Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Can't activate firewall

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Can't activate firewall

Unread postby rrubio08 » January 2nd, 2015, 4:55 am

Hello there, I have an ASUS laptop that runs Windows 7. Lately it's been acting rather weird. I have Malwarebytes on my system though it's not finding anything.

- I get random popups saying: "Error: Access Is Denied" (though this has perhaps gone away, hasn't happened in a while.)

- CPU usage is high even with no programs running.

- I tried to install the antivirus Avast, but it came with an error saying: "The Base Filtering Engine (BFE) service is not running".

- As stated in the title, I also can't activate the Windows Firewall :(.

I'll post my DDS logs below now. Hope I do it right, thanks for any help!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 10.45.2
Run by Ryan at 2:18:23 on 2015-01-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.890 [GMT -5:00]
.
AV: Trend Micro Internet Security *Disabled/Outdated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro Internet Security *Disabled/Outdated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\010\duuwysugju32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\system32\AUDIODG.EXE
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate09072013
uDefault_Page_URL = hxxp://asus.msn.com
uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [Akamai NetSession Interface] C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
uRun: [Google Update] "C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [TaskTray] <no file>
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Ryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{824B858D-235B-40BA-9885-0ECCA0A68197} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{824B858D-235B-40BA-9885-0ECCA0A68197}\649455F535543455255475966496 : DHCPNameServer = 131.94.7.220 131.94.205.10 131.94.226.10
TCP: Interfaces\{824B858D-235B-40BA-9885-0ECCA0A68197}\74275656E644F6C6078696E6 : DHCPNameServer = 205.152.144.23 205.152.132.23 192.168.1.1
TCP: Interfaces\{824B858D-235B-40BA-9885-0ECCA0A68197}\75169707F62747F5143636563737 : DHCPNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{824B858D-235B-40BA-9885-0ECCA0A68197}\84F4D454D224831323 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{824B858D-235B-40BA-9885-0ECCA0A68197}\C496D65635973616D6F62756 : DHCPNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{824B858D-235B-40BA-9885-0ECCA0A68197}\C4B4630383 : NameServer = 4.2.2.1,4.2.2.2
TCP: Interfaces\{824B858D-235B-40BA-9885-0ECCA0A68197}\C4B4630383 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A6775F7C-C096-4A0D-9CAF-C9A78F38C57B} : NameServer = 4.2.2.1
TCP: Interfaces\{A6775F7C-C096-4A0D-9CAF-C9A78F38C57B} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MRT] "C:\Windows\System32\MRT.exe" /R
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {AEA3991E-3109-4C98-989E-33994FEB1A91} - hxxp://content.systemrequirementslab.co ... .5.1.0.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\
FF - prefs.js: browser.search.selectedEngine - uTorrentControl_v2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT32204 ... CUI=SB_CUI
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... M=false&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.31010.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll
FF - plugin: C:\Program Files (x86)\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit_4000.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Users\Ryan\AppData\Local\RunRev\Components\LiveCodePlayer\9\nplcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - ExtSQL: !HIDDEN! 2011-03-09 22:28; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2010-6-14 15928]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-4-24 254528]
R1 netfilter64;netfilter64;C:\Windows\System32\drivers\netfilter64.sys [2014-11-19 41168]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-6-14 14904]
R2 tmpreflt;tmpreflt;C:\Windows\System32\drivers\tmpreflt.sys [2010-9-2 42576]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-10-15 117760]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-7-9 1222144]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-5-12 57856]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-5 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-1-1 63704]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-21 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
.
=============== Created Last 30 ================
.
2015-01-02 00:55:13 -------- d-----w- C:\ProgramData\AVAST Software
2015-01-01 07:52:46 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-01 07:51:52 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-01-01 07:51:52 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-01-01 07:51:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-01 00:29:24 -------- d-----w- C:\Program Files\Couponarific
2014-12-27 06:48:05 -------- d-----w- C:\Program Files (x86)\6315EBB8-4968-4AE5-8956-C5CABDE87E54
2014-12-27 06:46:35 -------- d-----w- C:\ProgramData\5558131108867548629
2014-12-27 06:46:35 -------- d-----w- C:\Program Files (x86)\YOeutuubeuAdBluoocke
2014-12-27 06:46:27 -------- d-----w- C:\Program Files\6315EBB8-4968-4AE5-8956-C5CABDE87E54
2014-12-27 06:46:26 -------- d-----w- C:\Program Files\010
2014-12-27 06:46:12 -------- d-----w- C:\ProgramData\ocgoekiniogeingdbieehndjkakdnljh
2014-12-27 06:45:04 -------- d-----w- C:\ProgramData\gefngeinjnbkghhploikfldjaekmafej
2014-12-11 16:45:18 -------- d-----w- C:\Windows\System32\appraiser
2014-12-10 14:42:33 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-10 14:42:31 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-09 21:14:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-12-09 21:14:01 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M ====================
.
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:43 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:55:16 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-21 11:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-19 15:38:44 41168 ----a-w- C:\Windows\System32\drivers\netfilter64.sys
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-10-30 02:04:21 1480192 ----a-w- C:\Windows\System32\crypt32.dll
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:46:24 1174528 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-07-09 17:52:17 1378888166 ----a-w- C:\Program Files (x86)\SilkroadOnline_GlobalOfficial_v1_403.exe
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 2:27:26.29 ===============

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/30/2010 6:42:39 AM
System Uptime: 1/1/2015 5:48:50 PM (9 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K50IJ
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | Socket 478 | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 446 GiB total, 195.429 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP266: 12/22/2014 1:09:28 AM - Windows Update
RP267: 12/22/2014 12:09:04 PM - Windows Update
RP268: 12/23/2014 3:00:12 AM - Windows Update
RP269: 12/24/2014 11:15:17 AM - Windows Update
RP270: 12/25/2014 12:32:09 PM - Windows Update
RP271: 12/26/2014 3:47:16 PM - Windows Update
RP272: 12/27/2014 3:00:17 AM - Windows Update
RP273: 12/28/2014 3:00:14 AM - Windows Update
RP274: 12/29/2014 3:00:14 AM - Windows Update
RP275: 12/31/2014 12:05:11 AM - Windows Update
RP276: 12/31/2014 3:00:13 AM - Windows Update
RP277: 12/31/2014 7:27:01 PM - Windows Update
RP278: 12/31/2014 7:30:37 PM - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
RP279: 1/1/2015 2:04:34 AM - Windows Update
RP280: 1/1/2015 2:09:46 AM - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
RP281: 1/1/2015 3:00:41 AM - Windows Update
RP282: 1/1/2015 3:56:39 AM - Windows Update
RP283: 1/1/2015 2:14:36 PM - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
RP284: 1/1/2015 2:42:27 PM - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
rrubio08
Active Member
 
Posts: 9
Joined: January 2nd, 2015, 2:06 am
Advertisement
Register to Remove

Re: Can't activate firewall

Unread postby pgmigg » January 5th, 2015, 2:41 pm

Hello rrubio08,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Can't activate firewall

Unread postby pgmigg » January 5th, 2015, 3:12 pm

Hello rrubio08,

Step 1.
Run CKScanner
  1. Please download CKScanner from here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 2.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Step 3.
MGA Diagnostics
I need you to run a tool which will aid in determining what additional steps we'll need to perform.
  1. Please download this tool from Microsoft and save it to your Desktop.
  2. Right click on MGADiag.exe and select Run As Administrator to run it.
  3. Click "Run" again and then click "Continue".
  4. The program will run. It takes a while to finish the diagnosis, please be patient.
  5. Once done, click on Copy.
  6. Open Notepad and paste the contents in. Save this file and post it in your next reply.

Step 4.
WVCheck
  1. Please download WVCheck.exe and save it to your Desktop.
  2. Right-click WVCheck.exe and select Run as administrator... to run the process.
  3. Read the comments on the screen, then press Enter.
    The scan can take a while depending on the size of your hard drive.
  4. Once the program is done, Notepad will open with the scan report. Save the report to your Desktop.
  5. Please copy and paste the contents of the Notepad file in your next reply.

Step 5.
ZOEK Scan
  1. First please Disable any Antivirus you have active, as shown in This topic.
    Note: Don't forget to re-enable it after the scan.
  2. Next please download zoek.exe and save it to your Desktop.
  3. Close any open browsers.
  4. Right click on zoek.exe and select "Run as administrator..." to run it. If prompted by UAC, please allow it.
  5. Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  6. Click the More Options button below the large panel and check the box:
    • Installed Programs
    • Startup Information
  7. Click on Run script button
  8. Please wait patiently (it may take a while) until a log report will open (this may be after reboot, if required)
  9. Copy and paste the contents of the opened entire report into your next reply.
    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Then:
Please tell me is this computer used for business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of CKFiles.txt log file
  3. Contents of a log created by codecheck.txt
  4. Contents of a log created by MGADiag.exe
  5. Contents of a log created by WVCheck.exe
  6. Contents of the zoek-results.log file
  7. Answers to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Can't activate firewall

Unread postby rrubio08 » January 5th, 2015, 8:25 pm

Hi, thanks for replying. I only had a problem with the ZOEK scan. I would click run as administrator, but nothing happened and I waited a while to make sure it wasn't just slow. Regarding the purpose for this computer, It's just my personal home laptop. I take it to school when I take classes, though I'm not taking any courses at the moment. Anyway, I'll post the results of the other 4 scans below
rrubio08
Active Member
 
Posts: 9
Joined: January 2nd, 2015, 2:06 am

Re: Can't activate firewall

Unread postby rrubio08 » January 5th, 2015, 8:26 pm

CKScanner:

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\programs\partygaming\partycasino\language\en_us\images\flashlobby\lobby\safecrackerkeno.swf
c:\programs\partygaming\partycasino\language\en_us\images\flashlobby\lobby\safecrackerkeno_popup.swf
c:\users\ryan\appdata\local\google\chrome\user data\default\local storage\http_crackberry.com_0.localstorage
c:\users\ryan\appdata\local\google\chrome\user data\default\local storage\http_crackberry.com_0.localstorage-journal
c:\users\ryan\appdata\local\google\chrome\user data\default\local storage\http_forums.crackberry.com_0.localstorage
c:\users\ryan\appdata\local\google\chrome\user data\default\local storage\http_forums.crackberry.com_0.localstorage-journal
c:\users\ryan\appdata\local\google\chrome\user data\default\local storage\http_www.cracked.com_0.localstorage
c:\users\ryan\appdata\local\google\chrome\user data\default\local storage\http_www.cracked.com_0.localstorage-journal
scanner sequence 3.CE.11.GTAAN0
----- EOF -----
rrubio08
Active Member
 
Posts: 9
Joined: January 2nd, 2015, 2:06 am

Re: Can't activate firewall

Unread postby rrubio08 » January 5th, 2015, 8:27 pm

CodeCheck Scan

Codecheck Version 1.0

01005
rrubio08
Active Member
 
Posts: 9
Joined: January 2nd, 2015, 2:06 am

Re: Can't activate firewall

Unread postby rrubio08 » January 5th, 2015, 8:28 pm

MGA Diagnostics

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR
Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=
Windows Product ID: 00359-OEM-8992687-00007
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {C9F26C06-50DA-47D5-9BEA-80608777BD0D}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.140706-1506
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{C9F26C06-50DA-47D5-9BEA-80608777BD0D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-9YQTR</PKey><PID>00359-OEM-8992687-00007</PID><PIDType>2</PIDType><SID>S-1-5-21-1451728270-2969058520-848758415</SID><SYSTEM><Manufacturer>ASUSTeK Computer Inc. </Manufacturer><Model>K50IJ </Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>218 </Version><SMBIOSVersion major="2" minor="5"/><Date>20100409000000.000000+000</Date></BIOS><HWID>8EA23407018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800007-02-1033-7600.0000-2092009
Installation ID: 090544935305157132258390800734191455357444126384069675
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 9YQTR
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 1/5/2015 4:42:41 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 10:6:2014 20:35
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MgAAAAIAAQABAAIAAAABAAAAAwABAAEA6GFQynKadxbSMx4ilAmGiZ6DUiZgs0hbRso=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 040910 APIC1622
FACP 040910 FACP1622
DBGP 040910 DBGP1622
HPET 040910 OEMHPET
BOOT 040910 BOOT1622
MCFG 040910 OEMMCFG
SLIC _ASUS_ Notebook
ECDT 040910 OEMECDT
OEMB 040910 OEMB1622
GSCI 040910 GMCHSCI
SSDT PmRef CpuPm
rrubio08
Active Member
 
Posts: 9
Joined: January 2nd, 2015, 2:06 am

Re: Can't activate firewall

Unread postby rrubio08 » January 5th, 2015, 8:29 pm

WVCheck

Windows Validation Check
Version: 1.9.12.5
Log Created On: 1646_05-01-2015
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2015-01-05 00:57:48
Last Success Time for Update Download: 2015-01-05 08:07:08
Last Success Time for Update Installation: 2015-01-05 08:01:06


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
Size: 15360 bytes
Creation; 20/5/2011 18:2:21
Modification; 20/11/2010 8:27:26
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 20/5/2011 18:2:15
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 21/5/2013 14:11:2
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\system64\slwga.dll
Size: 15360 bytes
Creation; 21/5/2013 14:11:13
Modification; 20/11/2010 8:27:26
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 14336 bytes
Creation; 21/5/2013 14:11:2
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_5b467ba9bd0679bb\slwga.dll
Size: 14848 bytes
Creation; 13/7/2009 19:52:11
Modification; 13/7/2009 21:41:54
MD5; cc03cf9f24946dcbd70acb3e1b2f05bf
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_5b856235bcd79403\slwga.dll
Size: 15360 bytes
Creation; 10/2/2011 17:33:50
Modification; 21/12/2010 1:15:31
MD5; b7213e92b270761b88b313b62ba0e13b
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_5be2bf06d6168a3a\slwga.dll
Size: 15360 bytes
Creation; 10/2/2011 17:33:50
Modification; 21/12/2010 1:9:5
MD5; 86b7d4d7a87ecb9e6bded44c52c8d5d9
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
Size: 15360 bytes
Creation; 21/5/2013 14:11:13
Modification; 20/11/2010 8:27:26
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 13/7/2009 19:36:22
Modification; 13/7/2009 21:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_ff66c6b2047a22cd\slwga.dll
Size: 14336 bytes
Creation; 10/2/2011 17:33:50
Modification; 21/12/2010 0:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_ffc423831db91904\slwga.dll
Size: 14336 bytes
Creation; 10/2/2011 17:33:50
Modification; 21/12/2010 0:29:6
MD5; 2332de32759ebcc691850e092b2564a6
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 21/5/2013 14:11:2
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3


-------- End of File, program close at 1653_05-01-2015 --------
rrubio08
Active Member
 
Posts: 9
Joined: January 2nd, 2015, 2:06 am

Re: Can't activate firewall

Unread postby pgmigg » January 5th, 2015, 10:59 pm

Hello rrubio08,

I only had a problem with the ZOEK scan. I would click run as administrator, but nothing happened and I waited a while to make sure it wasn't just slow.
It is possible even if it is a little bit strange. :roll: Let's run another scanner:

Scan with FRST
  1. Please download FRST ... by Farbar, from the link For 64-bit Systems and save it to your Desktop.
  2. Right-click FRST64.exe and select "Run as administrator..." to run it.
  3. When the tool opens click Yes to the disclaimer.
  4. Check the boxes labeled List BCD and Drivers MD5 under Optional Scan.
  5. Press Scan button. ... When finished a log file FRST.txt will be created .
  6. The first time the tool is run, it will create another log... Addition.txt.
  7. Please post the content of both FRST.txt and Addition.txt in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the FRST.txt file
  3. Contents of the Addition.txt file

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Can't activate firewall

Unread postby rrubio08 » January 5th, 2015, 11:16 pm

Hi, I didn't have any problems, though towards the end of the scan a pop up asking me if I wanted the program "aabbcc.exe" to make changes to the computer. I clicked the "X" in the top right and carried on. Anyway, here is the FRST file.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by Ryan (administrator) on RYAN-PC on 05-01-2015 22:11:02
Running from C:\Users\Ryan\Desktop
Loaded Profile: Ryan (Available profiles: Ryan & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\6315EBB8-4968-4AE5-8956-C5CABDE87E54\xtloowpkjv64.exe
() C:\Program Files\010\duuwysugju32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
(Computer Techtronics, LTD. ) C:\Windows\Temp\ss13.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
(ASUS) C:\Windows\AsScrPro.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
() C:\Windows\Temp\is-F6NCO.tmp\ss13.tmp
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AOL Inc.) C:\Program Files (x86)\AIM\aim.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc) C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc) C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Windows\Temp\db14.exe
() C:\Windows\Temp\db14.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [65309168 2012-10-11] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2245120 2009-09-17] (VIA)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [TaskTray] => [X]
HKLM-x32\...\Run: [NACAgentUI] => C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [610776 2012-12-03] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Ryuvkcjkhoi] => C:\Windows\system32\regsvr32.exe /s "C:\Windows\TEMP\lcclokw.dll"
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [4321112 2010-12-16] (AOL Inc.)
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe [3303000 2011-11-17] (Akamai Technologies, Inc)
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Run: [Google Update] => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-25] (Google Inc.)
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\MountPoints2: {0d0036b2-558f-11e0-83a1-485b398dea3c} - D:\setup.exe -a
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\MountPoints2: {b7da57dd-9b60-11e3-9182-485b398dea3c} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-22] (Microsoft Corporation)
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3520 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3520 series.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1451728270-2969058520-848758415-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=insDate09072013
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://asus.msn.com
URLSearchHook: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 - (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> DefaultScope {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=W ... toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=W ... toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM {AEA3991E-3109-4C98-989E-33994FEB1A91} http://content.systemrequirementslab.co ... .5.1.0.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{A6775F7C-C096-4A0D-9CAF-C9A78F38C57B}: [NameServer] 4.2.2.1

FireFox:
========
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default
FF SelectedSearchEngine: uTorrentControl_v2 Customized Web Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT32204 ... CUI=SB_CUI
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.as ... M=false&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31010.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @idsoftware.com/QuakeLive -> C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31010.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @millisecond.com/npInquisit,version=3.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF Plugin-x32: @millisecond.com/npInquisit,version=4.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit_4000.dll (Millisecond Software)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @livecode.runrev.com/LiveCode Player;version=1 -> C:\Users\Ryan\AppData\Local\RunRev\Components\LiveCodePlayer\9\nplcplugin.dll ()
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @millisecond.com/npInquisit,version=3.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @millisecond.com/npInquisit,version=4.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit_4000.dll (Millisecond Software)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptgeqplugin.dll (Tamarack Software, Inc.)
FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\searchplugins\daemon-search.xml
FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\searchplugins\utorrentcontrolv2-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinity.xml
FF Extension: DAEMON Tools Toolbar - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\DTToolbar@toolbarnet.com [2012-06-12]
FF Extension: YOeutuubeuAdBluoocke - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\gB8A@g.edu [2014-12-27]
FF Extension: MaskMe - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\idme@abine.com [2014-11-22]
FF Extension: uTorrentControl_v2 - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [2013-09-14]
FF Extension: TopLine - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\jid0-uIWxKlEIWnV1103pH2C8N6RsUe0@jetpack.xpi [2012-07-15]
FF Extension: turkopticon - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\{68d0652a-86ef-4c6a-89f4-808652357b2c}.xpi [2012-07-04]
FF Extension: Greasemonkey - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-11-24]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-04]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-09]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-01-06]
FF HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Xfinity) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb [2013-07-15]
CHR Extension: (Google Wallet) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (unIISaleus) - C:\ProgramData\gefngeinjnbkghhploikfldjaekmafej\ [2013-08-23]
CHR Extension: (unisaaeles) - C:\ProgramData\ocgoekiniogeingdbieehndjkakdnljh\ [2013-08-23]
CHR HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Ryan\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 CouponarificService64; C:\Program Files (x86)\6315EBB8-4968-4AE5-8956-C5CABDE87E54\xtloowpkjv64.exe [186368 2014-11-19] () [File not signed]
R2 duuwysugju32; C:\Program Files\010\duuwysugju32.exe [682992 2014-12-01] ()
R2 incdfs; C:\Windows\system32\mcvsrte.dll [6656 2009-07-13] (Oak Technology Inc.) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NACAgent; C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [1270744 2012-12-03] (Cisco Systems, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [859640 2010-02-23] (Trend Micro Inc.)
S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2010-02-23] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2010-02-23] (Trend Micro Inc.)
S2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2014-12-31] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-04-24] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [41168 2014-11-19] (NetFilterSDK.com)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-07-17] ()
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42576 2010-07-30] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2010-02-23] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [309840 2010-07-30] (Trend Micro Inc.)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1988176 2010-07-30] (Trend Micro Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 80B9412C4DE09147581FC935FB4C97AB
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\Drivers\AsDsm.sys 88FBC8BEBFD38566235EAA5E4DBC4E05
C:\Program Files\ATKGFNEX\ASMMAP64.sys 2DB34EDD17D3A8DA7105A19C95A3DD68
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 0ACC06FCF46F64ED4F11E57EE461C1F4
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys 3CA734CE373E5675FBC15CA2C45228E5
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\system32\drivers\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ETD.sys 3C38648375B7F3988691F53A7AAE10A9
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys B16B626996C74B564005BA855C5DEE90
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys BBB3B6DF1ABB0FE35802EDE85CC1C011
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 677AA5991026A65ADA128C4B59CF2BAD
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbfiltr.sys E63EF8C3271D014F14E2469CE75FECB4
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1E62x64.sys B8E670D7EF61615FA03104552854FAC9
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lullaby.sys 085435AE1A124361304044029B5CC644
C:\Windows\system32\drivers\mbam.sys CA43F8904E24BBE49982E4C0B29E6579
C:\Windows\system32\drivers\mwac.sys A646C2DDB8C46E9B20A326FAF566646C
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ATK64AMD.sys 032D35C996F21D19A205A7C8F0B76F3C
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\drivers\netfilter64.sys 92C2F52519BAB29EA135DF7ED65FFC83
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys 946010CDFA91469351B22E2620CEBCD8
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RimUsb_AMD64.sys 5790BCA445CC40DF8B38C2C48608AAC2
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SiSG664.sys 1BC348CF6BAA90EC8E533EF6E6A69933
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snp2uvc.sys A415C67B40DFB903ACCC1D40FBEE3269
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tmpreflt.sys 803EE35DF92815EA5D41CEE7410C8CC1
C:\Windows\System32\DRIVERS\tmtdi.sys 21CC12B7F8B44E91D03EAD5B17AAF0B2
C:\Windows\System32\DRIVERS\tmxpflt.sys 9BD32132A3470CEFB3CBEA5FA492BD6F
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\viahduaa.sys FE595D1A1B781190BB483444B62CC607
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vsapint.sys B01CE1F5A44126892240D179A6DBD43F
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys 52DED146E4797E6CCF94799E8E22BB2A
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: incdfs -> C:\Windows\system32\mcvsrte.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 22:11 - 2015-01-05 22:11 - 00046241 _____ () C:\Users\Ryan\Desktop\FRST.txt
2015-01-05 22:10 - 2015-01-05 22:11 - 00000000 ____D () C:\FRST
2015-01-05 22:08 - 2015-01-05 22:08 - 02123776 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2015-01-05 18:25 - 2015-01-05 18:25 - 00000000 ____D () C:\zoek_backup
2015-01-05 18:24 - 2015-01-05 18:59 - 00001773 _____ () C:\Users\Ryan\Desktop\New Text Document.txt
2015-01-05 18:23 - 2015-01-05 18:23 - 01295360 _____ () C:\Users\Ryan\Desktop\zoek.exe
2015-01-05 16:53 - 2015-01-05 16:53 - 00004857 _____ () C:\Users\Ryan\Desktop\WVCheck_1653_05-01-2015.txt
2015-01-05 16:44 - 2015-01-05 16:44 - 03514358 _____ () C:\Users\Ryan\Desktop\WVCheck.exe
2015-01-05 16:42 - 2015-01-05 16:44 - 00004903 _____ () C:\Users\Ryan\Desktop\MGA Diagnostics.txt
2015-01-05 16:42 - 2015-01-05 16:42 - 00000000 ____D () C:\MGADiagToolOutput
2015-01-05 16:40 - 2015-01-05 16:40 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2015-01-05 16:39 - 2015-01-05 16:39 - 02031992 _____ (Microsoft Corporation) C:\Users\Ryan\Desktop\MGADiag.exe
2015-01-05 16:37 - 2015-01-05 16:38 - 00000033 _____ () C:\Users\Ryan\Desktop\codecheck.txt
2015-01-05 16:37 - 2015-01-05 16:37 - 00025088 _____ () C:\Users\Ryan\Desktop\codecheck.exe
2015-01-05 16:19 - 2015-01-05 16:35 - 00000000 ____D () C:\Users\Ryan\Desktop\S
2015-01-05 15:51 - 2015-01-05 16:35 - 00001025 _____ () C:\Users\Ryan\Desktop\ckfiles.txt
2015-01-05 15:27 - 2015-01-05 15:27 - 00468480 _____ () C:\Users\Ryan\Desktop\CKScanner.exe
2015-01-02 02:27 - 2015-01-02 02:27 - 00025071 _____ () C:\Users\Ryan\Desktop\dds.txt
2015-01-02 02:27 - 2015-01-02 02:27 - 00003036 _____ () C:\Users\Ryan\Desktop\attach.txt
2015-01-02 02:17 - 2015-01-02 02:17 - 00688992 ____R (Swearware) C:\Users\Ryan\Desktop\dds.scr
2015-01-01 19:55 - 2015-01-01 19:55 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-01 19:52 - 2015-01-01 19:52 - 05006864 _____ (AVAST Software) C:\Users\Ryan\Downloads\avast_free_antivirus_setup_online.exe
2015-01-01 19:52 - 2015-01-01 19:52 - 05006864 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2015-01-01 02:52 - 2015-01-01 14:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 02:51 - 2015-01-01 02:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-01 02:51 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-01 02:51 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-01 02:14 - 2015-01-01 02:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-01 02:14 - 2015-01-01 02:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-01 02:14 - 2015-01-01 02:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-01 02:14 - 2015-01-01 02:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2014-12-31 19:29 - 2015-01-03 13:29 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2014-12-31 19:29 - 2015-01-03 13:29 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2014-12-31 19:29 - 2014-12-31 19:29 - 00000000 ____D () C:\Program Files\Couponarific
2014-12-31 02:59 - 2014-12-31 04:12 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural.S10E09.HDTV.x264-LOL[ettv]
2014-12-31 02:57 - 2014-12-31 02:57 - 00016204 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e09.hdtv.x264.lol.ettv.torrent
2014-12-31 01:21 - 2014-12-31 01:41 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural S10E08 HDTV XviD-FUM[ettv]
2014-12-31 01:21 - 2014-12-31 01:21 - 00028745 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e08.hdtv.xvid.fum.ettv.torrent
2014-12-30 00:13 - 2014-12-30 00:34 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural.S10E07.HDTV.x264-LOL[ettv]
2014-12-30 00:12 - 2014-12-30 00:12 - 00017250 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e07.hdtv.x264.lol.ettv.torrent
2014-12-29 21:37 - 2014-12-29 21:47 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural.S10E06.HDTV.x264-LOL[ettv]
2014-12-29 21:36 - 2014-12-29 21:36 - 00016954 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e06.hdtv.x264.lol.ettv.torrent
2014-12-29 15:06 - 2014-12-29 15:15 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural S10E05 HDTV x264-LOL[ettv]
2014-12-29 15:05 - 2014-12-29 15:05 - 00016204 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e05.hdtv.x264.lol.ettv.torrent
2014-12-28 01:11 - 2014-12-29 00:19 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural S10E04 HDTV x264-LOL[ettv]
2014-12-28 01:11 - 2014-12-28 01:11 - 00015498 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e04.hdtv.x264.lol.ettv.torrent
2014-12-27 23:47 - 2014-12-28 00:41 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural S10E03 HDTV x264-LOL[ettv]
2014-12-27 23:46 - 2014-12-27 23:46 - 00016615 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e03.hdtv.x264.lol.ettv.torrent
2014-12-27 01:49 - 2014-12-27 01:49 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural S10E02 HDTV x264-LOL[ettv]
2014-12-27 01:48 - 2014-12-27 01:48 - 00018398 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e02.hdtv.x264.lol.ettv.torrent
2014-12-27 01:48 - 2014-12-27 01:48 - 00000005 _____ () C:\end
2014-12-27 01:48 - 2014-12-27 01:48 - 00000000 ____D () C:\Program Files (x86)\6315EBB8-4968-4AE5-8956-C5CABDE87E54
2014-12-27 01:46 - 2015-01-01 03:42 - 00000000 ____D () C:\Program Files (x86)\YOeutuubeuAdBluoocke
2014-12-27 01:46 - 2014-12-27 01:46 - 00000000 ____D () C:\ProgramData\ocgoekiniogeingdbieehndjkakdnljh
2014-12-27 01:46 - 2014-12-27 01:46 - 00000000 ____D () C:\ProgramData\5558131108867548629
2014-12-27 01:46 - 2014-12-27 01:46 - 00000000 ____D () C:\Program Files\6315EBB8-4968-4AE5-8956-C5CABDE87E54
2014-12-27 01:46 - 2014-12-27 01:46 - 00000000 ____D () C:\Program Files\010
2014-12-27 01:45 - 2014-12-27 01:45 - 00000000 ____D () C:\ProgramData\gefngeinjnbkghhploikfldjaekmafej
2014-12-16 23:22 - 2014-12-17 00:34 - 00000000 ____D () C:\Users\Ryan\Downloads\The Walking Dead S5 1-8
2014-12-16 23:20 - 2014-12-16 23:20 - 00018206 _____ () C:\Users\Ryan\Downloads\[kickass.so]the.walking.dead.s5.1.8.torrent
2014-12-16 22:54 - 2014-12-16 22:55 - 00013573 _____ () C:\Users\Ryan\Downloads\[kickass.so]the.walking.dead.season.5.first.8.episodes.with.subtitles.torrent
2014-12-14 23:33 - 2014-12-14 23:33 - 00883712 _____ () C:\Users\Ryan\Downloads\Chap020.ppt
2014-12-11 11:45 - 2014-12-11 11:45 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 09:42 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 09:42 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-09 16:16 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 16:16 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 16:16 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 16:16 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 16:16 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 16:16 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 16:16 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 16:16 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 16:16 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 16:16 - 2014-11-21 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 16:16 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 16:16 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 16:16 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 16:16 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 16:16 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 16:16 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 16:16 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 16:16 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 16:16 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 16:16 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 16:16 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 16:16 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 16:16 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 16:16 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 16:16 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-09 16:16 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 16:16 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 16:16 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 16:16 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 16:16 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 16:16 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 16:16 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 16:16 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 16:16 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 16:16 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 16:16 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 16:16 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 16:16 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 16:16 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 16:16 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 16:16 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 16:16 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 16:16 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 16:16 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 16:15 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 16:15 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 16:15 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 16:15 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 16:15 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 16:15 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 16:15 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 16:15 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 16:15 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 16:15 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 16:15 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 16:15 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 16:15 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 16:15 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 16:15 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 16:15 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 16:15 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 16:15 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 16:15 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 16:15 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 16:15 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 16:15 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 16:15 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 16:15 - 2014-10-29 21:04 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-09 16:15 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 16:15 - 2014-10-29 20:46 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-09 16:15 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 16:15 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 16:15 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 16:15 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 16:15 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 16:15 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 16:15 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 16:15 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 16:15 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 16:15 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 16:15 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 16:14 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 16:14 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 21:33 - 2012-08-25 12:22 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1451728270-2969058520-848758415-1001UA.job
2015-01-05 21:15 - 2010-06-14 21:18 - 01337661 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 20:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At42.job
2015-01-05 20:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At41.job
2015-01-05 20:17 - 2009-07-13 23:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 20:17 - 2009-07-13 23:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 20:11 - 2011-11-15 20:59 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Akamai
2015-01-05 20:07 - 2012-12-29 14:09 - 00221504 _____ () C:\Windows\setupact.log
2015-01-05 20:07 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 19:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At40.job
2015-01-05 19:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At39.job
2015-01-05 18:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At38.job
2015-01-05 18:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At37.job
2015-01-05 17:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At36.job
2015-01-05 17:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At35.job
2015-01-05 16:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At34.job
2015-01-05 16:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At33.job
2015-01-05 15:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At32.job
2015-01-05 15:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At31.job
2015-01-05 14:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At30.job
2015-01-05 14:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At29.job
2015-01-05 13:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At28.job
2015-01-05 13:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At27.job
2015-01-05 12:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At26.job
2015-01-05 12:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At24.job
2015-01-05 12:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At25.job
2015-01-05 12:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At23.job
2015-01-05 10:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At22.job
2015-01-05 10:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At21.job
2015-01-05 10:41 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At20.job
2015-01-05 10:41 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At18.job
2015-01-05 10:41 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At16.job
2015-01-05 10:41 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At14.job
2015-01-05 10:41 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At12.job
2015-01-05 10:41 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At19.job
2015-01-05 10:41 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At17.job
2015-01-05 10:41 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At15.job
2015-01-05 10:41 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At13.job
2015-01-05 10:41 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At11.job
2015-01-05 04:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At10.job
2015-01-05 04:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At9.job
2015-01-05 03:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At8.job
2015-01-05 03:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At7.job
2015-01-05 02:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At6.job
2015-01-05 02:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At5.job
2015-01-05 01:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At4.job
2015-01-05 01:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At3.job
2015-01-05 01:33 - 2012-08-25 12:22 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1451728270-2969058520-848758415-1001Core.job
2015-01-05 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At48.job
2015-01-05 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At46.job
2015-01-05 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At44.job
2015-01-05 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At2.job
2015-01-05 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At47.job
2015-01-05 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At45.job
2015-01-05 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At43.job
2015-01-05 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At1.job
2015-01-01 14:41 - 2013-01-14 10:00 - 00277542 _____ () C:\Windows\PFRO.log
2015-01-01 14:40 - 2013-01-13 02:25 - 00000000 ____D () C:\Users\Ryan\AppData\Local\PMB Files
2015-01-01 14:19 - 2010-12-27 22:49 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype
2015-01-01 14:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-01 02:53 - 2012-09-05 20:54 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-01 02:52 - 2012-09-05 20:55 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Malwarebytes
2015-01-01 02:51 - 2012-09-05 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-01 02:10 - 2010-06-14 21:53 - 00001254 _____ () C:\Windows\system32\ServiceFilter.ini
2014-12-31 03:54 - 2012-12-03 20:49 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\uTorrent
2014-12-14 23:33 - 2012-12-19 17:56 - 00308736 ___SH () C:\Users\Ryan\Downloads\Thumbs.db
2014-12-12 01:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 16:35 - 2012-08-25 12:23 - 00002362 _____ () C:\Users\Ryan\Desktop\Google Chrome.lnk
2014-12-11 11:54 - 2009-07-14 00:13 - 00866832 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-11 11:49 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-11 11:47 - 2012-06-12 10:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 11:47 - 2012-05-24 02:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-11 11:47 - 2012-05-24 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-11 11:45 - 2014-04-30 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 11:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 09:45 - 2011-04-24 23:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 09:41 - 2012-05-24 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-09 21:14 - 2012-08-25 12:22 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1451728270-2969058520-848758415-1001UA

ZeroAccess:
C:\Windows\System32\consrv.dll

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
C:\ProgramData\O4Ol0Glu.dat
C:\ProgramData\odbcHost64.dll
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job


Some content of TEMP:
====================
C:\Users\Ryan\AppData\Local\Temp\05596eru0p11w4S1.dll
C:\Users\Ryan\AppData\Local\Temp\0AtJU3H08j7kIYj5.dll
C:\Users\Ryan\AppData\Local\Temp\0han9IqtiL4v1LGy.dll
C:\Users\Ryan\AppData\Local\Temp\0q4Efl4Xb3N460DN.dll
C:\Users\Ryan\AppData\Local\Temp\0R3Cuh2VoU82KcWR.dll
C:\Users\Ryan\AppData\Local\Temp\16RW2XHuevihdQDe.dll
C:\Users\Ryan\AppData\Local\Temp\1hB87W0z47619wcL.dll
C:\Users\Ryan\AppData\Local\Temp\1ixFGfQvu5ONuzON.dll
C:\Users\Ryan\AppData\Local\Temp\1QAKwa7TxxaN1toB.dll
C:\Users\Ryan\AppData\Local\Temp\20k8zzLeg55rp34J.dll
C:\Users\Ryan\AppData\Local\Temp\217z5p9amtwhmcF4.dll
C:\Users\Ryan\AppData\Local\Temp\2ayF2NrYv5cojV9a.dll
C:\Users\Ryan\AppData\Local\Temp\2clV425y48NanqFo.dll
C:\Users\Ryan\AppData\Local\Temp\2dY65R25gwCir6G1.dll
C:\Users\Ryan\AppData\Local\Temp\2Egsrr243md7kQJC.dll
C:\Users\Ryan\AppData\Local\Temp\2Y1c2gk03q226E9W.dll
C:\Users\Ryan\AppData\Local\Temp\388ReHQr11iSE6t9.dll
C:\Users\Ryan\AppData\Local\Temp\3A072xf3TSz85Bc6.dll
C:\Users\Ryan\AppData\Local\Temp\3i2N0vP3LRN3G61M.dll
C:\Users\Ryan\AppData\Local\Temp\3IRavuh8B62638mF.dll
C:\Users\Ryan\AppData\Local\Temp\3jhGn3p3mb4Nxr61.dll
C:\Users\Ryan\AppData\Local\Temp\3sLXLADZvUHh7D09.dll
C:\Users\Ryan\AppData\Local\Temp\3USe0qa64Szkj8wL.dll
C:\Users\Ryan\AppData\Local\Temp\40TdzDz589m7f18L.dll
C:\Users\Ryan\AppData\Local\Temp\41Y3JDxsdUS2px0Z.dll
C:\Users\Ryan\AppData\Local\Temp\430Et8462t3DTs4M.dll
C:\Users\Ryan\AppData\Local\Temp\4FA1196rUH9dEQrK.dll
C:\Users\Ryan\AppData\Local\Temp\4ZHN2b1d29QpD0Z5.dll
C:\Users\Ryan\AppData\Local\Temp\52dU8B31Vz0f041D.dll
C:\Users\Ryan\AppData\Local\Temp\58eUVcI5PBE8FRFP.dll
C:\Users\Ryan\AppData\Local\Temp\5d09IokO2ZDBr2c6.dll
C:\Users\Ryan\AppData\Local\Temp\5Jc07xDr2d6t23do.dll
C:\Users\Ryan\AppData\Local\Temp\69r4D43n5EH3Qjy6.dll
C:\Users\Ryan\AppData\Local\Temp\6l4mb003085T5R00.dll
C:\Users\Ryan\AppData\Local\Temp\6l9ewc8D92sooBI9.dll
C:\Users\Ryan\AppData\Local\Temp\6rLUGKXvk6g9518S.dll
C:\Users\Ryan\AppData\Local\Temp\748CRTfX418umi1r.dll
C:\Users\Ryan\AppData\Local\Temp\75kjrRNjO2R76nvy.dll
C:\Users\Ryan\AppData\Local\Temp\7615ZtIw5BW27Yo6.dll
C:\Users\Ryan\AppData\Local\Temp\7aLncqhS406OaP64.dll
C:\Users\Ryan\AppData\Local\Temp\7F3oIxKiBjs9ZwDG.dll
C:\Users\Ryan\AppData\Local\Temp\7qJr9QZt8E04pJ8Q.dll
C:\Users\Ryan\AppData\Local\Temp\7VDGWN832QRwh6Kv.dll
C:\Users\Ryan\AppData\Local\Temp\7vgs9ZCs6Ts4JJR4.dll
C:\Users\Ryan\AppData\Local\Temp\7ZacT7k5UTQxQp75.dll
C:\Users\Ryan\AppData\Local\Temp\815516k9Y1oihRN4.dll
C:\Users\Ryan\AppData\Local\Temp\86wazg4qxZ1u8dA8.dll
C:\Users\Ryan\AppData\Local\Temp\8CRtmlWV5yaM6mdJ.dll
C:\Users\Ryan\AppData\Local\Temp\8j4SXFQjPnafy7E3.dll
C:\Users\Ryan\AppData\Local\Temp\8K1J6DB3N26Xl6T5.dll
C:\Users\Ryan\AppData\Local\Temp\8pvmUzjrmzi169wv.dll
C:\Users\Ryan\AppData\Local\Temp\8UEVMK325g6y2121.dll
C:\Users\Ryan\AppData\Local\Temp\8VAOe2TgQ8mAKWkq.dll
C:\Users\Ryan\AppData\Local\Temp\91zd92O1mTgIALdh.dll
C:\Users\Ryan\AppData\Local\Temp\920OU0r4m5cWve83.dll
C:\Users\Ryan\AppData\Local\Temp\934E98Q8v79jGmJs.dll
C:\Users\Ryan\AppData\Local\Temp\9c81Kn80uiPsm724.dll
C:\Users\Ryan\AppData\Local\Temp\9gTQF2zl55hFKx9c.dll
C:\Users\Ryan\AppData\Local\Temp\9hA1z3d8bA7P7k0m.dll
C:\Users\Ryan\AppData\Local\Temp\9M26iZBeOLg2q874.dll
C:\Users\Ryan\AppData\Local\Temp\9P2A3r6cU3xBsuX9.dll
C:\Users\Ryan\AppData\Local\Temp\a2jEG2wk8MNgYx7v.dll
C:\Users\Ryan\AppData\Local\Temp\AmqGbLKX8jRB8Prg.dll
C:\Users\Ryan\AppData\Local\Temp\aN84P01nMY58137m.dll
C:\Users\Ryan\AppData\Local\Temp\au8NdmwAt09Bk7Yl.dll
C:\Users\Ryan\AppData\Local\Temp\Az5N80klXl52pM27.dll
C:\Users\Ryan\AppData\Local\Temp\B1uB9ojw2MZo6MBi.dll
C:\Users\Ryan\AppData\Local\Temp\b3y7iN629pE3n8Vo.dll
C:\Users\Ryan\AppData\Local\Temp\b40QKN5u86I3mh2S.dll
C:\Users\Ryan\AppData\Local\Temp\b5C99r4b0GcH8J6p.dll
C:\Users\Ryan\AppData\Local\Temp\bFfAs49A366DKVZo.dll
C:\Users\Ryan\AppData\Local\Temp\BVC7Qw7M3LzN22gu.dll
C:\Users\Ryan\AppData\Local\Temp\BxL26qf9Dl1U11r2.dll
C:\Users\Ryan\AppData\Local\Temp\By3JxmaojNUE2T1u.dll
C:\Users\Ryan\AppData\Local\Temp\C6uVAdho643h28za.dll
C:\Users\Ryan\AppData\Local\Temp\C9oWXZraSjhGOV9i.dll
C:\Users\Ryan\AppData\Local\Temp\CRs20A6uMGzmdGcv.dll
C:\Users\Ryan\AppData\Local\Temp\D9726JHh3B587ORy.dll
C:\Users\Ryan\AppData\Local\Temp\dv7NI0zdaxeI53E7.dll
C:\Users\Ryan\AppData\Local\Temp\e3G7cVuqh7w28K6k.dll
C:\Users\Ryan\AppData\Local\Temp\eesL2agMchLsDPeg.dll
C:\Users\Ryan\AppData\Local\Temp\EI1i5LquL9O8YtOZ.dll
C:\Users\Ryan\AppData\Local\Temp\El0RvWOX8D2q5sUf.dll
C:\Users\Ryan\AppData\Local\Temp\evM8HC46D5uSdw89.dll
C:\Users\Ryan\AppData\Local\Temp\F32Um5rksk3967sz.dll
C:\Users\Ryan\AppData\Local\Temp\FDQxtClPxIxc461s.dll
C:\Users\Ryan\AppData\Local\Temp\fm8O5335kwQG5aB5.dll
C:\Users\Ryan\AppData\Local\Temp\gfjUSb8lUbInQ1O7.dll
C:\Users\Ryan\AppData\Local\Temp\gMm5j6a9etfi2a9E.dll
C:\Users\Ryan\AppData\Local\Temp\gN8g86dF55OU1ctP.dll
C:\Users\Ryan\AppData\Local\Temp\GtQ77y8e3qV43n34.dll
C:\Users\Ryan\AppData\Local\Temp\H311Q6sC2UH23R06.dll
C:\Users\Ryan\AppData\Local\Temp\H9M30S6y4g2l7YoL.dll
C:\Users\Ryan\AppData\Local\Temp\hHk6U6x2cWD5b7nl.dll
C:\Users\Ryan\AppData\Local\Temp\HWIqy7644kVcIF7U.dll
C:\Users\Ryan\AppData\Local\Temp\hxkPLy6dli6wrJOC.dll
C:\Users\Ryan\AppData\Local\Temp\I11coWvf06JQt2hG.dll
C:\Users\Ryan\AppData\Local\Temp\i2Y6HRwBcZT43D8W.dll
C:\Users\Ryan\AppData\Local\Temp\i3FmRQg1KcLr63D8.dll
C:\Users\Ryan\AppData\Local\Temp\i82IUWw981xzqJ88.dll
C:\Users\Ryan\AppData\Local\Temp\iZ77KcWerqcYhH3i.dll
C:\Users\Ryan\AppData\Local\Temp\Jl8A2YsAwxSrZB1k.dll
C:\Users\Ryan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\jutoldQaY53B3t1C.dll
C:\Users\Ryan\AppData\Local\Temp\k41V48P414u90gu8.dll
C:\Users\Ryan\AppData\Local\Temp\kBR6bvY3Sh9P29fo.dll
C:\Users\Ryan\AppData\Local\Temp\Ke16ifOibDWMtFCE.dll
C:\Users\Ryan\AppData\Local\Temp\KGG01P800Jo11xOQ.dll
C:\Users\Ryan\AppData\Local\Temp\kGK3wv7vbC9i9BAc.dll
C:\Users\Ryan\AppData\Local\Temp\LJTA48X97MFMp535.dll
C:\Users\Ryan\AppData\Local\Temp\ll7Yh71MfRMr1YzC.dll
C:\Users\Ryan\AppData\Local\Temp\M2s4Ezem7iSvjwRw.dll
C:\Users\Ryan\AppData\Local\Temp\M3G0UBz44LsPn9JU.dll
C:\Users\Ryan\AppData\Local\Temp\m45s9Daa1e2RC8pr.dll
C:\Users\Ryan\AppData\Local\Temp\MA46v358zxrJs1Dd.dll
C:\Users\Ryan\AppData\Local\Temp\MLeoCmOCt9sBA5g9.dll
C:\Users\Ryan\AppData\Local\Temp\Mmk2h5IrROVkW8yY.dll
C:\Users\Ryan\AppData\Local\Temp\mv3b4NeRDWMUI361.dll
C:\Users\Ryan\AppData\Local\Temp\Mvy5As65gV23hL0q.dll
C:\Users\Ryan\AppData\Local\Temp\N6ZD9uTkiDrt168L.dll
C:\Users\Ryan\AppData\Local\Temp\nHq0Lk1cWd1dDsQX.dll
C:\Users\Ryan\AppData\Local\Temp\OEL5rdM6s8mRP3zw.dll
C:\Users\Ryan\AppData\Local\Temp\OJhPEUcXl3j50v48.dll
C:\Users\Ryan\AppData\Local\Temp\oL7jNgrgFc1LaYsV.dll
C:\Users\Ryan\AppData\Local\Temp\osSqUrbaypPsZS0y.dll
C:\Users\Ryan\AppData\Local\Temp\P04nj0BuhQXY2V43.dll
C:\Users\Ryan\AppData\Local\Temp\p0u40Fn39GiXR6Wg.dll
C:\Users\Ryan\AppData\Local\Temp\pkz6Zu6g1tOpD5Rk.dll
C:\Users\Ryan\AppData\Local\Temp\PPNPCk9L8go7UQcY.dll
C:\Users\Ryan\AppData\Local\Temp\ppU28SU6UFcruh41.dll
C:\Users\Ryan\AppData\Local\Temp\pz65cYI3z2cOsaTo.dll
C:\Users\Ryan\AppData\Local\Temp\QH19pXMT664SEYSB.dll
C:\Users\Ryan\AppData\Local\Temp\qWL81EVrYA5lD852.dll
C:\Users\Ryan\AppData\Local\Temp\R3JnVVfLO86ISHE8.dll
C:\Users\Ryan\AppData\Local\Temp\R77M8829pTx75eCP.dll
C:\Users\Ryan\AppData\Local\Temp\rBUE1Tsitj6fyyvF.dll
C:\Users\Ryan\AppData\Local\Temp\rCXod24oH7CeO7EE.dll
C:\Users\Ryan\AppData\Local\Temp\rp0rlDf619105OiO.dll
C:\Users\Ryan\AppData\Local\Temp\RSRXUPbeHWZv6eZ4.dll
C:\Users\Ryan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ryan\AppData\Local\Temp\Sn5G6cIA98QC5Jb6.dll
C:\Users\Ryan\AppData\Local\Temp\ss5xN2bU3ChjmIke.dll
C:\Users\Ryan\AppData\Local\Temp\SSOwXYg34Gu2Pa8o.dll
C:\Users\Ryan\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Ryan\AppData\Local\Temp\T6Y0aSV4xFHVhMa3.dll
C:\Users\Ryan\AppData\Local\Temp\T93rvl6g4I27oWeW.dll
C:\Users\Ryan\AppData\Local\Temp\te8Hj2PSOElMdmi2.dll
C:\Users\Ryan\AppData\Local\Temp\TEXsIaV5Irg3jOau.dll
C:\Users\Ryan\AppData\Local\Temp\Tf0OBF5u838eqe9l.dll
C:\Users\Ryan\AppData\Local\Temp\tgSbhk0upiX7UE80.dll
C:\Users\Ryan\AppData\Local\Temp\UBw9fb1Y1iZus5gL.dll
C:\Users\Ryan\AppData\Local\Temp\uF7uqBxT66QzgxNV.dll
C:\Users\Ryan\AppData\Local\Temp\uGQ8kKTF7ejb4N6R.dll
C:\Users\Ryan\AppData\Local\Temp\uLNb6Pn2xQmG1mb6.dll
C:\Users\Ryan\AppData\Local\Temp\uNhC382V8shIV665.dll
C:\Users\Ryan\AppData\Local\Temp\UQE7L51ww11fvUs0.dll
C:\Users\Ryan\AppData\Local\Temp\v0cQ2XcB0Tp5RE02.dll
C:\Users\Ryan\AppData\Local\Temp\Vh1dx0GUK2Ie8yn9.dll
C:\Users\Ryan\AppData\Local\Temp\w2Y9yEBRQnBC3K3X.dll
C:\Users\Ryan\AppData\Local\Temp\wieVi8Sg3WP3uaT9.dll
C:\Users\Ryan\AppData\Local\Temp\wPW17GMuV8SXiQ59.dll
C:\Users\Ryan\AppData\Local\Temp\X54qvSvm92pfPCuj.dll
C:\Users\Ryan\AppData\Local\Temp\xcywH68sx4EOYuGc.dll
C:\Users\Ryan\AppData\Local\Temp\xXT6PRoA2Yw7o8xB.dll
C:\Users\Ryan\AppData\Local\Temp\y1PD668d59fYVMAT.dll
C:\Users\Ryan\AppData\Local\Temp\Y924QX9mi4BOBsPw.dll
C:\Users\Ryan\AppData\Local\Temp\YD6y6lL7PmlrPp86.dll
C:\Users\Ryan\AppData\Local\Temp\Yn6091Hbp3j21fJ9.dll
C:\Users\Ryan\AppData\Local\Temp\yPjj4Qa82218U6K1.dll
C:\Users\Ryan\AppData\Local\Temp\Yrw0D543Oe7LkA1F.dll
C:\Users\Ryan\AppData\Local\Temp\YSu6zS5hb0TWjb04.dll
C:\Users\Ryan\AppData\Local\Temp\yxmj785I5Y87070x.dll
C:\Users\Ryan\AppData\Local\Temp\z6oqGz8ss0T1oP52.dll
C:\Users\Ryan\AppData\Local\Temp\z7uBNhO8bO8JLAO0.dll
C:\Users\Ryan\AppData\Local\Temp\Z8HT5iOlKA45ahK0.dll
C:\Users\Ryan\AppData\Local\Temp\Zg4RNo6H3aW30e70.dll
C:\Users\Ryan\AppData\Local\Temp\zI3vAR93SSYDpVwv.dll
C:\Users\Ryan\AppData\Local\Temp\Zm8z1QT0w5prvP01.dll
C:\Users\Ryan\AppData\Local\Temp\ZndTk2p7pdorrG2P.dll
C:\Users\Ryan\AppData\Local\Temp\Zvw19O9o114iKITp.dll
C:\Users\Ryan\AppData\Local\Temp\zZEmOwDH8E73eXp6.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

==================== BCD ================================
'bcdedit' is not recognized as an internal or external command,
operable program or batch file.



LastRegBack: 2015-01-05 18:04

==================== End Of Log ============================
rrubio08
Active Member
 
Posts: 9
Joined: January 2nd, 2015, 2:06 am

Re: Can't activate firewall

Unread postby rrubio08 » January 5th, 2015, 11:18 pm

The Addition file.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
Ran by Ryan at 2015-01-05 22:12:15
Running from C:\Users\Ryan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Internet Security (Disabled - Out of date) {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
AS: Trend Micro Internet Security (Disabled - Out of date) {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.2.28595 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Ace of Spades (HKLM-x32\...\{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}) (Version: 0.75.015 - Ben Aksoy)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Connect Add-in (HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Adobe Connect Add-in) (Version: - )
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.3.300.262 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AIM 7 (HKLM-x32\...\AIM_7) (Version: - )
Akamai NetSession Interface (HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Akamai) (Version: - )
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Aleks 3.14 (HKLM-x32\...\Aleks 3.14) (Version: - )
Apple Application Support (HKLM-x32\...\{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}) (Version: 1.5.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.28 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version: - )
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0006 - ASUS)
Best Buy pc app (HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\48e4cff94f039634) (Version: 3.1.2.0 - Best Buy)
Best Buy pc app (Version: 3.1.2.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.2.0 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
BovadaPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version: - )
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Build and Shoot Launcher 1.1 (HKLM-x32\...\Build and Shoot Launcher) (Version: 1.1 - Buld Then Snip, LLC)
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
Cisco NAC Agent (HKLM-x32\...\{0CB855E9-B05A-41C7-B743-C286A08433D0}) (Version: 4.9.2.8 - Cisco Systems, Inc.)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
couponarific (HKLM\...\6315EBB8-4968-4AE5-8956-C5CABDE87E54) (Version: 2.0.1 - couponarific) <==== ATTENTION
Cross Fire En (HKLM-x32\...\Cross Fire_is1) (Version: - Z8Games.com)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D1600 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
DAEMON Tools Toolbar (HKLM-x32\...\DAEMON Tools Toolbar) (Version: 1.1.4.0024 - DT Soft Ltd) <==== ATTENTION
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_SF_06_D1600_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTION
Driver Detective (HKLM-x32\...\{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}) (Version: 7 - PC Drivers HeadQuarters)
Driver Genius Professional Edition (HKLM-x32\...\Driver Genius Professional Edition_is1) (Version: 10.0 - Driver-Soft Inc.)
EasyBits GO (HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Game Organizer) (Version: - EasyBits Media)
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version: - )
F.lux (HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Flux) (Version: - )
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
FrostWire 4.21.5 (HKLM-x32\...\FrostWire) (Version: 4.21.5.0 - FrostWire Team)
FrostWire 5.4.0 (HKLM-x32\...\FrostWire 5) (Version: 5.4.0.0 - FrostWire Team)
Ghost Recon Phantoms - NA (HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\fc418bf9b18f76aa) (Version: 1.35.9476.1 - Ubisoft)
Google Chrome (HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet 3520 series Basic Device Software (HKLM\...\{E80963EC-EED7-411A-8AC0-149EC57FB0F9}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Help (HKLM-x32\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Product Improvement Study (HKLM\...\{177F4FEE-E119-4AB7-9B32-ECF6A1D03719}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6 (HKLM\...\{96178C0A-BAF9-4E49-A2A5-CDE76722105B}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
ICCup Launcher (HKLM-x32\...\ICCup Launcher_is1) (Version: 1.6 - ICCup)
I-Doser Premium (HKLM-x32\...\I-Doser) (Version: 5.0 - I-Doser.com)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2021 - Intel Corporation)
iTunes (HKLM\...\{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}) (Version: 10.2.1.1 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.260 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lexmark Z700-P700 Series (HKLM\...\Lexmark Z700-P700 Series) (Version: - Lexmark International, Inc.)
Lexmark Z700-P700 Series (HKLM-x32\...\Lexmark Z700-P700 Series) (Version: - Lexmark International, Inc.)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.1.4 - www.leaguereplays.com)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31010.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
P2V version 2.0.1.2 (HKLM-x32\...\{32926394-C1FC-4C7F-9B48-BA9C035701DB}_is1) (Version: 2.0.1.2 - IPEVO)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PartyPoker (HKLM-x32\...\PartyPoker) (Version: 147 - PartyGaming)
Pearson LockDown Browser (HKLM-x32\...\{1F8BAD3E-1EE5-43ED-B5DB-F6311DA7666A}) (Version: 1.04.23 - Respondus, Inc.)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net)
Python 3.4.0 (HKLM-x32\...\{a37f2d73-72d1-364d-ba5d-cea430bcc040}) (Version: 3.4.150 - Python Software Foundation)
Quake Live Mozilla Plugin (HKLM-x32\...\{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}) (Version: 1.0.520 - id Software)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
RunRev LiveCode Player Browser Plugin (HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\LiveCode Player) (Version: 9 - RunRev Ltd.)
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version: - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Silkroad (HKLM-x32\...\Silkroad) (Version: - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.2300 - SRS Labs, Inc.)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Super Socks5Cap X86/X64 2.2.1.0 (HKLM-x32\...\{10578CAB-AE86-442E-97F0-96656404CD6F}_is1) (Version: - www.networktunnel.net)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (64-bit) (HKLM\...\{15AD6738-23E8-4AE6-93E9-434E717EECB2}) (Version: 4.5.1.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Tremulous 1.1.0 (HKLM-x32\...\Tremulous) (Version: - )
Trend Micro Internet Security (HKLM\...\{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}) (Version: 17.50 - Trend Micro Inc.)
Trend Micro Internet Security (Version: 17.50 - Trend Micro Inc.) Hidden
TuneAid 3.76 (HKLM-x32\...\TuneAid_is1) (Version: 3.76 - DigiDNA)
USB 2.0 UVC 1.3M WebCam (HKLM\...\USB 2.0 UVC 1.3M WebCam) (Version: - )
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}) (Version: 15.5.9468 - WinZip Computing, S.L. )
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1451728270-2969058520-848758415-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1451728270-2969058520-848758415-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1451728270-2969058520-848758415-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1451728270-2969058520-848758415-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1451728270-2969058520-848758415-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1451728270-2969058520-848758415-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

28-12-2014 03:00:14 Windows Update
29-12-2014 03:00:14 Windows Update
31-12-2014 00:05:11 Windows Update
31-12-2014 03:00:13 Windows Update
31-12-2014 19:27:01 Windows Update
31-12-2014 19:30:37 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
01-01-2015 02:04:34 Windows Update
01-01-2015 02:09:46 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
01-01-2015 03:00:41 Windows Update
01-01-2015 03:56:39 Windows Update
01-01-2015 14:14:36 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
01-01-2015 14:42:27 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
02-01-2015 03:00:33 Windows Update
03-01-2015 03:00:17 Windows Update
04-01-2015 19:42:13 Windows Update
05-01-2015 03:00:18 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-06-14 02:08 - 2012-06-14 02:08 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00217407-F410-4FCF-A5F6-19CA22A8769D} - System32\Tasks\At18 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {02C2677A-5CB4-4448-A52F-9D813FE7D3C0} - System32\Tasks\{B8F37857-BB96-472B-AAB9-219BFA259D72} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/ ... rogressBar
Task: {030466B5-F3A2-416D-847E-0CE36AE8E17A} - System32\Tasks\{8CE7F0A4-61F1-45BB-BCD4-F3119DB28594} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {054E76ED-F598-42BF-81BA-2AF38518942C} - System32\Tasks\At22 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {0809E6E1-88F8-4D9C-ACFA-3964ACB3538C} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {0B832A70-8997-4A07-9812-41604DAF45F4} - System32\Tasks\At33 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {0F256C72-B130-4B26-BE66-12310EFFD98D} - System32\Tasks\At25 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {10B0FC57-B1E5-49B8-BB20-1615D49752AF} - System32\Tasks\At23 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {11B5D21A-E56A-4C54-A122-F442816840E9} - System32\Tasks\At36 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {25DFC395-5FEB-4ADB-8B2C-AB1BBD2ADEF5} - System32\Tasks\At21 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {2650FF7A-3CE9-47C0-A51D-A02514A6C2E0} - System32\Tasks\At27 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {29650289-3C8D-4F8B-B328-85B668E3904A} - System32\Tasks\At48 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {315FAFDE-2ECA-4BFE-AD2A-5237EB41A09A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1451728270-2969058520-848758415-1001UA => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25] (Google Inc.)
Task: {34C3BA6F-8BB5-44B7-82DA-DA3119A40AF7} - System32\Tasks\At9 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {38ED3C4B-9644-4E42-98DB-10BCFA1C48FA} - System32\Tasks\At7 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {3957E7F2-D8C2-4171-8ECC-CF4906A4D1A8} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-04] ()
Task: {39CF4D1C-20C8-46C5-AE7D-498743024604} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {3AEF73E7-63A3-40DC-8B93-BE77599C0F7B} - System32\Tasks\At19 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {4494368B-7030-4309-827D-5B0BB5D384C7} - System32\Tasks\At2 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {44982330-D4C7-4F7F-968A-ECD114AB8DD3} - System32\Tasks\At29 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {498E3DE2-EB7E-4C06-B072-E762A6439BDC} - System32\Tasks\At31 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {4B6B73AF-4476-4EDD-8008-A9BE499A5763} - System32\Tasks\At46 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {539AB19B-C222-496C-ADBE-9F0B2D8EA235} - System32\Tasks\At13 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {54D84887-9747-4056-821E-C9AFD3E3FFDB} - System32\Tasks\At3 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {55B4F62D-2005-465D-9F5A-9BCBDD92E631} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2009-11-17] (ASUSTek Computer Inc.)
Task: {58DCF5A0-E5B7-4127-927C-4931C8301403} - System32\Tasks\At34 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {5C5D2567-3A0C-4AD5-A29F-092A7B97A891} - System32\Tasks\At44 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {5DFA52A2-0B67-4525-99E0-D640DA79A4C9} - System32\Tasks\At1 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {5F524282-6D49-4E8A-8BC3-483F5D5A2459} - System32\Tasks\At28 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {5F9E08B1-43A3-4282-A17A-FA680C12A079} - System32\Tasks\At8 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {6376A557-3B8F-4EA4-96D8-3DBEE0B9A3FF} - System32\Tasks\At40 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {64E5C6BA-9355-4651-A856-40BC9BBD4416} - System32\Tasks\At35 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {6532A6B4-757D-4B40-AAB7-F8063A232C0A} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {68081B1E-3D94-4A21-BC51-566D938B811E} - System32\Tasks\At45 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {68A07868-C00B-4403-A8BC-415AD0990CBF} - System32\Tasks\At41 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {6E7442EE-0BAC-4F82-B5EA-D8EA374BD1FF} - System32\Tasks\At39 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {6EE03B75-A6CD-44DF-A030-F5CE449B0489} - System32\Tasks\At20 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {71EBAB05-36AB-46E0-A723-8A4AFE080A01} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {7EBF90D4-B334-4DB7-8B0E-42295ACF05EE} - System32\Tasks\{19FEE98D-D83C-4598-9466-600054E329A2} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/ ... rogressBar
Task: {8A42BC69-77CF-4D7D-9CEB-761F51443D02} - System32\Tasks\At4 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {98BFDE1F-8383-4E26-9BF7-52D3C5607033} - System32\Tasks\At47 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {9FCF0CF0-3A68-45F0-B8AA-0CF6A5A0E33F} - System32\Tasks\At43 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {A594F16C-8E5F-4AB3-B79B-03F38AEF85A1} - System32\Tasks\At42 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {A5C7D1BE-9D76-4C4D-9A2E-D05C74D9AD2E} - System32\Tasks\At11 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {A5D034DC-BCCA-4559-AF54-016479CE3876} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {AF1D11F7-284B-4EEF-AA53-81921779EDB5} - System32\Tasks\At17 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {B114995E-A5F5-4536-BF17-696D2912195C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {B2E66392-9BA6-49BE-A366-116589599F2D} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-01-05] (ATK)
Task: {B426ED23-991E-4114-921A-CFC099B0CE32} - System32\Tasks\At26 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {B4DB6E0C-350F-4130-A732-733F3ABD19BD} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {B6F873B1-4668-46D6-B261-3A7DFFB72BAB} - System32\Tasks\At12 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {BC27576A-F488-4853-B757-6A8E7E9123B9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C3B62085-7836-46E0-8A14-C0059EE454BD} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-01-31] (Hewlett-Packard Co.)
Task: {C41FD112-5424-4FF2-8F4B-E0B9546C094B} - System32\Tasks\At37 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {C44965DB-FB60-4AA1-A5E3-673B8550A5EF} - System32\Tasks\At32 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {C597DEAC-444E-45DE-B860-65430DF61DDC} - System32\Tasks\At5 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {CAC3A799-2951-43AD-9757-42F180D95FD7} - System32\Tasks\At38 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {CB9698B5-E5CA-49BE-93B7-F1F7AD1FEEAB} - System32\Tasks\At6 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {CDFD6661-A2DF-49DD-BF33-88214D7132AB} - System32\Tasks\At24 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {D0D65AE3-6534-42B9-AD6A-09C8535BAC96} - System32\Tasks\{4E20000B-CE8A-4509-9108-CC28812A9797} => pcalua.exe -a E:\Setup.EXE -d E:\
Task: {D689F337-1E11-4CB3-A117-B1A804C7F1FF} - System32\Tasks\At30 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {D9A39236-24CC-45FD-BFC5-C0C9BC482421} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1451728270-2969058520-848758415-1001Core => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25] (Google Inc.)
Task: {DD92A53B-00C2-45B0-9684-A719EB3EBC34} - System32\Tasks\At10 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {ED03EC02-C86B-4B57-BEB9-7D186A88E85A} - System32\Tasks\At15 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {EF67B6D0-F5CF-49B0-8D5D-653CEB248D5B} - System32\Tasks\{136DCF48-1405-40A1-9591-D379BF2CAF90} => pcalua.exe -a "C:\Program Files (x86)\SilkroadOnline_GlobalOfficial_v1_403.exe" -d "C:\Program Files (x86)"
Task: {F5149501-547D-4158-A6D2-EC4796C7AFAC} - System32\Tasks\At14 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: {F82ADA5E-9649-48EC-83C4-71CD6DD3FEEF} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {FCBC4A96-C28D-49C3-8F3C-CCE1224306D2} - System32\Tasks\At16 => C:\Windows\system32\63LUpIeG.com <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => ?
Task: C:\Windows\Tasks\At10.job => ?
Task: C:\Windows\Tasks\At11.job => ?
Task: C:\Windows\Tasks\At12.job => ?
Task: C:\Windows\Tasks\At13.job => ?
Task: C:\Windows\Tasks\At14.job => ?
Task: C:\Windows\Tasks\At15.job => ?
Task: C:\Windows\Tasks\At16.job => ?
Task: C:\Windows\Tasks\At17.job => ?
Task: C:\Windows\Tasks\At18.job => ?
Task: C:\Windows\Tasks\At19.job => ?
Task: C:\Windows\Tasks\At2.job => ?
Task: C:\Windows\Tasks\At20.job => ?
Task: C:\Windows\Tasks\At21.job => ?
Task: C:\Windows\Tasks\At22.job => ?
Task: C:\Windows\Tasks\At23.job => ?
Task: C:\Windows\Tasks\At24.job => ?
Task: C:\Windows\Tasks\At25.job => ?
Task: C:\Windows\Tasks\At26.job => ?
Task: C:\Windows\Tasks\At27.job => ?
Task: C:\Windows\Tasks\At28.job => ?
Task: C:\Windows\Tasks\At29.job => ?
Task: C:\Windows\Tasks\At3.job => ?
Task: C:\Windows\Tasks\At30.job => ?
Task: C:\Windows\Tasks\At31.job => ?
Task: C:\Windows\Tasks\At32.job => ?
Task: C:\Windows\Tasks\At33.job => ?
Task: C:\Windows\Tasks\At34.job => ?
Task: C:\Windows\Tasks\At35.job => ?
Task: C:\Windows\Tasks\At36.job => ?
Task: C:\Windows\Tasks\At37.job => ?
Task: C:\Windows\Tasks\At38.job => ?
Task: C:\Windows\Tasks\At39.job => ?
Task: C:\Windows\Tasks\At4.job => ?
Task: C:\Windows\Tasks\At40.job => ?
Task: C:\Windows\Tasks\At41.job => ?
Task: C:\Windows\Tasks\At42.job => ?
Task: C:\Windows\Tasks\At43.job => ?
Task: C:\Windows\Tasks\At44.job => ?
Task: C:\Windows\Tasks\At45.job => ?
Task: C:\Windows\Tasks\At46.job => ?
Task: C:\Windows\Tasks\At47.job => ?
Task: C:\Windows\Tasks\At48.job => ?
Task: C:\Windows\Tasks\At5.job => ?
Task: C:\Windows\Tasks\At6.job => ?
Task: C:\Windows\Tasks\At7.job => ?
Task: C:\Windows\Tasks\At8.job => ?
Task: C:\Windows\Tasks\At9.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1451728270-2969058520-848758415-1001Core.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1451728270-2969058520-848758415-1001UA.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-10 05:37 - 2013-09-07 21:27 - 00327168 _____ () C:\Windows\system32\mswsock.dll
2010-06-14 21:46 - 2007-08-08 02:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2014-11-19 10:38 - 2014-11-19 10:38 - 00186368 _____ () C:\Program Files (x86)\6315EBB8-4968-4AE5-8956-C5CABDE87E54\xtloowpkjv64.exe
2014-11-19 10:38 - 2014-11-19 10:38 - 00110080 _____ () C:\Program Files (x86)\6315EBB8-4968-4AE5-8956-C5CABDE87E54\nfapi.dll
2014-11-19 10:38 - 2014-11-19 10:38 - 00471040 _____ () C:\Program Files (x86)\6315EBB8-4968-4AE5-8956-C5CABDE87E54\ProtocolFilters.dll
2014-12-01 10:26 - 2014-12-01 10:26 - 00682992 _____ () C:\Program Files\010\duuwysugju32.exe
2010-06-14 21:53 - 2007-11-30 13:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-11-24 15:45 - 2009-11-24 15:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2010-01-04 19:43 - 2010-01-04 19:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2008-10-01 01:02 - 2008-10-01 01:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-12-23 15:12 - 2009-12-23 15:12 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-12-18 21:11 - 2009-12-18 21:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
2010-06-14 21:46 - 2007-03-09 20:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2008-08-13 22:59 - 2008-08-13 22:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
2007-06-15 12:28 - 2007-06-15 12:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-01 18:52 - 2007-06-01 18:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-08-02 14:06 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2010-02-23 14:03 - 2010-02-23 14:03 - 01106864 _____ () C:\Program Files\Trend Micro\Internet Security\sqlite3.dll
2015-01-05 20:09 - 2015-01-05 20:09 - 01178112 _____ () C:\Windows\TEMP\is-F6NCO.tmp\ss13.tmp
2010-06-14 21:44 - 2009-05-07 03:51 - 00071680 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2010-06-14 21:44 - 2009-05-07 03:53 - 00379392 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2010-06-14 21:44 - 2008-01-18 01:49 - 00098816 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2010-06-14 21:44 - 2009-09-15 22:37 - 47601664 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2015-01-05 22:01 - 2015-01-05 22:01 - 01143976 _____ () c:\windows\temp\db14.exe
2009-11-02 16:20 - 2009-11-02 16:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 16:23 - 2009-11-02 16:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2010-12-16 19:57 - 2010-12-16 19:57 - 00176128 _____ () C:\Program Files (x86)\AIM\nssckbi.dll
2009-09-23 13:07 - 2009-09-23 13:07 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
2007-06-15 12:28 - 2007-06-15 12:28 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
2007-06-01 19:08 - 2007-06-01 19:08 - 00143360 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-11 16:35 - 2014-12-05 20:50 - 01077064 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-11 16:35 - 2014-12-05 20:50 - 00211272 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-11 16:35 - 2014-12-05 20:50 - 09009480 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-11 16:35 - 2014-12-05 20:50 - 01677128 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-11 16:35 - 2014-12-05 20:50 - 14913352 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: avPYOWQgOag.exe => C:\ProgramData\avPYOWQgOag.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: F.lux => "C:\Users\Ryan\Local Settings\Apps\F.lux\flux.exe" /noshow
MSCONFIG\startupreg: forfsync => rundll32 "C:\ProgramData\odbcHost64.dll",CreateProcessNotify
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: UfSeAgnt.exe => "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1451728270-2969058520-848758415-500 - Administrator - Disabled)
Guest (S-1-5-21-1451728270-2969058520-848758415-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1451728270-2969058520-848758415-1002 - Limited - Enabled)
Ryan (S-1-5-21-1451728270-2969058520-848758415-1001 - Administrator - Enabled) => C:\Users\Ryan

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2015 09:45:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (01/05/2015 09:45:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (01/05/2015 09:45:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (01/05/2015 09:45:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (01/05/2015 09:45:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (01/05/2015 09:45:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (01/05/2015 09:45:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (01/05/2015 09:45:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (01/05/2015 09:45:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (01/05/2015 09:45:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong


System errors:
=============
Error: (01/05/2015 08:10:27 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (01/05/2015 08:08:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1053

Error: (01/05/2015 08:08:33 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (01/05/2015 08:08:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Net.Tcp Port Sharing Service service failed to start due to the following error:
%%1053

Error: (01/05/2015 08:08:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.

Error: (01/05/2015 08:08:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (01/05/2015 08:07:59 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (01/05/2015 03:06:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB3024777).

Error: (01/04/2015 07:52:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB3024777).

Error: (01/03/2015 03:04:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB3024777).


Microsoft Office Sessions:
=========================
Error: (01/05/2015 09:45:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (01/05/2015 09:45:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (01/05/2015 09:45:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (01/05/2015 09:45:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (01/05/2015 09:45:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (01/05/2015 09:45:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (01/05/2015 09:45:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (01/05/2015 09:45:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (01/05/2015 09:45:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (01/05/2015 09:45:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 51%
Total physical RAM: 4061.09 MB
Available physical RAM: 1978.39 MB
Total Pagefile: 8120.35 MB
Available Pagefile: 5775.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:446.23 GB) (Free:195.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=446.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
rrubio08
Active Member
 
Posts: 9
Joined: January 2nd, 2015, 2:06 am

Re: Can't activate firewall

Unread postby Gary R » January 6th, 2015, 2:37 am

Connected to Educational Network
I see you are posting for help for a computer connected to an "Educational" Network.

May I draw your attention to ALL USERS OF THIS FORUM MUST READ THIS FIRST topic, which you should have read before posting for help.

The section here, explains why we do not offer help for such computers.


This topic is now closed


It needs to be said however that your logs show that you have a serious Remote Access Infection on your computer ....

SubSystems: [Windows] ATTENTION! ====> ZeroAccess
NETSVC: incdfs -> C:\Windows\system32\mcvsrte.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
ZeroAccess:
C:\Windows\System32\consrv.dll
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


Please take time to carefully read all THIS topic, which will explain why your best course of action at this point is to reformat your hard drive and re-install Windows.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 133 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware