Hi, I didn't have any problems, though towards the end of the scan a pop up asking me if I wanted the program "aabbcc.exe" to make changes to the computer. I clicked the "X" in the top right and carried on. Anyway, here is the FRST file.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by Ryan (administrator) on RYAN-PC on 05-01-2015 22:11:02
Running from C:\Users\Ryan\Desktop
Loaded Profile: Ryan (Available profiles: Ryan & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\6315EBB8-4968-4AE5-8956-C5CABDE87E54\xtloowpkjv64.exe
() C:\Program Files\010\duuwysugju32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
(Computer Techtronics, LTD. ) C:\Windows\Temp\ss13.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
(ASUS) C:\Windows\AsScrPro.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
() C:\Windows\Temp\is-F6NCO.tmp\ss13.tmp
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AOL Inc.) C:\Program Files (x86)\AIM\aim.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc) C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc) C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Windows\Temp\db14.exe
() C:\Windows\Temp\db14.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [65309168 2012-10-11] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2245120 2009-09-17] (VIA)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [TaskTray] => [X]
HKLM-x32\...\Run: [NACAgentUI] => C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [610776 2012-12-03] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Ryuvkcjkhoi] => C:\Windows\system32\regsvr32.exe /s "C:\Windows\TEMP\lcclokw.dll"
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [4321112 2010-12-16] (AOL Inc.)
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Ryan\AppData\Local\Akamai\netsession_win.exe [3303000 2011-11-17] (Akamai Technologies, Inc)
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Run: [Google Update] => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-25] (Google Inc.)
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\MountPoints2: {0d0036b2-558f-11e0-83a1-485b398dea3c} - D:\setup.exe -a
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\MountPoints2: {b7da57dd-9b60-11e3-9182-485b398dea3c} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-22] (Microsoft Corporation)
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3520 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3520 series.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1451728270-2969058520-848758415-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
http://xfinity.comcast.net/?cid=insDate09072013HKU\S-1-5-21-1451728270-2969058520-848758415-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://asus.msn.comHKU\S-1-5-21-1451728270-2969058520-848758415-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
http://asus.msn.comURLSearchHook: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 - (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> DefaultScope {180780f0-b348-4b44-8210-94a8f3ee15b2} URL =
http://search.comcast.net/search/?cat=W ... toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL =
http://search.comcast.net/search/?cat=W ... toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL =
http://www.daemon-search.com/search/web?q={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1451728270-2969058520-848758415-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM {AEA3991E-3109-4C98-989E-33994FEB1A91}
http://content.systemrequirementslab.co ... .5.1.0.cabHandler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{A6775F7C-C096-4A0D-9CAF-C9A78F38C57B}: [NameServer] 4.2.2.1
FireFox:
========
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default
FF SelectedSearchEngine: uTorrentControl_v2 Customized Web Search
FF Homepage:
hxxp://search.conduit.com/?ctid=CT32204 ... CUI=SB_CUIFF Keyword.URL:
hxxp://search.conduit.com/ResultsExt.as ... M=false&q=FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31010.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @idsoftware.com/QuakeLive -> C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31010.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @millisecond.com/npInquisit,version=3.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF Plugin-x32: @millisecond.com/npInquisit,version=4.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit_4000.dll (Millisecond Software)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @livecode.runrev.com/LiveCode Player;version=1 -> C:\Users\Ryan\AppData\Local\RunRev\Components\LiveCodePlayer\9\nplcplugin.dll ()
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @millisecond.com/npInquisit,version=3.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @millisecond.com/npInquisit,version=4.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit_4000.dll (Millisecond Software)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1451728270-2969058520-848758415-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptgeqplugin.dll (Tamarack Software, Inc.)
FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\searchplugins\daemon-search.xml
FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\searchplugins\utorrentcontrolv2-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinity.xml
FF Extension: DAEMON Tools Toolbar - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\DTToolbar@toolbarnet.com [2012-06-12]
FF Extension: YOeutuubeuAdBluoocke - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\gB8A@g.edu [2014-12-27]
FF Extension: MaskMe - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\idme@abine.com [2014-11-22]
FF Extension: uTorrentControl_v2 - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [2013-09-14]
FF Extension: TopLine - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\jid0-uIWxKlEIWnV1103pH2C8N6RsUe0@jetpack.xpi [2012-07-15]
FF Extension: turkopticon - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\{68d0652a-86ef-4c6a-89f4-808652357b2c}.xpi [2012-07-04]
FF Extension: Greasemonkey - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\sohgfkaq.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-11-24]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-04]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-09]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-01-06]
FF HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Xfinity) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb [2013-07-15]
CHR Extension: (Google Wallet) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (unIISaleus) - C:\ProgramData\gefngeinjnbkghhploikfldjaekmafej\ [2013-08-23]
CHR Extension: (unisaaeles) - C:\ProgramData\ocgoekiniogeingdbieehndjkakdnljh\ [2013-08-23]
CHR HKU\S-1-5-21-1451728270-2969058520-848758415-1001\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Ryan\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 CouponarificService64; C:\Program Files (x86)\6315EBB8-4968-4AE5-8956-C5CABDE87E54\xtloowpkjv64.exe [186368 2014-11-19] () [File not signed]
R2 duuwysugju32; C:\Program Files\010\duuwysugju32.exe [682992 2014-12-01] ()
R2 incdfs; C:\Windows\system32\mcvsrte.dll [6656 2009-07-13] (Oak Technology Inc.) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NACAgent; C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [1270744 2012-12-03] (Cisco Systems, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [859640 2010-02-23] (Trend Micro Inc.)
S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2010-02-23] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2010-02-23] (Trend Micro Inc.)
S2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2014-12-31] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinHttpAutoProxySvc; winhttp.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-04-24] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [41168 2014-11-19] (NetFilterSDK.com)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-07-17] ()
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42576 2010-07-30] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2010-02-23] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [309840 2010-07-30] (Trend Micro Inc.)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1988176 2010-07-30] (Trend Micro Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 80B9412C4DE09147581FC935FB4C97AB
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\Drivers\AsDsm.sys 88FBC8BEBFD38566235EAA5E4DBC4E05
C:\Program Files\ATKGFNEX\ASMMAP64.sys 2DB34EDD17D3A8DA7105A19C95A3DD68
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 0ACC06FCF46F64ED4F11E57EE461C1F4
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys 3CA734CE373E5675FBC15CA2C45228E5
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\system32\drivers\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ETD.sys 3C38648375B7F3988691F53A7AAE10A9
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys B16B626996C74B564005BA855C5DEE90
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys BBB3B6DF1ABB0FE35802EDE85CC1C011
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 677AA5991026A65ADA128C4B59CF2BAD
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbfiltr.sys E63EF8C3271D014F14E2469CE75FECB4
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1E62x64.sys B8E670D7EF61615FA03104552854FAC9
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lullaby.sys 085435AE1A124361304044029B5CC644
C:\Windows\system32\drivers\mbam.sys CA43F8904E24BBE49982E4C0B29E6579
C:\Windows\system32\drivers\mwac.sys A646C2DDB8C46E9B20A326FAF566646C
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ATK64AMD.sys 032D35C996F21D19A205A7C8F0B76F3C
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\drivers\netfilter64.sys 92C2F52519BAB29EA135DF7ED65FFC83
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys 946010CDFA91469351B22E2620CEBCD8
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RimUsb_AMD64.sys 5790BCA445CC40DF8B38C2C48608AAC2
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SiSG664.sys 1BC348CF6BAA90EC8E533EF6E6A69933
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snp2uvc.sys A415C67B40DFB903ACCC1D40FBEE3269
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tmpreflt.sys 803EE35DF92815EA5D41CEE7410C8CC1
C:\Windows\System32\DRIVERS\tmtdi.sys 21CC12B7F8B44E91D03EAD5B17AAF0B2
C:\Windows\System32\DRIVERS\tmxpflt.sys 9BD32132A3470CEFB3CBEA5FA492BD6F
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\viahduaa.sys FE595D1A1B781190BB483444B62CC607
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vsapint.sys B01CE1F5A44126892240D179A6DBD43F
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys 52DED146E4797E6CCF94799E8E22BB2A
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
NETSVC: incdfs -> C:\Windows\system32\mcvsrte.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-05 22:11 - 2015-01-05 22:11 - 00046241 _____ () C:\Users\Ryan\Desktop\FRST.txt
2015-01-05 22:10 - 2015-01-05 22:11 - 00000000 ____D () C:\FRST
2015-01-05 22:08 - 2015-01-05 22:08 - 02123776 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2015-01-05 18:25 - 2015-01-05 18:25 - 00000000 ____D () C:\zoek_backup
2015-01-05 18:24 - 2015-01-05 18:59 - 00001773 _____ () C:\Users\Ryan\Desktop\New Text Document.txt
2015-01-05 18:23 - 2015-01-05 18:23 - 01295360 _____ () C:\Users\Ryan\Desktop\zoek.exe
2015-01-05 16:53 - 2015-01-05 16:53 - 00004857 _____ () C:\Users\Ryan\Desktop\WVCheck_1653_05-01-2015.txt
2015-01-05 16:44 - 2015-01-05 16:44 - 03514358 _____ () C:\Users\Ryan\Desktop\WVCheck.exe
2015-01-05 16:42 - 2015-01-05 16:44 - 00004903 _____ () C:\Users\Ryan\Desktop\MGA Diagnostics.txt
2015-01-05 16:42 - 2015-01-05 16:42 - 00000000 ____D () C:\MGADiagToolOutput
2015-01-05 16:40 - 2015-01-05 16:40 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2015-01-05 16:39 - 2015-01-05 16:39 - 02031992 _____ (Microsoft Corporation) C:\Users\Ryan\Desktop\MGADiag.exe
2015-01-05 16:37 - 2015-01-05 16:38 - 00000033 _____ () C:\Users\Ryan\Desktop\codecheck.txt
2015-01-05 16:37 - 2015-01-05 16:37 - 00025088 _____ () C:\Users\Ryan\Desktop\codecheck.exe
2015-01-05 16:19 - 2015-01-05 16:35 - 00000000 ____D () C:\Users\Ryan\Desktop\S
2015-01-05 15:51 - 2015-01-05 16:35 - 00001025 _____ () C:\Users\Ryan\Desktop\ckfiles.txt
2015-01-05 15:27 - 2015-01-05 15:27 - 00468480 _____ () C:\Users\Ryan\Desktop\CKScanner.exe
2015-01-02 02:27 - 2015-01-02 02:27 - 00025071 _____ () C:\Users\Ryan\Desktop\dds.txt
2015-01-02 02:27 - 2015-01-02 02:27 - 00003036 _____ () C:\Users\Ryan\Desktop\attach.txt
2015-01-02 02:17 - 2015-01-02 02:17 - 00688992 ____R (Swearware) C:\Users\Ryan\Desktop\dds.scr
2015-01-01 19:55 - 2015-01-01 19:55 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-01 19:52 - 2015-01-01 19:52 - 05006864 _____ (AVAST Software) C:\Users\Ryan\Downloads\avast_free_antivirus_setup_online.exe
2015-01-01 19:52 - 2015-01-01 19:52 - 05006864 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2015-01-01 02:52 - 2015-01-01 14:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 02:51 - 2015-01-01 02:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-01 02:51 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-01 02:51 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-01 02:14 - 2015-01-01 02:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-01 02:14 - 2015-01-01 02:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-01 02:14 - 2015-01-01 02:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-01 02:14 - 2015-01-01 02:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2014-12-31 19:29 - 2015-01-03 13:29 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2014-12-31 19:29 - 2015-01-03 13:29 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2014-12-31 19:29 - 2014-12-31 19:29 - 00000000 ____D () C:\Program Files\Couponarific
2014-12-31 02:59 - 2014-12-31 04:12 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural.S10E09.HDTV.x264-LOL[ettv]
2014-12-31 02:57 - 2014-12-31 02:57 - 00016204 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e09.hdtv.x264.lol.ettv.torrent
2014-12-31 01:21 - 2014-12-31 01:41 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural S10E08 HDTV XviD-FUM[ettv]
2014-12-31 01:21 - 2014-12-31 01:21 - 00028745 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e08.hdtv.xvid.fum.ettv.torrent
2014-12-30 00:13 - 2014-12-30 00:34 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural.S10E07.HDTV.x264-LOL[ettv]
2014-12-30 00:12 - 2014-12-30 00:12 - 00017250 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e07.hdtv.x264.lol.ettv.torrent
2014-12-29 21:37 - 2014-12-29 21:47 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural.S10E06.HDTV.x264-LOL[ettv]
2014-12-29 21:36 - 2014-12-29 21:36 - 00016954 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e06.hdtv.x264.lol.ettv.torrent
2014-12-29 15:06 - 2014-12-29 15:15 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural S10E05 HDTV x264-LOL[ettv]
2014-12-29 15:05 - 2014-12-29 15:05 - 00016204 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e05.hdtv.x264.lol.ettv.torrent
2014-12-28 01:11 - 2014-12-29 00:19 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural S10E04 HDTV x264-LOL[ettv]
2014-12-28 01:11 - 2014-12-28 01:11 - 00015498 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e04.hdtv.x264.lol.ettv.torrent
2014-12-27 23:47 - 2014-12-28 00:41 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural S10E03 HDTV x264-LOL[ettv]
2014-12-27 23:46 - 2014-12-27 23:46 - 00016615 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e03.hdtv.x264.lol.ettv.torrent
2014-12-27 01:49 - 2014-12-27 01:49 - 00000000 ____D () C:\Users\Ryan\Downloads\Supernatural S10E02 HDTV x264-LOL[ettv]
2014-12-27 01:48 - 2014-12-27 01:48 - 00018398 _____ () C:\Users\Ryan\Downloads\[kickass.so]supernatural.s10e02.hdtv.x264.lol.ettv.torrent
2014-12-27 01:48 - 2014-12-27 01:48 - 00000005 _____ () C:\end
2014-12-27 01:48 - 2014-12-27 01:48 - 00000000 ____D () C:\Program Files (x86)\6315EBB8-4968-4AE5-8956-C5CABDE87E54
2014-12-27 01:46 - 2015-01-01 03:42 - 00000000 ____D () C:\Program Files (x86)\YOeutuubeuAdBluoocke
2014-12-27 01:46 - 2014-12-27 01:46 - 00000000 ____D () C:\ProgramData\ocgoekiniogeingdbieehndjkakdnljh
2014-12-27 01:46 - 2014-12-27 01:46 - 00000000 ____D () C:\ProgramData\5558131108867548629
2014-12-27 01:46 - 2014-12-27 01:46 - 00000000 ____D () C:\Program Files\6315EBB8-4968-4AE5-8956-C5CABDE87E54
2014-12-27 01:46 - 2014-12-27 01:46 - 00000000 ____D () C:\Program Files\010
2014-12-27 01:45 - 2014-12-27 01:45 - 00000000 ____D () C:\ProgramData\gefngeinjnbkghhploikfldjaekmafej
2014-12-16 23:22 - 2014-12-17 00:34 - 00000000 ____D () C:\Users\Ryan\Downloads\The Walking Dead S5 1-8
2014-12-16 23:20 - 2014-12-16 23:20 - 00018206 _____ () C:\Users\Ryan\Downloads\[kickass.so]the.walking.dead.s5.1.8.torrent
2014-12-16 22:54 - 2014-12-16 22:55 - 00013573 _____ () C:\Users\Ryan\Downloads\[kickass.so]the.walking.dead.season.5.first.8.episodes.with.subtitles.torrent
2014-12-14 23:33 - 2014-12-14 23:33 - 00883712 _____ () C:\Users\Ryan\Downloads\Chap020.ppt
2014-12-11 11:45 - 2014-12-11 11:45 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 09:42 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 09:42 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-09 16:16 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 16:16 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 16:16 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 16:16 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 16:16 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 16:16 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 16:16 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 16:16 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 16:16 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 16:16 - 2014-11-21 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 16:16 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 16:16 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 16:16 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 16:16 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 16:16 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 16:16 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 16:16 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 16:16 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 16:16 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 16:16 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 16:16 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 16:16 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 16:16 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 16:16 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 16:16 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-09 16:16 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 16:16 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 16:16 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 16:16 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 16:16 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 16:16 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 16:16 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 16:16 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 16:16 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 16:16 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 16:16 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 16:16 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 16:16 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 16:16 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 16:16 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 16:16 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 16:16 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 16:16 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 16:16 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 16:15 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 16:15 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 16:15 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 16:15 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 16:15 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 16:15 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 16:15 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 16:15 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 16:15 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 16:15 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 16:15 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 16:15 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 16:15 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 16:15 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 16:15 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 16:15 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 16:15 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 16:15 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 16:15 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 16:15 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 16:15 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 16:15 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 16:15 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 16:15 - 2014-10-29 21:04 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-09 16:15 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 16:15 - 2014-10-29 20:46 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-09 16:15 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 16:15 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 16:15 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 16:15 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 16:15 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 16:15 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 16:15 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 16:15 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 16:15 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 16:15 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 16:15 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 16:14 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 16:14 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-05 21:33 - 2012-08-25 12:22 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1451728270-2969058520-848758415-1001UA.job
2015-01-05 21:15 - 2010-06-14 21:18 - 01337661 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 20:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At42.job
2015-01-05 20:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At41.job
2015-01-05 20:17 - 2009-07-13 23:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 20:17 - 2009-07-13 23:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 20:11 - 2011-11-15 20:59 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Akamai
2015-01-05 20:07 - 2012-12-29 14:09 - 00221504 _____ () C:\Windows\setupact.log
2015-01-05 20:07 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 19:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At40.job
2015-01-05 19:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At39.job
2015-01-05 18:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At38.job
2015-01-05 18:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At37.job
2015-01-05 17:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At36.job
2015-01-05 17:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At35.job
2015-01-05 16:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At34.job
2015-01-05 16:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At33.job
2015-01-05 15:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At32.job
2015-01-05 15:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At31.job
2015-01-05 14:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At30.job
2015-01-05 14:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At29.job
2015-01-05 13:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At28.job
2015-01-05 13:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At27.job
2015-01-05 12:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At26.job
2015-01-05 12:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At24.job
2015-01-05 12:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At25.job
2015-01-05 12:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At23.job
2015-01-05 10:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At22.job
2015-01-05 10:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At21.job
2015-01-05 10:41 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At20.job
2015-01-05 10:41 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At18.job
2015-01-05 10:41 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At16.job
2015-01-05 10:41 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At14.job
2015-01-05 10:41 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At12.job
2015-01-05 10:41 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At19.job
2015-01-05 10:41 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At17.job
2015-01-05 10:41 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At15.job
2015-01-05 10:41 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At13.job
2015-01-05 10:41 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At11.job
2015-01-05 04:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At10.job
2015-01-05 04:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At9.job
2015-01-05 03:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At8.job
2015-01-05 03:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At7.job
2015-01-05 02:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At6.job
2015-01-05 02:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At5.job
2015-01-05 01:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At4.job
2015-01-05 01:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At3.job
2015-01-05 01:33 - 2012-08-25 12:22 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1451728270-2969058520-848758415-1001Core.job
2015-01-05 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At48.job
2015-01-05 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At46.job
2015-01-05 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At44.job
2015-01-05 00:53 - 2012-02-04 10:01 - 00000352 _____ () C:\Windows\Tasks\At2.job
2015-01-05 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At47.job
2015-01-05 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At45.job
2015-01-05 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At43.job
2015-01-05 00:53 - 2012-02-04 10:01 - 00000350 _____ () C:\Windows\Tasks\At1.job
2015-01-01 14:41 - 2013-01-14 10:00 - 00277542 _____ () C:\Windows\PFRO.log
2015-01-01 14:40 - 2013-01-13 02:25 - 00000000 ____D () C:\Users\Ryan\AppData\Local\PMB Files
2015-01-01 14:19 - 2010-12-27 22:49 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype
2015-01-01 14:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-01 02:53 - 2012-09-05 20:54 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-01 02:52 - 2012-09-05 20:55 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Malwarebytes
2015-01-01 02:51 - 2012-09-05 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-01 02:10 - 2010-06-14 21:53 - 00001254 _____ () C:\Windows\system32\ServiceFilter.ini
2014-12-31 03:54 - 2012-12-03 20:49 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\uTorrent
2014-12-14 23:33 - 2012-12-19 17:56 - 00308736 ___SH () C:\Users\Ryan\Downloads\Thumbs.db
2014-12-12 01:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 16:35 - 2012-08-25 12:23 - 00002362 _____ () C:\Users\Ryan\Desktop\Google Chrome.lnk
2014-12-11 11:54 - 2009-07-14 00:13 - 00866832 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-11 11:49 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-11 11:47 - 2012-06-12 10:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 11:47 - 2012-05-24 02:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-11 11:47 - 2012-05-24 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-11 11:45 - 2014-04-30 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 11:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 09:45 - 2011-04-24 23:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 09:41 - 2012-05-24 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-09 21:14 - 2012-08-25 12:22 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1451728270-2969058520-848758415-1001UA
ZeroAccess:
C:\Windows\System32\consrv.dll
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
Files to move or delete:
====================
C:\ProgramData\O4Ol0Glu.dat
C:\ProgramData\odbcHost64.dll
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job
Some content of TEMP:
====================
C:\Users\Ryan\AppData\Local\Temp\05596eru0p11w4S1.dll
C:\Users\Ryan\AppData\Local\Temp\0AtJU3H08j7kIYj5.dll
C:\Users\Ryan\AppData\Local\Temp\0han9IqtiL4v1LGy.dll
C:\Users\Ryan\AppData\Local\Temp\0q4Efl4Xb3N460DN.dll
C:\Users\Ryan\AppData\Local\Temp\0R3Cuh2VoU82KcWR.dll
C:\Users\Ryan\AppData\Local\Temp\16RW2XHuevihdQDe.dll
C:\Users\Ryan\AppData\Local\Temp\1hB87W0z47619wcL.dll
C:\Users\Ryan\AppData\Local\Temp\1ixFGfQvu5ONuzON.dll
C:\Users\Ryan\AppData\Local\Temp\1QAKwa7TxxaN1toB.dll
C:\Users\Ryan\AppData\Local\Temp\20k8zzLeg55rp34J.dll
C:\Users\Ryan\AppData\Local\Temp\217z5p9amtwhmcF4.dll
C:\Users\Ryan\AppData\Local\Temp\2ayF2NrYv5cojV9a.dll
C:\Users\Ryan\AppData\Local\Temp\2clV425y48NanqFo.dll
C:\Users\Ryan\AppData\Local\Temp\2dY65R25gwCir6G1.dll
C:\Users\Ryan\AppData\Local\Temp\2Egsrr243md7kQJC.dll
C:\Users\Ryan\AppData\Local\Temp\2Y1c2gk03q226E9W.dll
C:\Users\Ryan\AppData\Local\Temp\388ReHQr11iSE6t9.dll
C:\Users\Ryan\AppData\Local\Temp\3A072xf3TSz85Bc6.dll
C:\Users\Ryan\AppData\Local\Temp\3i2N0vP3LRN3G61M.dll
C:\Users\Ryan\AppData\Local\Temp\3IRavuh8B62638mF.dll
C:\Users\Ryan\AppData\Local\Temp\3jhGn3p3mb4Nxr61.dll
C:\Users\Ryan\AppData\Local\Temp\3sLXLADZvUHh7D09.dll
C:\Users\Ryan\AppData\Local\Temp\3USe0qa64Szkj8wL.dll
C:\Users\Ryan\AppData\Local\Temp\40TdzDz589m7f18L.dll
C:\Users\Ryan\AppData\Local\Temp\41Y3JDxsdUS2px0Z.dll
C:\Users\Ryan\AppData\Local\Temp\430Et8462t3DTs4M.dll
C:\Users\Ryan\AppData\Local\Temp\4FA1196rUH9dEQrK.dll
C:\Users\Ryan\AppData\Local\Temp\4ZHN2b1d29QpD0Z5.dll
C:\Users\Ryan\AppData\Local\Temp\52dU8B31Vz0f041D.dll
C:\Users\Ryan\AppData\Local\Temp\58eUVcI5PBE8FRFP.dll
C:\Users\Ryan\AppData\Local\Temp\5d09IokO2ZDBr2c6.dll
C:\Users\Ryan\AppData\Local\Temp\5Jc07xDr2d6t23do.dll
C:\Users\Ryan\AppData\Local\Temp\69r4D43n5EH3Qjy6.dll
C:\Users\Ryan\AppData\Local\Temp\6l4mb003085T5R00.dll
C:\Users\Ryan\AppData\Local\Temp\6l9ewc8D92sooBI9.dll
C:\Users\Ryan\AppData\Local\Temp\6rLUGKXvk6g9518S.dll
C:\Users\Ryan\AppData\Local\Temp\748CRTfX418umi1r.dll
C:\Users\Ryan\AppData\Local\Temp\75kjrRNjO2R76nvy.dll
C:\Users\Ryan\AppData\Local\Temp\7615ZtIw5BW27Yo6.dll
C:\Users\Ryan\AppData\Local\Temp\7aLncqhS406OaP64.dll
C:\Users\Ryan\AppData\Local\Temp\7F3oIxKiBjs9ZwDG.dll
C:\Users\Ryan\AppData\Local\Temp\7qJr9QZt8E04pJ8Q.dll
C:\Users\Ryan\AppData\Local\Temp\7VDGWN832QRwh6Kv.dll
C:\Users\Ryan\AppData\Local\Temp\7vgs9ZCs6Ts4JJR4.dll
C:\Users\Ryan\AppData\Local\Temp\7ZacT7k5UTQxQp75.dll
C:\Users\Ryan\AppData\Local\Temp\815516k9Y1oihRN4.dll
C:\Users\Ryan\AppData\Local\Temp\86wazg4qxZ1u8dA8.dll
C:\Users\Ryan\AppData\Local\Temp\8CRtmlWV5yaM6mdJ.dll
C:\Users\Ryan\AppData\Local\Temp\8j4SXFQjPnafy7E3.dll
C:\Users\Ryan\AppData\Local\Temp\8K1J6DB3N26Xl6T5.dll
C:\Users\Ryan\AppData\Local\Temp\8pvmUzjrmzi169wv.dll
C:\Users\Ryan\AppData\Local\Temp\8UEVMK325g6y2121.dll
C:\Users\Ryan\AppData\Local\Temp\8VAOe2TgQ8mAKWkq.dll
C:\Users\Ryan\AppData\Local\Temp\91zd92O1mTgIALdh.dll
C:\Users\Ryan\AppData\Local\Temp\920OU0r4m5cWve83.dll
C:\Users\Ryan\AppData\Local\Temp\934E98Q8v79jGmJs.dll
C:\Users\Ryan\AppData\Local\Temp\9c81Kn80uiPsm724.dll
C:\Users\Ryan\AppData\Local\Temp\9gTQF2zl55hFKx9c.dll
C:\Users\Ryan\AppData\Local\Temp\9hA1z3d8bA7P7k0m.dll
C:\Users\Ryan\AppData\Local\Temp\9M26iZBeOLg2q874.dll
C:\Users\Ryan\AppData\Local\Temp\9P2A3r6cU3xBsuX9.dll
C:\Users\Ryan\AppData\Local\Temp\a2jEG2wk8MNgYx7v.dll
C:\Users\Ryan\AppData\Local\Temp\AmqGbLKX8jRB8Prg.dll
C:\Users\Ryan\AppData\Local\Temp\aN84P01nMY58137m.dll
C:\Users\Ryan\AppData\Local\Temp\au8NdmwAt09Bk7Yl.dll
C:\Users\Ryan\AppData\Local\Temp\Az5N80klXl52pM27.dll
C:\Users\Ryan\AppData\Local\Temp\B1uB9ojw2MZo6MBi.dll
C:\Users\Ryan\AppData\Local\Temp\b3y7iN629pE3n8Vo.dll
C:\Users\Ryan\AppData\Local\Temp\b40QKN5u86I3mh2S.dll
C:\Users\Ryan\AppData\Local\Temp\b5C99r4b0GcH8J6p.dll
C:\Users\Ryan\AppData\Local\Temp\bFfAs49A366DKVZo.dll
C:\Users\Ryan\AppData\Local\Temp\BVC7Qw7M3LzN22gu.dll
C:\Users\Ryan\AppData\Local\Temp\BxL26qf9Dl1U11r2.dll
C:\Users\Ryan\AppData\Local\Temp\By3JxmaojNUE2T1u.dll
C:\Users\Ryan\AppData\Local\Temp\C6uVAdho643h28za.dll
C:\Users\Ryan\AppData\Local\Temp\C9oWXZraSjhGOV9i.dll
C:\Users\Ryan\AppData\Local\Temp\CRs20A6uMGzmdGcv.dll
C:\Users\Ryan\AppData\Local\Temp\D9726JHh3B587ORy.dll
C:\Users\Ryan\AppData\Local\Temp\dv7NI0zdaxeI53E7.dll
C:\Users\Ryan\AppData\Local\Temp\e3G7cVuqh7w28K6k.dll
C:\Users\Ryan\AppData\Local\Temp\eesL2agMchLsDPeg.dll
C:\Users\Ryan\AppData\Local\Temp\EI1i5LquL9O8YtOZ.dll
C:\Users\Ryan\AppData\Local\Temp\El0RvWOX8D2q5sUf.dll
C:\Users\Ryan\AppData\Local\Temp\evM8HC46D5uSdw89.dll
C:\Users\Ryan\AppData\Local\Temp\F32Um5rksk3967sz.dll
C:\Users\Ryan\AppData\Local\Temp\FDQxtClPxIxc461s.dll
C:\Users\Ryan\AppData\Local\Temp\fm8O5335kwQG5aB5.dll
C:\Users\Ryan\AppData\Local\Temp\gfjUSb8lUbInQ1O7.dll
C:\Users\Ryan\AppData\Local\Temp\gMm5j6a9etfi2a9E.dll
C:\Users\Ryan\AppData\Local\Temp\gN8g86dF55OU1ctP.dll
C:\Users\Ryan\AppData\Local\Temp\GtQ77y8e3qV43n34.dll
C:\Users\Ryan\AppData\Local\Temp\H311Q6sC2UH23R06.dll
C:\Users\Ryan\AppData\Local\Temp\H9M30S6y4g2l7YoL.dll
C:\Users\Ryan\AppData\Local\Temp\hHk6U6x2cWD5b7nl.dll
C:\Users\Ryan\AppData\Local\Temp\HWIqy7644kVcIF7U.dll
C:\Users\Ryan\AppData\Local\Temp\hxkPLy6dli6wrJOC.dll
C:\Users\Ryan\AppData\Local\Temp\I11coWvf06JQt2hG.dll
C:\Users\Ryan\AppData\Local\Temp\i2Y6HRwBcZT43D8W.dll
C:\Users\Ryan\AppData\Local\Temp\i3FmRQg1KcLr63D8.dll
C:\Users\Ryan\AppData\Local\Temp\i82IUWw981xzqJ88.dll
C:\Users\Ryan\AppData\Local\Temp\iZ77KcWerqcYhH3i.dll
C:\Users\Ryan\AppData\Local\Temp\Jl8A2YsAwxSrZB1k.dll
C:\Users\Ryan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\jutoldQaY53B3t1C.dll
C:\Users\Ryan\AppData\Local\Temp\k41V48P414u90gu8.dll
C:\Users\Ryan\AppData\Local\Temp\kBR6bvY3Sh9P29fo.dll
C:\Users\Ryan\AppData\Local\Temp\Ke16ifOibDWMtFCE.dll
C:\Users\Ryan\AppData\Local\Temp\KGG01P800Jo11xOQ.dll
C:\Users\Ryan\AppData\Local\Temp\kGK3wv7vbC9i9BAc.dll
C:\Users\Ryan\AppData\Local\Temp\LJTA48X97MFMp535.dll
C:\Users\Ryan\AppData\Local\Temp\ll7Yh71MfRMr1YzC.dll
C:\Users\Ryan\AppData\Local\Temp\M2s4Ezem7iSvjwRw.dll
C:\Users\Ryan\AppData\Local\Temp\M3G0UBz44LsPn9JU.dll
C:\Users\Ryan\AppData\Local\Temp\m45s9Daa1e2RC8pr.dll
C:\Users\Ryan\AppData\Local\Temp\MA46v358zxrJs1Dd.dll
C:\Users\Ryan\AppData\Local\Temp\MLeoCmOCt9sBA5g9.dll
C:\Users\Ryan\AppData\Local\Temp\Mmk2h5IrROVkW8yY.dll
C:\Users\Ryan\AppData\Local\Temp\mv3b4NeRDWMUI361.dll
C:\Users\Ryan\AppData\Local\Temp\Mvy5As65gV23hL0q.dll
C:\Users\Ryan\AppData\Local\Temp\N6ZD9uTkiDrt168L.dll
C:\Users\Ryan\AppData\Local\Temp\nHq0Lk1cWd1dDsQX.dll
C:\Users\Ryan\AppData\Local\Temp\OEL5rdM6s8mRP3zw.dll
C:\Users\Ryan\AppData\Local\Temp\OJhPEUcXl3j50v48.dll
C:\Users\Ryan\AppData\Local\Temp\oL7jNgrgFc1LaYsV.dll
C:\Users\Ryan\AppData\Local\Temp\osSqUrbaypPsZS0y.dll
C:\Users\Ryan\AppData\Local\Temp\P04nj0BuhQXY2V43.dll
C:\Users\Ryan\AppData\Local\Temp\p0u40Fn39GiXR6Wg.dll
C:\Users\Ryan\AppData\Local\Temp\pkz6Zu6g1tOpD5Rk.dll
C:\Users\Ryan\AppData\Local\Temp\PPNPCk9L8go7UQcY.dll
C:\Users\Ryan\AppData\Local\Temp\ppU28SU6UFcruh41.dll
C:\Users\Ryan\AppData\Local\Temp\pz65cYI3z2cOsaTo.dll
C:\Users\Ryan\AppData\Local\Temp\QH19pXMT664SEYSB.dll
C:\Users\Ryan\AppData\Local\Temp\qWL81EVrYA5lD852.dll
C:\Users\Ryan\AppData\Local\Temp\R3JnVVfLO86ISHE8.dll
C:\Users\Ryan\AppData\Local\Temp\R77M8829pTx75eCP.dll
C:\Users\Ryan\AppData\Local\Temp\rBUE1Tsitj6fyyvF.dll
C:\Users\Ryan\AppData\Local\Temp\rCXod24oH7CeO7EE.dll
C:\Users\Ryan\AppData\Local\Temp\rp0rlDf619105OiO.dll
C:\Users\Ryan\AppData\Local\Temp\RSRXUPbeHWZv6eZ4.dll
C:\Users\Ryan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ryan\AppData\Local\Temp\Sn5G6cIA98QC5Jb6.dll
C:\Users\Ryan\AppData\Local\Temp\ss5xN2bU3ChjmIke.dll
C:\Users\Ryan\AppData\Local\Temp\SSOwXYg34Gu2Pa8o.dll
C:\Users\Ryan\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Ryan\AppData\Local\Temp\T6Y0aSV4xFHVhMa3.dll
C:\Users\Ryan\AppData\Local\Temp\T93rvl6g4I27oWeW.dll
C:\Users\Ryan\AppData\Local\Temp\te8Hj2PSOElMdmi2.dll
C:\Users\Ryan\AppData\Local\Temp\TEXsIaV5Irg3jOau.dll
C:\Users\Ryan\AppData\Local\Temp\Tf0OBF5u838eqe9l.dll
C:\Users\Ryan\AppData\Local\Temp\tgSbhk0upiX7UE80.dll
C:\Users\Ryan\AppData\Local\Temp\UBw9fb1Y1iZus5gL.dll
C:\Users\Ryan\AppData\Local\Temp\uF7uqBxT66QzgxNV.dll
C:\Users\Ryan\AppData\Local\Temp\uGQ8kKTF7ejb4N6R.dll
C:\Users\Ryan\AppData\Local\Temp\uLNb6Pn2xQmG1mb6.dll
C:\Users\Ryan\AppData\Local\Temp\uNhC382V8shIV665.dll
C:\Users\Ryan\AppData\Local\Temp\UQE7L51ww11fvUs0.dll
C:\Users\Ryan\AppData\Local\Temp\v0cQ2XcB0Tp5RE02.dll
C:\Users\Ryan\AppData\Local\Temp\Vh1dx0GUK2Ie8yn9.dll
C:\Users\Ryan\AppData\Local\Temp\w2Y9yEBRQnBC3K3X.dll
C:\Users\Ryan\AppData\Local\Temp\wieVi8Sg3WP3uaT9.dll
C:\Users\Ryan\AppData\Local\Temp\wPW17GMuV8SXiQ59.dll
C:\Users\Ryan\AppData\Local\Temp\X54qvSvm92pfPCuj.dll
C:\Users\Ryan\AppData\Local\Temp\xcywH68sx4EOYuGc.dll
C:\Users\Ryan\AppData\Local\Temp\xXT6PRoA2Yw7o8xB.dll
C:\Users\Ryan\AppData\Local\Temp\y1PD668d59fYVMAT.dll
C:\Users\Ryan\AppData\Local\Temp\Y924QX9mi4BOBsPw.dll
C:\Users\Ryan\AppData\Local\Temp\YD6y6lL7PmlrPp86.dll
C:\Users\Ryan\AppData\Local\Temp\Yn6091Hbp3j21fJ9.dll
C:\Users\Ryan\AppData\Local\Temp\yPjj4Qa82218U6K1.dll
C:\Users\Ryan\AppData\Local\Temp\Yrw0D543Oe7LkA1F.dll
C:\Users\Ryan\AppData\Local\Temp\YSu6zS5hb0TWjb04.dll
C:\Users\Ryan\AppData\Local\Temp\yxmj785I5Y87070x.dll
C:\Users\Ryan\AppData\Local\Temp\z6oqGz8ss0T1oP52.dll
C:\Users\Ryan\AppData\Local\Temp\z7uBNhO8bO8JLAO0.dll
C:\Users\Ryan\AppData\Local\Temp\Z8HT5iOlKA45ahK0.dll
C:\Users\Ryan\AppData\Local\Temp\Zg4RNo6H3aW30e70.dll
C:\Users\Ryan\AppData\Local\Temp\zI3vAR93SSYDpVwv.dll
C:\Users\Ryan\AppData\Local\Temp\Zm8z1QT0w5prvP01.dll
C:\Users\Ryan\AppData\Local\Temp\ZndTk2p7pdorrG2P.dll
C:\Users\Ryan\AppData\Local\Temp\Zvw19O9o114iKITp.dll
C:\Users\Ryan\AppData\Local\Temp\zZEmOwDH8E73eXp6.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64
==================== BCD ================================
'bcdedit' is not recognized as an internal or external command,
operable program or batch file.
LastRegBack: 2015-01-05 18:04
==================== End Of Log ============================