Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Possible multiple infections dllhost.exe *32 Com Surrogate in sysWOW64 dir, Powelik etc
Message
<blockquote data-quote="CuriosGeorge" data-source="post: 301071" data-attributes="member: 30673"><p>+++++First FRST64 run.........</p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014</p><p>Ran by Anonymouse7 (administrator) on ANONYMOUSE7-PC on 15-11-2014 14:51:01</p><p>Running from C:\Users\Anonymouse7\Desktop</p><p>Loaded Profile: Anonymouse7 (Available profiles: Anonymouse7 & UpdatusUser)</p><p>Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)</p><p>Internet Explorer Version 10</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe</p><p>(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe</p><p>(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe</p><p>(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe</p><p>(Microsoft Corporation) C:\Windows\System32\rundll32.exe</p><p>() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe</p><p>(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe</p><p>(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe</p><p>(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe</p><p>(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE</p><p>(Microsoft Corporation) C:\Windows\System32\taskmgr.exe</p><p>(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch</p><p>HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor</p><p>HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)</p><p>HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)</p><p>HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)</p><p>HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)</p><p>HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)</p><p>HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()</p><p>HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)</p><p>HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)</p><p>HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)</p><p>HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent</p><p>HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\MountPoints2: {0a95aa89-b2f0-11e2-a410-806e6f6e6963} - D:\setup.exe</p><p>HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\MountPoints2: {3eb9274b-b2f1-11e2-8dd2-0019d181a116} - J:\LaunchU3.exe -a</p><p>HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!</p><p>HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-21] (Microsoft Corporation)</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = <a href="http://www.msn.com/?ocid=iehp" target="_blank">http://www.msn.com/?ocid=iehp</a></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4E02FB285247CE01</p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US</p><p>BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)</p><p>BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)</p><p>BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>Toolbar: HKU\S-1-5-21-1790508116-3232562679-3642955932-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File</p><p>Toolbar: HKU\S-1-5-21-1790508116-3232562679-3642955932-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} <a href="http://i.dell.com/images/global/js/scanner/SysProExe.cab" target="_blank">http://i.dell.com/images/global/js/scanner/SysProExe.cab</a></p><p>DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} <a href="http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab" target="_blank">http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab</a></p><p>DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} <a href="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab" target="_blank">http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab</a></p><p>DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} <a href="https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab" target="_blank">https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab</a></p><p>Tcpip\..\Interfaces\{7D43E0F8-0AAB-4165-8A34-8E2E0038F894}: [NameServer] 192.168.1.1</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default</p><p>FF Homepage: hxxp://<a href="http://www.google.com/" target="_blank">www.google.com/</a></p><p>FF Keyword.URL:</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()</p><p>FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</p><p>FF Plugin: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()</p><p>FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</p><p>FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)</p><p>FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF user.js: detected! => C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\user.js</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)</p><p>FF SearchPlugin: C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\searchplugins\safeguard-secure-search.xml</p><p>FF Extension: UIGlobalNotify Class - C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\Extensions\{F8D60573-0129-130E-B0BA-F9FB6449775B} [2014-11-09]</p><p>FF Extension: Greasemonkey - C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-12-25]</p><p></p><p>Chrome:</p><p>=======</p><p>CHR HomePage: Default -> <a href="https://www.google.com/" target="_blank">https://www.google.com/</a></p><p>CHR StartupUrls: Default -> "<a href="https://www.google.com/" target="_blank">https://www.google.com/</a>"</p><p>CHR Profile: C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (UIGlobalNotify Class) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-11-09]</p><p>CHR Extension: (Google Docs) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-17]</p><p>CHR Extension: (Google Drive) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-17]</p><p>CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-17]</p><p>CHR Extension: (YouTube) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-17]</p><p>CHR Extension: (Google Search) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-17]</p><p>CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2013-11-12]</p><p>CHR Extension: (CnC TA Script Collection) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhpmdclklpgfcpoiomjofgfagenmgeo [2013-12-24]</p><p>CHR Extension: (Google Wallet) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]</p><p>CHR Extension: (Gmail) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-17]</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-05-02] (Creative Labs) [File not signed]</p><p>S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-05-02] (Creative Labs) [File not signed]</p><p>R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]</p><p>R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)</p><p>S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\SupportSoft\bin\ssrc.exe [X]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S2 EBIOS32; C:\Windows\SysWOW64\Drivers\EBIOS32.SYS [13922 2010-10-28] (Intel Corporation) [File not signed]</p><p>R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2009-02-11] (Paragon Software Group)</p><p>R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)</p><p>S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd.)</p><p>S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)</p><p>R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [45312 2009-02-11] (Windows (R) 2000 DDK provider)</p><p>S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]</p><p>S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]</p><p>S3 tsusbhub; system32\drivers\tsusbhub.sys [X]</p><p>S3 VGPU; System32\drivers\rdvgkmd.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-11-15 14:51 - 2014-11-15 14:51 - 00015280 _____ () C:\Users\Anonymouse7\Desktop\FRST.txt</p><p>2014-11-15 14:50 - 2014-11-15 14:51 - 00000000 ____D () C:\FRST</p><p>2014-11-15 14:48 - 2014-11-15 14:37 - 00001401 _____ () C:\Users\Anonymouse7\Desktop\iExplore - Shortcut.lnk</p><p>2014-11-15 14:48 - 2014-11-15 11:04 - 00415232 _____ (Farbar) C:\Users\Anonymouse7\Desktop\FSS.exe</p><p>2014-11-15 14:48 - 2014-11-15 11:03 - 00401920 _____ (Farbar) C:\Users\Anonymouse7\Desktop\MiniToolBox.exe</p><p>2014-11-15 14:48 - 2014-11-15 11:01 - 05598504 _____ (Swearware) C:\Users\Anonymouse7\Desktop\ComboFix.exe</p><p>2014-11-15 14:48 - 2014-11-15 11:00 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Anonymouse7\Desktop\WiNlOgOn.exe</p><p>2014-11-15 14:48 - 2014-11-15 11:00 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Anonymouse7\Desktop\rkill.exe</p><p>2014-11-15 14:48 - 2014-11-15 10:57 - 02140160 _____ () C:\Users\Anonymouse7\Desktop\AdwCleaner.exe</p><p>2014-11-15 14:48 - 2014-11-15 10:54 - 02116608 _____ (Farbar) C:\Users\Anonymouse7\Desktop\FRST64.exe</p><p>2014-11-15 14:48 - 2014-11-15 10:54 - 01108480 _____ (Farbar) C:\Users\Anonymouse7\Desktop\FRST.exe</p><p>2014-11-15 14:48 - 2014-10-27 19:20 - 03060320 _____ (Symantec Corporation) C:\Users\Anonymouse7\Desktop\NortonPE.exe</p><p>2014-11-15 14:48 - 2014-10-26 16:02 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Anonymouse7\Desktop\mbam-setup-2.0.3.1025.exe</p><p>2014-11-15 14:48 - 2014-08-31 09:45 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Anonymouse7\Desktop\spybot-2.4.exe</p><p>2014-11-09 18:36 - 2014-11-09 18:36 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\YTPack</p><p>2014-11-09 18:36 - 2014-11-09 18:36 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\Ehbtion</p><p>2014-11-09 18:35 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\ZertAkbem</p><p>2014-11-09 18:35 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\VeraPayvi</p><p>2014-11-08 18:13 - 2014-11-08 18:25 - 122046712 _____ (Microsoft Corporation) C:\Users\Anonymouse7\Downloads\msert.exe</p><p>2014-11-08 17:51 - 2014-11-08 18:05 - 115614832 _____ (Symantec Corporation) C:\Users\Anonymouse7\Downloads\NS-TW-22.0.0-EN-US.exe</p><p>2014-11-08 17:46 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\YezeJyed</p><p>2014-11-08 17:46 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\TeziTvir</p><p>2014-11-08 17:43 - 2014-11-08 17:43 - 00000160 ____H () C:\ProgramData\@system3.att</p><p>2014-11-08 17:42 - 2014-11-08 17:42 - 00000448 ____H () C:\Users\Anonymouse7\AppData\Roaming\麽鎒駓覜</p><p>2014-11-08 17:42 - 2014-11-08 17:42 - 00000424 _____ () C:\ProgramData\@system.temp</p><p>2014-11-08 17:41 - 2014-11-09 19:03 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Roaming\FrameworkUpdate7</p><p>2014-11-08 17:25 - 2014-11-08 17:26 - 00779704 _____ (Symantec) C:\Users\Anonymouse7\Downloads\Setup.exe</p><p>2014-11-08 16:45 - 2014-11-08 16:48 - 00032291 _____ () C:\Users\Anonymouse7\AppData\Roaming\893686b8</p><p>2014-11-08 16:45 - 2014-11-08 16:48 - 00024065 _____ () C:\Users\Anonymouse7\AppData\Local\893686b8</p><p>2014-11-08 16:45 - 2014-11-08 16:48 - 00021087 _____ () C:\ProgramData\893686b8</p><p>2014-11-08 16:25 - 2014-11-09 18:34 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage</p><p>2014-11-08 14:20 - 2014-11-09 18:37 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\CrashDumps</p><p>2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL</p><p>2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL</p><p>2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL</p><p>2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL</p><p>2014-10-29 11:54 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL</p><p>2014-10-29 11:54 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL</p><p>2014-10-29 11:54 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL</p><p>2014-10-29 11:54 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL</p><p>2014-10-29 11:54 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL</p><p>2014-10-29 11:54 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL</p><p>2014-10-29 11:54 - 2014-07-08 14:38 - 00419992 _____ () C:\Windows\system32\locale.nls</p><p>2014-10-29 11:54 - 2014-07-08 14:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls</p><p>2014-10-29 10:21 - 2014-06-26 18:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll</p><p>2014-10-29 10:21 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll</p><p>2014-10-27 14:28 - 2014-11-09 18:53 - 00000000 ____D () C:\NPE</p><p>2014-10-27 14:21 - 2014-11-09 18:57 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\NPE</p><p>2014-10-27 14:21 - 2014-10-27 14:22 - 00000000 ____D () C:\ProgramData\Norton</p><p>2014-10-27 13:55 - 2014-11-08 19:11 - 00000000 ____D () C:\CleanUpVirus</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-11-15 14:49 - 2013-05-02 21:42 - 00000000 ____D () C:\Users\Anonymouse7\Documents\Outlook Files</p><p>2014-11-15 14:48 - 2009-07-13 21:13 - 00784326 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2014-11-15 14:46 - 2009-07-13 20:51 - 00003638 _____ () C:\Windows\setupact.log</p><p>2014-11-15 14:29 - 2013-08-18 21:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2014-11-15 14:26 - 2013-06-17 18:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2014-11-15 14:19 - 2013-10-19 20:03 - 00000310 _____ () C:\Windows\Tasks\DigitalSite.job</p><p>2014-11-15 13:59 - 2013-05-01 22:25 - 02053732 _____ () C:\Windows\WindowsUpdate.log</p><p>2014-11-14 20:25 - 2013-06-17 18:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2014-11-13 14:03 - 2009-07-13 20:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2014-11-13 14:03 - 2009-07-13 20:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2014-11-13 13:56 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2014-11-13 13:55 - 2013-05-02 15:56 - 00202476 _____ () C:\Windows\PFRO.log</p><p>2014-11-09 19:17 - 2013-11-08 19:55 - 00000000 ____D () C:\Windows\Downloaded Installations</p><p>2014-11-09 19:10 - 2014-10-15 09:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2014-11-09 03:04 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PLA</p><p>2014-11-08 17:36 - 2013-08-18 21:22 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Roaming\Dropbox</p><p>2014-11-08 17:03 - 2009-07-13 20:45 - 00439992 _____ () C:\Windows\system32\FNTCACHE.DAT</p><p>2014-11-05 17:42 - 2013-07-23 16:18 - 00000072 _____ () C:\Users\Public\LMDebug.log</p><p>2014-11-03 13:07 - 2014-07-03 14:29 - 00000000 ____D () C:\Users\Anonymouse7\Desktop\AP CAP Folder</p><p>2014-10-29 13:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache</p><p>2014-10-29 11:47 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories</p><p>2014-10-29 11:46 - 2014-06-17 21:16 - 00000000 ___SD () C:\Windows\system32\CompatTel</p><p>2014-10-29 11:46 - 2009-07-13 23:46 - 00000000 ____D () C:\Program Files\Windows Journal</p><p>2014-10-29 11:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism</p><p>2014-10-29 11:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism</p><p>2014-10-29 10:41 - 2013-05-02 19:00 - 00000000 ____D () C:\ProgramData\Microsoft Help</p><p>2014-10-29 10:26 - 2013-05-02 15:58 - 00776448 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI</p><p>2014-10-29 10:21 - 2013-11-24 07:59 - 00000000 ____D () C:\Windows\system32\MRT</p><p>2014-10-28 10:26 - 2013-06-17 18:28 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2014-10-28 05:34 - 2013-05-01 22:45 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe</p><p>2014-10-27 19:20 - 2013-06-17 18:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA</p><p>2014-10-27 19:20 - 2013-06-17 18:26 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore</p><p>2014-10-20 13:48 - 2014-10-15 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2014-10-20 13:48 - 2014-10-15 09:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2014-10-20 13:48 - 2013-09-29 06:48 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\Anonymouse7\AppData\Local\Temp\ose00000.exe</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2014-11-15 00:37</p><p></p><p>==================== End Of Log ============================</p><p></p><p>++++Second FRST64 run .....</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014</p><p>Ran by Anonymouse7 (administrator) on ANONYMOUSE7-PC on 15-11-2014 16:06:50</p><p>Running from C:\Users\Anonymouse7\Desktop</p><p>Loaded Profile: Anonymouse7 (Available profiles: Anonymouse7 & UpdatusUser)</p><p>Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)</p><p>Internet Explorer Version 10</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe</p><p>(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe</p><p>(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe</p><p>(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe</p><p>(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe</p><p>(Microsoft Corporation) C:\Windows\System32\rundll32.exe</p><p>(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe</p><p>(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe</p><p>(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe</p><p>() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe</p><p>(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe</p><p>(Nikon Corporation) C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe</p><p>(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe</p><p>(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe</p><p>(Microsoft Corporation) C:\Windows\System32\taskmgr.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch</p><p>HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor</p><p>HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)</p><p>HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)</p><p>HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)</p><p>HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)</p><p>HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)</p><p>HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()</p><p>HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)</p><p>HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)</p><p>HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)</p><p>HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent</p><p>HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\MountPoints2: {0a95aa89-b2f0-11e2-a410-806e6f6e6963} - D:\setup.exe</p><p>HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\MountPoints2: {3eb9274b-b2f1-11e2-8dd2-0019d181a116} - J:\LaunchU3.exe -a</p><p>HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-21] (Microsoft Corporation)</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = <a href="http://www.msn.com/?ocid=iehp" target="_blank">http://www.msn.com/?ocid=iehp</a></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4E02FB285247CE01</p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US</p><p>BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)</p><p>BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)</p><p>BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>Toolbar: HKU\S-1-5-21-1790508116-3232562679-3642955932-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File</p><p>Toolbar: HKU\S-1-5-21-1790508116-3232562679-3642955932-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} <a href="http://i.dell.com/images/global/js/scanner/SysProExe.cab" target="_blank">http://i.dell.com/images/global/js/scanner/SysProExe.cab</a></p><p>DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} <a href="http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab" target="_blank">http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab</a></p><p>DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} <a href="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab" target="_blank">http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab</a></p><p>DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} <a href="https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab" target="_blank">https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab</a></p><p>Tcpip\..\Interfaces\{7D43E0F8-0AAB-4165-8A34-8E2E0038F894}: [NameServer] 192.168.1.1</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default</p><p>FF Homepage: hxxp://<a href="http://www.google.com/" target="_blank">www.google.com/</a></p><p>FF Keyword.URL:</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()</p><p>FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</p><p>FF Plugin: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()</p><p>FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</p><p>FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)</p><p>FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF user.js: detected! => C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\user.js</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)</p><p>FF SearchPlugin: C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\searchplugins\safeguard-secure-search.xml</p><p>FF Extension: UIGlobalNotify Class - C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\Extensions\{F8D60573-0129-130E-B0BA-F9FB6449775B} [2014-11-09]</p><p>FF Extension: Greasemonkey - C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-12-25]</p><p></p><p>Chrome:</p><p>=======</p><p>CHR HomePage: Default -> <a href="https://www.google.com/" target="_blank">https://www.google.com/</a></p><p>CHR StartupUrls: Default -> "<a href="https://www.google.com/" target="_blank">https://www.google.com/</a>"</p><p>CHR Profile: C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (UIGlobalNotify Class) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-11-09]</p><p>CHR Extension: (Google Docs) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-17]</p><p>CHR Extension: (Google Drive) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-17]</p><p>CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-17]</p><p>CHR Extension: (YouTube) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-17]</p><p>CHR Extension: (Google Search) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-17]</p><p>CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2013-11-12]</p><p>CHR Extension: (CnC TA Script Collection) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhpmdclklpgfcpoiomjofgfagenmgeo [2013-12-24]</p><p>CHR Extension: (Google Wallet) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]</p><p>CHR Extension: (Gmail) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-17]</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-05-02] (Creative Labs) [File not signed]</p><p>S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-05-02] (Creative Labs) [File not signed]</p><p>R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]</p><p>R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)</p><p>S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\SupportSoft\bin\ssrc.exe [X]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S2 EBIOS32; C:\Windows\SysWOW64\Drivers\EBIOS32.SYS [13922 2010-10-28] (Intel Corporation) [File not signed]</p><p>R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2009-02-11] (Paragon Software Group)</p><p>R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)</p><p>S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd.)</p><p>S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)</p><p>R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [45312 2009-02-11] (Windows (R) 2000 DDK provider)</p><p>S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]</p><p>S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]</p><p>S3 tsusbhub; system32\drivers\tsusbhub.sys [X]</p><p>S3 VGPU; System32\drivers\rdvgkmd.sys [X]</p><p></p><p>========================== Drivers MD5 =======================</p><p></p><p>C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9</p><p>C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49</p><p>C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048</p><p>C:\Windows\system32\drivers\appid.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit</p><p>C:\Windows\System32\CLFS.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706</p><p>C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\csc.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\discache.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868</p><p>C:\Windows\System32\DRIVERS\e1e6232e.sys 099E01A94167CA8BDA2CF72037AD0E28</p><p>C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit</p><p>C:\Windows\SysWOW64\Drivers\EBIOS32.SYS 81BEE29F3D4A810350312D8B29CB8AFA</p><p>C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B</p><p>C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0</p><p>C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F</p><p>C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A</p><p>C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\hotcore3.sys C12374FE946EBE42B13234770249C387</p><p>C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\iaStorA.sys AE0C5DF7E7DA3E7AC29B64CFA8C4F044</p><p>C:\Windows\System32\DRIVERS\iaStorF.sys 711241EA1BA9DB44F34D03D2AD00ED08</p><p>C:\Windows\System32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366</p><p>C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6</p><p>C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\ksaud.sys 64801398A9EA492548703CC5F0109F87</p><p>C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC</p><p>C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB</p><p>C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\modem.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404</p><p>C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC</p><p>C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163</p><p>C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C</p><p>C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88</p><p>C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2</p><p>C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\nvlddmkm.sys 8E6247F418B4C8AE9EEB0B532CABCC21</p><p>C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD</p><p>C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A</p><p>C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C</p><p>C:\Windows\System32\drivers\pci.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34</p><p>C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41</p><p>C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B</p><p>C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28</p><p>C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3</p><p>C:\Windows\system32\Drivers\SSPORT.sys 0211AB46B73A2623B86C1CFCB30579AB</p><p>C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E</p><p>C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E</p><p>C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC</p><p>C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8</p><p>C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1</p><p>C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E</p><p>C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\uimx64.sys F86E3A8AC9BFFC8B6E64C40C7156B706</p><p>C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2</p><p>C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A</p><p>C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31</p><p>C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965</p><p>C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA</p><p>C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC</p><p>C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24</p><p>C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6</p><p>C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3</p><p>C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\vga.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8</p><p>C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit</p><p>C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F</p><p>C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-11-15 15:39 - 2014-11-15 15:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)</p><p>2014-11-15 15:38 - 2014-11-15 15:49 - 00000000 ____D () C:\Users\Anonymouse7\Desktop\mbar</p><p>2014-11-15 15:36 - 2014-11-15 15:37 - 00616586 _____ () C:\Users\Anonymouse7\Desktop\ESETPoweliksCleaner.exe_20141115.153650.204.log</p><p>2014-11-15 15:36 - 2014-11-15 15:33 - 00186568 _____ (ESET) C:\Users\Anonymouse7\Desktop\ESETPoweliksCleaner.exe</p><p>2014-11-15 15:36 - 2014-11-15 15:26 - 02737592 _____ (Malwarebytes ) C:\Users\Anonymouse7\Desktop\mbae-setup-1.04.1.1012.exe</p><p>2014-11-15 15:36 - 2014-11-15 15:24 - 14439696 _____ (Malwarebytes Corp.) C:\Users\Anonymouse7\Desktop\mbar-1.08.1.1001.exe</p><p>2014-11-15 15:36 - 2014-11-15 15:00 - 00031111 _____ () C:\Users\Anonymouse7\Desktop\Addition111520141500.txt</p><p>2014-11-15 15:01 - 2014-11-15 15:01 - 00025342 _____ () C:\Users\Anonymouse7\Desktop\FRST111520141500.txt</p><p>2014-11-15 14:51 - 2014-11-15 16:07 - 00030566 _____ () C:\Users\Anonymouse7\Desktop\FRST.txt</p><p>2014-11-15 14:51 - 2014-11-15 14:51 - 00031111 _____ () C:\Users\Anonymouse7\Desktop\Addition.txt</p><p>2014-11-15 14:50 - 2014-11-15 16:06 - 00000000 ____D () C:\FRST</p><p>2014-11-15 14:48 - 2014-11-15 14:37 - 00001401 _____ () C:\Users\Anonymouse7\Desktop\iExplore - Shortcut.lnk</p><p>2014-11-15 14:48 - 2014-11-15 11:04 - 00415232 _____ (Farbar) C:\Users\Anonymouse7\Desktop\FSS.exe</p><p>2014-11-15 14:48 - 2014-11-15 11:03 - 00401920 _____ (Farbar) C:\Users\Anonymouse7\Desktop\MiniToolBox.exe</p><p>2014-11-15 14:48 - 2014-11-15 11:01 - 05598504 _____ (Swearware) C:\Users\Anonymouse7\Desktop\ComboFix.exe</p><p>2014-11-15 14:48 - 2014-11-15 11:00 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Anonymouse7\Desktop\rkill.exe</p><p>2014-11-15 14:48 - 2014-11-15 10:57 - 02140160 _____ () C:\Users\Anonymouse7\Desktop\AdwCleaner.exe</p><p>2014-11-15 14:48 - 2014-11-15 10:54 - 02116608 _____ (Farbar) C:\Users\Anonymouse7\Desktop\FRST64.exe</p><p>2014-11-15 14:48 - 2014-11-15 10:54 - 01108480 _____ (Farbar) C:\Users\Anonymouse7\Desktop\FRST.exe</p><p>2014-11-15 14:48 - 2014-10-27 19:20 - 03060320 _____ (Symantec Corporation) C:\Users\Anonymouse7\Desktop\NortonPE.exe</p><p>2014-11-15 14:48 - 2014-10-26 16:02 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Anonymouse7\Desktop\mbam-setup-2.0.3.1025.exe</p><p>2014-11-15 14:48 - 2014-08-31 09:45 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Anonymouse7\Desktop\spybot-2.4.exe</p><p>2014-11-09 18:36 - 2014-11-09 18:36 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\YTPack</p><p>2014-11-09 18:36 - 2014-11-09 18:36 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\Ehbtion</p><p>2014-11-09 18:35 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\ZertAkbem</p><p>2014-11-09 18:35 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\VeraPayvi</p><p>2014-11-08 18:13 - 2014-11-08 18:25 - 122046712 _____ (Microsoft Corporation) C:\Users\Anonymouse7\Downloads\msert.exe</p><p>2014-11-08 17:51 - 2014-11-08 18:05 - 115614832 _____ (Symantec Corporation) C:\Users\Anonymouse7\Downloads\NS-TW-22.0.0-EN-US.exe</p><p>2014-11-08 17:46 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\YezeJyed</p><p>2014-11-08 17:46 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\TeziTvir</p><p>2014-11-08 17:43 - 2014-11-08 17:43 - 00000160 ____H () C:\ProgramData\@system3.att</p><p>2014-11-08 17:42 - 2014-11-08 17:42 - 00000448 ____H () C:\Users\Anonymouse7\AppData\Roaming\麽鎒駓覜</p><p>2014-11-08 17:42 - 2014-11-08 17:42 - 00000424 _____ () C:\ProgramData\@system.temp</p><p>2014-11-08 17:41 - 2014-11-09 19:03 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Roaming\FrameworkUpdate7</p><p>2014-11-08 17:25 - 2014-11-08 17:26 - 00779704 _____ (Symantec) C:\Users\Anonymouse7\Downloads\Setup.exe</p><p>2014-11-08 16:45 - 2014-11-08 16:48 - 00032291 _____ () C:\Users\Anonymouse7\AppData\Roaming\893686b8</p><p>2014-11-08 16:45 - 2014-11-08 16:48 - 00024065 _____ () C:\Users\Anonymouse7\AppData\Local\893686b8</p><p>2014-11-08 16:45 - 2014-11-08 16:48 - 00021087 _____ () C:\ProgramData\893686b8</p><p>2014-11-08 16:25 - 2014-11-09 18:34 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage</p><p>2014-11-08 14:20 - 2014-11-09 18:37 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\CrashDumps</p><p>2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL</p><p>2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL</p><p>2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL</p><p>2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL</p><p>2014-10-29 11:54 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL</p><p>2014-10-29 11:54 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL</p><p>2014-10-29 11:54 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL</p><p>2014-10-29 11:54 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL</p><p>2014-10-29 11:54 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL</p><p>2014-10-29 11:54 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL</p><p>2014-10-29 11:54 - 2014-07-08 14:38 - 00419992 _____ () C:\Windows\system32\locale.nls</p><p>2014-10-29 11:54 - 2014-07-08 14:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls</p><p>2014-10-29 10:21 - 2014-06-26 18:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll</p><p>2014-10-29 10:21 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll</p><p>2014-10-27 14:28 - 2014-11-09 18:53 - 00000000 ____D () C:\NPE</p><p>2014-10-27 14:21 - 2014-11-09 18:57 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\NPE</p><p>2014-10-27 14:21 - 2014-10-27 14:22 - 00000000 ____D () C:\ProgramData\Norton</p><p>2014-10-27 13:55 - 2014-11-15 15:35 - 00000000 ____D () C:\CleanUpVirus</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-11-15 16:06 - 2013-05-01 22:25 - 01279515 _____ () C:\Windows\WindowsUpdate.log</p><p>2014-11-15 16:03 - 2013-06-17 18:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2014-11-15 16:03 - 2013-05-02 15:56 - 00202802 _____ () C:\Windows\PFRO.log</p><p>2014-11-15 16:03 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2014-11-15 16:03 - 2009-07-13 20:51 - 00003750 _____ () C:\Windows\setupact.log</p><p>2014-11-15 16:02 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Globalization</p><p>2014-11-15 15:52 - 2014-10-15 09:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2014-11-15 15:44 - 2009-07-13 20:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2014-11-15 15:44 - 2009-07-13 20:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2014-11-15 15:38 - 2014-10-15 09:58 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys</p><p>2014-11-15 15:29 - 2013-08-18 21:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2014-11-15 15:25 - 2013-06-17 18:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2014-11-15 15:19 - 2013-10-19 20:03 - 00000310 _____ () C:\Windows\Tasks\DigitalSite.job</p><p>2014-11-15 14:49 - 2013-05-02 21:42 - 00000000 ____D () C:\Users\Anonymouse7\Documents\Outlook Files</p><p>2014-11-15 14:48 - 2009-07-13 21:13 - 00784326 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2014-11-09 19:17 - 2013-11-08 19:55 - 00000000 ____D () C:\Windows\Downloaded Installations</p><p>2014-11-09 03:04 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PLA</p><p>2014-11-08 17:36 - 2013-08-18 21:22 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Roaming\Dropbox</p><p>2014-11-08 17:03 - 2009-07-13 20:45 - 00439992 _____ () C:\Windows\system32\FNTCACHE.DAT</p><p>2014-11-05 17:42 - 2013-07-23 16:18 - 00000072 _____ () C:\Users\Public\LMDebug.log</p><p>2014-11-03 13:07 - 2014-07-03 14:29 - 00000000 ____D () C:\Users\Anonymouse7\Desktop\AP CAP Folder</p><p>2014-10-29 13:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache</p><p>2014-10-29 11:47 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories</p><p>2014-10-29 11:46 - 2014-06-17 21:16 - 00000000 ___SD () C:\Windows\system32\CompatTel</p><p>2014-10-29 11:46 - 2009-07-13 23:46 - 00000000 ____D () C:\Program Files\Windows Journal</p><p>2014-10-29 11:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism</p><p>2014-10-29 11:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism</p><p>2014-10-29 10:41 - 2013-05-02 19:00 - 00000000 ____D () C:\ProgramData\Microsoft Help</p><p>2014-10-29 10:26 - 2013-05-02 15:58 - 00776448 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI</p><p>2014-10-29 10:21 - 2013-11-24 07:59 - 00000000 ____D () C:\Windows\system32\MRT</p><p>2014-10-28 10:26 - 2013-06-17 18:28 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2014-10-28 05:34 - 2013-05-01 22:45 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe</p><p>2014-10-27 19:20 - 2013-06-17 18:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA</p><p>2014-10-27 19:20 - 2013-06-17 18:26 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore</p><p>2014-10-20 13:48 - 2014-10-15 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2014-10-20 13:48 - 2014-10-15 09:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2014-10-20 13:48 - 2013-09-29 06:48 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\Anonymouse7\AppData\Local\Temp\ose00000.exe</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p>==================== BCD ================================</p><p></p><p>Windows Boot Manager</p><p>--------------------</p><p>identifier {bootmgr}</p><p>device partition=\Device\HarddiskVolume1</p><p>description Windows Boot Manager</p><p>locale en-US</p><p>inherit {globalsettings}</p><p>default {current}</p><p>resumeobject {54bcc701-b2f8-11e2-89f3-c08fd3efab3e}</p><p>displayorder {current}</p><p>toolsdisplayorder {memdiag}</p><p>timeout 15</p><p></p><p>Windows Boot Loader</p><p>-------------------</p><p>identifier {current}</p><p>device partition=C:</p><p>path \Windows\system32\winload.exe</p><p>description Windows 7</p><p>locale en-US</p><p>inherit {bootloadersettings}</p><p>recoverysequence {54bcc703-b2f8-11e2-89f3-c08fd3efab3e}</p><p>recoveryenabled Yes</p><p>osdevice partition=C:</p><p>systemroot \Windows</p><p>resumeobject {54bcc701-b2f8-11e2-89f3-c08fd3efab3e}</p><p>nx OptIn</p><p>bootlog No</p><p></p><p>Windows Boot Loader</p><p>-------------------</p><p>identifier {54bcc703-b2f8-11e2-89f3-c08fd3efab3e}</p><p>device ramdisk=[C:]\Recovery\54bcc703-b2f8-11e2-89f3-c08fd3efab3e\Winre.wim,{54bcc704-b2f8-11e2-89f3-c08fd3efab3e}</p><p>path \windows\system32\winload.exe</p><p>description Windows Recovery Environment</p><p>inherit {bootloadersettings}</p><p>osdevice ramdisk=[C:]\Recovery\54bcc703-b2f8-11e2-89f3-c08fd3efab3e\Winre.wim,{54bcc704-b2f8-11e2-89f3-c08fd3efab3e}</p><p>systemroot \windows</p><p>nx OptIn</p><p>winpe Yes</p><p></p><p>Resume from Hibernate</p><p>---------------------</p><p>identifier {54bcc701-b2f8-11e2-89f3-c08fd3efab3e}</p><p>device partition=C:</p><p>path \Windows\system32\winresume.exe</p><p>description Windows Resume Application</p><p>locale en-US</p><p>inherit {resumeloadersettings}</p><p>filedevice partition=C:</p><p>filepath \hiberfil.sys</p><p>debugoptionenabled No</p><p></p><p>Windows Memory Tester</p><p>---------------------</p><p>identifier {memdiag}</p><p>device partition=\Device\HarddiskVolume1</p><p>path \boot\memtest.exe</p><p>description Windows Memory Diagnostic</p><p>locale en-US</p><p>inherit {globalsettings}</p><p>badmemoryaccess Yes</p><p></p><p>EMS Settings</p><p>------------</p><p>identifier {emssettings}</p><p>bootems Yes</p><p></p><p>Debugger Settings</p><p>-----------------</p><p>identifier {dbgsettings}</p><p>debugtype Serial</p><p>debugport 1</p><p>baudrate 115200</p><p></p><p>RAM Defects</p><p>-----------</p><p>identifier {badmemory}</p><p></p><p>Global Settings</p><p>---------------</p><p>identifier {globalsettings}</p><p>inherit {dbgsettings}</p><p> {emssettings}</p><p> {badmemory}</p><p></p><p>Boot Loader Settings</p><p>--------------------</p><p>identifier {bootloadersettings}</p><p>inherit {globalsettings}</p><p> {hypervisorsettings}</p><p></p><p>Hypervisor Settings</p><p>-------------------</p><p>identifier {hypervisorsettings}</p><p>hypervisordebugtype Serial</p><p>hypervisordebugport 1</p><p>hypervisorbaudrate 115200</p><p></p><p>Resume Loader Settings</p><p>----------------------</p><p>identifier {resumeloadersettings}</p><p>inherit {globalsettings}</p><p></p><p>Device options</p><p>--------------</p><p>identifier {54bcc704-b2f8-11e2-89f3-c08fd3efab3e}</p><p>description Ramdisk Options</p><p>ramdisksdidevice partition=C:</p><p>ramdisksdipath \Recovery\54bcc703-b2f8-11e2-89f3-c08fd3efab3e\boot.sdi</p><p></p><p></p><p></p><p>LastRegBack: 2014-11-15 00:37</p><p></p><p>==================== End Of Log ============================</p><p></p><p>Files would not attach.</p></blockquote><p></p>
[QUOTE="CuriosGeorge, post: 301071, member: 30673"] +++++First FRST64 run......... Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014 Ran by Anonymouse7 (administrator) on ANONYMOUSE7-PC on 15-11-2014 14:51:01 Running from C:\Users\Anonymouse7\Desktop Loaded Profile: Anonymouse7 (Available profiles: Anonymouse7 & UpdatusUser) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] () HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\MountPoints2: {0a95aa89-b2f0-11e2-a410-806e6f6e6963} - D:\setup.exe HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\MountPoints2: {3eb9274b-b2f1-11e2-8dd2-0019d181a116} - J:\LaunchU3.exe -a HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-21] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [url]http://www.msn.com/?ocid=iehp[/url] HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4E02FB285247CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-1790508116-3232562679-3642955932-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-1790508116-3232562679-3642955932-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} [url]http://i.dell.com/images/global/js/scanner/SysProExe.cab[/url] DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} [url]http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab[/url] DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url] DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [url]https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab[/url] Tcpip\..\Interfaces\{7D43E0F8-0AAB-4165-8A34-8E2E0038F894}: [NameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default FF Homepage: hxxp://[url="http://www.google.com/"]www.google.com/[/url] FF Keyword.URL: FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\searchplugins\safeguard-secure-search.xml FF Extension: UIGlobalNotify Class - C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\Extensions\{F8D60573-0129-130E-B0BA-F9FB6449775B} [2014-11-09] FF Extension: Greasemonkey - C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-12-25] Chrome: ======= CHR HomePage: Default -> [url]https://www.google.com/[/url] CHR StartupUrls: Default -> "[url]https://www.google.com/[/url]" CHR Profile: C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (UIGlobalNotify Class) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-11-09] CHR Extension: (Google Docs) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-17] CHR Extension: (Google Drive) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-17] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-17] CHR Extension: (YouTube) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-17] CHR Extension: (Google Search) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-17] CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2013-11-12] CHR Extension: (CnC TA Script Collection) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhpmdclklpgfcpoiomjofgfagenmgeo [2013-12-24] CHR Extension: (Google Wallet) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (Gmail) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-05-02] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-05-02] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed] R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\SupportSoft\bin\ssrc.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 EBIOS32; C:\Windows\SysWOW64\Drivers\EBIOS32.SYS [13922 2010-10-28] (Intel Corporation) [File not signed] R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2009-02-11] (Paragon Software Group) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation) S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd.) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [45312 2009-02-11] (Windows (R) 2000 DDK provider) S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-15 14:51 - 2014-11-15 14:51 - 00015280 _____ () C:\Users\Anonymouse7\Desktop\FRST.txt 2014-11-15 14:50 - 2014-11-15 14:51 - 00000000 ____D () C:\FRST 2014-11-15 14:48 - 2014-11-15 14:37 - 00001401 _____ () C:\Users\Anonymouse7\Desktop\iExplore - Shortcut.lnk 2014-11-15 14:48 - 2014-11-15 11:04 - 00415232 _____ (Farbar) C:\Users\Anonymouse7\Desktop\FSS.exe 2014-11-15 14:48 - 2014-11-15 11:03 - 00401920 _____ (Farbar) C:\Users\Anonymouse7\Desktop\MiniToolBox.exe 2014-11-15 14:48 - 2014-11-15 11:01 - 05598504 _____ (Swearware) C:\Users\Anonymouse7\Desktop\ComboFix.exe 2014-11-15 14:48 - 2014-11-15 11:00 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Anonymouse7\Desktop\WiNlOgOn.exe 2014-11-15 14:48 - 2014-11-15 11:00 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Anonymouse7\Desktop\rkill.exe 2014-11-15 14:48 - 2014-11-15 10:57 - 02140160 _____ () C:\Users\Anonymouse7\Desktop\AdwCleaner.exe 2014-11-15 14:48 - 2014-11-15 10:54 - 02116608 _____ (Farbar) C:\Users\Anonymouse7\Desktop\FRST64.exe 2014-11-15 14:48 - 2014-11-15 10:54 - 01108480 _____ (Farbar) C:\Users\Anonymouse7\Desktop\FRST.exe 2014-11-15 14:48 - 2014-10-27 19:20 - 03060320 _____ (Symantec Corporation) C:\Users\Anonymouse7\Desktop\NortonPE.exe 2014-11-15 14:48 - 2014-10-26 16:02 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Anonymouse7\Desktop\mbam-setup-2.0.3.1025.exe 2014-11-15 14:48 - 2014-08-31 09:45 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Anonymouse7\Desktop\spybot-2.4.exe 2014-11-09 18:36 - 2014-11-09 18:36 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\YTPack 2014-11-09 18:36 - 2014-11-09 18:36 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\Ehbtion 2014-11-09 18:35 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\ZertAkbem 2014-11-09 18:35 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\VeraPayvi 2014-11-08 18:13 - 2014-11-08 18:25 - 122046712 _____ (Microsoft Corporation) C:\Users\Anonymouse7\Downloads\msert.exe 2014-11-08 17:51 - 2014-11-08 18:05 - 115614832 _____ (Symantec Corporation) C:\Users\Anonymouse7\Downloads\NS-TW-22.0.0-EN-US.exe 2014-11-08 17:46 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\YezeJyed 2014-11-08 17:46 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\TeziTvir 2014-11-08 17:43 - 2014-11-08 17:43 - 00000160 ____H () C:\ProgramData\@system3.att 2014-11-08 17:42 - 2014-11-08 17:42 - 00000448 ____H () C:\Users\Anonymouse7\AppData\Roaming\麽鎒駓覜 2014-11-08 17:42 - 2014-11-08 17:42 - 00000424 _____ () C:\ProgramData\@system.temp 2014-11-08 17:41 - 2014-11-09 19:03 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Roaming\FrameworkUpdate7 2014-11-08 17:25 - 2014-11-08 17:26 - 00779704 _____ (Symantec) C:\Users\Anonymouse7\Downloads\Setup.exe 2014-11-08 16:45 - 2014-11-08 16:48 - 00032291 _____ () C:\Users\Anonymouse7\AppData\Roaming\893686b8 2014-11-08 16:45 - 2014-11-08 16:48 - 00024065 _____ () C:\Users\Anonymouse7\AppData\Local\893686b8 2014-11-08 16:45 - 2014-11-08 16:48 - 00021087 _____ () C:\ProgramData\893686b8 2014-11-08 16:25 - 2014-11-09 18:34 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-11-08 14:20 - 2014-11-09 18:37 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\CrashDumps 2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-10-29 11:54 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-10-29 11:54 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-10-29 11:54 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-10-29 11:54 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-10-29 11:54 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-10-29 11:54 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-10-29 11:54 - 2014-07-08 14:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-10-29 11:54 - 2014-07-08 14:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-10-29 10:21 - 2014-06-26 18:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-10-29 10:21 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-10-27 14:28 - 2014-11-09 18:53 - 00000000 ____D () C:\NPE 2014-10-27 14:21 - 2014-11-09 18:57 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\NPE 2014-10-27 14:21 - 2014-10-27 14:22 - 00000000 ____D () C:\ProgramData\Norton 2014-10-27 13:55 - 2014-11-08 19:11 - 00000000 ____D () C:\CleanUpVirus ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-15 14:49 - 2013-05-02 21:42 - 00000000 ____D () C:\Users\Anonymouse7\Documents\Outlook Files 2014-11-15 14:48 - 2009-07-13 21:13 - 00784326 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-15 14:46 - 2009-07-13 20:51 - 00003638 _____ () C:\Windows\setupact.log 2014-11-15 14:29 - 2013-08-18 21:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-15 14:26 - 2013-06-17 18:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-15 14:19 - 2013-10-19 20:03 - 00000310 _____ () C:\Windows\Tasks\DigitalSite.job 2014-11-15 13:59 - 2013-05-01 22:25 - 02053732 _____ () C:\Windows\WindowsUpdate.log 2014-11-14 20:25 - 2013-06-17 18:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-13 14:03 - 2009-07-13 20:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-13 14:03 - 2009-07-13 20:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-13 13:56 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-13 13:55 - 2013-05-02 15:56 - 00202476 _____ () C:\Windows\PFRO.log 2014-11-09 19:17 - 2013-11-08 19:55 - 00000000 ____D () C:\Windows\Downloaded Installations 2014-11-09 19:10 - 2014-10-15 09:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-09 03:04 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PLA 2014-11-08 17:36 - 2013-08-18 21:22 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Roaming\Dropbox 2014-11-08 17:03 - 2009-07-13 20:45 - 00439992 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-05 17:42 - 2013-07-23 16:18 - 00000072 _____ () C:\Users\Public\LMDebug.log 2014-11-03 13:07 - 2014-07-03 14:29 - 00000000 ____D () C:\Users\Anonymouse7\Desktop\AP CAP Folder 2014-10-29 13:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache 2014-10-29 11:47 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-29 11:46 - 2014-06-17 21:16 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-29 11:46 - 2009-07-13 23:46 - 00000000 ____D () C:\Program Files\Windows Journal 2014-10-29 11:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-10-29 11:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-10-29 10:41 - 2013-05-02 19:00 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-29 10:26 - 2013-05-02 15:58 - 00776448 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-10-29 10:21 - 2013-11-24 07:59 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-28 10:26 - 2013-06-17 18:28 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-28 05:34 - 2013-05-01 22:45 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-27 19:20 - 2013-06-17 18:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-27 19:20 - 2013-06-17 18:26 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-20 13:48 - 2014-10-15 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-20 13:48 - 2014-10-15 09:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-20 13:48 - 2013-09-29 06:48 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk Some content of TEMP: ==================== C:\Users\Anonymouse7\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-15 00:37 ==================== End Of Log ============================ ++++Second FRST64 run ..... Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014 Ran by Anonymouse7 (administrator) on ANONYMOUSE7-PC on 15-11-2014 16:06:50 Running from C:\Users\Anonymouse7\Desktop Loaded Profile: Anonymouse7 (Available profiles: Anonymouse7 & UpdatusUser) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Nikon Corporation) C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] () HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\MountPoints2: {0a95aa89-b2f0-11e2-a410-806e6f6e6963} - D:\setup.exe HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\MountPoints2: {3eb9274b-b2f1-11e2-8dd2-0019d181a116} - J:\LaunchU3.exe -a HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-21] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [url]http://www.msn.com/?ocid=iehp[/url] HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4E02FB285247CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-1790508116-3232562679-3642955932-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-1790508116-3232562679-3642955932-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} [url]http://i.dell.com/images/global/js/scanner/SysProExe.cab[/url] DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} [url]http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab[/url] DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url] DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [url]https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab[/url] Tcpip\..\Interfaces\{7D43E0F8-0AAB-4165-8A34-8E2E0038F894}: [NameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default FF Homepage: hxxp://[url="http://www.google.com/"]www.google.com/[/url] FF Keyword.URL: FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\searchplugins\safeguard-secure-search.xml FF Extension: UIGlobalNotify Class - C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\Extensions\{F8D60573-0129-130E-B0BA-F9FB6449775B} [2014-11-09] FF Extension: Greasemonkey - C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-12-25] Chrome: ======= CHR HomePage: Default -> [url]https://www.google.com/[/url] CHR StartupUrls: Default -> "[url]https://www.google.com/[/url]" CHR Profile: C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (UIGlobalNotify Class) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-11-09] CHR Extension: (Google Docs) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-17] CHR Extension: (Google Drive) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-17] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-17] CHR Extension: (YouTube) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-17] CHR Extension: (Google Search) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-17] CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2013-11-12] CHR Extension: (CnC TA Script Collection) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhpmdclklpgfcpoiomjofgfagenmgeo [2013-12-24] CHR Extension: (Google Wallet) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (Gmail) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-05-02] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-05-02] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed] R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\SupportSoft\bin\ssrc.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 EBIOS32; C:\Windows\SysWOW64\Drivers\EBIOS32.SYS [13922 2010-10-28] (Intel Corporation) [File not signed] R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2009-02-11] (Paragon Software Group) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation) S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd.) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [45312 2009-02-11] (Windows (R) 2000 DDK provider) S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706 C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868 C:\Windows\System32\DRIVERS\e1e6232e.sys 099E01A94167CA8BDA2CF72037AD0E28 C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\SysWOW64\Drivers\EBIOS32.SYS 81BEE29F3D4A810350312D8B29CB8AFA C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hotcore3.sys C12374FE946EBE42B13234770249C387 C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iaStorA.sys AE0C5DF7E7DA3E7AC29B64CFA8C4F044 C:\Windows\System32\DRIVERS\iaStorF.sys 711241EA1BA9DB44F34D03D2AD00ED08 C:\Windows\System32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\drivers\ksaud.sys 64801398A9EA492548703CC5F0109F87 C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404 C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nvlddmkm.sys 8E6247F418B4C8AE9EEB0B532CABCC21 C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34 C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41 C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\Drivers\SSPORT.sys 0211AB46B73A2623B86C1CFCB30579AB C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1 C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\uimx64.sys F86E3A8AC9BFFC8B6E64C40C7156B706 C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2 C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965 C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24 C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-15 15:39 - 2014-11-15 15:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-11-15 15:38 - 2014-11-15 15:49 - 00000000 ____D () C:\Users\Anonymouse7\Desktop\mbar 2014-11-15 15:36 - 2014-11-15 15:37 - 00616586 _____ () C:\Users\Anonymouse7\Desktop\ESETPoweliksCleaner.exe_20141115.153650.204.log 2014-11-15 15:36 - 2014-11-15 15:33 - 00186568 _____ (ESET) C:\Users\Anonymouse7\Desktop\ESETPoweliksCleaner.exe 2014-11-15 15:36 - 2014-11-15 15:26 - 02737592 _____ (Malwarebytes ) C:\Users\Anonymouse7\Desktop\mbae-setup-1.04.1.1012.exe 2014-11-15 15:36 - 2014-11-15 15:24 - 14439696 _____ (Malwarebytes Corp.) C:\Users\Anonymouse7\Desktop\mbar-1.08.1.1001.exe 2014-11-15 15:36 - 2014-11-15 15:00 - 00031111 _____ () C:\Users\Anonymouse7\Desktop\Addition111520141500.txt 2014-11-15 15:01 - 2014-11-15 15:01 - 00025342 _____ () C:\Users\Anonymouse7\Desktop\FRST111520141500.txt 2014-11-15 14:51 - 2014-11-15 16:07 - 00030566 _____ () C:\Users\Anonymouse7\Desktop\FRST.txt 2014-11-15 14:51 - 2014-11-15 14:51 - 00031111 _____ () C:\Users\Anonymouse7\Desktop\Addition.txt 2014-11-15 14:50 - 2014-11-15 16:06 - 00000000 ____D () C:\FRST 2014-11-15 14:48 - 2014-11-15 14:37 - 00001401 _____ () C:\Users\Anonymouse7\Desktop\iExplore - Shortcut.lnk 2014-11-15 14:48 - 2014-11-15 11:04 - 00415232 _____ (Farbar) C:\Users\Anonymouse7\Desktop\FSS.exe 2014-11-15 14:48 - 2014-11-15 11:03 - 00401920 _____ (Farbar) C:\Users\Anonymouse7\Desktop\MiniToolBox.exe 2014-11-15 14:48 - 2014-11-15 11:01 - 05598504 _____ (Swearware) C:\Users\Anonymouse7\Desktop\ComboFix.exe 2014-11-15 14:48 - 2014-11-15 11:00 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Anonymouse7\Desktop\rkill.exe 2014-11-15 14:48 - 2014-11-15 10:57 - 02140160 _____ () C:\Users\Anonymouse7\Desktop\AdwCleaner.exe 2014-11-15 14:48 - 2014-11-15 10:54 - 02116608 _____ (Farbar) C:\Users\Anonymouse7\Desktop\FRST64.exe 2014-11-15 14:48 - 2014-11-15 10:54 - 01108480 _____ (Farbar) C:\Users\Anonymouse7\Desktop\FRST.exe 2014-11-15 14:48 - 2014-10-27 19:20 - 03060320 _____ (Symantec Corporation) C:\Users\Anonymouse7\Desktop\NortonPE.exe 2014-11-15 14:48 - 2014-10-26 16:02 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Anonymouse7\Desktop\mbam-setup-2.0.3.1025.exe 2014-11-15 14:48 - 2014-08-31 09:45 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Anonymouse7\Desktop\spybot-2.4.exe 2014-11-09 18:36 - 2014-11-09 18:36 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\YTPack 2014-11-09 18:36 - 2014-11-09 18:36 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\Ehbtion 2014-11-09 18:35 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\ZertAkbem 2014-11-09 18:35 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\VeraPayvi 2014-11-08 18:13 - 2014-11-08 18:25 - 122046712 _____ (Microsoft Corporation) C:\Users\Anonymouse7\Downloads\msert.exe 2014-11-08 17:51 - 2014-11-08 18:05 - 115614832 _____ (Symantec Corporation) C:\Users\Anonymouse7\Downloads\NS-TW-22.0.0-EN-US.exe 2014-11-08 17:46 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\YezeJyed 2014-11-08 17:46 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\TeziTvir 2014-11-08 17:43 - 2014-11-08 17:43 - 00000160 ____H () C:\ProgramData\@system3.att 2014-11-08 17:42 - 2014-11-08 17:42 - 00000448 ____H () C:\Users\Anonymouse7\AppData\Roaming\麽鎒駓覜 2014-11-08 17:42 - 2014-11-08 17:42 - 00000424 _____ () C:\ProgramData\@system.temp 2014-11-08 17:41 - 2014-11-09 19:03 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Roaming\FrameworkUpdate7 2014-11-08 17:25 - 2014-11-08 17:26 - 00779704 _____ (Symantec) C:\Users\Anonymouse7\Downloads\Setup.exe 2014-11-08 16:45 - 2014-11-08 16:48 - 00032291 _____ () C:\Users\Anonymouse7\AppData\Roaming\893686b8 2014-11-08 16:45 - 2014-11-08 16:48 - 00024065 _____ () C:\Users\Anonymouse7\AppData\Local\893686b8 2014-11-08 16:45 - 2014-11-08 16:48 - 00021087 _____ () C:\ProgramData\893686b8 2014-11-08 16:25 - 2014-11-09 18:34 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-11-08 14:20 - 2014-11-09 18:37 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\CrashDumps 2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-10-29 11:54 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-10-29 11:54 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-10-29 11:54 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-10-29 11:54 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-10-29 11:54 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-10-29 11:54 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-10-29 11:54 - 2014-07-08 14:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-10-29 11:54 - 2014-07-08 14:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-10-29 10:21 - 2014-06-26 18:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-10-29 10:21 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-10-27 14:28 - 2014-11-09 18:53 - 00000000 ____D () C:\NPE 2014-10-27 14:21 - 2014-11-09 18:57 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\NPE 2014-10-27 14:21 - 2014-10-27 14:22 - 00000000 ____D () C:\ProgramData\Norton 2014-10-27 13:55 - 2014-11-15 15:35 - 00000000 ____D () C:\CleanUpVirus ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-15 16:06 - 2013-05-01 22:25 - 01279515 _____ () C:\Windows\WindowsUpdate.log 2014-11-15 16:03 - 2013-06-17 18:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-15 16:03 - 2013-05-02 15:56 - 00202802 _____ () C:\Windows\PFRO.log 2014-11-15 16:03 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-15 16:03 - 2009-07-13 20:51 - 00003750 _____ () C:\Windows\setupact.log 2014-11-15 16:02 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Globalization 2014-11-15 15:52 - 2014-10-15 09:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-15 15:44 - 2009-07-13 20:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-15 15:44 - 2009-07-13 20:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-15 15:38 - 2014-10-15 09:58 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-15 15:29 - 2013-08-18 21:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-15 15:25 - 2013-06-17 18:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-15 15:19 - 2013-10-19 20:03 - 00000310 _____ () C:\Windows\Tasks\DigitalSite.job 2014-11-15 14:49 - 2013-05-02 21:42 - 00000000 ____D () C:\Users\Anonymouse7\Documents\Outlook Files 2014-11-15 14:48 - 2009-07-13 21:13 - 00784326 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-09 19:17 - 2013-11-08 19:55 - 00000000 ____D () C:\Windows\Downloaded Installations 2014-11-09 03:04 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PLA 2014-11-08 17:36 - 2013-08-18 21:22 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Roaming\Dropbox 2014-11-08 17:03 - 2009-07-13 20:45 - 00439992 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-05 17:42 - 2013-07-23 16:18 - 00000072 _____ () C:\Users\Public\LMDebug.log 2014-11-03 13:07 - 2014-07-03 14:29 - 00000000 ____D () C:\Users\Anonymouse7\Desktop\AP CAP Folder 2014-10-29 13:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache 2014-10-29 11:47 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-29 11:46 - 2014-06-17 21:16 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-29 11:46 - 2009-07-13 23:46 - 00000000 ____D () C:\Program Files\Windows Journal 2014-10-29 11:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-10-29 11:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-10-29 10:41 - 2013-05-02 19:00 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-29 10:26 - 2013-05-02 15:58 - 00776448 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-10-29 10:21 - 2013-11-24 07:59 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-28 10:26 - 2013-06-17 18:28 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-28 05:34 - 2013-05-01 22:45 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-27 19:20 - 2013-06-17 18:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-27 19:20 - 2013-06-17 18:26 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-20 13:48 - 2014-10-15 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-20 13:48 - 2014-10-15 09:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-20 13:48 - 2013-09-29 06:48 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk Some content of TEMP: ==================== C:\Users\Anonymouse7\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale en-US inherit {globalsettings} default {current} resumeobject {54bcc701-b2f8-11e2-89f3-c08fd3efab3e} displayorder {current} toolsdisplayorder {memdiag} timeout 15 Windows Boot Loader ------------------- identifier {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale en-US inherit {bootloadersettings} recoverysequence {54bcc703-b2f8-11e2-89f3-c08fd3efab3e} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {54bcc701-b2f8-11e2-89f3-c08fd3efab3e} nx OptIn bootlog No Windows Boot Loader ------------------- identifier {54bcc703-b2f8-11e2-89f3-c08fd3efab3e} device ramdisk=[C:]\Recovery\54bcc703-b2f8-11e2-89f3-c08fd3efab3e\Winre.wim,{54bcc704-b2f8-11e2-89f3-c08fd3efab3e} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\54bcc703-b2f8-11e2-89f3-c08fd3efab3e\Winre.wim,{54bcc704-b2f8-11e2-89f3-c08fd3efab3e} systemroot \windows nx OptIn winpe Yes Resume from Hibernate --------------------- identifier {54bcc701-b2f8-11e2-89f3-c08fd3efab3e} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {54bcc704-b2f8-11e2-89f3-c08fd3efab3e} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\54bcc703-b2f8-11e2-89f3-c08fd3efab3e\boot.sdi LastRegBack: 2014-11-15 00:37 ==================== End Of Log ============================ Files would not attach. [/QUOTE]
Insert quotes…
Verification
Post reply
Top