Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Bad Virus found on windows 7, losing hard-drive space, HELP!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby pgmigg » January 19th, 2015, 2:17 am

Hello Brian,

Hi, I've tried finding the two programs which you required to be removed. The IObit Toolbar I couldn't find installed, but deleted the folder. When trying to uninstall in the appwiz.cpl, I came across this warning and couldn't find the pathway: "Windows Installer: The Path C:\Users\BRIANB~1\AppData\Local\Temp\{A4501E0F4-EE62-48F0-814D-798BC87739AD}\IObitapps Toolbar.msi cannot be found. Verify that you have access to this location and try again or try to find the installation package iobitappsToolbar.msi in a folder from which you can install the product IObit Apps Toolbar V7.5."
It looks like my instruction was not clear enough - sorry about that.
Instead of running appwiz.cpl you tried to uninstall it when I asked you to uninstall two programs Advertising Center and IObit Apps Toolbar v7.5 if they are present in the Uninstall or change a program list which should be opened by running appwiz.cpl utility.

I will repeat that step differently:

Step 1.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below into the opened text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     appwiz.cpl
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to continue:
    Advertising Center
    IObit Apps Toolbar v7.5
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.

If you don't find one or both programs in that list, please to proceed with all other steps from my previous post.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Top
Advertisement
Register to Remove

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 19th, 2015, 6:04 pm

While running OTC Fix (tried several times):

Computer runs through some of it (when everything is closed) and gets stuck for hours (left on overnight until 2:00pm Today, Monday). It gets stopped up and unresponsive on one file.

Status bar at bottom of scanner reads:

"processing FF-prefs.js..extensions.enabledAddons:ascsurfingprotection%40iobit.com1.0..."

I've uninstalled all IObit programs except for the Toolbar which I'm having problems finding or gaining access to remove.

Thanks
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am
Top

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby pgmigg » January 19th, 2015, 6:12 pm

Hello Brian,

While running OTC Fix (tried several times):

Computer runs through some of it (when everything is closed) and gets stuck for hours (left on overnight until 2:00pm Today, Monday). It gets stopped up and unresponsive on one file.
It is OK for now. Please skip this OTL Fix step and try to run steps 3, 4, and 5.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Top

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 20th, 2015, 1:14 am

A: Only problems executing were with the OTL Scan freezing up or stuck on one file as discussed previous. Also, uninstalling the IObit Toolbar which I can't seem to gain access to or computer can't find.

B: No OTL Log because of scanner issues
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am
Top

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 20th, 2015, 1:16 am

C: ADW Cleaner Log:


# AdwCleaner v4.108 - Report created 19/01/2015 at 18:37:20
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : brianboyns - BRIANBOYNS-PC
# Running from : C:\Users\brianboyns\Downloads\adwcleaner_4.108.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : SecureUpdateSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Free Ride Games
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\codeccheck
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Bandoo
Folder Deleted : C:\Program Files (x86)\Free Ride Games
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\iLivid
Folder Deleted : C:\Users\brianboyns\AppData\Local\apn
Folder Deleted : C:\Users\brianboyns\AppData\Local\Conduit
Folder Deleted : C:\Users\brianboyns\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\brianboyns\AppData\Local\PackageAware
Folder Deleted : C:\Users\brianboyns\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\brianboyns\AppData\LocalLow\TelevisionFanaticEI
Folder Deleted : C:\Users\brianboyns\AppData\Roaming\vghd
Folder Deleted : C:\Users\brianboyns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
Folder Deleted : C:\Users\brianboyns\AppData\Roaming\Mozilla\Firefox\Profiles\9sm9rnun.default\Extensions\adremoveext@adremoveext.net
Folder Deleted : C:\Users\Arborist.brianboyns-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Folder Deleted : C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
[/!\] Not Deleted ( Junction ) : C:\Users\Arborist.brianboyns-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
[/!\] Not Deleted ( Junction ) : C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
[/!\] Not Deleted ( Junction ) : C:\Users\Arborist.brianboyns-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
[/!\] Not Deleted ( Junction ) : C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
File Deleted : C:\Windows\Reimage.ini
File Deleted : C:\Users\brianboyns\AppData\Roaming\Mozilla\Firefox\Profiles\9sm9rnun.default\searchplugins\bingp.xml
File Deleted : C:\Users\brianboyns\AppData\Roaming\Mozilla\Firefox\Profiles\9sm9rnun.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : BackgroundContainer Startup Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFileWMA3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShoppingBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Deleted : HKLM\SOFTWARE\Classes\ilivid
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063123.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063123.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063123.Shopping
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063123.Shopping.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89CC5A31-B592-4BB3-82F5-BD8ACA3E0BF0}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\bflixtoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKCU\Software\AppDataLow\Software\TelevisionFanaticEI
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\Search Settings
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A498D792D0AD2F4DADF03B3C066122B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C697F962E048A434B8AE269E702964C8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ib.adnxs.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\lax1.ib.adnxs.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nym1.ib.adnxs.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thesweethome.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v

[C:\Users\Arborist.brianboyns-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Arborist.brianboyns-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [11117 octets] - [19/01/2015 18:14:11]
AdwCleaner[R1].txt - [11178 octets] - [19/01/2015 18:34:02]
AdwCleaner[S0].txt - [10902 octets] - [19/01/2015 18:37:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10963 octets] ##########
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am
Top

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 20th, 2015, 1:18 am

D: JRT.txt Log File:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by brianboyns on Mon 01/19/2015 at 20:53:36.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\Users\brianboyns\AppData\Roaming\sparktrust"
Successfully deleted: [Folder] "C:\Users\brianboyns\appdata\local\tempdir"
Successfully deleted: [Folder] "C:\Program Files (x86)\crossriderwebapps"
Successfully deleted: [Folder] "C:\Program Files (x86)\sparktrust"
Successfully deleted: [Folder] "C:\Users\brianboyns\AppData\Roaming\microsoft\windows\start menu\programs\sparktrust"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\brianboyns\appdata\local\{A7120BBF-B046-4BB4-8EE9-AE621830EBA5}
Successfully deleted: [Empty Folder] C:\Users\brianboyns\appdata\local\{CBE6CA5F-F923-4E11-BB1A-CF5D14B02E0D}
Successfully deleted: [Empty Folder] C:\Users\brianboyns\appdata\local\{E6C4F609-A950-4EE1-A2C7-B7F3047E5F67}
Successfully deleted: [Empty Folder] C:\Users\brianboyns\appdata\local\{FEB4602C-2BAD-4C90-B745-88223C9E01F0}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/19/2015 at 20:59:18.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am
Top

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 20th, 2015, 1:21 am

E: FRST.txt Log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by brianboyns (administrator) on BRIANBOYNS-PC on 19-01-2015 21:03:02
Running from C:\Users\brianboyns\Desktop
Loaded Profiles: brianboyns (Available profiles: brianboyns & Arborist)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Memeo Inc.) C:\Program Files (x86)\Memeo\Memeo Send\MemeoSend.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774040 2015-01-16] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [1858152 2012-03-30] (Microsoft Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-04-22] (Memeo Inc.)
HKLM-x32\...\Run: [Memeo AutoSync] => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [144608 2010-04-16] (Memeo Inc.)
HKLM-x32\...\Run: [Memeo Send] => C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe [236816 2009-11-04] ()
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2010-04-30] ()
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-10-23] (Western Digital Technologies, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-2609911718-454996853-969934346-1001\...\MountPoints2: {23473b4d-77bc-11dc-9bf7-806e6f6e6963} - D:\SETUP.EXE
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-18\...\Run: [Advanced SystemCare 6] => "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-2609911718-454996853-969934346-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-2609911718-454996853-969934346-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2609911718-454996853-969934346-1001 -> OldDefaultScope {F29EB221-9A8B-464F-81A9-870718A085E9}
SearchScopes: HKU\S-1-5-21-2609911718-454996853-969934346-1001 -> {9D46F7F2-F30A-4F8A-A1F9-F090DE388418} URL = https://www.google.com/search?q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKU\S-1-5-21-2609911718-454996853-969934346-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - No CLSID Value
Handler: msnim - No CLSID Value
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\brianboyns\AppData\Roaming\Mozilla\Firefox\Profiles\9sm9rnun.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U164DF&PC=U164&q=
FF Homepage: hxxp://www.bing.com/?pc=U159
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.2.206 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.5.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.5.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.5.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.2.206 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-09]
FF HKLM-x32\...\Firefox\Extensions: [{56D10AE9-6227-455E-95C3-73CD63A091EC}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-26]
FF Extension: No Name - C:\Users\brianboyns\AppData\Roaming\Mozilla\Firefox\Profiles\9sm9rnun.default\extensions\ascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - C:\Users\brianboyns\AppData\Roaming\Mozilla\Firefox\Profiles\9sm9rnun.default\extensions\adremoveext@adremoveext.net [Not Found]
FF Extension: No Name - C:\Users\brianboyns\AppData\Roaming\Mozilla\Firefox\Profiles\9sm9rnun.default\extensions\iobitascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.facebook.com/
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSearchURL: Default -> https://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR DefaultNewTabURL: Default -> https://www.bing.com/chrome/newtab?setmkt=en-US
CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR Profile: C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-27]
CHR Extension: (Google Docs) - C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-27]
CHR Extension: (Google Drive) - C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-27]
CHR Extension: (YouTube) - C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-27]
CHR Extension: (Google Search) - C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-27]
CHR Extension: (Google Sheets) - C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-27]
CHR Extension: (RealPlayer Downloader) - C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-12-27]
CHR Extension: (Google Wallet) - C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-27]
CHR Extension: (Gmail) - C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-27]
CHR HKLM-x32\...\Chrome\Extension: [cfgeokpcndgebnmfhfnmjnlkjgeehika] - Extensions\chromePlugin.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-10-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
S3 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [151656 2012-03-30] (Microsoft Corp.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSSQL$MICROSOFTBCM; C:\Program Files (x86)\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [7544916 2003-05-31] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-10-17] ()
S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [29320 2013-10-25] ()
S3 SQLAgent$MICROSOFTBCM; C:\Program Files (x86)\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 ACDaemon; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 cpuz134; No ImagePath
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-14] (REALiX(tm))
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2013-12-02] (Spotflux, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 80B9412C4DE09147581FC935FB4C97AB
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgdiska.sys 54FE1CAFA3B3029B282E6A05EA672031
C:\Windows\System32\DRIVERS\avgidsdrivera.sys A3124AC9C0AF30ABD000A7CB5779C101
C:\Windows\System32\DRIVERS\avgidsha.sys 68070AEEE757ACC6EC5BC291B1E8EA1A
C:\Windows\System32\DRIVERS\avgldx64.sys 7C9E8FD2BFCE60BDF9B5944C0BE47C87
C:\Windows\System32\DRIVERS\avgloga.sys 734DCC05A7F327FDCE43A18BA011FD4E
C:\Windows\System32\DRIVERS\avgmfx64.sys B4D589C734D796B5B76E0A0E5DA50397
C:\Windows\System32\DRIVERS\avgrkx64.sys 3CE824D46BA1871713ABF147E6BAD556
C:\Windows\System32\DRIVERS\avgtdia.sys 0BB7ECAC81554D83A66A0B9F961BB9D0
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\System32\DRIVERS\e1y62x64.sys 11D0ECA73AB25135F65656B93ADBCB3D
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys DF96C3CD6AE15F6D0A6BCB70F9C1E88D
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 6C06701BF1DB05405804D7EB610991CE
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS E5805896A55D4166C20F216249F40FA3
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 8814F0B9A09C647D3D7BE735450E7B4C
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys D2B1DA73B6E8769A1BE1A55693B7F1B3
C:\Windows\System32\drivers\IntcHdmi.sys B014CE58F0A8048D3924BA8D5CCBC5F1
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbamchameleon.sys 478CC94C937D235CB0A96AB8F2359D81
C:\Windows\system32\drivers\mbam.sys CA43F8904E24BBE49982E4C0B29E6579
C:\Windows\system32\drivers\mwac.sys A646C2DDB8C46E9B20A326FAF566646C
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\system32\drivers\NTIDrvr.sys 64DDD0DEE976302F4BD93E5EFCC2F013
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcouffin.sys AF7CE12C4F3DC8CB2B07685C916BBCFE
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys 946010CDFA91469351B22E2620CEBCD8
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\sscdbus.sys ED161B91FDF7EAA39469D72D463D5F4E
C:\Windows\System32\DRIVERS\sscdmdfl.sys 4CB09E77593DBD8D7AF33B37375CA715
C:\Windows\System32\DRIVERS\sscdmdm.sys C7B4CF53497A6E5363F3439427663882
C:\Windows\System32\DRIVERS\sscdserd.sys 05FFA552F578E27AB2D41B6828DB477F
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tapSF0901.sys 185C2170CFD84F9D708276FBB5ABD77D
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\system32\drivers\UBHelper.sys 2E22C1FD397A5A9FFEF55E9D1FC96C00
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 21:03 - 2015-01-19 21:03 - 00035990 _____ () C:\Users\brianboyns\Desktop\FRST.txt
2015-01-19 20:59 - 2015-01-19 20:59 - 00002280 _____ () C:\Users\brianboyns\Desktop\JRT.txt
2015-01-19 19:30 - 2015-01-19 20:50 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-01-19 18:19 - 2015-01-19 21:03 - 00000000 ____D () C:\FRST
2015-01-19 18:18 - 2015-01-19 18:18 - 00000000 ____D () C:\Windows\ERUNT
2015-01-19 18:16 - 2015-01-19 18:16 - 02126848 _____ (Farbar) C:\Users\brianboyns\Desktop\FRST64.exe
2015-01-19 18:15 - 2015-01-19 18:15 - 01707939 _____ (Thisisu) C:\Users\brianboyns\Desktop\JRT.exe
2015-01-19 18:13 - 2015-01-19 18:37 - 00000000 ____D () C:\AdwCleaner
2015-01-19 18:13 - 2015-01-19 18:13 - 02186752 _____ () C:\Users\brianboyns\Desktop\adwcleaner_4.108.exe
2015-01-18 21:14 - 2015-01-18 21:14 - 00000000 ____D () C:\_OTL
2015-01-18 21:09 - 2015-01-19 20:50 - 00003360 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2609911718-454996853-969934346-1001
2015-01-18 04:12 - 2015-01-19 18:39 - 00000224 _____ () C:\Windows\setupact.log
2015-01-18 04:12 - 2015-01-19 18:38 - 01028232 _____ () C:\Windows\PFRO.log
2015-01-18 04:12 - 2015-01-18 04:12 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-18 03:37 - 2015-01-18 03:37 - 00067210 _____ () C:\Users\brianboyns\Desktop\Extras.Txt
2015-01-18 03:34 - 2015-01-18 03:34 - 00129326 _____ () C:\Users\brianboyns\Desktop\OTL.Txt
2015-01-18 03:22 - 2015-01-18 03:22 - 00602112 _____ (OldTimer Tools) C:\Users\brianboyns\Desktop\OTL scanner.exe
2015-01-17 17:52 - 2015-01-18 04:11 - 00000000 ____D () C:\Analytics
2015-01-17 17:52 - 2015-01-17 17:52 - 00000000 ____D () C:\Windows\System32\Tasks\Western Digital
2015-01-17 17:49 - 2015-01-17 17:49 - 00000000 ____D () C:\Users\brianboyns\AppData\Local\Western_Digital_Technolog
2015-01-17 17:49 - 2015-01-17 17:49 - 00000000 ____D () C:\Users\brianboyns\AppData\Local\Western Digital
2015-01-17 17:48 - 2015-01-17 17:48 - 00001142 _____ () C:\Users\Public\Desktop\WD Security.lnk
2015-01-17 17:48 - 2015-01-17 17:48 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-17 17:41 - 2015-01-17 17:41 - 00001154 _____ () C:\Users\Public\Desktop\WD SmartWare.lnk
2015-01-17 17:40 - 2015-01-17 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-01-17 17:40 - 2015-01-17 17:40 - 00001087 _____ () C:\Users\Public\Desktop\WD Drive Utilities.lnk
2015-01-17 17:40 - 2015-01-17 17:40 - 00000000 ____D () C:\Program Files\Western Digital
2015-01-17 17:40 - 2015-01-17 17:40 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2015-01-17 17:39 - 2015-01-17 17:40 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-01-17 17:38 - 2015-01-17 17:41 - 00000000 ____D () C:\ProgramData\Western Digital
2015-01-16 23:49 - 2015-01-16 23:49 - 00000000 ____D () C:\ProgramData\MemeoCommon
2015-01-16 23:48 - 2015-01-18 03:16 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\Memeo
2015-01-16 23:48 - 2015-01-16 23:48 - 00001203 _____ () C:\Users\brianboyns\Desktop\Seagate Dashboard.lnk
2015-01-16 23:48 - 2015-01-16 23:48 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo Send.lnk
2015-01-16 23:48 - 2015-01-16 23:48 - 00000162 _____ () C:\MemeoSendAddin
2015-01-16 23:48 - 2015-01-16 23:48 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\Seagate
2015-01-16 23:48 - 2015-01-16 23:48 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2015-01-16 23:47 - 2015-01-16 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
2015-01-16 23:46 - 2015-01-16 23:47 - 00000000 ____D () C:\Program Files (x86)\Memeo
2015-01-16 23:45 - 2015-01-16 23:46 - 00000000 ____D () C:\Program Files (x86)\Seagate
2015-01-16 23:44 - 2015-01-16 23:44 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies
2015-01-16 23:44 - 2015-01-16 23:44 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\Leadertech
2015-01-16 23:14 - 2015-01-16 23:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-16 23:14 - 2015-01-16 23:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-16 23:13 - 2015-01-16 23:13 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-16 23:13 - 2015-01-16 23:13 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-16 23:13 - 2015-01-16 23:13 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-16 23:13 - 2015-01-16 23:13 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-16 23:13 - 2015-01-16 23:13 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-16 22:25 - 2015-01-16 22:25 - 00022343 _____ () C:\Users\brianboyns\Desktop\dds.txt
2015-01-16 22:25 - 2015-01-16 22:25 - 00007642 _____ () C:\Users\brianboyns\Desktop\attach.txt
2015-01-16 22:23 - 2015-01-16 22:23 - 00688992 ____R (Swearware) C:\Users\brianboyns\Downloads\dds.scr
2015-01-16 21:19 - 2015-01-16 21:19 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-16 21:19 - 2015-01-16 21:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-16 21:14 - 2015-01-16 21:14 - 04641208 _____ (AVG Technologies) C:\Users\brianboyns\Downloads\avg_avc_stb_all_2015_5645.exe
2015-01-16 20:54 - 2015-01-16 20:54 - 71040000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-01-16 20:54 - 2015-01-16 20:54 - 14048512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 12967680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2015-01-16 20:54 - 2015-01-16 20:54 - 05234952 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 04263128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-01-16 20:54 - 2015-01-16 20:54 - 03186544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 02860760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 02827120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 01550528 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 01499984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 01443340 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-01-16 20:54 - 2015-01-16 20:54 - 01411096 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 01353472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 01287384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 00995120 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 00979280 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 00959704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 00922880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 00856992 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 00629464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 00451096 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 00366104 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 00326680 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 00326680 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 00303776 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2015-01-16 20:54 - 2015-01-16 20:54 - 00096568 _____ () C:\Windows\system32\audioLibVc.dll
2015-01-16 20:45 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 20:45 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 20:45 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-16 20:45 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 20:45 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-16 20:45 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-12-27 20:06 - 2015-01-18 04:11 - 00000000 ____D () C:\Program Files (x86)\trend micro
2014-12-27 20:05 - 2014-12-27 20:08 - 00000000 ____D () C:\rsit
2014-12-27 20:03 - 2014-12-27 20:03 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\Curiolab
2014-12-27 20:00 - 2015-01-16 18:39 - 00000000 ____D () C:\Program Files (x86)\Exterminate It!
2014-12-27 14:38 - 2014-12-27 14:38 - 00000000 ____D () C:\Program Files\Quick Heal
2014-12-27 11:04 - 2015-01-16 18:38 - 00000000 ____D () C:\Users\Arborist.brianboyns-PC\AppData\Roaming\ProductData
2014-12-27 11:03 - 2014-12-27 11:03 - 00000000 ____D () C:\Users\Arborist.brianboyns-PC\AppData\Local\Google
2014-12-27 11:03 - 2014-12-27 11:03 - 00000000 ____D () C:\Users\Arborist.brianboyns-PC\AppData\Local\Avg2015
2014-12-27 03:33 - 2015-01-16 18:38 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\Avg_Update_1014av
2014-12-27 03:33 - 2015-01-16 18:38 - 00000000 ____D () C:\ProgramData\Avg_Update_1014av
2014-12-27 03:23 - 2014-12-27 03:23 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\AVG2015
2014-12-27 03:21 - 2014-12-27 03:22 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-27 03:21 - 2014-12-27 03:21 - 00000000 ___HD () C:\$AVG
2014-12-27 03:21 - 2014-12-27 03:21 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\TuneUp Software
2014-12-27 03:20 - 2015-01-16 18:31 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-12-27 03:05 - 2014-12-27 03:35 - 00000000 ____D () C:\Users\brianboyns\AppData\Local\Avg2015
2014-12-27 03:05 - 2014-12-27 03:05 - 00000000 ____D () C:\Users\brianboyns\AppData\Local\MFAData
2014-12-26 23:02 - 2015-01-16 23:27 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\LavasoftStatistics
2014-12-26 23:02 - 2014-12-26 23:02 - 00004616 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2014-12-26 23:02 - 2014-12-26 23:02 - 00002448 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-26 23:02 - 2014-12-26 23:02 - 00002448 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2014-12-26 23:02 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2014-12-26 23:02 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2014-12-26 21:12 - 2014-12-26 21:12 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-26 20:43 - 2015-01-19 18:00 - 00000474 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-12-26 20:43 - 2014-12-26 20:43 - 00003148 _____ () C:\Windows\System32\Tasks\SparkTrust Registration3
2014-12-26 20:42 - 2015-01-19 02:15 - 00000655 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_CA20018C-8D82-11E4-A0AF-00262D2C942F.job
2014-12-26 20:42 - 2014-12-26 21:21 - 00000432 _____ () C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job
2014-12-26 20:42 - 2014-12-26 21:21 - 00000432 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job
2014-12-26 20:42 - 2014-12-26 20:42 - 00004108 _____ () C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_CA20018C-8D82-11E4-A0AF-00262D2C942F
2014-12-26 20:42 - 2014-12-26 20:42 - 00003256 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3
2014-12-26 20:42 - 2014-12-26 20:42 - 00002920 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce
2014-12-26 20:42 - 2014-12-26 20:42 - 00001323 _____ () C:\Users\brianboyns\Desktop\SparkTrust PC Cleaner Plus.lnk
2014-12-26 19:41 - 2015-01-16 18:33 - 00000000 ___RD () C:\Users\brianboyns\Documents\Dropbox
2014-12-26 13:05 - 2014-12-26 13:05 - 00000197 _____ () C:\Windows\system32\2014-12-26-21-05-42.068-AvastVBoxSVC.exe-2872.log
2014-12-26 06:51 - 2014-12-26 06:51 - 00000197 _____ () C:\Windows\system32\2014-12-26-14-51-58.073-AvastVBoxSVC.exe-2932.log
2014-12-26 04:16 - 2015-01-16 18:33 - 00000000 ____D () C:\Users\brianboyns\Documents\.swt
2014-12-26 04:10 - 2014-12-26 04:10 - 00000247 _____ () C:\Windows\system32\2014-12-26-12-10-09.063-aswFe.exe-6028.log
2014-12-26 04:05 - 2014-12-26 04:10 - 00000247 _____ () C:\Windows\system32\2014-12-26-12-05-06.091-aswFe.exe-5756.log
2014-12-26 04:05 - 2014-12-26 04:05 - 00000197 _____ () C:\Windows\system32\2014-12-26-12-05-01.098-AvastVBoxSVC.exe-5924.log
2014-12-26 03:58 - 2014-12-26 03:58 - 00000197 _____ () C:\Windows\system32\2014-12-26-11-58-51.052-AvastVBoxSVC.exe-3520.log
2014-12-26 03:40 - 2014-12-26 03:40 - 00000197 _____ () C:\Windows\system32\2014-12-26-11-40-07.077-AvastVBoxSVC.exe-3500.log
2014-12-26 01:30 - 2015-01-16 18:40 - 00000000 ____D () C:\Users\Arborist.brianboyns-PC
2014-12-26 01:30 - 2015-01-16 18:33 - 00000000 ____D () C:\Users\Arborist.brianboyns-PC\AppData\Roaming\IObit
2014-12-26 01:30 - 2014-12-26 03:35 - 00000000 ___RD () C:\Users\Arborist.brianboyns-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-26 01:30 - 2014-12-26 03:35 - 00000000 ___RD () C:\Users\Arborist.brianboyns-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-26 01:30 - 2014-12-26 01:30 - 00001423 _____ () C:\Users\Arborist.brianboyns-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-26 01:30 - 2014-12-26 01:30 - 00000020 ___SH () C:\Users\Arborist.brianboyns-PC\ntuser.ini
2014-12-26 01:30 - 2014-12-26 01:30 - 00000000 ____D () C:\Users\Arborist.brianboyns-PC\AppData\Roaming\Adobe
2014-12-26 01:30 - 2014-12-26 01:30 - 00000000 ____D () C:\Users\Arborist.brianboyns-PC\AppData\Local\VirtualStore
2014-12-26 01:30 - 2010-09-15 02:03 - 00000000 ____D () C:\Users\Arborist.brianboyns-PC\AppData\Local\Microsoft Help
2014-12-26 01:30 - 2010-05-27 13:07 - 00000000 ____D () C:\Users\Arborist.brianboyns-PC\AppData\Roaming\Macromedia
2014-12-26 01:16 - 2014-12-26 01:16 - 00096760 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-12-26 00:53 - 2014-12-26 00:53 - 00096760 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2014-12-26 00:53 - 2014-12-26 00:53 - 00000197 _____ () C:\Windows\system32\2014-12-26-08-53-40.052-AvastVBoxSVC.exe-3188.log
2014-12-26 00:21 - 2014-12-26 00:21 - 00000197 _____ () C:\Windows\system32\2014-12-26-08-21-03.089-AvastVBoxSVC.exe-1576.log
2014-12-25 23:20 - 2014-12-25 23:20 - 00000197 _____ () C:\Windows\system32\2014-12-26-07-20-39.047-AvastVBoxSVC.exe-368.log
2014-12-25 21:08 - 2014-12-25 21:08 - 00000197 _____ () C:\Windows\system32\2014-12-26-05-08-01.026-AvastVBoxSVC.exe-3032.log
2014-12-25 03:03 - 2014-12-25 03:03 - 00000197 _____ () C:\Windows\system32\2014-12-25-11-03-07.093-AvastVBoxSVC.exe-800.log
2014-12-24 18:41 - 2014-12-24 18:41 - 00000197 _____ () C:\Windows\system32\2014-12-25-02-41-53.018-AvastVBoxSVC.exe-2520.log
2014-12-22 16:50 - 2014-12-22 16:51 - 00000197 _____ () C:\Windows\system32\2014-12-23-00-50-46.056-AvastVBoxSVC.exe-3632.log
2014-12-22 00:04 - 2014-12-22 00:04 - 00000197 _____ () C:\Windows\system32\2014-12-22-08-04-06.081-AvastVBoxSVC.exe-3600.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 21:00 - 2014-11-19 12:50 - 01290184 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 20:50 - 2013-11-20 17:37 - 00003236 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2609911718-454996853-969934346-1001
2015-01-19 20:15 - 2013-11-07 18:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 19:45 - 2011-04-07 16:57 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-19 18:46 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 18:46 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 18:39 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 18:37 - 2012-11-21 14:42 - 00003966 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D96155D4-8005-4B9B-8A69-8B47057DF86D}
2015-01-19 16:46 - 2014-04-14 11:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-19 14:14 - 2014-12-03 03:00 - 00003258 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2609911718-454996853-969934346-1001
2015-01-19 14:14 - 2014-12-03 02:59 - 00003382 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2609911718-454996853-969934346-1001
2015-01-17 18:05 - 2011-03-14 19:14 - 00000464 _____ () C:\Windows\BRWMARK.INI
2015-01-17 17:40 - 2009-07-13 21:13 - 00006750 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 23:29 - 2010-05-25 16:36 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-01-16 23:24 - 2014-04-17 17:08 - 00002864 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (brianboyns)
2015-01-16 23:02 - 2011-04-11 18:22 - 00000000 ____D () C:\Program Files (x86)\Safari
2015-01-16 22:23 - 2010-05-25 12:20 - 00000000 ____D () C:\Users\brianboyns
2015-01-16 21:05 - 2013-09-01 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 21:00 - 2010-05-26 04:35 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-16 20:59 - 2013-11-07 18:53 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-16 20:59 - 2013-11-07 18:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-16 20:59 - 2013-11-07 18:53 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-16 20:56 - 2009-10-29 21:07 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-01-16 18:46 - 2013-11-04 18:16 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-16 18:40 - 2009-07-13 23:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-16 18:40 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-01-16 18:40 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-01-16 18:40 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-01-16 18:40 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-16 18:40 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\DVD Maker
2015-01-16 18:40 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2015-01-16 18:40 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Setup
2015-01-16 18:40 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\com
2015-01-16 18:40 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-01-16 18:40 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\servicing
2015-01-16 18:39 - 2014-09-04 23:40 - 00000000 ____D () C:\Program Files (x86)\Angry Birds
2015-01-16 18:39 - 2014-04-13 23:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-16 18:39 - 2013-12-13 20:45 - 00000000 ____D () C:\Windows\Thief 2 - The Metal Age
2015-01-16 18:39 - 2013-11-29 18:13 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-16 18:39 - 2012-06-07 09:39 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\IObit
2015-01-16 18:39 - 2011-06-05 22:51 - 00000000 ____D () C:\Program Files (x86)\Plants vs Zombies
2015-01-16 18:39 - 2011-06-05 22:49 - 00000000 ____D () C:\Program Files (x86)\bfgclient
2015-01-16 18:39 - 2011-04-07 17:46 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-16 18:39 - 2011-04-07 17:46 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-16 18:39 - 2011-04-06 18:25 - 00000000 ____D () C:\Program Files (x86)\Xvid
2015-01-16 18:39 - 2010-08-20 16:03 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-16 18:39 - 2010-05-25 16:13 - 00000000 ____D () C:\Program Files (x86)\Registry Patrol
2015-01-16 18:39 - 2010-05-25 15:10 - 00000000 ____D () C:\Program Files\Easy CD-DA Extractor 2010
2015-01-16 18:39 - 2010-05-25 13:10 - 00000000 ____D () C:\Program Files (x86)\DVD Decrypter
2015-01-16 18:39 - 2009-10-29 21:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-01-16 18:39 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-01-16 18:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Speech
2015-01-16 18:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Speech
2015-01-16 18:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-16 18:39 - 2007-10-10 21:53 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-01-16 18:39 - 2007-10-10 21:52 - 00000000 ____D () C:\Program Files (x86)\Gateway Photo Frame
2015-01-16 18:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2015-01-16 18:36 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2015-01-16 18:36 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2015-01-16 18:36 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2015-01-16 18:36 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-01-16 18:36 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell
2015-01-16 18:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Web
2015-01-16 18:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Vss
2015-01-16 18:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\spp
2015-01-16 18:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-01-16 18:35 - 2013-03-14 18:23 - 00000000 __SHD () C:\Windows\SysWOW64\%APPDATA%
2015-01-16 18:35 - 2011-03-07 19:33 - 00000000 ____D () C:\Windows\system32\SPReview
2015-01-16 18:35 - 2010-06-23 17:24 - 00000000 ____D () C:\Windows\SysWOW64\Backup
2015-01-16 18:35 - 2009-10-29 21:33 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-16 18:35 - 2009-10-29 21:17 - 00000000 ____D () C:\Windows\SysWOW64\Drivers\nti
2015-01-16 18:35 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\winrm
2015-01-16 18:35 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\WCN
2015-01-16 18:35 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\slmgr
2015-01-16 18:35 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2015-01-16 18:35 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2015-01-16 18:35 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-01-16 18:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-01-16 18:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\InstallShield
2015-01-16 18:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\IME
2015-01-16 18:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-01-16 18:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-01-16 18:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\spp
2015-01-16 18:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\spool
2015-01-16 18:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\SMI
2015-01-16 18:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\oobe
2015-01-16 18:35 - 2007-10-10 21:39 - 00000000 ____D () C:\Windows\SysWOW64\Lang
2015-01-16 18:34 - 2014-04-25 21:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-16 18:34 - 2013-12-14 21:25 - 00000000 ____D () C:\Users\Public\Documents\Thief - Deadly Shadows
2015-01-16 18:34 - 2013-12-11 21:28 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2015-01-16 18:34 - 2013-03-14 18:25 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2015-01-16 18:34 - 2011-10-11 23:07 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-16 18:34 - 2011-03-07 19:33 - 00000000 ____D () C:\Windows\system32\EventProviders
2015-01-16 18:34 - 2009-10-29 21:23 - 00000000 ____D () C:\Windows\oem
2015-01-16 18:34 - 2009-10-29 21:12 - 00000000 ____D () C:\Windows\OOBEOffer
2015-01-16 18:34 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\Performance
2015-01-16 18:34 - 2009-07-13 20:45 - 00000000 ____D () C:\Windows\Setup
2015-01-16 18:34 - 2009-07-13 19:20 - 00000000 __RSD () C:\Windows\Media
2015-01-16 18:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\MUI
2015-01-16 18:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\migwiz
2015-01-16 18:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\IME
2015-01-16 18:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-01-16 18:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Speech
2015-01-16 18:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\security
2015-01-16 18:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\schemas
2015-01-16 18:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Resources
2015-01-16 18:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-01-16 18:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-16 18:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PLA
2015-01-16 18:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\IME
2015-01-16 18:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Help
2015-01-16 18:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Globalization
2015-01-16 18:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Branding
2015-01-16 18:34 - 2007-10-10 21:50 - 00000000 ____D () C:\Windows\Driver Cache
2015-01-16 18:33 - 2014-09-04 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio Entertainment Ltd
2015-01-16 18:33 - 2014-09-04 23:38 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\Rovio Entertainment Ltd
2015-01-16 18:33 - 2014-09-04 23:37 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\Rovio
2015-01-16 18:33 - 2014-07-31 02:00 - 00000000 ____D () C:\ProgramData\Ubisoft
2015-01-16 18:33 - 2014-05-28 22:38 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\Dropbox
2015-01-16 18:33 - 2014-04-14 21:51 - 00000000 ____D () C:\Users\brianboyns\AppData\Local\Downloaded Installations
2015-01-16 18:33 - 2014-04-14 19:11 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\Skype
2015-01-16 18:33 - 2014-04-14 19:11 - 00000000 ____D () C:\Users\brianboyns\AppData\Local\Skype
2015-01-16 18:33 - 2014-04-14 19:11 - 00000000 ____D () C:\ProgramData\Skype
2015-01-16 18:33 - 2014-04-13 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-16 18:33 - 2013-12-11 22:11 - 00000000 ____D () C:\ProgramData\Cerber AntiVirus
2015-01-16 18:33 - 2013-12-11 21:55 - 00000000 ____D () C:\Users\brianboyns\.swt
2015-01-16 18:33 - 2013-12-11 21:29 - 00000000 ____D () C:\Users\brianboyns\AppData\Local\SlimWare Utilities Inc
2015-01-16 18:33 - 2013-12-03 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DirectX SDK (June 2010)
2015-01-16 18:33 - 2013-11-09 19:55 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\RealNetworks
2015-01-16 18:33 - 2013-11-09 19:55 - 00000000 ____D () C:\ProgramData\RealNetworks
2015-01-16 18:33 - 2013-10-29 21:06 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\Mozilla
2015-01-16 18:33 - 2012-09-27 19:27 - 00000000 ____D () C:\Users\brianboyns\AppData\Local\Geckofx
2015-01-16 18:33 - 2012-06-07 09:40 - 00000000 ____D () C:\ProgramData\IObit
2015-01-16 18:33 - 2011-11-25 14:05 - 00000000 ____D () C:\Users\brianboyns\AppData\Local\The Weather Channel
2015-01-16 18:33 - 2011-06-05 22:50 - 00000000 ____D () C:\ProgramData\Big Fish Games
2015-01-16 18:33 - 2011-03-20 22:02 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\DivX
2015-01-16 18:33 - 2011-03-20 22:01 - 00000000 ____D () C:\ProgramData\DivX
2015-01-16 18:33 - 2011-02-21 02:45 - 00000000 ____D () C:\ProgramData\InstallMate
2015-01-16 18:33 - 2011-02-02 17:47 - 00000000 ____D () C:\Users\brianboyns\Documents\PIMEX Data
2015-01-16 18:33 - 2011-01-06 22:17 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\Arcsoft
2015-01-16 18:33 - 2011-01-06 22:17 - 00000000 ____D () C:\ProgramData\ArcSoft
2015-01-16 18:33 - 2011-01-06 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
2015-01-16 18:33 - 2011-01-06 22:08 - 00000000 ____D () C:\ProgramData\Kodak
2015-01-16 18:33 - 2010-10-23 06:47 - 00000000 ____D () C:\Program Files\Windows Live
2015-01-16 18:33 - 2010-05-28 01:22 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\Real
2015-01-16 18:33 - 2010-05-28 01:22 - 00000000 ____D () C:\ProgramData\Real
2015-01-16 18:33 - 2010-05-27 13:07 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-16 18:33 - 2010-05-27 13:07 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-16 18:33 - 2010-05-25 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD-DA Extractor 2010
2015-01-16 18:33 - 2010-05-25 15:08 - 00000000 ____D () C:\ProgramData\Alwil Software
2015-01-16 18:33 - 2010-05-25 15:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-16 18:33 - 2010-05-25 13:20 - 00000000 ____D () C:\Users\brianboyns\AppData\Local\Apple Computer
2015-01-16 18:33 - 2010-05-25 13:20 - 00000000 ____D () C:\Users\brianboyns\AppData\Local\Apple
2015-01-16 18:33 - 2010-05-25 13:20 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-16 18:33 - 2010-05-25 12:28 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\Adobe
2015-01-16 18:33 - 2010-05-25 12:22 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\Macromedia
2015-01-16 18:33 - 2010-05-25 12:22 - 00000000 ____D () C:\Users\brianboyns\AppData\Local\VirtualStore
2015-01-16 18:33 - 2010-05-25 12:20 - 00000000 ___RD () C:\Users\brianboyns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-16 18:33 - 2010-05-25 12:20 - 00000000 ____D () C:\ProgramData\OEM_E471269A730D
2015-01-16 18:33 - 2009-10-29 21:36 - 00000000 ____D () C:\ProgramData\OEM
2015-01-16 18:33 - 2009-10-29 21:33 - 00000000 ____D () C:\ProgramData\Norton
2015-01-16 18:33 - 2009-10-29 21:32 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-16 18:33 - 2009-10-29 21:27 - 00000000 ____D () C:\ProgramData\Nero
2015-01-16 18:33 - 2009-10-29 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2015-01-16 18:33 - 2009-10-29 21:27 - 00000000 ____D () C:\ProgramData\Google
2015-01-16 18:33 - 2009-10-29 21:24 - 00000000 ____D () C:\ProgramData\Gateway
2015-01-16 18:33 - 2009-10-29 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-16 18:33 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-01-16 18:33 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Default
2015-01-16 18:33 - 2009-07-13 19:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-16 18:33 - 2009-07-13 19:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-16 18:33 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-16 18:33 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-16 18:32 - 2013-03-14 18:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-16 18:32 - 2011-04-07 21:37 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-16 18:32 - 2011-03-20 22:02 - 00000000 ____D () C:\Program Files\DivX
2015-01-16 18:32 - 2011-03-09 17:30 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-01-16 18:32 - 2009-10-29 21:24 - 00000000 ____D () C:\Program Files\Gateway
2015-01-16 18:32 - 2009-10-29 21:07 - 00000000 ____D () C:\Program Files\Realtek
2015-01-16 18:32 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\MSBuild
2015-01-16 18:32 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2015-01-16 18:32 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-16 18:32 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines
2015-01-16 18:32 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-16 18:31 - 2014-02-03 18:41 - 00000000 ____D () C:\Program Files (x86)\Thief2
2015-01-16 18:31 - 2013-12-13 21:15 - 00000000 ____D () C:\Games
2015-01-16 18:31 - 2013-12-11 21:07 - 00000000 ____D () C:\Program Files (x86)\Mpath
2015-01-16 18:31 - 2013-12-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)
2015-01-16 18:31 - 2013-11-09 19:55 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2015-01-16 18:31 - 2011-11-09 12:05 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-01-16 18:31 - 2011-03-20 22:01 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-01-16 18:31 - 2011-01-06 22:15 - 00000000 ____D () C:\Program Files (x86)\Kodak
2015-01-16 18:31 - 2010-11-25 02:05 - 00000000 ____D () C:\Program Files (x86)\real
2015-01-16 18:31 - 2010-06-23 17:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio .NET 2003
2015-01-16 18:31 - 2010-06-23 17:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-01-16 18:31 - 2010-05-26 08:55 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-16 18:31 - 2010-05-25 15:40 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2015-01-16 18:31 - 2010-05-25 15:08 - 00000000 ____D () C:\Program Files\Alwil Software
2015-01-16 18:31 - 2009-10-29 21:44 - 00000000 ___HD () C:\OEM
2015-01-16 18:31 - 2009-10-29 21:32 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-16 18:31 - 2009-10-29 21:27 - 00000000 ____D () C:\Program Files (x86)\Nero
2015-01-16 18:31 - 2009-10-29 21:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-16 18:31 - 2009-10-29 21:23 - 00000000 ____D () C:\Program Files (x86)\Gateway
2015-01-16 18:31 - 2009-10-29 21:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2015-01-16 18:31 - 2009-10-29 21:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-16 18:31 - 2009-10-29 21:17 - 00000000 ____D () C:\Program Files (x86)\NewTech Infosystems
2015-01-16 18:31 - 2009-10-29 21:07 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-01-16 18:31 - 2009-10-29 21:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-16 18:31 - 2009-10-29 20:59 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-16 18:31 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-01-16 18:31 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-01-16 18:31 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-01-16 18:31 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-01-16 18:31 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-01-16 18:31 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files (x86)\Windows NT
2015-01-16 18:31 - 2007-10-10 21:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-01-08 09:55 - 2010-07-25 19:20 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-27 15:14 - 2010-05-25 15:40 - 00000000 _____ () C:\AUTOEXEC.BAT
2014-12-27 03:22 - 2010-05-25 12:28 - 00000000 ____D () C:\Users\brianboyns\AppData\Local\Google
2014-12-27 03:22 - 2009-10-29 21:27 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-26 22:39 - 2009-10-29 21:27 - 00000000 ____D () C:\Program Files\Google
2014-12-26 21:43 - 2014-06-18 11:56 - 00000000 ____D () C:\Users\Public\Documents\Screensaver
2014-12-26 21:43 - 2010-06-23 17:24 - 00000000 ____D () C:\Windows\SQLHotfix
2014-12-26 21:43 - 2010-06-13 17:45 - 00000000 ____D () C:\ProgramData\1click dvd copy pro
2014-12-26 21:42 - 2013-11-03 14:48 - 00000000 ____D () C:\temp
2014-12-26 03:35 - 2014-12-14 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-26 03:35 - 2014-12-09 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-12-26 03:35 - 2014-05-28 22:42 - 00000000 ___RD () C:\Users\brianboyns\Dropbox
2014-12-26 03:35 - 2014-05-28 22:41 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-26 03:35 - 2014-05-21 16:49 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\ProductData
2014-12-26 03:35 - 2013-12-11 21:00 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-12-26 03:35 - 2013-12-11 20:59 - 00000000 ____D () C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-12-26 03:35 - 2013-11-29 18:18 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-26 03:35 - 2013-11-29 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-26 03:35 - 2013-11-27 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-12-26 03:35 - 2013-11-09 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-12-26 03:35 - 2013-10-29 22:12 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\vlc
2014-12-26 03:35 - 2013-10-01 11:06 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-26 03:35 - 2012-03-21 00:28 - 00000000 ____D () C:\Windows\918F6C1486984231BA242DEE161D007E.TMP
2014-12-26 03:35 - 2011-06-05 22:51 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plants vs Zombies
2014-12-26 03:35 - 2011-06-05 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plants vs Zombies
2014-12-26 03:35 - 2011-05-25 01:30 - 00000000 ____D () C:\Windows\930C05E277684ED6AF82CA2EA90192CE.TMP
2014-12-26 03:35 - 2011-04-26 22:34 - 00000000 ____D () C:\Windows\779979C214934EC292E5D154AE0580D4.TMP
2014-12-26 03:35 - 2011-04-06 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2014-12-26 03:35 - 2011-03-23 21:10 - 00000000 ____D () C:\Windows\6A4A9CD15DF54902ADE898CB01C5FE72.TMP
2014-12-26 03:35 - 2011-03-09 17:24 - 00000000 ____D () C:\Windows\7BA4D682D09C4B2483C06293EAE995D8.TMP
2014-12-26 03:35 - 2010-12-10 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-26 03:35 - 2010-11-25 02:03 - 00000000 ____D () C:\Windows\4E97AE4712934669BBF34BDE52501A1A.TMP
2014-12-26 03:35 - 2010-10-04 22:43 - 00000000 ____D () C:\Windows\6239C519FFFD4F0A938A78C6F2FA0BFA.TMP
2014-12-26 03:35 - 2010-06-23 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook with Business Contact Manager
2014-12-26 03:35 - 2010-06-04 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-26 03:35 - 2010-05-25 15:39 - 00000000 ____D () C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-12-26 03:35 - 2010-05-25 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter
2014-12-26 03:35 - 2010-05-25 12:20 - 00000000 ___RD () C:\Users\brianboyns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-26 03:35 - 2009-10-29 21:23 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway
2014-12-26 03:35 - 2009-10-29 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway MyBackup
2014-12-26 03:35 - 2009-10-29 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
2014-12-26 03:35 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\ShellNew
2014-12-26 03:35 - 2009-07-13 21:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-26 03:35 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-26 03:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-12-26 03:35 - 2007-10-10 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2014-12-26 03:35 - 2007-10-10 21:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-12-25 03:10 - 2010-05-25 13:19 - 00000000 ____D () C:\ProgramData\Apple
2014-12-24 21:19 - 2014-09-04 23:12 - 00000000 ____D () C:\Users\brianboyns\Desktop\Amanda Hug and Kiss' Awesome
2014-12-24 17:28 - 2014-10-23 02:21 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-20 18:51 - 2010-05-25 13:20 - 00000000 ____D () C:\Users\brianboyns\AppData\Roaming\Apple Computer

==================== Files in the root of some directories =======
2011-11-09 12:18 - 2011-11-09 12:18 - 0000235 ____R () C:\Users\brianboyns\AppData\Roaming\devices.xml
2010-06-13 17:21 - 2010-08-11 15:36 - 0099384 ____R () C:\Users\brianboyns\AppData\Roaming\inst.exe
2014-12-26 20:42 - 2015-01-18 04:15 - 0000115 _____ () C:\Users\brianboyns\AppData\Roaming\LogFile.txt
2010-06-13 17:21 - 2010-08-11 15:36 - 0007859 ____R () C:\Users\brianboyns\AppData\Roaming\pcouffin.cat
2010-06-13 17:21 - 2010-08-11 15:36 - 0001167 ____R () C:\Users\brianboyns\AppData\Roaming\pcouffin.inf
2010-06-13 17:21 - 2010-08-11 15:36 - 0082816 ____R (VSO Software) C:\Users\brianboyns\AppData\Roaming\pcouffin.sys
2011-11-09 12:18 - 2011-11-09 12:18 - 0000012 ____R () C:\Users\brianboyns\AppData\Roaming\settings.xml
2010-05-25 19:29 - 2010-05-25 19:29 - 0025003 ____R () C:\Users\brianboyns\AppData\Roaming\UserTile.png
2010-06-12 16:24 - 2012-01-06 20:27 - 0000992 ____R () C:\Users\brianboyns\AppData\Roaming\wklnhst.dat
2010-06-24 20:04 - 2014-06-12 11:43 - 0008192 ____R () C:\Users\brianboyns\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-01-06 22:23 - 2011-01-06 22:23 - 0000022 ____R () C:\Users\brianboyns\AppData\Local\kodakpcd.ini
2010-05-25 21:39 - 2014-11-26 23:47 - 0007599 ____R () C:\Users\brianboyns\AppData\Local\Resmon.ResmonCfg
2013-02-07 20:53 - 2013-02-07 20:53 - 0000063 _____ () C:\ProgramData\6431861.bat
2013-02-07 20:53 - 2013-02-07 20:53 - 0000153 _____ () C:\ProgramData\6431861.reg
2013-11-02 16:14 - 2013-11-02 16:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\ProgramData\6431861.bat
C:\ProgramData\6431861.reg


Some content of TEMP:
====================
C:\Users\brianboyns\AppData\Local\Temp\Quarantine.exe
C:\Users\brianboyns\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume2
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {1ceb0ce6-77c4-11dc-8553-d47fee6b0c34}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {1ceb0ce8-77c4-11dc-8553-d47fee6b0c34}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {1ceb0ce6-77c4-11dc-8553-d47fee6b0c34}
nx OptIn

Windows Boot Loader
-------------------
identifier {1ceb0ce8-77c4-11dc-8553-d47fee6b0c34}
device ramdisk=[C:]\Recovery\1ceb0ce8-77c4-11dc-8553-d47fee6b0c34\Winre.wim,{1ceb0ce9-77c4-11dc-8553-d47fee6b0c34}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\1ceb0ce8-77c4-11dc-8553-d47fee6b0c34\Winre.wim,{1ceb0ce9-77c4-11dc-8553-d47fee6b0c34}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {1ceb0ce6-77c4-11dc-8553-d47fee6b0c34}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume2
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

Real-mode Boot Sector
---------------------
identifier {1ceb0cea-77c4-11dc-8553-d47fee6b0c34}
device partition=C:
path \shldr.mbr
description SpyHunter Rescue

Real-mode Boot Sector
---------------------
identifier {1ceb0ceb-77c4-11dc-8553-d47fee6b0c34}
device partition=C:
path \shldr.mbr
description SpyHunter Rescue

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {1ceb0ce9-77c4-11dc-8553-d47fee6b0c34}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\1ceb0ce8-77c4-11dc-8553-d47fee6b0c34\boot.sdi



LastRegBack: 2015-01-17 10:54

==================== End Of Log ============================
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am
Top

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 20th, 2015, 1:25 am

F: FRST Addition.txt Log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by brianboyns at 2015-01-19 21:03:59
Running from C:\Users\brianboyns\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! Antivirus (Disabled - Up to date) {C37D8F93-0602-E43C-40AA-47DAD597F308}
AS: avast! Antivirus (Disabled - Up to date) {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Angry Birds Star Wars (HKLM-x32\...\{84389C53-9D0B-4417-AA5A-211BEE64BEC7}) (Version: 1.5.0 - Rovio Entertainment Ltd.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4260 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 2.0.1.46 - )
Business Contact Manager for Outlook 2003 (HKLM-x32\...\{66563AD8-637B-407F-BCA7-0233A16891AB}) (Version: 1.0.2002.1 - Microsoft Corporation)
CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2609911718-454996853-969934346-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
Easy CD-DA Extractor 2010 (HKLM-x32\...\Easy CD-DA Extractor 2010) (Version: 2010.1 - Poikosoft)
ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Gateway Photo Frame 4.2.3.10 (HKLM-x32\...\Gateway Photo Frame) (Version: 4.2.3.10 - I/O Interconnect)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3006 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0812 - Gateway Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Gateway Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
IObit Apps Toolbar v7.5 (HKLM-x32\...\{F219A8B4-F7F5-4A32-A625-852EDE18D298}) (Version: 7.5 - Spigot, Inc.) <==== ATTENTION
Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Memeo AutoSync (HKLM-x32\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version: - Memeo Inc.)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7252 - Memeo Inc.)
Memeo Send (HKLM-x32\...\{81784157-3D4D-4bc1-B988-B24C32A26DA8}) (Version: - Memeo Inc.)
Memeo Share (HKLM-x32\...\{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}) (Version: 3.1.0.3265 - Memeo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Nero 9 Essentials (HKLM-x32\...\{088af493-82ca-46cf-b205-717ac99d4042}) (Version: - Nero AG)
netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
OfotoXMI (x32 Version: 8.02.1000.0001 - EASTMAN KODAK Company) Hidden
Plants vs. Zombies (HKLM-x32\...\BFG-Plants vs Zombies) (Version: - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.5.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.2 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.0.0.809 - Memeo Inc.)
SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SparkTrust PC Cleaner Plus (HKLM-x32\...\{35827710-D042-428B-A1E5-E20E12D2FEB9}) (Version: 3.2.14.0 - SparkTrust) <==== ATTENTION
staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SuperAVConverter V9.8 Build 6900 (HKLM-x32\...\SuperAVConverter V9.8 Build 6900_is1) (Version: - MySuperSoft.com)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3008 - Gateway Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Worms Armageddon (HKLM-x32\...\Steam App 217200) (Version: - Team17 Digital Ltd.)
Worms Crazy Golf (HKLM-x32\...\Steam App 70620) (Version: - Team17 Software Ltd.)
Xvid 1.2.1 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2609911718-454996853-969934346-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\brianboyns\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2609911718-454996853-969934346-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\brianboyns\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2609911718-454996853-969934346-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\brianboyns\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2609911718-454996853-969934346-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\brianboyns\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2609911718-454996853-969934346-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\brianboyns\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2609911718-454996853-969934346-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\brianboyns\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2609911718-454996853-969934346-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\brianboyns\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2609911718-454996853-969934346-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\brianboyns\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2609911718-454996853-969934346-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\brianboyns\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

26-12-2014 07:25:50 Scheduled Checkpoint
26-12-2014 21:41:55 SparkTrust PC Cleaner Plus Backup
26-12-2014 22:37:42 SparkTrust PC Cleaner Plus Backup
26-12-2014 22:59:18 SparkTrust PC Cleaner Plus Backup
26-12-2014 22:59:52 AA11
26-12-2014 23:01:51 LavasoftWeCompanion
27-12-2014 00:26:32 AA11
27-12-2014 00:53:22 SparkTrust PC Cleaner Plus Backup
27-12-2014 03:13:08 avast! antivirus system restore point
27-12-2014 03:19:58 Installed AVG 2015
27-12-2014 03:20:28 Installed AVG 2015
27-12-2014 19:54:10 SparkTrust PC Cleaner Plus Backup
27-12-2014 21:30:31 Restore Operation
16-01-2015 20:45:34 Windows Update
16-01-2015 20:53:27 Driver Booster : Adobe AIR
16-01-2015 21:00:14 Windows Update
16-01-2015 21:17:47 Installed AVG 2015
16-01-2015 21:18:21 Installed AVG 2015
16-01-2015 23:13:02 Windows Modules Installer
16-01-2015 23:26:23 AA11
16-01-2015 23:28:55 LavasoftWeCompanion
16-01-2015 23:45:51 Installed Microsoft Visual C++ 2005 Redistributable
17-01-2015 17:45:44 Installed WD Security
18-01-2015 02:55:13 Malwareremoval.com recovery point
18-01-2015 04:10:22 SparkTrust PC Cleaner Plus Backup
18-01-2015 21:14:40 OTL Restore Point - 1/18/2015 9:14:33 PM
18-01-2015 23:13:06 OTL Restore Point - 1/18/2015 11:13:06 PM

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2010-10-06 01:18 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04658358-2863-47F9-9951-E620FFEC77EF} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_CA20018C-8D82-11E4-A0AF-00262D2C942F => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: {08B9BDEA-AE67-48FB-9AF5-92A2E1EFEE73} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTION
Task: {0F9AE117-3A25-4E94-B830-F10BE2C2A7EB} - System32\Tasks\{F86D5853-F4A9-4A97-8678-ADD0712D2277} => pcalua.exe -a "C:\Users\brianboyns\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3P5J8PBB\BingBarSetup.EXE" -d C:\Users\brianboyns\Desktop
Task: {1C499EAD-A61B-4378-87F8-AB55569DD679} - System32\Tasks\{AABE3006-8C1E-4606-889A-D7D66EC80A16} => pcalua.exe -a "C:\Program Files\Alwil Software\Avast5\aswRunDll.exe" -c "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Task: {210D12D0-ACD2-4575-80D2-5AC6609E6242} - System32\Tasks\{8AF63E3F-98B0-43B4-A5B0-039B2B0784AC} => pcalua.exe -a D:\setup.exe -d D:\
Task: {3267FAC2-BD68-40F5-9FBC-4A3F4D35CF46} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-11-19] (SparkTrust Systems) <==== ATTENTION
Task: {54C73308-DB97-4497-8DD7-1DA6A14BF9CF} - System32\Tasks\SparkTrust Update Version3 => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-11-19] (SparkTrust Systems) <==== ATTENTION
Task: {56D66F6A-1CE2-4BA9-ADBC-B79E9E631588} - System32\Tasks\{ECD2B557-893D-48D9-B22E-4E4536D448F3} => pcalua.exe -a C:\Users\brianboyns\Videos\Thief133.exe -d C:\Users\brianboyns\Desktop
Task: {5B5E769F-AA7D-458B-8AB3-026EE524CEE9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2609911718-454996853-969934346-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-10-25] (RealNetworks, Inc.)
Task: {63CF6E7B-A66A-4F04-B372-62DF87B2EB72} - System32\Tasks\Leader Technologies\PowerRegister\Seagate Product Registration (brianboyns) => C:\Users\brianboyns\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe
Task: {6836B057-61FC-47A7-B318-DC59190FA112} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {6C3B64A9-7663-4235-B2E5-44583B1CB644} - System32\Tasks\{20F4D7E4-896E-4EAB-94B4-147ECD534026} => pcalua.exe -a "C:\Windows\Thief 2 - The Metal Age\uninstall.exe" -c "/U:C:\Program Files (x86)\Thief2\Uninstall\uninstall.xml"
Task: {72D3CE84-D766-437D-8DE3-C610F4B9ACD7} - System32\Tasks\Driver Booster SkipUAC (brianboyns) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {841F0342-FF0C-4541-8D27-70F782189D45} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.2.30.1.sxt _RegistrationOffer@16
Task: {93CB0211-B24A-4AB2-B27F-CF1DE7B523CF} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2609911718-454996853-969934346-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-10-17] (RealNetworks, Inc.)
Task: {941EBBA4-0AF3-433C-943B-AC2A498BEB53} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {A4232F5B-207A-427E-974A-38D7826393E3} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2609911718-454996853-969934346-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-10-25] (RealNetworks, Inc.)
Task: {B5A4D1E9-C528-487E-97CC-B252747A277D} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {BBF4C538-E248-4E2F-AFE6-52DC6A024AB4} - System32\Tasks\{0E5C6440-245C-4EFE-9CD2-48D5BCD37C88} => pcalua.exe -a C:\Users\brianboyns\AppData\Local\Temp\Temp1_THx64[1].zip\ThemeHospitalInstaller.exe
Task: {BE490245-5DA1-43B4-BFAF-0199EE5CAAFC} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2609911718-454996853-969934346-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-10-17] (RealNetworks, Inc.)
Task: {E214A6C5-2482-4A5F-A9D5-D0A1107567EA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2609911718-454996853-969934346-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-10-25] (RealNetworks, Inc.)
Task: {E355F2E2-77C0-413E-87E9-15928B29F902} - System32\Tasks\{3710E351-D861-49F4-8B29-B0D59DFBF45D} => pcalua.exe -a "C:\Users\brianboyns\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\76TWUMW3\BingBarSetup.EXE" -d C:\Users\brianboyns\Desktop
Task: {E35E3384-4291-4C48-AEFB-914627357C08} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2609911718-454996853-969934346-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-10-17] (RealNetworks, Inc.)
Task: {F0CD4C97-2F78-431E-B8BB-4545084215F5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-16] (Adobe Systems Incorporated)
Task: {F68574D2-DC11-47C4-852F-E7B02A72E64E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2609911718-454996853-969934346-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-10-25] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EasyShare Registration Task.job => ¨÷Q¨ìI<EŒ÷v‚nFdFh<
sÀ €!Þ 
U!C:\Windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.2.30.1.sxt _RegistrationOffer@16 brianboyns0Û

Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_CA20018C-8D82-11E4-A0AF-00262D2C942F.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2010-04-22 16:33 - 2010-04-22 16:33 - 00323808 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
2010-03-23 05:09 - 2010-03-23 05:33 - 00126208 _____ () C:\Program Files\Easy CD-DA Extractor 2010\ezcddax64.dll
2009-02-02 16:33 - 2009-02-02 16:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2008-09-28 16:55 - 2008-09-28 16:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll
2009-11-04 16:29 - 2009-11-04 16:29 - 00378128 _____ () C:\Program Files (x86)\Memeo\Memeo Send\Memeo.Client.dll
2009-11-04 16:29 - 2009-11-04 16:29 - 00837904 _____ () C:\Program Files (x86)\Memeo\Memeo Send\Tanagra.Utility.dll
2009-11-04 16:29 - 2009-11-04 16:29 - 00040208 _____ () C:\Program Files (x86)\Memeo\Memeo Send\Tanagra.Interop.dll
2009-11-04 16:29 - 2009-11-04 16:29 - 00300816 _____ () C:\Program Files (x86)\Memeo\Memeo Send\Tanagra.DataClad.DataAccess.dll
2010-04-22 16:33 - 2010-04-22 16:33 - 02887904 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
2010-04-22 16:33 - 2010-04-22 16:33 - 00025824 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
2010-03-22 14:59 - 2010-03-22 14:59 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09
AlternateDataStreams: C:\ProgramData\TEMP:DE406C3E

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdvancedSystemCareService7 => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk => C:\Windows\pss\hpoddt01.exe.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXMediaServer => c:\program files (x86)\divx\divx media server\divxmediaserver.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: DW7 =>
MSCONFIG\startupreg: iTunesHelper => c:\program files (x86)\itunes\ituneshelper.exe
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: QuickTime Task => "c:\program files (x86)\quicktime\qttask.exe" -atboottime
MSCONFIG\startupreg: SearchSettings =>
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: TWC.Win7 =>

========================= Accounts: ==========================

Administrator (S-1-5-21-2609911718-454996853-969934346-500 - Administrator - Disabled)
Arborist (S-1-5-21-2609911718-454996853-969934346-1211 - Administrator - Enabled) => C:\Users\Arborist.brianboyns-PC
brianboyns (S-1-5-21-2609911718-454996853-969934346-1001 - Administrator - Enabled) => C:\Users\brianboyns
Guest (S-1-5-21-2609911718-454996853-969934346-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2609911718-454996853-969934346-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: X5XSEx
Description: X5XSEx
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: X5XSEx
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 44%
Total physical RAM: 4061.18 MB
Available physical RAM: 2258.63 MB
Total Pagefile: 8120.54 MB
Available Pagefile: 6071.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Brian's PC) (Fixed) (Total:582.4 GB) (Free:25.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 28B92BA0)
Partition 1: (Not Active) - (Size=13.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=582.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am
Top

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 20th, 2015, 1:31 am

G: Computer seems to be running a bit faster, though hard-drive space still missing. After reviewing the end of the last file I posted, is it normal to have three partitions and two of which aren't active? also, what's the weird smiley next to windows 7? virus?
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am
Top

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby pgmigg » January 20th, 2015, 1:44 am

Hello Brian,

Very good job! :D

After reviewing the end of the last file I posted, is it normal to have three partitions and two of which aren't active? also, what's the weird smiley next to windows 7? virus?
Please don't worry and that nice smiley is not a virus! ;)
Let's continue our treatment...

Step 1.
ComboFix Image
Please download ComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix.
Please disable any Antivirus or Firewall you have active, as shown in this topic. Close all open application windows.

  1. Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
  2. Press I Agree to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
    Do Not use your keyboard or mouse click anywhere in the [b]ComboFix window, as this may cause the program to stall or crash![/b]
    ComboFix may reboot your computer allow this and follow all directions given.
    When finished... Notepad will open ... ComboFix will produce a log file called "ComboFix.txt".
  3. Please copy/paste the contents of ComboFix.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.


** Enable your Antivirus and Firewall, before connecting to the Internet again! **

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the ComboFix.txt log file
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Top

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 20th, 2015, 11:25 pm

A. No Problems Executing instructions; only problem came after restarting, got registry errors when I tried to open internet explorer. Closed everything, restarted again and everything went just fine second time.
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am
Top

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 20th, 2015, 11:26 pm

B. Combofix.exe LOG:

ComboFix 15-01-18.01 - brianboyns 01/20/2015 18:50:43.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2298 [GMT -8:00]
Running from: c:\users\brianboyns\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: AVG AntiVirus 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: AVG AntiVirus 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\6431861.bat
c:\programdata\6431861.reg
c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2014-12-21 to 2015-01-21 )))))))))))))))))))))))))))))))
.
.
2015-01-20 02:19 . 2015-01-20 05:04 -------- d-----w- C:\FRST
2015-01-20 02:18 . 2015-01-20 02:18 -------- d-----w- c:\windows\ERUNT
2015-01-20 02:13 . 2015-01-20 02:37 -------- d-----w- C:\AdwCleaner
2015-01-19 05:14 . 2015-01-19 05:14 -------- d-----w- C:\_OTL
2015-01-18 01:52 . 2015-01-18 12:11 -------- d-----w- C:\Analytics
2015-01-18 01:49 . 2015-01-18 01:49 -------- d-----w- c:\users\brianboyns\AppData\Local\Western Digital
2015-01-18 01:49 . 2015-01-18 01:49 -------- d-----w- c:\users\brianboyns\AppData\Local\Western_Digital_Technolog
2015-01-18 01:48 . 2015-01-18 01:48 -------- d-----w- c:\programdata\Package Cache
2015-01-18 01:40 . 2015-01-18 01:40 -------- d-----w- c:\program files\Common Files\Western Digital
2015-01-18 01:40 . 2015-01-18 01:40 -------- d-----w- c:\program files (x86)\Common Files\Western Digital
2015-01-18 01:40 . 2015-01-18 01:40 -------- d-----w- c:\program files\Western Digital
2015-01-18 01:39 . 2015-01-18 01:40 -------- d-----w- c:\program files (x86)\Western Digital
2015-01-18 01:38 . 2015-01-18 01:41 -------- d-----w- c:\programdata\Western Digital
2015-01-17 07:49 . 2015-01-17 07:49 -------- d-----w- c:\programdata\MemeoCommon
2015-01-17 07:48 . 2015-01-18 11:16 -------- d-----w- c:\users\brianboyns\AppData\Roaming\Memeo
2015-01-17 07:48 . 2015-01-17 07:48 -------- d-----w- c:\users\brianboyns\AppData\Roaming\Seagate
2015-01-17 07:46 . 2015-01-17 07:48 -------- d-----w- c:\program files (x86)\Common Files\Memeo
2015-01-17 07:46 . 2015-01-17 07:47 -------- d-----w- c:\program files (x86)\Memeo
2015-01-17 07:45 . 2015-01-17 07:46 -------- d-----w- c:\program files (x86)\Seagate
2015-01-17 07:44 . 2015-01-17 07:44 -------- d-----w- c:\users\brianboyns\AppData\Roaming\Leadertech
2015-01-17 07:14 . 2015-01-17 07:14 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-17 07:14 . 2015-01-17 07:14 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-17 07:13 . 2015-01-17 07:13 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-17 07:13 . 2015-01-17 07:13 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-17 07:13 . 2015-01-17 07:13 3971512 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-17 07:13 . 2015-01-17 07:13 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-17 07:13 . 2015-01-17 07:13 3916728 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-17 04:46 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6AD5A7F-E323-405D-9821-DEF36E6A2274}\mpengine.dll
2015-01-17 04:45 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-01-17 04:45 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-17 04:45 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-17 04:45 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-17 04:45 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-17 04:45 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-28 04:06 . 2015-01-18 12:11 -------- d-----w- c:\program files (x86)\trend micro
2014-12-28 04:05 . 2014-12-28 04:08 -------- d-----w- C:\rsit
2014-12-28 04:03 . 2014-12-28 04:03 -------- d-----w- c:\users\brianboyns\AppData\Roaming\Curiolab
2014-12-28 04:00 . 2015-01-17 02:39 -------- d-----w- c:\program files (x86)\Exterminate It!
2014-12-27 22:38 . 2014-12-27 22:38 -------- d-----w- c:\program files\Quick Heal
2014-12-27 11:33 . 2015-01-17 02:38 -------- d-----w- c:\users\brianboyns\AppData\Roaming\Avg_Update_1014av
2014-12-27 11:33 . 2015-01-17 02:38 -------- d-----w- c:\programdata\Avg_Update_1014av
2014-12-27 11:23 . 2014-12-27 11:23 -------- d-----w- c:\users\brianboyns\AppData\Roaming\AVG2015
2014-12-27 11:21 . 2014-12-27 11:21 -------- d-----w- c:\users\brianboyns\AppData\Roaming\TuneUp Software
2014-12-27 11:21 . 2014-12-27 11:22 -------- d-----w- c:\programdata\AVG2015
2014-12-27 11:21 . 2014-12-27 11:21 -------- d-----w- C:\$AVG
2014-12-27 11:20 . 2015-01-17 02:31 -------- d-----w- c:\program files (x86)\AVG
2014-12-27 11:17 . 2014-12-27 11:17 -------- d-s---w- c:\windows\SysWow64\Microsoft
2014-12-27 11:05 . 2014-12-27 11:35 -------- d-----w- c:\users\brianboyns\AppData\Local\Avg2015
2014-12-27 11:05 . 2014-12-27 11:05 -------- d--h--w- c:\programdata\Common Files
2014-12-27 11:05 . 2014-12-27 11:05 -------- d-----w- c:\users\brianboyns\AppData\Local\MFAData
2014-12-27 07:02 . 2015-01-17 07:27 -------- d-----w- c:\users\brianboyns\AppData\Roaming\LavasoftStatistics
2014-12-27 07:02 . 2014-12-16 20:10 358736 ----a-w- c:\windows\system32\LavasoftTcpService64.dll
2014-12-27 07:02 . 2014-12-16 20:10 312424 ----a-w- c:\windows\SysWow64\LavasoftTcpService.dll
2014-12-27 05:12 . 2014-12-27 05:12 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-12-27 04:42 . 2015-01-17 02:31 -------- d-----w- c:\program files (x86)\Common Files\SparkTrust
2014-12-26 09:30 . 2015-01-17 02:40 -------- d-----w- c:\users\Arborist.brianboyns-PC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-21 02:29 . 2014-04-14 19:00 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-17 05:00 . 2010-05-26 12:35 113365784 ----a-w- c:\windows\system32\MRT.exe
2015-01-17 04:59 . 2013-11-08 02:53 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-17 04:59 . 2013-11-08 02:53 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-08 17:55 . 2010-07-26 03:20 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 07:02 . 2014-12-19 07:02 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-19 07:02 . 2014-12-19 07:02 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-15 05:48 . 2014-12-15 05:48 26528 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2014-12-15 05:35 . 2014-12-15 05:35 43152 ----a-w- c:\windows\avastSS.scr
2014-12-15 03:04 . 2014-12-15 03:04 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-09 05:24 . 2014-12-09 05:24 260888 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-12-04 02:50 . 2014-12-09 23:39 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-09 23:39 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-09 23:39 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-09 23:39 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-09 23:39 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-09 23:39 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-09 23:39 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-09 23:39 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-09 23:38 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-09 23:38 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-09 23:38 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-09 23:38 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-09 23:38 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-09 23:38 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-09 23:38 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-09 23:38 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-09 23:38 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-09 23:38 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-09 23:38 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-09 23:38 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-09 23:38 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-09 23:38 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-09 23:38 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-09 23:38 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-09 23:38 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-09 23:38 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-09 23:38 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-09 23:38 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-09 23:38 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-09 23:38 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-09 23:38 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-09 23:38 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-09 23:38 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-09 23:38 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-09 23:38 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-09 23:38 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-09 23:38 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-09 23:38 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-09 23:38 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-09 23:38 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-09 23:38 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-09 23:38 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-09 23:38 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-09 23:38 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-09 23:38 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-09 23:38 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-09 23:38 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-09 23:38 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-21 14:14 . 2014-04-14 07:49 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 14:14 . 2014-04-14 07:49 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 14:14 . 2010-05-25 23:05 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-19 05:42 . 2014-11-19 05:42 203544 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2014-11-11 03:09 . 2014-12-09 23:38 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-20 11:43 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-20 11:43 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-09 23:38 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-20 11:43 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-20 11:43 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-09 23:38 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-09 23:34 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-09 23:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-10-30 02:03 . 2014-12-09 23:34 165888 ----a-w- c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-09 23:34 155136 ----a-w- c:\windows\SysWow64\charmap.exe
2014-10-25 01:57 . 2014-11-12 20:45 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 20:45 67584 ----a-w- c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-27 271744]
"AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2014-12-18 3667472]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]
"Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2009-11-05 236816]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-04-30 79112]
"DriveUtilitiesHelper"="c:\program files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe" [2014-05-23 1852264]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2014-07-22 5562736]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2014-10-23 1694048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 X5XSEx;X5XSEx;c:\program files (x86)\Free Ride Games\X5XSEx.Sys;c:\program files (x86)\Free Ride Games\X5XSEx.Sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
R3 cpuz134;cpuz134; [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 tapSF0901;Spotflux Virtual Network Device Driver;c:\windows\system32\DRIVERS\tapSF0901.sys;c:\windows\SYSNATIVE\DRIVERS\tapSF0901.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R4 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [x]
S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y62x64.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-07-14 01:14 126464 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-08 04:59]
.
2014-12-19 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2015-01-21 c:\windows\Tasks\SparkTrust Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2014-12-27 c:\windows\Tasks\SparkTrust Update Version3.job
- c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-11-20 01:18]
.
2014-12-27 c:\windows\Tasks\SparkTrust Update Version3_triggeronce.job
- c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-11-20 01:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-r- c:\users\brianboyns\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-r- c:\users\brianboyns\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-r- c:\users\brianboyns\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-r- c:\users\brianboyns\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-r- c:\users\brianboyns\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-r- c:\users\brianboyns\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-r- c:\users\brianboyns\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-r- c:\users\brianboyns\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2015-01-17 13774040]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-10-18 418360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-10-18 163384]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-10-18 387640]
.
------- Supplementary Scan -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKU-Default-Run-Exetender - c:\program files (x86)\Free Ride Games\GPlayer.exe
Wow6432Node-HKU-Default-Run-Advanced SystemCare 6 - c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
BHO-{10921475-03CE-4E04-90CE-E2E7EF20C814} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{35827710-D042-428B-A1E5-E20E12D2FEB9} - c:\program files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,84,a8,7f,39,d6,0e,29,4c,a7,4a,7a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,84,a8,7f,39,d6,0e,29,4c,a7,4a,7a,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2015-01-20 19:09:20 - machine was rebooted
ComboFix-quarantined-files.txt 2015-01-21 03:09
.
Pre-Run: 15,616,094,208 bytes free
Post-Run: 15,398,207,488 bytes free
.
- - End Of File - - A02E5C6D8F529276F0EF3431E27691F6
A36C5E4F47E84449FF07ED3517B43A31
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am
Top

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 20th, 2015, 11:29 pm

C. No obvious changes. Hard Drive space is down to 14.3 gigabytes left. Am starting to fear it's gonna keep going down until I can't save anything.

Other than that, I'm ready for more....
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am
Top

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby pgmigg » January 21st, 2015, 1:24 am

Hello Brian,

Hard Drive space is down to 14.3 gigabytes left. Am starting to fear it's gonna keep going down until I can't save anything.
Could you please list here all Backup programs installed on your computer?
I need to understand which Backup systems you are using now and which of them you installed by yourself.

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Files
C:\Windows\*.tmp
@C:\ProgramData\TEMP:DE406C3E
@C:\ProgramData\TEMP:B1FBBD09

:Commands
[emptyflash]
[emptyjava]
[emptytemp]
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • Processes > All <- Important
    • Extra Registry > Use SafeList
    • LOP check
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Answer for my question about Backup programs
  3. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  4. Contents of a OTL.txt log file after OTL fresh scan
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Top

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 21st, 2015, 2:11 am

A. No Problems with instructions
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am
Top
Advertisement
Register to Remove
PreviousNext
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 533 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index