Fastpitch Softball Pitching Tips for Beginners STACK_files
2014-10-08 22:06 - 2014-10-08 22:06 - 00284212 _____ () C:\Users\deb1\Downloads\Fastpitch Softball Pitching Tips for Beginners STACK.html
2014-10-08 00:45 - 2014-10-08 00:45 - 00593705 _____ () C:\Users\deb1\Downloads\detox water.htm
2014-10-07 16:51 - 2014-10-07 16:51 - 00001106 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-10-07 16:50 - 2014-10-17 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-10-06 15:01 - 2014-10-06 15:01 - 00553401 _____ () C:\Users\deb1\Downloads\best shrimp ever.htm
2014-10-06 15:01 - 2014-10-06 15:01 - 00530156 _____ () C:\Users\deb1\Downloads\download.htm
2014-10-05 07:39 - 2014-10-05 07:39 - 00466025 _____ () C:\Users\deb1\Downloads\oreo cookie cake.htm
2014-10-05 04:50 - 2014-10-05 04:50 - 00603408 _____ () C:\Users\deb1\Downloads\hawiian salad.htm
2014-10-01 13:04 - 2014-10-01 13:04 - 00522653 _____ () C:\Users\deb1\Downloads\pumpkin muffins.htm
2014-09-27 02:32 - 2014-09-27 02:32 - 00474614 _____ () C:\Users\deb1\Downloads\(75) Facebook.htm
2014-09-27 02:31 - 2014-09-27 02:31 - 00482091 _____ () C:\Users\deb1\Downloads\photo (1).htm
2014-09-21 09:51 - 2014-09-21 09:52 - 00846122 _____ () C:\Users\deb1\Downloads\(1) Facebook.htm

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 13:22 - 2014-08-28 23:17 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-21 13:00 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
2014-10-21 09:51 - 2014-09-08 22:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-21 09:37 - 2014-08-28 23:02 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1012194949-3346247465-572865741-1001
2014-10-21 09:31 - 2014-08-28 23:17 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-21 09:31 - 2014-08-28 22:55 - 00000000 ____D () C:\Users\deb1
2014-10-21 09:31 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 09:30 - 2014-08-29 19:42 - 00000000 ____D () C:\Users\deb1\AppData\Roaming\ProductData
2014-10-21 09:30 - 2012-07-26 01:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-10-21 09:30 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\registration
2014-10-18 20:58 - 2014-08-28 23:08 - 00000000 ___DC () C:\Program Files\CCleaner
2014-10-18 13:13 - 2014-08-29 19:42 - 00000284 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job
2014-10-18 12:57 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\SysWOW64\setup
2014-10-18 12:57 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-10-18 12:57 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\SysWOW64\Com
2014-10-18 12:20 - 2014-08-28 23:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-18 12:20 - 2014-08-28 23:16 - 00000000 ____D () C:\Users\deb1\AppData\Local\Google
2014-10-18 12:20 - 2012-07-26 01:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-18 12:02 - 2014-08-29 00:07 - 00539136 ___SH () C:\Users\deb1\Downloads\Thumbs.db
2014-10-18 11:50 - 2014-08-29 19:41 - 00000000 ____D () C:\ProgramData\ProductData
2014-10-17 20:35 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-17 20:22 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-17 19:13 - 2014-09-02 06:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 19:13 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ToastData
2014-10-17 19:13 - 2012-07-26 01:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-17 19:12 - 2014-08-28 23:16 - 00000000 ____D () C:\Users\deb1\AppData\Roaming\vlc
2014-10-17 19:12 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-10-17 19:12 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-10-17 19:12 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-17 19:12 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache
2014-10-17 19:12 - 2012-07-25 22:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-10-17 19:11 - 2014-09-10 16:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-10-17 19:11 - 2014-08-28 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-17 19:11 - 2014-08-28 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-17 19:11 - 2012-07-26 01:12 - 00000000 ___DC () C:\Program Files\Common Files\microsoft shared
2014-10-17 19:05 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\MUI
2014-10-15 17:24 - 2014-09-02 04:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-14 10:34 - 2014-09-10 16:36 - 00000000 ___RD () C:\Users\deb1\OneDrive
2014-10-11 15:37 - 2014-09-10 16:35 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-10-07 16:42 - 2014-09-19 23:50 - 00000000 ____D () C:\Users\deb1\Downloads\Fancy footwork dancers_files
2014-10-07 16:39 - 2014-08-28 23:19 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-21 23:42 - 2014-09-01 11:26 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-18 22:54

==================== End Of Log ============================
Posted 10/21/2014 9:31 PM
#97730
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 78
Here is the second log file:

l (x64) Version: 21-10-2014
Ran by deb1 at 2014-10-21 14:15:34
Running from C:\Users\deb1\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Canon MP490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.8.2663 - IObit)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.5.0.0 - IObit)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

19-10-2014 21:10:40 Scheduled Checkpoint
21-10-2014 16:26:13 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04B2B4CE-4F9B-4733-9F6D-F2735390B65F} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2014-06-06] (IObit)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {70DB2D65-3B84-47F5-8B51-FB0E5BB347BA} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {8CD0DE35-86CB-4510-93C9-1BA1D6524708} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {918130E9-11FA-421C-AC97-3CFA4414B6EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {A10B1E82-5620-4546-99AD-2A6D54ABBC0C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-10] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C1DC91A6-228D-4CFE-A02F-EEF6622202A7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E710720B-9D99-427E-B0DD-508B16963868} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-29] (IObit)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) =============

2014-08-28 23:06 - 2014-06-06 13:07 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2014-08-28 23:06 - 2014-06-06 13:07 - 00183584 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2014-08-28 23:06 - 2014-06-06 13:07 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2014-08-28 23:06 - 2014-06-06 13:08 - 00041248 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2014-10-07 16:39 - 2014-09-30 22:54 - 08911176 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\pdf.dll
2014-10-07 16:39 - 2014-09-30 22:54 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\ffmpegsumo.dll
2014-10-07 16:39 - 2014-09-30 22:54 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\PepperFlash\pepflashplayer.dll
2014-08-29 21:14 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\deb1\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-08-29 21:14 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\deb1\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\deb1\Downloads\Offical letters stating direct lineal descent.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WLMS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WLMS => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1012194949-3346247465-572865741-500 - Administrator - Disabled)
deb1 (S-1-5-21-1012194949-3346247465-572865741-1001 - Administrator - Enabled) => C:\Users\deb1
Guest (S-1-5-21-1012194949-3346247465-572865741-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1012194949-3346247465-572865741-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/21/2014 10:00:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1116) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU00035.log.

Error: (10/21/2014 09:50:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 38.0.2125.101, time stamp: 0x542b7ec6
Faulting module name: chrome.dll, version: 38.0.2125.101, time stamp: 0x542b7bca
Exception code: 0xc0000005
Fault offset: 0x002e6651
Faulting process id: 0xd10
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

Error: (10/21/2014 09:24:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 6.2.9200.16420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 72c

Start Time: 01cfed4a2f81add5

Termination Time: 62

Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report Id: ae8ff67b-593e-11e4-bee5-001921a7f77d

Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (10/20/2014 07:44:31 PM) (Source: MsiInstaller) (EventID: 10005) (User: DEB)
Description: Product: Microsoft Fix it 50719 -- This Microsoft Fix it does not apply to your operating system or application version.

Error: (10/20/2014 07:16:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.2.9200.16420, time stamp: 0x505a9152
Faulting module name: MFMediaEngine.dll, version: 6.2.9200.16579, time stamp: 0x51635d86
Exception code: 0xc0000005
Fault offset: 0x0000000000046844
Faulting process id: 0xb58
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5

Error: (10/18/2014 04:11:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: with error: The data is invalid.
.

Error: (10/18/2014 04:10:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: with error: The data is invalid.
.

Error: (10/18/2014 04:10:58 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: with error: The data is invalid.
.

Error: (10/18/2014 04:10:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: with error: The data is invalid.
.

Error: (10/17/2014 07:17:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -528.


System errors:
=============
Error: (10/21/2014 09:48:39 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (10/21/2014 09:46:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%2

Error: (10/21/2014 09:46:39 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (10/21/2014 09:44:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%2

Error: (10/21/2014 09:44:39 AM) (Source: DCOM) (EventID: 10010) (User: DEB)
Description: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

Error: (10/21/2014 09:42:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%2

Error: (10/21/2014 09:42:39 AM) (Source: DCOM) (EventID: 10010) (User: DEB)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (10/21/2014 09:40:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%2

Error: (10/21/2014 09:40:39 AM) (Source: DCOM) (EventID: 10010) (User: DEB)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (10/21/2014 09:38:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (10/21/2014 10:00:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost1116SRUJet: C:\Windows\system32\SRU\SRU00035.log-1811 (0xfffff8ed)

Error: (10/21/2014 09:50:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe38.0.2125.101542b7ec6chrome.dll38.0.2125.101542b7bcac0000005002e6651d1001cfed4f2cbee71fC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\chrome.dll6dbb2943-5942-11e4-bee5-001921a7f77d

Error: (10/21/2014 09:24:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SystemSettings.exe6.2.9200.1642072c01cfed4a2f81add562C:\Windows\ImmersiveControlPanel\SystemSettings.exeae8ff67b-593e-11e4-bee5-001921a7f77dwindows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel

Error: (10/20/2014 07:44:31 PM) (Source: MsiInstaller) (EventID: 10005) (User: DEB)
Description: Product: Microsoft Fix it 50719 -- This Microsoft Fix it does not apply to your operating system or application version.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/20/2014 07:16:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.2.9200.16420505a9152MFMediaEngine.dll6.2.9200.1657951635d86c00000050000000000046844b5801cfecd4b651e729C:\Windows\system32\wwahost.exeC:\Windows\System32\MFMediaEngine.dll3f074542-58c8-11e4-bee8-001921a7f77dMicrosoft.ZuneMusic_1.5.216.0_x64__8wekyb3d8bbweMicrosoft.ZuneMusic

Error: (10/18/2014 04:11:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: https://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2014 04:10:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: https://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2014 04:10:58 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: https://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2014 04:10:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: https://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/17/2014 07:17:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -528


CodeIntegrity Errors:
===================================
Date: 2014-10-20 20:02:38.531
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\powrprof.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-20 20:01:24.969
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\powrprof.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-20 20:01:06.782
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\powrprof.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-20 20:01:06.672
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\powrprof.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-20 20:01:06.594
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\powrprof.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-20 20:01:06.516
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\powrprof.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-20 20:01:06.438
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\powrprof.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-20 20:01:06.360
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\powrprof.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-20 20:01:06.282
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\powrprof.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-20 20:01:06.204
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\powrprof.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz
Percentage of memory in use: 89%
Total physical RAM: 1471.36 MB
Available physical RAM: 157.44 MB
Total Pagefile: 5823.36 MB
Available Pagefile: 2943.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.19 GB) (Free:46.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 1D82A7D9)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Posted 10/22/2014 3:49 AM
#97732
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 78
Just in case I copied the first scan again:


Ran by deb1 (administrator) on DEB on 21-10-2014 20:43:48
Running from C:\Users\deb1\Downloads
Loaded Profile: deb1 (Available profiles: deb1)
Platform: Windows 8 Enterprise Evaluation (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: https://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlms\wlms.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-1012194949-3346247465-572865741-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = https://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8E9DC014DDCCCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={sear
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\deb1\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File
CHR Plugin: (globalUpdate Update) - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
CHR Profile: C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (GoSave) - C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgplcbkdjhcppedccjmgenkidpnmcd [2014-10-18]
CHR Extension: (Google Drive) - C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-28]
CHR Extension: (Missing e) - C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid [2014-10-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-28]
CHR Extension: (Mahjongg) - C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop [2014-08-29]
CHR Extension: (Elite Unzip) - C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea [2014-10-11]
CHR Extension: (Webbing) - C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhhdagehgnjbdmikilpfnapkpglgdkb [2014-10-18]
CHR Extension: (NextCoup) - C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejbfcmkjciggppmmiehlgiadhmghlib [2014-10-18]
CHR Extension: (NextCoup) - C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleialmbafleojnjkjpchggdglfekdla [2014-10-18]
CHR Extension: (GoSave) - C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpkpkmgecongknmfoiogmihhefplihg [2014-10-18]
CHR Extension: (Google Wallet) - C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-28]
CHR Extension: (Mahjong Master) - C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oghchjojloakfbboibnfnleloeamkkgf [2014-08-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALG; C:\Windows\System32\alg.exe [94208 2012-07-25] (Microsoft Corporation) [File not signed]
S3 AllUserInstallAgent; C:\Windows\system32\AUInstallAgent.dll [122368 2012-07-25] (Microsoft Corporation) [File not signed]
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [37888 2012-07-25] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\Windows\System32\appmgmts.dll [187392 2012-07-25] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\Windows\SysWOW64\appmgmts.dll [152064 2012-07-25] (Microsoft Corporation) [File not signed]
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [112128 2012-07-25] (Microsoft Corporation) [File not signed]
R2 BITS; C:\Windows\System32\qmgr.dll [826368 2012-07-25] (Microsoft Corporation) [File not signed]
R3 Browser; C:\Windows\System32\browser.dll [134144 2012-07-25] (Microsoft Corporation) [File not signed]
S3 bthserv; C:\Windows\system32\bthserv.dll [89088 2012-07-25] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\Windows\System32\certprop.dll [149504 2012-07-25] (Microsoft Corporation) [File not signed]
S3 COMSysApp; C:\Windows\system32\dllhost.exe [10752 2012-07-25] (Microsoft Corporation) [File not signed]
S3 COMSysApp; C:\Windows\SysWOW64\dllhost.exe [8704 2012-07-25] (Microsoft Corporation) [File not signed]
S3 CscService; C:\Windows\System32\cscsvc.dll [767488 2012-07-25] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [817152 2012-07-25] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [340480 2012-07-25] (Microsoft Corporation) [File not signed]
R2 DeviceAssociationService; C:\Windows\system32\das.dll [342016 2012-07-25] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252928 2012-07-25] (Microsoft Corporation) [File not signed]
R2 DPS; C:\Windows\system32\dps.dll [197120 2012-07-25] (Microsoft Corporation) [File not signed]
S3 Eaphost; C:\Windows\System32\eapsvc.dll [105472 2012-07-25] (Microsoft Corporation) [File not signed]
S3 EFS; C:\Windows\system32\efssvc.dll [37376 2012-07-25] (Microsoft Corporation) [File not signed]
R2 EventLog; C:\Windows\System32\wevtsvc.dll [1731584 2012-07-25] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [507904 2012-07-25] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\SysWOW64\es.dll [394240 2012-07-25] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [669696 2012-07-25] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\Windows\system32\fdPHost.dll [21504 2012-07-25] (Microsoft Corporation) [File not signed]
R3 FDResPub; C:\Windows\system32\fdrespub.dll [33280 2012-07-25] (Microsoft Corporation) [File not signed]
S2 gpsvc; C:\Windows\System32\gpsvc.dll [1366016 2012-07-25] (Microsoft Corporation) [File not signed]
S3 hidserv; C:\Windows\system32\hidserv.dll [36352 2012-07-25] (Microsoft Corporation) [File not signed]
S3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2012-07-25] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [97792 2012-07-25] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [394752 2012-07-25] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [304128 2012-07-25] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\keyiso.dll [59904 2012-07-25] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [358912 2012-07-25] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [309248 2012-07-25] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [191488 2012-07-25] (Microsoft Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-08-29] (IObit)
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [274944 2012-07-25] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23040 2012-07-25] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [144384 2012-07-25] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [151552 2012-07-25] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [124416 2012-07-25] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [62976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 napagent; C:\Windows\system32\qagentRT.dll [428544 2012-07-25] (Microsoft Corporation) [File not signed]
S3 NcaSvc; C:\Windows\System32\ncasvc.dll [161792 2012-07-25] (Microsoft Corporation) [File not signed]
R3 NcdAutoSetup; C:\Windows\System32\NcdAutoSetup.dll [73728 2012-07-25] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\netlogon.dll [743936 2012-07-25] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation) [File not signed]
S3 Netman; C:\Windows\System32\netman.dll [255488 2012-07-25] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2012-07-25] (Microsoft Corporation) [File not signed]
R3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [329728 2012-07-25] (Microsoft Corporation) [File not signed]
R3 p2psvc; C:\Windows\system32\p2psvc.dll [435712 2012-07-25] (Microsoft Corporation) [File not signed]
S3 PeerDistSvc; C:\Windows\system32\peerdistsvc.dll [2450944 2012-07-25] (Microsoft Corporation) [File not signed]
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2012-07-25] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1379840 2012-07-25] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\SysWOW64\pla.dll [1421824 2012-07-25] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [26624 2012-07-25] (Microsoft Corporation) [File not signed]
R3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [329728 2012-07-25] (Microsoft Corporation) [File not signed]
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [474624 2012-07-25] (Microsoft Corporation) [File not signed]
S3 PrintNotify; C:\Windows\system32\svchost.exe [29696 2012-09-19] (Microsoft Corporation)
S3 PrintNotify; C:\Windows\SysWOW64\svchost.exe [23040 2012-09-19] (Microsoft Corporation)
R2 ProfSvc; C:\Windows\system32\profsvc.dll [209920 2012-07-25] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [268800 2012-07-25] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [99840 2012-07-25] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\Windows\System32\rasmans.dll [358400 2012-07-25] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [107520 2012-07-25] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [81920 2012-07-25] (Microsoft Corporation) [File not signed]
S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [159744 2012-07-25] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [9728 2012-07-25] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [817152 2012-07-25] (Microsoft Corporation) [File not signed]
S4 SCardSvr; C:\Windows\System32\SCardSvr.dll [196608 2012-07-25] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [149504 2012-07-25] (Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [148480 2012-07-25] (Microsoft Corporation) [File not signed]
S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2012-07-25] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [62976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [161792 2012-07-25] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [291328 2012-07-25] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [249344 2012-07-25] (Microsoft Corporation) [File not signed]
S4 SharedAccess; C:\Windows\System32\ipnathlp.dll [438784 2012-07-25] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [565760 2012-07-25] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [506368 2012-07-25] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14848 2012-07-25] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [769024 2012-07-25] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [266240 2012-07-25] (Microsoft Corporation) [File not signed]
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [81920 2012-07-25] (Microsoft Corporation) [File not signed]
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-06-06] (IObit)
R2 stisvc; C:\Windows\System32\wiaservc.dll [570880 2012-07-25] (Microsoft Corporation) [File not signed]
S3 StorSvc; C:\Windows\system32\storsvc.dll [20992 2012-07-25] (Microsoft Corporation) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation) [File not signed]
S3 svsvc; C:\Windows\system32\svsvc.dll [12800 2012-07-25] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [502784 2012-07-25] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [84480 2012-07-25] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [305664 2012-07-25] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [245760 2012-07-25] (Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [723968 2012-07-25] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [47104 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2012-07-25] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2012-07-25] (Microsoft Corporation) [File not signed]
S3 UmRdpService; C:\Windows\System32\umrdp.dll [250880 2012-07-25] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\System32\upnphost.dll [520704 2012-07-25] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\SysWOW64\upnphost.dll [409600 2012-07-25] (Microsoft Corporation) [File not signed]
S3 vmicheartbeat; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation) [File not signed]
S3 vmickvpexchange; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation) [File not signed]
S3 vmicrdv; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation) [File not signed]
S3 vmicshutdown; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation) [File not signed]
S3 vmictimesync; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation) [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [358400 2012-07-25] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1616896 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [335872 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [109568 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [96768 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\Windows\system32\wdi.dll [109568 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [96768 2012-07-25] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [218112 2012-07-25] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84992 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WiaRpc; C:\Windows\System32\wiarpc.dll [65536 2012-07-25] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [219648 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2836992 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [2042880 2012-07-25] (Microsoft Corporation) [File not signed]
R2 WLMS; C:\Windows\system32\wlms\wlms.exe [21504 2012-07-25] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [198144 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [11776 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10240 2012-07-25] (Microsoft Corporation) [File not signed]
S2 wuauserv; C:\Windows\system32\svchost.exe [29696 2012-09-19] (Microsoft Corporation)
S2 wuauserv; C:\Windows\SysWOW64\svchost.exe [23040 2012-09-19] (Microsoft Corporation)
R3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-25] (Microsoft Corporation) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 1394ohci; C:\Windows\System32\drivers\1394ohci.sys [226304 2012-07-25] (Microsoft Corporation) [File not signed]
S3 acpipagr; C:\Windows\System32\drivers\acpipagr.sys [10240 2012-07-25] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [12288 2012-07-25] (Microsoft Corporation) [File not signed]
S3 acpitime; C:\Windows\System32\drivers\acpitime.sys [10752 2012-07-25] (Microsoft Corporation) [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [79360 2012-07-25] (Microsoft Corporation) [File not signed]
S3 AsyncMac; C:\Windows\system32\DRIVERS\asyncmac.sys [26624 2012-07-25] (Microsoft Corporation) [File not signed]
R1 BasicDisplay; C:\Windows\System32\drivers\BasicDisplay.sys [48640 2012-07-25] (Microsoft Corporation) [File not signed]
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [29696 2012-07-25] (Microsoft Corporation) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [7680 2012-07-25] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [101888 2012-07-25] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [51200 2012-07-25] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [65536 2012-07-25] (Microsoft Corporation) [File not signed]
R4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [108544 2012-07-25] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\System32\drivers\cdrom.sys [174080 2012-07-25] (Microsoft Corporation) [File not signed]
S3 circlass; C:\Windows\System32\drivers\circlass.sys [45056 2012-07-25] (Microsoft Corporation) [File not signed]
S3 CmBatt; C:\Windows\System32\drivers\CmBatt.sys [25600 2012-07-25] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\Windows\System32\drivers\CompositeBus.sys [36352 2012-07-25] (Microsoft Corporation) [File not signed]
R3 condrv; C:\Windows\System32\drivers\condrv.sys [33792 2012-07-25] (Microsoft Corporation) [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [50688 2012-07-25] (Microsoft Corporation) [File not signed]
S3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [33280 2012-07-25] (Microsoft Corporation) [File not signed]
S3 ErrDev; C:\Windows\System32\drivers\errdev.sys [10240 2012-07-25] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [194560 2012-07-25] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\System32\drivers\fdc.sys [30720 2012-07-25] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34816 2012-07-25] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\Windows\System32\drivers\flpydisk.sys [24576 2012-07-25] (Microsoft Corporation) [File not signed]
S3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [12288 2012-07-25] (Microsoft Corporation) [File not signed]
S3 HidBatt; C:\Windows\System32\drivers\HidBatt.sys [27136 2012-07-25] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\System32\drivers\hidir.sys [46080 2012-07-25] (Microsoft Corporation) [File not signed]
S3 hyperkbd; C:\Windows\System32\drivers\hyperkbd.sys [11776 2012-07-25] (Microsoft Corporation) [File not signed]
S3 HyperVideo; C:\Windows\system32\DRIVERS\HyperVideo.sys [24576 2012-07-25] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [89088 2012-07-25] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [145920 2012-07-25] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2012-07-25] (Microsoft Corporation) [File not signed]
R3 kdnic; C:\Windows\system32\DRIVERS\kdnic.sys [18432 2012-07-25] (Microsoft Corporation) [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [21376 2012-07-25] (Microsoft Corporation) [File not signed]
S3 Linksys_adapter_H; C:\Windows\system32\DRIVERS\AE2500w764.sys [1254464 2011-03-29] (Broadcom Corporation)
R2 lltdio; C:\Windows\system32\DRIVERS\lltdio.sys [60416 2012-07-25] (Microsoft Corporation) [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [134144 2012-07-25] (Microsoft Corporation) [File not signed]
R3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2012-07-25] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [141312 2012-07-25] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [279552 2012-07-25] (Microsoft Corporation) [File not signed]
S3 MsBridge; C:\Windows\system32\DRIVERS\bridge.sys [129536 2012-07-25] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2012-07-25] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8704 2012-07-25] (Microsoft Corporation) [File not signed]
S3 mshidumdf; C:\Windows\System32\drivers\mshidumdf.sys [10752 2012-07-25] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\system32\drivers\MSKSSRV.sys [11008 2012-07-25] (Microsoft Corporation) [File not signed]
R3 MsLldp; C:\Windows\system32\DRIVERS\mslldp.sys [68608 2012-07-25] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\system32\drivers\MSPCLOCK.sys [7168 2012-07-25] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\system32\drivers\MSPQM.sys [6912 2012-07-25] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\system32\drivers\MSTEE.sys [8192 2012-07-25] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\System32\drivers\MTConfig.sys [14848 2012-07-25] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\Windows\system32\DRIVERS\nwifi.sys [427520 2012-07-25] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\Windows\system32\DRIVERS\ndiscap.sys [46592 2012-07-25] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\system32\DRIVERS\ndisuio.sys [58880 2012-07-25] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\system32\DRIVERS\ndiswan.sys [174080 2012-07-25] (Microsoft Corporation) [File not signed]
S3 NDISWANLEGACY; C:\Windows\system32\DRIVERS\ndiswan.sys [174080 2012-07-25] (Microsoft Corporation) [File not signed]
R2 Ndu; C:\Windows\System32\drivers\Ndu.sys [97792 2012-07-25] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [46080 2012-07-25] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [331776 2012-07-25] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [49152 2012-07-25] (Microsoft Corporation) [File not signed]
R1 npsvctrig; C:\Windows\System32\drivers\npsvctrig.sys [23552 2012-07-25] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [34304 2012-07-25] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [5632 2012-07-25] (Microsoft Corporation) [File not signed]
R3 Parport; C:\Windows\System32\drivers\parport.sys [105984 2012-07-25] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\system32\DRIVERS\raspptp.sys [114176 2012-07-25] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\system32\DRIVERS\pacer.sys [145408 2012-07-25] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2012-07-25] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [16384 2012-07-25] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\Windows\system32\DRIVERS\AgileVpn.sys [68608 2012-07-25] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\system32\DRIVERS\rasl2tp.sys [124928 2012-07-25] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\system32\DRIVERS\raspppoe.sys [81920 2012-07-25] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\system32\DRIVERS\rassstp.sys [92672 2012-07-25] (Microsoft Corporation) [File not signed]
R3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [22528 2012-07-25] (Microsoft Corporation) [File not signed]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [179712 2012-07-25] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [208384 2012-07-25] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\Windows\system32\DRIVERS\rspndr.sys [78848 2012-07-25] (Microsoft Corporation) [File not signed]
R3 RTL8023x64; C:\Windows\system32\DRIVERS\Rtnic64.sys [51712 2012-06-02] (Realtek Semiconductor Corporation ) [File not signed]
S3 s3cap; C:\Windows\System32\drivers\vms3cap.sys [7168 2012-07-25] (Microsoft Corporation) [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [36864 2012-07-25] (Microsoft Corporation) [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2012-07-26] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 SerCx; C:\Windows\System32\drivers\SerCx.sys [62976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 Serenum; C:\Windows\System32\drivers\serenum.sys [23040 2012-07-25] (Microsoft Corporation) [File not signed]
S3 Serial; C:\Windows\System32\drivers\serial.sys [76800 2012-07-25] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\System32\drivers\sfloppy.sys [16896 2012-07-25] (Microsoft Corporation) [File not signed]
S3 SpbCx; C:\Windows\System32\drivers\SpbCx.sys [59392 2012-07-25] (Microsoft Corporation) [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [416768 2012-07-25] (Microsoft Corporation) [File not signed]
S3 storvsp; C:\Windows\System32\drivers\storvsp.sys [67584 2012-07-25] (Microsoft Corporation) [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45056 2012-07-25] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\system32\DRIVERS\tdx.sys [117248 2012-07-25] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [57344 2012-07-25] (Microsoft Corporation) [File not signed]
S3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [30208 2012-07-25] (Microsoft Corporation) [File not signed]
S3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [115712 2012-07-25] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\Windows\system32\DRIVERS\tunnel.sys [149504 2012-07-25] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\System32\drivers\umbus.sys [48128 2012-07-25] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\System32\drivers\umpass.sys [11776 2012-07-25] (Microsoft Corporation) [File not signed]
S3 Vid; C:\Windows\System32\drivers\Vid.sys [203776 2012-07-25] (Microsoft Corporation) [File not signed]
S3 VMBusHID; C:\Windows\System32\drivers\VMBusHID.sys [22144 2012-07-25] (Microsoft Corporation) [File not signed]
S3 vmbusr; C:\Windows\System32\drivers\vmbusr.sys [117248 2012-07-25] (Microsoft Corporation) [File not signed]
S3 vpcivsp; C:\Windows\System32\drivers\vpcivsp.sys [66048 2012-07-25] (Microsoft Corporation) [File not signed]
R3 VST64HWBS2; C:\Windows\system32\DRIVERS\VSTBS26.SYS [411136 2012-06-02] (Conexant Systems, Inc.) [File not signed]
R3 VST64_DPV; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [1485312 2012-06-02] (Conexant Systems, Inc.) [File not signed]
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24064 2012-07-25] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\Windows\system32\DRIVERS\vwififlt.sys [64000 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\System32\drivers\wacompen.sys [27008 2012-07-25] (Microsoft Corporation) [File not signed]
R3 winachsf; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [740864 2012-06-02] (Conexant Systems, Inc.) [File not signed]
S3 WmiAcpi; C:\Windows\System32\drivers\wmiacpi.sys [17408 2012-07-25] (Microsoft Corporation) [File not signed]
S3 wpcfltr; C:\Windows\System32\DRIVERS\wpcfltr.sys [45056 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WpdUpFltr; C:\Windows\System32\drivers\WpdUpFltr.sys [19968 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WUDFRd; C:\Windows\System32\drivers\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 14:51 - 2014-10-21 14:53 - 00000000 ___DC () C:\Users\deb1\AppData\Local\MigWiz
2014-10-21 14:15 - 2014-10-21 14:35 - 00000054 _____ () C:\Users\deb1\Downloads\Addition.txt
2014-10-21 14:11 - 2014-10-21 20:43 - 00034298 _____ () C:\Users\deb1\Downloads\FRST.txt
2014-10-21 14:10 - 2014-10-21 20:43 - 00000000 ___DC () C:\FRST
2014-10-21 14:09 - 2014-10-21 14:09 - 02110976 _____ (Farbar) C:\Users\deb1\Downloads\FRST64.exe
2014-10-21 09:36 - 2014-10-21 20:28 - 00004624 _____ () C:\Windows\WindowsUpdate.log
2014-10-21 09:12 - 2014-10-21 09:30 - 00000000 ____D () C:\Windows\Minidump
2014-10-20 13:31 - 2014-10-20 13:31 - 00000048 _____ () C:\Users\deb1\Desktop\CERT TECH.txt
2014-10-20 13:10 - 2014-10-20 14:14 - 00000000 ____D () C:\Users\deb1\AppData\Local\LogMeIn Rescue Applet
2014-10-18 12:38 - 2014-10-18 12:52 - 00000000 ____D () C:\Users\deb1\AppData\Roaming\EZDownloader
2014-10-18 12:22 - 2014-10-19 02:47 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-10-18 12:20 - 2014-10-18 12:52 - 00000000 ____D () C:\ProgramData\39b9e6995228379
2014-10-18 12:20 - 2014-10-18 12:49 - 00000394 __RSH () C:\ProgramData\ntuser.pol
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\Guest
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\deb1\AppData\Local\Torch
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\deb1\AppData\Local\Comodo
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\deb1\AppData\Local\Chromatic Browser
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____D () C:\Users\Administrator
2014-10-16 21:59 - 2014-10-17 19:11 - 00000000 ____D () C:\ProgramData\YZBYwuUBhTU
2014-10-15 22:11 - 2014-10-15 22:11 - 00000000 ____D () C:\Program Files (x86)\predm
2014-10-15 22:06 - 2014-10-15 22:06 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-10-15 21:49 - 2014-10-15 21:49 - 00000000 ____D () C:\Users\deb1\AppData\Local\Plarium
2014-10-15 21:38 - 2014-10-15 21:38 - 00000000 ____D () C:\Program Files (x86)\Krab Web
2014-10-15 21:35 - 2014-10-15 22:05 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-15 21:33 - 2014-10-17 18:49 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-10-15 21:33 - 2014-10-15 21:33 - 00000000 ____D () C:\Users\deb1\AppData\Local\globalUpdate
2014-10-15 21:31 - 2014-10-17 09:49 - 00000000 ___HD () C:\Users\Public\Temp
2014-10-15 21:28 - 2014-10-15 21:38 - 00000004 ____C () C:\end
2014-10-15 20:44 - 2014-10-17 19:11 - 00000000 ____D () C:\Users\deb1\AppData\Roaming\uTorrent
2014-10-15 18:47 - 2014-10-15 18:47 - 00572538 _____ () C:\Users\deb1\Downloads\fry bread.htm
2014-10-15 12:45 - 2014-10-15 12:45 - 02166784 _____ () C:\Users\deb1\Documents\eventlogs error.evtx
2014-10-15 12:44 - 2014-10-15 12:45 - 00000000 ____D () C:\Users\deb1\Documents\LocaleMetaData
2014-10-15 12:44 - 2014-10-15 12:44 - 02166784 _____ () C:\Users\deb1\Documents\eventlogerrors.evtx
2014-10-15 11:33 - 2014-10-15 11:33 - 00000017 _____ () C:\Users\deb1\AppData\Local\resmon.resmoncfg
2014-10-15 05:19 - 2014-10-17 19:11 - 00000000 ____D () C:\Users\deb1\Downloads\How to Season a Cast Iron Skillet Health Positive_files
2014-10-15 05:19 - 2014-10-15 05:19 - 00068165 _____ () C:\Users\deb1\Downloads\How to Season a Cast Iron Skillet Health Positive.html
2014-10-15 05:16 - 2014-09-13 16:30 - 00511065 _____ () C:\Users\deb1\Documents\photo.htm
2014-10-11 15:15 - 2014-10-11 15:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-10-11 15:03 - 2014-10-11 15:04 - 00000000 ___DC () C:\Program Files\Microsoft Office 15
2014-10-11 13:35 - 2014-10-11 14:59 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-10-09 23:50 - 2014-10-09 23:50 - 00044062 _____ () C:\Users\deb1\Downloads\how-to-season-a-cast-iron-skillet.html
2014-10-09 19:41 - 2014-10-09 19:41 - 00599435 _____ () C:\Users\deb1\Downloads\easy and healthy shrimp.htm
2014-10-09 04:54 - 2014-10-09 04:54 - 00004293 _____ () C:\Users\deb1\Documents\patrick resume.odt
2014-10-09 04:51 - 2014-10-09 04:51 - 00004334 _____ () C:\Users\deb1\Documents\my resume - Copy.odt
2014-10-08 22:12 - 2014-10-08 22:12 - 00357733 _____ () C:\Users\deb1\Downloads\photo (2).htm
2014-10-08 22:06 - 2014-10-14 10:34 - 00000000 ____D () C:\Users\deb1\Downloads\Fastpitch Softball Pitching Tips for Beginners STACK_files
2014-10-08 22:06 - 2014-10-08 22:06 - 00284212 _____ () C:\Users\deb1\Downloads\Fastpitch Softball Pitching Tips for Beginners STACK.html
2014-10-08 00:45 - 2014-10-08 00:45 - 00593705 _____ () C:\Users\deb1\Downloads\detox water.htm
2014-10-07 16:51 - 2014-10-07 16:51 - 00001106 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-10-07 16:50 - 2014-10-17 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-10-06 15:01 - 2014-10-06 15:01 - 00553401 _____ () C:\Users\deb1\Downloads\best shrimp ever.htm
2014-10-06 15:01 - 2014-10-06 15:01 - 00530156 _____ () C:\Users\deb1\Downloads\download.htm
2014-10-05 07:39 - 2014-10-05 07:39 - 00466025 _____ () C:\Users\deb1\Downloads\oreo cookie cake.htm
2014-10-05 04:50 - 2014-10-05 04:50 - 00603408 _____ () C:\Users\deb1\Downloads\hawiian salad.htm
2014-10-01 13:04 - 2014-10-01 13:04 - 00522653 _____ () C:\Users\deb1\Downloads\pumpkin muffins.htm
2014-09-27 02:32 - 2014-09-27 02:32 - 00474614 _____ () C:\Users\deb1\Downloads\(75) Facebook.htm
2014-09-27 02:31 - 2014-09-27 02:31 - 00482091 _____ () C:\Users\deb1\Downloads\photo (1).htm
2014-09-21 09:51 - 2014-09-21 09:52 - 00846122 _____ () C:\Users\deb1\Downloads\(1) Facebook.htm

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 20:43 - 2014-08-29 00:07 - 00539136 ___SH () C:\Users\deb1\Downloads\Thumbs.db
2014-10-21 20:27 - 2014-08-28 23:02 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1012194949-3346247465-572865741-1001
2014-10-21 20:22 - 2014-08-28 23:17 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-21 20:22 - 2014-08-28 23:17 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-21 20:13 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 16:00 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
2014-10-21 09:51 - 2014-09-08 22:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-21 09:31 - 2014-08-28 22:55 - 00000000 ____D () C:\Users\deb1
2014-10-21 09:30 - 2014-08-29 19:42 - 00000000 ____D () C:\Users\deb1\AppData\Roaming\ProductData
2014-10-21 09:30 - 2012-07-26 01:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-10-21 09:30 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\registration
2014-10-18 20:58 - 2014-08-28 23:08 - 00000000 ___DC () C:\Program Files\CCleaner
2014-10-18 13:13 - 2014-08-29 19:42 - 00000284 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job
2014-10-18 12:57 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\SysWOW64\setup
2014-10-18 12:57 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-10-18 12:57 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\SysWOW64\Com
2014-10-18 12:20 - 2014-08-28 23:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-18 12:20 - 2014-08-28 23:16 - 00000000 ____D () C:\Users\deb1\AppData\Local\Google
2014-10-18 12:20 - 2012-07-26 01:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-18 11:50 - 2014-08-29 19:41 - 00000000 ____D () C:\ProgramData\ProductData
2014-10-17 20:35 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-17 20:22 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-17 19:13 - 2014-09-02 06:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 19:13 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ToastData
2014-10-17 19:13 - 2012-07-26 01:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-17 19:12 - 2014-08-28 23:16 - 00000000 ____D () C:\Users\deb1\AppData\Roaming\vlc
2014-10-17 19:12 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-10-17 19:12 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-10-17 19:12 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-17 19:12 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache
2014-10-17 19:12 - 2012-07-25 22:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-10-17 19:11 - 2014-09-10 16:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-10-17 19:11 - 2014-08-28 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-17 19:11 - 2014-08-28 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-17 19:11 - 2012-07-26 01:12 - 00000000 ___DC () C:\Program Files\Common Files\microsoft shared
2014-10-17 19:05 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\MUI
2014-10-15 17:24 - 2014-09-02 04:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-14 10:34 - 2014-09-10 16:36 - 00000000 ___RD () C:\Users\deb1\OneDrive
2014-10-11 15:37 - 2014-09-10 16:35 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-10-07 16:42 - 2014-09-19 23:50 - 00000000 ____D () C:\Users\deb1\Downloads\Fancy footwork dancers_files
2014-10-07 16:39 - 2014-08-28 23:19 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-21 23:42 - 2014-09-01 11:26 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-18 22:54

==================== End Of Log ============================
Posted 10/22/2014 5:22 AM
#97734
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.


[code]
start
emptytemp::
CloseProcesses:
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
Task: {04B2B4CE-4F9B-4733-9F6D-F2735390B65F} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2014-06-06] (IObit)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {70DB2D65-3B84-47F5-8B51-FB0E5BB347BA} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {8CD0DE35-86CB-4510-93C9-1BA1D6524708} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {918130E9-11FA-421C-AC97-3CFA4414B6EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {A10B1E82-5620-4546-99AD-2A6D54ABBC0C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-10] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C1DC91A6-228D-4CFE-A02F-EEF6622202A7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E710720B-9D99-427E-B0DD-508B16963868} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-29] (IObit)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
C:\Program Files (x86)\IObit
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\deb1\Downloads\Offical letters stating direct lineal descent.eml:OECustomProperty
HKU\S-1-5-21-1012194949-3346247465-572865741-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR dev: Chrome dev build detected! <======= ATTENTION
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
end
[/code]


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Save notepad as fixlist.txt
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post in your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.



Please download
AdwCleaner

• Double click on AdwCleaner.exe to run the tool. 
***Note: Windows Vista and Windows 7 users: 
Right click in the adwCleaner.exe and select – Run as admin 
• Click Delete. 
• Everything that was found will be deleted. 
• Save any open files and approve the reboot. A text file will open after the restart.

Please post it in next reply 



Next -
Junkware Removal Tool by thisisu

Download: [url=https://thisisudax.org/downloads/JRT.exe ]Junk Removal Tool[/url]

To Desktop
Disable your Antivirus program if required
For vista and windows 7 right click on the tool and select run as administrator.

After the scan is completed, post the generated log here.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/22/2014 9:46 AM
#97736
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 78
Here is the log from fixlist:

written by Farbar) (x64) Version: 21-10-2014
Ran by deb1 at 2014-10-22 02:37:45 Run:1
Running from C:\Users\deb1\Downloads
Loaded Profile: deb1 (Available profiles: deb1)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

start
emptytemp::
CloseProcesses:
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
Task: {04B2B4CE-4F9B-4733-9F6D-F2735390B65F} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2014-06-06] (IObit)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {70DB2D65-3B84-47F5-8B51-FB0E5BB347BA} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {8CD0DE35-86CB-4510-93C9-1BA1D6524708} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {918130E9-11FA-421C-AC97-3CFA4414B6EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {A10B1E82-5620-4546-99AD-2A6D54ABBC0C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-10] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C1DC91A6-228D-4CFE-A02F-EEF6622202A7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E710720B-9D99-427E-B0DD-508B16963868} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-29] (IObit)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
C:\Program Files (x86)\IObit
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\deb1\DOWNLOADS\Offical letters stating direct lineal descent.eml:OECustomProperty
HKU\S-1-5-21-1012194949-3346247465-572865741-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR dev: Chrome dev build detected! <======= ATTENTION
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
end
*****************

Processes closed successfully.
gupdate => Service deleted successfully.
gupdatem => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{04B2B4CE-4F9B-4733-9F6D-F2735390B65F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04B2B4CE-4F9B-4733-9F6D-F2735390B65F}" => Key deleted successfully.
C:\Windows\System32\Tasks\StartMenuAutoupdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StartMenuAutoupdate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AAFF332-5C62-4558-9991-DAA649C4C9C5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AAFF332-5C62-4558-9991-DAA649C4C9C5}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Sysmain\WsSwapAssessmentTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23A5D8BE-9196-40EB-BD89-794398B2B073}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23A5D8BE-9196-40EB-BD89-794398B2B073}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WS\WSRefreshBannedAppsListTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70DB2D65-3B84-47F5-8B51-FB0E5BB347BA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70DB2D65-3B84-47F5-8B51-FB0E5BB347BA}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\Pre-staged GDR Notification" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8CD0DE35-86CB-4510-93C9-1BA1D6524708}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CD0DE35-86CB-4510-93C9-1BA1D6524708}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{918130E9-11FA-421C-AC97-3CFA4414B6EC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{918130E9-11FA-421C-AC97-3CFA4414B6EC}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A10B1E82-5620-4546-99AD-2A6D54ABBC0C}" => Key not found.
C:\Windows\System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemovalTools\MRT_HB" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A72208BF-7A49-4FB8-B684-252375F3443A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A72208BF-7A49-4FB8-B684-252375F3443A}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\WS\License Validation => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WS\License Validation" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1DC91A6-228D-4CFE-A02F-EEF6622202A7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1DC91A6-228D-4CFE-A02F-EEF6622202A7}" => Key deleted successfully.
C:\Windows\System32\Tasks\CCleanerSkipUAC => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6A88F2D-53D2-4805-9D69-443738A1847C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6A88F2D-53D2-4805-9D69-443738A1847C}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\ApplicationData\CleanupTemporaryState" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E710720B-9D99-427E-B0DD-508B16963868}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E710720B-9D99-427E-B0DD-508B16963868}" => Key deleted successfully.
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrator" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBF06DEC-4228-4813-AC0C-62821AE4E330}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBF06DEC-4228-4813-AC0C-62821AE4E330}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\StartupAppTask" => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => Moved successfully.
C:\Program Files (x86)\IObit => Moved successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\Users\deb1\DOWNLOADS\Offical letters stating direct lineal descent.eml => ":OECustomProperty" ADS removed successfully.
HKU\S-1-5-21-1012194949-3346247465-572865741-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset all =========

The following helper DLL cannot be loaded: P2PNETSH.DLL.
The following command was not found: winsock reset all.

========= End of CMD: =========


========= netsh int ipv4 reset =========


========= End of CMD: =========


========= netsh int ipv6 reset =========


========= End of CMD: =========
Posted 10/22/2014 10:13 AM
#97737
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 78
I had to run the AdwCleaner twice to get the log, this is what came up:


# DB v2014-10-21.1
# Updated 20/10/2014 by Xplode
# Operating System : Windows 8 Enterprise Evaluation (64 bits)
# Username : deb1 - DEB
# Running from : C:\Users\deb1\Downloads\adwcleaner_4.001.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Google Chrome v38.0.2125.101


*************************

AdwCleaner[R0].txt - [13891 octets] - [22/10/2014 02:53:06]
AdwCleaner[R1].txt - [856 octets] - [22/10/2014 03:05:30]
AdwCleaner[S0].txt - [14063 octets] - [22/10/2014 02:59:47]
AdwCleaner[S1].txt - [771 octets] - [22/10/2014 03:08:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [830 octets] ##########
Posted 10/22/2014 10:23 AM
#97738
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 78
Here is the log from the Junk Removal Tool:

~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 8 Enterprise Evaluation x64
Ran by deb1 on Wed 10/22/2014 at 3:15:46.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/22/2014 at 3:20:47.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Posted 10/22/2014 10:24 AM
#97739
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 78
So what happens now? Will there be more scans or anything else to do? Guess I can try using my PC now and see how it runs.
Posted 10/22/2014 11:28 AM
#97740
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
"Guess I can try using my PC now and see how it runs."




Sounds like a good idea, and tell how it runs.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/22/2014 7:05 PM
#97741
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 78
So I have been running my PC and it ran okay for a bit but when I ran another Malwarebytes scan, the infection is still there. Now I am having problems with these damn pop-ups again and something is trying to keep my Windows from opening.
Posted 10/22/2014 7:43 PM
#97742
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 78
So I ran malwarebytes and the infection (threat) is still there. Here is a copy of the log:


www.malwarebytes.org

Scan Date: 10/22/2014
Scan Time: 12:07:07 PM
Logfile: quarantine log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.22.08
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: deb1

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331384
Time Elapsed: 29 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Groovorio.A, C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "https://search.conduit.com/?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPDC0B5DD9-CA94-430F-B747-E8AC71A4952F&SSPV=", "https://search.zonealarm.com/?Source=Homepage&oemCode=ZLN24358825550024-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=a8ed1c4c0000000000004c60de89b216", "https://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=34c2edc78b0a42549ec879b38507c8f9&tu=10GX0006L2B000s&sku=&tstsId=&ver=&", "https://www.searchnu.com/406", "https://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={DE3CE42F-98E6-11E2-9924-4C60DE89B216}", "https://mysearch.avg.com/?cid={B47FAD39-8EBA-40DD-A3A7-C167808ADBEB}&mid=5b32f84c36c24fa4a7d95434b9f611b2-a7838c850da87f6f818d8a7d6a1599588be899a1&lang=en&ds=hk018&pr=sa&d=2013-04-30%2009:13:25&v=15.1.0.2&pid=safeguard&sg=1&sap=hp", "https://groovorio.com/?f=7&a=grv_tuto19_14_41&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtC0AyB0FyByB0Dzy0DtDyDtN0D0Tzu0StCtDtCzytN1L2XzutAtFyDtFtCtFtCtN1L1Czu1N1C2X1V2Z2Y2Z1FtCzy1VtCyE1VyEtCtN1L1G1B1V1N2Y1L1Qzu2SyCtA0AtB0EzyyC0CtGyE0B0EyDtGtC0E0C0EtG0CtB0D0BtGyE0B0B0Fzy0FyC0A0FyB0AyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtByEtDyEtCyDzytG0EyE0DyDtGyEyByEyEtGzy0C0C0AtGyEtBtBtByEtBtCzy0FyB0AyD2Q&cr=826956710&ir=", "https://websearch.allsearches.info/?pid=2459&r=2014/10/18&hid=12662712063477400552&lg=EN&cc=US&unqvl=64" ],), Replaced,[5c659e7917658fa7eff5cd8fc63f9e62]

Physical Sectors: 0
(No malicious items detected)


Please let me know if there is a way to get this thing out of my PC.
Posted 10/23/2014 5:02 AM
#97743
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 78
Please help my PC is back to having pop-up and infections.
Posted 10/23/2014 5:02 AM
#97744
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 78
So I tried turning on my PC just a bit ago and had a hard time trying to get Windows to open. And I just seen that the infection is back cuz when I clicked on this forum the new tab opened again with the same URL in the toolbar. The one that says "cdncache-a.akamaihd.net/pwn.html?u=http%3A%2Fi.display-trk.com%2Fclick%3Fv%3DVVM6NTU4MTQ6MjYOM". pLEASE HELP FIND A WAY TO GET RID OF THIS. i KNOW THIS CAN'T BE GOOD.
Posted 10/23/2014 5:41 AM
#97745
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 78
I ran the adwcleaner again and here is the log:

Report created 22/10/2014 at 02:59:47
# DB v2014-10-21.1
# Updated 20/10/2014 by Xplode
# Operating System : Windows 8 Enterprise Evaluation (64 bits)
# Username : deb1 - DEB
# Running from : C:\Users\deb1\Downloads\adwcleaner_4.001.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\deb1\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\deb1\AppData\Roaming\EZDownloader
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Users\deb1\AppData\Local\globalUpdate
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\deb1\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\ProgramData\Trusted Publisher
Folder Deleted : C:\Program Files (x86)\Krab Web
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgplcbkdjhcppedccjmgenkidpnmcd
Folder Deleted : C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgplcbkdjhcppedccjmgenkidpnmcd
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgplcbkdjhcppedccjmgenkidpnmcd
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgplcbkdjhcppedccjmgenkidpnmcd
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhhdagehgnjbdmikilpfnapkpglgdkb
Folder Deleted : C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhhdagehgnjbdmikilpfnapkpglgdkb
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhhdagehgnjbdmikilpfnapkpglgdkb
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhhdagehgnjbdmikilpfnapkpglgdkb
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejbfcmkjciggppmmiehlgiadhmghlib
Folder Deleted : C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejbfcmkjciggppmmiehlgiadhmghlib
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejbfcmkjciggppmmiehlgiadhmghlib
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejbfcmkjciggppmmiehlgiadhmghlib
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleialmbafleojnjkjpchggdglfekdla
Folder Deleted : C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleialmbafleojnjkjpchggdglfekdla
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleialmbafleojnjkjpchggdglfekdla
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleialmbafleojnjkjpchggdglfekdla
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpkpkmgecongknmfoiogmihhefplihg
Folder Deleted : C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpkpkmgecongknmfoiogmihhefplihg
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpkpkmgecongknmfoiogmihhefplihg
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpkpkmgecongknmfoiogmihhefplihg
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgplcbkdjhcppedccjmgenkidpnmcd
[!] Folder Deleted : C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgplcbkdjhcppedccjmgenkidpnmcd
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgplcbkdjhcppedccjmgenkidpnmcd
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgplcbkdjhcppedccjmgenkidpnmcd
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhhdagehgnjbdmikilpfnapkpglgdkb
[!] Folder Deleted : C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhhdagehgnjbdmikilpfnapkpglgdkb
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhhdagehgnjbdmikilpfnapkpglgdkb
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhhdagehgnjbdmikilpfnapkpglgdkb
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejbfcmkjciggppmmiehlgiadhmghlib
[!] Folder Deleted : C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejbfcmkjciggppmmiehlgiadhmghlib
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejbfcmkjciggppmmiehlgiadhmghlib
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejbfcmkjciggppmmiehlgiadhmghlib
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleialmbafleojnjkjpchggdglfekdla
[!] Folder Deleted : C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleialmbafleojnjkjpchggdglfekdla
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleialmbafleojnjkjpchggdglfekdla
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleialmbafleojnjkjpchggdglfekdla
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpkpkmgecongknmfoiogmihhefplihg
[!] Folder Deleted : C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpkpkmgecongknmfoiogmihhefplihg
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpkpkmgecongknmfoiogmihhefplihg
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpkpkmgecongknmfoiogmihhefplihg
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgplcbkdjhcppedccjmgenkidpnmcd
[!] Folder Deleted : C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgplcbkdjhcppedccjmgenkidpnmcd
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgplcbkdjhcppedccjmgenkidpnmcd
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgplcbkdjhcppedccjmgenkidpnmcd
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhhdagehgnjbdmikilpfnapkpglgdkb
[!] Folder Deleted : C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhhdagehgnjbdmikilpfnapkpglgdkb
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhhdagehgnjbdmikilpfnapkpglgdkb
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhhdagehgnjbdmikilpfnapkpglgdkb
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejbfcmkjciggppmmiehlgiadhmghlib
[!] Folder Deleted : C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejbfcmkjciggppmmiehlgiadhmghlib
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejbfcmkjciggppmmiehlgiadhmghlib
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejbfcmkjciggppmmiehlgiadhmghlib
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleialmbafleojnjkjpchggdglfekdla
[!] Folder Deleted : C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleialmbafleojnjkjpchggdglfekdla
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleialmbafleojnjkjpchggdglfekdla
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleialmbafleojnjkjpchggdglfekdla
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpkpkmgecongknmfoiogmihhefplihg
[!] Folder Deleted : C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpkpkmgecongknmfoiogmihhefplihg
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpkpkmgecongknmfoiogmihhefplihg
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpkpkmgecongknmfoiogmihhefplihg
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgplcbkdjhcppedccjmgenkidpnmcd
[!] Folder Deleted : C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgplcbkdjhcppedccjmgenkidpnmcd
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgplcbkdjhcppedccjmgenkidpnmcd
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgplcbkdjhcppedccjmgenkidpnmcd
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhhdagehgnjbdmikilpfnapkpglgdkb
[!] Folder Deleted : C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhhdagehgnjbdmikilpfnapkpglgdkb
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhhdagehgnjbdmikilpfnapkpglgdkb
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhhdagehgnjbdmikilpfnapkpglgdkb
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejbfcmkjciggppmmiehlgiadhmghlib
[!] Folder Deleted : C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejbfcmkjciggppmmiehlgiadhmghlib
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejbfcmkjciggppmmiehlgiadhmghlib
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejbfcmkjciggppmmiehlgiadhmghlib
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleialmbafleojnjkjpchggdglfekdla
[!] Folder Deleted : C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleialmbafleojnjkjpchggdglfekdla
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleialmbafleojnjkjpchggdglfekdla
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleialmbafleojnjkjpchggdglfekdla
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpkpkmgecongknmfoiogmihhefplihg
[!] Folder Deleted : C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpkpkmgecongknmfoiogmihhefplihg
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpkpkmgecongknmfoiogmihhefplihg
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpkpkmgecongknmfoiogmihhefplihg
File Deleted : C:\END

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{358066de-8d33-475c-9a67-5f3a3335e51e}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4c504aaf-a75e-43df-885e-faab24e7a609}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66efe49a-a020-48a1-a9d2-d46b0c8e0515}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{a5bb7e16-50f2-485f-b148-b981ada704f3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{358066de-8d33-475c-9a67-5f3a3335e51e}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4c504aaf-a75e-43df-885e-faab24e7a609}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{66efe49a-a020-48a1-a9d2-d46b0c8e0515}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a5bb7e16-50f2-485f-b148-b981ada704f3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{358066de-8d33-475c-9a67-5f3a3335e51e}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4c504aaf-a75e-43df-885e-faab24e7a609}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{66efe49a-a020-48a1-a9d2-d46b0c8e0515}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{a5bb7e16-50f2-485f-b148-b981ada704f3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Google Chrome v38.0.2125.101


*************************

AdwCleaner[R0].txt - [13891 octets] - [22/10/2014 02:53:06]
AdwCleaner[S0].txt - [13901 octets] - [22/10/2014 02:59:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13962 octets] ##########
# AdwCleaner v4.001 - Report created 22/10/2014 at 22:35:05
# DB v2014-10-21.1
# Updated 20/10/2014 by Xplode
# Operating System : Windows 8 Enterprise Evaluation (64 bits)
# Username : deb1 - DEB
# Running from : C:\Users\deb1\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\deb1\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\deb1\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{358066de-8d33-475c-9a67-5f3a3335e51e}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4c504aaf-a75e-43df-885e-faab24e7a609}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66efe49a-a020-48a1-a9d2-d46b0c8e0515}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{a5bb7e16-50f2-485f-b148-b981ada704f3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{358066de-8d33-475c-9a67-5f3a3335e51e}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4c504aaf-a75e-43df-885e-faab24e7a609}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{66efe49a-a020-48a1-a9d2-d46b0c8e0515}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a5bb7e16-50f2-485f-b148-b981ada704f3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{358066de-8d33-475c-9a67-5f3a3335e51e}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4c504aaf-a75e-43df-885e-faab24e7a609}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{66efe49a-a020-48a1-a9d2-d46b0c8e0515}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{a5bb7e16-50f2-485f-b148-b981ada704f3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Google Chrome v38.0.2125.101


*************************

AdwCleaner[R0].txt - [17579 octets] - [22/10/2014 02:53:06]
AdwCleaner[R1].txt - [856 octets] - [22/10/2014 03:05:30]
AdwCleaner[S0].txt - [17225 octets] - [22/10/2014 02:59:47]
AdwCleaner[S1].txt - [909 octets] - [22/10/2014 03:08:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17345 octets] ##########
Posted 10/23/2014 5:54 AM
#97746
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 78
And here is the log again for Junk Removal Tool:

~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 8 Enterprise Evaluation x64
Ran by deb1 on Wed 10/22/2014 at 22:47:16.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/22/2014 at 22:52:21.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Posted 10/23/2014 1:06 PM
#97747
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
I would suggest that you install a real antivirus program.


Avast makes an excellent free antivirus client:

https://www.avast.com/index


Download, install and update the program then run a complete systemscan.



Download OTL by OldTimer, saving it to your desktop: OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/23/2014 3:14 PM
#97748
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 78
Here is the first log:


OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\deb1\Pictures\2012-09-12 missy
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 0.42 Gb Available Physical Memory | 29.17% Memory free
5.31 Gb Paging File | 4.07 Gb Available in Paging File | 76.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.19 Gb Total Space | 45.35 Gb Free Space | 61.12% Space Free | Partition Type: NTFS

Computer Name: DEB | User Name: deb1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014/10/23 08:02:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\deb1\Pictures\2012-09-12 missy\OTL.exe
PRC - [2014/09/30 22:55:00 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2014/09/30 22:54:58 | 014,891,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\PepperFlash\pepflashplayer.dll
MOD - [2014/09/30 22:54:57 | 008,911,176 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\pdf.dll
MOD - [2014/09/30 22:54:51 | 001,681,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\ffmpegsumo.dll
MOD - [2014/02/10 13:44:24 | 004,592,128 | ---- | M] () -- C:\Users\deb1\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libGLESv2.dll
MOD - [2014/02/10 13:44:24 | 000,112,128 | ---- | M] () -- C:\Users\deb1\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libEGL.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - [2014/05/29 16:02:28 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/03/29 01:05:59 | 000,016,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/15 22:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/06/24 15:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 02:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/03 23:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/03 23:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/08 21:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 19:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 19:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 16:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/09/19 23:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (wuauserv)
SRV:64bit: - [2012/09/19 23:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (PrintNotify)
SRV:64bit: - [2012/09/19 23:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 20:08:51 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlms\wlms.exe -- (WLMS)
SRV:64bit: - [2012/07/25 20:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 20:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 20:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 20:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 20:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 20:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 20:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 20:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 20:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2014/08/29 19:41:15 | 002,175,264 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/06/06 13:08:12 | 000,072,992 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe -- (StartMenuService)
SRV - [2012/07/25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2014/10/21 09:51:41 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/03/28 12:19:38 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/03/23 15:11:52 | 000,269,592 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/10/10 04:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/04 23:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/01 19:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/08/15 22:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/09 23:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/09 01:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 18:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 18:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/06/28 23:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/05/31 20:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/03/02 03:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 03:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/09 18:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/26 20:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 21:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 20:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 01:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 00:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/09/20 00:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 00:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/25 22:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 22:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 22:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 22:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 22:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 22:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 22:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 22:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 22:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 22:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 22:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 22:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 22:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 22:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 22:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 22:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 22:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 21:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 21:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 21:50:20 | 000,053,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2012/07/25 20:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 19:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 19:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 19:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 19:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 19:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 19:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 19:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 19:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 19:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 19:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 19:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 19:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 19:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 19:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 19:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 19:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 19:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 19:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012/07/25 19:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012/07/25 19:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 19:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012/07/25 19:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012/07/25 19:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 19:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 19:23:42 | 000,115,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2012/07/25 19:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/06/02 07:34:38 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2012/06/02 07:34:38 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2012/06/02 07:34:38 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2012/06/02 07:32:02 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2011/03/29 09:15:00 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AE2500w764.sys -- (Linksys_adapter_H)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = https://t.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E 9D C0 14 DD CC CF 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = https://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.com/ie
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{655BA7EB-1133-4A0A-87EA-3995DD5AA032}: "URL" = https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)



[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: https://www.facebook.com/?ref=tn_tnmn
CHR - plugin: Widevine Content Decryption Module (Disabled) = C:\Users\deb1\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Disabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Microsoft Office 2013 (Disabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
CHR - plugin: globalUpdate Update (Disabled) = C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
CHR - default_search_provider: FFE5A5823BFE419843EEC1E88F8927F5496163CD62D30308ACC9DC14385505C5 ()
CHR - default_search_provider: search_url = 9E69B987D196B07EA5CD3C39A75411EE8D2BC5C3F722E7F34F6D7B58C63A66FF
CHR - default_search_provider: suggest_url =
CHR - homepage: 6DFD518C8E8349E0E74C8B244326C8C0187D7FB669FDE4C69A8E369EA1CD004B
CHR - Extension: Google Drive = C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Missing e = C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid\214\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: Mahjongg = C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop\1.0.0.2_1\
CHR - Extension: Elite Unzip = C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea\11.73.5.91_1\
CHR - Extension: Google Wallet = C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Mahjong Master = C:\Users\deb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oghchjojloakfbboibnfnleloeamkkgf\1.0.0_1\

O1 HOSTS File: ([2012/07/25 22:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33CA6493-F5DA-4900-AECC-F2B314481848}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8F90AE2-346D-4F53-9A07-6E7913DF8D97}: DhcpNameServer = 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014/10/22 23:35:25 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/10/22 02:53:01 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/21 14:51:22 | 000,000,000 | ---D | C] -- C:\Users\deb1\AppData\Local\MigWiz
[2014/10/21 14:10:26 | 000,000,000 | ---D | C] -- C:\FRST
[2014/10/21 09:12:07 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/10/20 13:10:05 | 000,000,000 | ---D | C] -- C:\Users\deb1\AppData\Local\LogMeIn Rescue Applet
[2014/10/18 12:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\39b9e6995228379
[2014/10/18 12:20:19 | 000,000,000 | ---D | C] -- C:\Users\deb1\AppData\Local\Torch
[2014/10/18 12:20:19 | 000,000,000 | ---D | C] -- C:\Users\deb1\AppData\Local\Chromatic Browser
[2014/10/18 12:20:18 | 000,000,000 | ---D | C] -- C:\Users\deb1\AppData\Local\Comodo
[2014/10/16 21:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\YZBYwuUBhTU
[2014/10/15 22:06:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2014/10/15 21:49:12 | 000,000,000 | ---D | C] -- C:\Users\deb1\AppData\Local\Plarium
[2014/10/15 21:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/10/15 20:44:41 | 000,000,000 | ---D | C] -- C:\Users\deb1\AppData\Roaming\uTorrent
[2014/10/15 12:44:43 | 000,000,000 | ---D | C] -- C:\Users\deb1\Documents\LocaleMetaData
[2014/10/11 15:15:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/10/11 15:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2014/10/07 16:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014/10/23 07:38:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/23 07:38:21 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/23 07:36:55 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/23 07:36:45 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/10/23 07:36:43 | 1234,268,160 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/23 00:18:45 | 088,388,240 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/10/21 09:51:41 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/18 13:13:50 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Uninstaller_SkipUac_Administrator.job
[2014/10/18 12:49:03 | 000,000,394 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/10/15 12:45:38 | 002,166,784 | ---- | M] () -- C:\Users\deb1\Documents\eventlogs error.evtx
[2014/10/15 12:44:42 | 002,166,784 | ---- | M] () -- C:\Users\deb1\Documents\eventlogerrors.evtx
[2014/10/15 11:33:58 | 000,000,017 | ---- | M] () -- C:\Users\deb1\AppData\Local\resmon.resmoncfg
[2014/10/09 04:54:41 | 000,004,293 | ---- | M] () -- C:\Users\deb1\Documents\patrick resume.odt
[2014/10/09 04:51:55 | 000,004,334 | ---- | M] () -- C:\Users\deb1\Documents\my resume - Copy.odt
[2014/10/08 12:50:49 | 000,048,663 | ---- | M] () -- C:\Users\deb1\Documents\see-what-happens-when-you-drink-water-on-an-empty-stomach.jpg
[2014/10/07 16:51:48 | 000,001,130 | ---- | M] () -- C:\Users\deb1\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2014/10/07 16:51:48 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2014/10/07 16:39:29 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014/10/23 00:18:45 | 088,388,240 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/10/18 12:20:21 | 000,000,394 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/10/15 12:45:34 | 002,166,784 | ---- | C] () -- C:\Users\deb1\Documents\eventlogs error.evtx
[2014/10/15 12:44:28 | 002,166,784 | ---- | C] () -- C:\Users\deb1\Documents\eventlogerrors.evtx
[2014/10/15 11:33:58 | 000,000,017 | ---- | C] () -- C:\Users\deb1\AppData\Local\resmon.resmoncfg
[2014/10/15 05:16:44 | 000,511,065 | ---- | C] () -- C:\Users\deb1\Documents\photo.htm
[2014/10/15 05:13:34 | 000,048,663 | ---- | C] () -- C:\Users\deb1\Documents\see-what-happens-when-you-drink-water-on-an-empty-stomach.jpg
[2014/10/11 15:02:09 | 000,073,710 | ---- | C] () -- C:\Users\deb1\Documents\1395136_714186148653111_417039847785655931_n.jpg
[2014/10/09 04:54:41 | 000,004,293 | ---- | C] () -- C:\Users\deb1\Documents\patrick resume.odt
[2014/10/09 04:51:55 | 000,004,334 | ---- | C] () -- C:\Users\deb1\Documents\my resume - Copy.odt
[2014/10/07 16:51:48 | 000,001,130 | ---- | C] () -- C:\Users\deb1\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2014/10/07 16:51:48 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2014/09/01 01:18:44 | 000,002,086 | ---- | C] () -- C:\Users\deb1\AppData\Roaming\UBQJD
[2014/09/01 01:18:44 | 000,001,248 | ---- | C] () -- C:\Users\deb1\AppData\Roaming\DNKRY
[2014/08/30 10:15:52 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/28 01:23:06 | 019,759,104 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/27 23:18:26 | 017,562,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Posted 10/23/2014 3:15 PM
#97749
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 78
Here is the 2nd log:


OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\deb1\Pictures\2012-09-12 missy
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 0.42 Gb Available Physical Memory | 29.17% Memory free
5.31 Gb Paging File | 4.07 Gb Available in Paging File | 76.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.19 Gb Total Space | 45.35 Gb Free Space | 61.12% Space Free | Partition Type: NTFS

Computer Name: DEB | User Name: deb1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017ED4C1-E036-4DE0-B4DF-13F10F867BDB}" = rport=138 | protocol=17 | dir=out | app=system |
"{0FD22A78-2371-4AC0-A986-288A736AEBE6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{15E62C52-E4E2-41B4-87EF-C6B0F3AF2D0C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2783B91A-96E1-4231-B5E8-C2ED56F6DB84}" = lport=445 | protocol=6 | dir=in | app=system |
"{2E72EC6D-CCD6-4B2B-A031-77D39A33A151}" = lport=10243 | protocol=6 | dir=in | app=system |
"{341D890B-ED83-4254-BA8A-AF4B22D8D311}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39A357EA-1DA4-4CEE-8363-68E9F72FF4B5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3D591D0C-9F51-429A-ADEC-DFAD18C98CD7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5ABCE34B-2200-4520-886F-BEF897D64CE7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{653159B3-6BE9-49B6-90CA-BF575453561B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{67A08AD4-1763-4CE2-9866-7858E1D3457C}" = rport=137 | protocol=17 | dir=out | app=system |
"{6FC26E62-ADB7-4BA6-B845-F20BDBA1DD30}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72415DA2-96EE-419C-A8FE-F18C4544AD3A}" = rport=445 | protocol=6 | dir=out | app=system |
"{749AB9A9-DB5A-4A0A-8E35-F5C282354F26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F812919-ADB2-4870-9405-D36EF248FFF5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB93BB0B-40B2-4D01-A53D-04A31B1D9400}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ACAAD2F6-ACAA-4BD0-9EFF-CB3714CA1105}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADC78B96-7043-4DA8-AD02-8E3BAE48F53B}" = lport=137 | protocol=17 | dir=in | app=system |
"{B187F20B-4013-4EB7-A813-C03BEDCBCC0E}" = lport=139 | protocol=6 | dir=in | app=system |
"{CA944192-9709-4AE9-B145-3A6B5FC67A28}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{D207776B-1A58-4B54-BA74-B0F41A7295D9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E305DB74-5F48-48CB-B281-949878EA7DD8}" = rport=139 | protocol=6 | dir=out | app=system |
"{EEF0E3C6-9140-4A6A-9F63-99FEE3D619CB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F240B7F7-EBB7-471E-8E6E-64C65D11C567}" = lport=138 | protocol=17 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B97859-77FE-40CC-A8DF-1C0067651463}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B924569-34FF-4D1B-BEAE-015949D59952}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{14682CFD-9556-47B6-B17F-9C37BCA79DC1}" = dir=out | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{2D545511-82D0-4516-8A43-58DA5C587229}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{30221CCF-9469-475A-855F-580CBA517453}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4398.729_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{3532C95A-502D-4B41-B412-ACF41FB64A68}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3B12C759-430A-4E2B-9626-0F2F16ED8062}" = dir=out | name=@{microsoft.zunemusic_1.5.216.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{404A0761-BDA1-422D-BD3E-B0524E8DC86B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A56D462-6D84-41F3-BA73-98298D4F0870}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56A74EC3-6456-4EF0-889E-06DCC8F50E41}" = protocol=6 | dir=out | app=system |
"{58856267-9A1D-43B9-834F-02E794A7B835}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5E3F119F-11A2-44E0-A648-631198C43AAD}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{77B4316B-D75C-4BDB-89E9-AD2392A1C0BE}" = dir=out | name=@{microsoft.zunevideo_1.5.909.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{7D9C8C21-1935-4B62-B6E5-BF60C3D535D6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{865ECAD0-DE0D-43EB-92C7-85F9E2F9F572}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{86A3848B-734C-4ECC-AE6E-2CC42D6B227E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9175FCAF-B952-4E38-9B74-7125B0271BC6}" = dir=in | name=@{microsoft.windowsphotos_16.4.4396.311_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{952AD2ED-17A8-4EA6-84FD-F1A37353ECFC}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{985D1D91-A743-4D7F-AFBA-1A83D384E834}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{A41F78D1-D4EF-457C-B34F-84C1551D6C5F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ACEE7DAB-BED3-49AA-ADA6-F45AF4DAC6EC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{ACF12B96-37E3-4D69-AC3F-27F2D4734FC2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B11D08A2-2614-470D-A452-6F1C44194CB6}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{B485ED19-FA8C-400E-9DD4-5F6B8A5A75B5}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{BE05DD85-0AA3-4625-887A-AD4F24AD73CA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BF867FFC-4E6C-4494-930F-12BE00B04908}" = dir=out | name=@{microsoft.bingtravel_2.0.0.319_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{C69713D8-4D1A-4CD0-9CF0-2BBEB1373758}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C877230F-B127-43CD-9432-91EAB52D1313}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{CE2C2013-DAE5-451F-AAD1-41ECC9A2DCA9}" = dir=out | name=@{microsoft.windowsphotos_16.4.4396.311_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{D53DF35A-ED65-4C44-99CE-6292D3F61933}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D65FF32E-1F15-4A5A-AFE0-E44A34A04522}" = dir=out | name=@{microsoft.bingnews_2.0.0.320_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{DAB9D3E8-F0B9-4269-BA60-12D23C69877A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DDDDE846-FEA5-42C7-983A-DCCDF0BC7F9F}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{E033B603-9D97-4B91-81C5-E9C577780807}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EECA21FC-B6AC-4CC8-B8AB-47388A4260D6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F6F7AE96-17A0-428F-8F3E-1DAD2E2D59B8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"CCleaner" = CCleaner
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"Google Chrome" = Google Chrome
"IObit_StartMenu8_is1" = Start Menu 8
"IObitUninstall" = IObit Uninstaller
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Picasa 3" = Picasa 3
"VLC media player" = VLC media player

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 10/23/2014 2:54:31 AM | Computer Name = DEB | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not open the EventSystem service for query.

System
Error: The specified service does not exist as an installed service. .

Error - 10/23/2014 2:54:32 AM | Computer Name = DEB | Source = VSS | ID = 13
Description =

Error - 10/23/2014 2:54:32 AM | Computer Name = DEB | Source = VSS | ID = 8193
Description =

Error - 10/23/2014 4:00:00 AM | Computer Name = DEB | Source = ESENT | ID = 494
Description = svchost (1068) SRUJet: Database recovery failed with error -1216 because
it encountered references to a database, 'C:\Windows\system32\SRU\SRUDB.dat', which
is no longer present. The database was not brought to a Clean Shutdown state before
it was removed (or possibly moved or renamed). The database engine will not permit
recovery to complete for this instance until the missing database is re-instated.
If the database is truly no longer available and no longer required, procedures
for recovering from this error are available in the Microsoft Knowledge Base or
by following the "more information" link at the bottom of this message.

Error - 10/23/2014 4:00:00 AM | Computer Name = DEB | Source = ESENT | ID = 454
Description = svchost (1068) SRUJet: Database recovery/restore failed with unexpected
error -1216.

[ System Events ]
Error - 10/23/2014 10:36:50 AM | Computer Name = DEB | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:18:52 AM on ?10/?23/?2014 was unexpected.

Error - 10/23/2014 10:36:59 AM | Computer Name = DEB | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the StartMenu8
Service service to connect.

Error - 10/23/2014 10:36:59 AM | Computer Name = DEB | Source = Service Control Manager | ID = 7000
Description = The StartMenu8 Service service failed to start due to the following
error: %%1053

Error - 10/23/2014 10:37:00 AM | Computer Name = DEB | Source = Service Control Manager | ID = 7023
Description = The Windows Update service terminated with the following error: %%2

Error - 10/23/2014 10:37:09 AM | Computer Name = DEB | Source = Service Control Manager | ID = 7023
Description = The Windows Update service terminated with the following error: %%2

Error - 10/23/2014 10:39:06 AM | Computer Name = DEB | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%2

Error - 10/23/2014 10:47:21 AM | Computer Name = DEB | Source = Service Control Manager | ID = 7023
Description = The Windows Update service terminated with the following error: %%2

Error - 10/23/2014 10:49:21 AM | Computer Name = DEB | Source = DCOM | ID = 10010
Description =

Error - 10/23/2014 10:49:21 AM | Computer Name = DEB | Source = Service Control Manager | ID = 7023
Description = The Windows Update service terminated with the following error: %%2

Error - 10/23/2014 10:51:21 AM | Computer Name = DEB | Source = DCOM | ID = 10010
Description =


< End of report >
Posted 10/23/2014 4:02 PM
#97750
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 78
I installed Avast and ran a scan, it says no threats detected but I know there is a threat on my PC, I still keep getting those pop ups and a new tab opens when I click on anything, it won't go away.
Posted 10/24/2014 6:54 AM
#97756
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 78
Oh and I forgot, I had the Start Button on my PC before all these problems, but now it is gone and I can't get it back, it's downloaded but it won't install. The complete error code is "StartMenu8.exe - System-Error- The program can't start because rtl120.bpl is missing from your computer. Try re-installing the program to fix this program." Is this fixable? If so, can you help with this?
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Friday, November 15, 2019, 2:03 AM (GMT +1)
There are a total of 61,740 posts in 13,621 threads.
In the last 3 days there were 1 new threads and 3 reply posts.

Who's online

This forum has 38,538 registered members. Please welcome our newest member, BrianE.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.