ProblemsRBad

Members
  • Content count

    846
  • Joined

  • Last visited

  • Time Online

    148d 18h 43m 54s

About ProblemsRBad

  • Rank
    Member

Profile Information

  • Gender
  • OS
    Windows 10

Profile Fields

  • Country
  1. Thanks Broni! Pc working much better now! Thanks for all your help!
  2. Sophos scanned clean so I don't have a log for that. Here is other logs: Results of screen317's Security Check version 1.014 --- 12/23/15 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! COMODO Cloud Antivirus (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.11005) Java 8 Update 101 Java version 32-bit out of Date! Adobe Reader XI Mozilla Firefox (48.0.1) Google Chrome (51.0.2704.103) Google Chrome (52.0.2743.116) Google Chrome (SetupMetrics...) ````````Process Check: objlist.exe by Laurent```````` COMODO COMODO Cloud Antivirus ccavsrv.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log`````````````````````` ------------------------------------------------------------------------------------------- Farbar Service Scanner Version: 27-01-2016 Ran by Hanna (administrator) on 27-08-2016 at 13:52:08 Running from "C:\Users\Hanna\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
  3. Ok Mcafee removed. Here is FRST fix log: Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01 Ran by Hanna (27-08-2016 12:37:58) Run:1 Running from C:\Users\Hanna\Desktop Loaded Profiles: Hanna (Available Profiles: Hanna) Boot Mode: Normal ============================================== fixlist content: ***************** HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION 2016-07-27 23:54 - 2016-07-27 23:54 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc C:\Users\Hanna\AppData\Local\Temp\dllnt_dump.dll Task: {B46291B0-9954-47A3-8AC5-C99CB6BE2AD6} - System32\Tasks\{1C35AF9C-4102-EB46-2DC1-514C7A9A651C} => C:\Users\Hanna\AppData\Roaming\PRICEF~1\PRICEF~1.EXE <==== ATTENTION C:\Users\Hanna\AppData\Roaming\PRICEF~1 ***************** "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully "HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc => moved successfully C:\Users\Hanna\AppData\Local\Temp\dllnt_dump.dll => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B46291B0-9954-47A3-8AC5-C99CB6BE2AD6}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B46291B0-9954-47A3-8AC5-C99CB6BE2AD6}" => key removed successfully C:\Windows\System32\Tasks\{1C35AF9C-4102-EB46-2DC1-514C7A9A651C} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1C35AF9C-4102-EB46-2DC1-514C7A9A651C}" => key removed successfully "C:\Users\Hanna\AppData\Roaming\PRICEF~1" => not found. ==== End of Fixlog 12:37:58 ====
  4. Ok, scan finished here is the logs: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01 Ran by Hanna (administrator) on HANNA-PC (26-08-2016 11:54:29) Running from C:\Users\Hanna\Desktop Loaded Profiles: Hanna (Available Profiles: Hanna) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Camshare Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe (COMODO) C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (COMODO) C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe (COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-15] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-15] (NVIDIA Corporation) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM-x32\...\Run: [CCAV] => C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe [5162192 2016-08-25] (COMODO) HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3170504 2016-08-17] (COMODO) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23889496 2016-08-24] (Dropbox, Inc.) HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-24] (Valve Corporation) HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\...\Policies\Explorer: [] ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-04-15] (Autodesk, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{9B600081-1220-4ADF-A474-73AD8682340D}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-31] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-31] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-31] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-31] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\ieovjxsy.default FF Homepage: hxxp://google.com FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-31] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-31] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-31] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-31] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-03] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-03] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-24] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Slaid Google) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-23] CHR Extension: (Dokumen Google) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-23] CHR Extension: (Google Drive) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-23] CHR Extension: (YouTube) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-23] CHR Extension: (Helaian Google) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-23] CHR Extension: (Dokumen Google Luar Talian) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-23] CHR Extension: (Chrome Web Store Payments) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-23] CHR Extension: (Gmail) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-23] CHR Extension: (Chrome Media Router) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-19] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.) R2 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1063968 2016-03-15] (Camshare Inc.) R2 ccavsrv; C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe [5162192 2016-08-25] (COMODO) S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-23] (Dropbox, Inc.) S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-23] (Dropbox, Inc.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-15] (NVIDIA Corporation) R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [124104 2016-08-17] (COMODO) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382488 2016-01-26] (McAfee, Inc.) S3 mfevtp; C:\Windows\system32\mfevtps.exe [279488 2016-01-26] (McAfee, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-15] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-15] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-15] (NVIDIA Corporation) S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7248144 2016-08-09] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R0 cmdccav; C:\Windows\System32\drivers\CmdCCAV.sys [150056 2016-08-25] (COMODO) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation) R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [48800 2016-08-17] (COMODO) R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-15] (Visicom Media Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-26] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-15] (Visicom Media Inc.) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [422184 2016-01-29] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2016-01-29] (McAfee, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-15] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-06-03] (NVIDIA Corporation) S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-08-25] () ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-26 11:54 - 2016-08-26 11:55 - 00017385 _____ C:\Users\Hanna\Desktop\FRST.txt 2016-08-25 22:26 - 2016-08-25 22:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO 2016-08-25 12:50 - 2016-08-25 12:50 - 00031797 _____ C:\Users\Hanna\Desktop\combo.txt 2016-08-25 12:41 - 2016-08-25 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-08-25 12:20 - 2016-08-25 12:20 - 00031797 _____ C:\ComboFix.txt 2016-08-25 12:05 - 2016-08-25 12:20 - 00000000 ____D C:\Qoobox 2016-08-25 12:05 - 2011-06-26 14:45 - 00256000 _____ C:\Windows\PEV.exe 2016-08-25 12:05 - 2010-11-08 01:20 - 00208896 _____ C:\Windows\MBR.exe 2016-08-25 12:05 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2016-08-25 12:05 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2016-08-25 12:05 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2016-08-25 12:05 - 2000-08-31 08:00 - 00098816 _____ C:\Windows\sed.exe 2016-08-25 12:05 - 2000-08-31 08:00 - 00080412 _____ C:\Windows\grep.exe 2016-08-25 12:05 - 2000-08-31 08:00 - 00068096 _____ C:\Windows\zip.exe 2016-08-25 12:04 - 2016-08-25 12:17 - 00000000 ____D C:\Windows\erdnt 2016-08-25 11:57 - 2016-08-25 11:58 - 05659484 ____R (Swearware) C:\Users\Hanna\Desktop\ComboFix.exe 2016-08-25 10:23 - 2016-08-25 10:23 - 00599208 _____ (COMODO) C:\Windows\system32\CcavGuard64.dll 2016-08-25 10:22 - 2016-08-25 10:22 - 00460456 _____ (COMODO) C:\Windows\SysWOW64\CcavGuard32.dll 2016-08-25 10:22 - 2016-08-25 10:22 - 00150056 _____ (COMODO) C:\Windows\system32\Drivers\CmdCCAV.sys 2016-08-25 07:47 - 2016-08-25 07:47 - 00000000 ____D C:\Users\Hanna\AppData\Local\CrashRpt 2016-08-25 06:06 - 2016-08-25 06:06 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2016-08-25 05:25 - 2016-08-25 05:25 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2016-08-25 05:25 - 2016-08-25 05:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2016-08-25 05:25 - 2016-08-25 05:25 - 00000000 ____D C:\Program Files\RogueKiller 2016-08-25 05:22 - 2016-08-25 05:22 - 00000000 ____D C:\ProgramData\RogueKiller 2016-08-25 05:06 - 2016-08-25 05:07 - 01610560 _____ (Malwarebytes) C:\Users\Hanna\Desktop\JRT.exe 2016-08-24 23:54 - 2016-08-25 00:01 - 31926992 _____ (Adlice Software ) C:\Users\Hanna\Downloads\setup.exe 2016-08-24 09:33 - 2016-08-24 09:33 - 525085372 _____ C:\Windows\MEMORY.DMP 2016-08-24 09:33 - 2016-08-24 09:33 - 00405744 _____ C:\Windows\Minidump\082416-16317-01.dmp 2016-08-24 09:33 - 2016-08-24 09:33 - 00000000 ____D C:\Windows\Minidump 2016-08-24 07:59 - 2016-08-24 08:01 - 03784256 _____ C:\Users\Hanna\Desktop\adwcleaner_6.000.exe 2016-08-24 06:37 - 2016-08-26 11:54 - 00000000 ____D C:\FRST 2016-08-24 06:31 - 2016-08-24 06:31 - 02396672 _____ (Farbar) C:\Users\Hanna\Desktop\FRST64.exe 2016-08-24 06:04 - 2016-08-24 06:04 - 00001374 _____ C:\Users\Hanna\Desktop\ManyCam - Shortcut.lnk 2016-08-24 06:00 - 2016-08-25 22:21 - 00000000 ____D C:\Users\Hanna\AppData\Local\ManyCam 2016-08-24 05:59 - 2016-08-24 05:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam 2016-08-24 05:58 - 2016-08-24 06:01 - 00000000 ____D C:\ProgramData\ManyCam 2016-08-24 05:58 - 2016-08-24 05:58 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\ManyCam 2016-08-24 05:18 - 2016-08-24 05:18 - 00001033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk 2016-08-24 05:18 - 2016-08-24 05:18 - 00000000 ____D C:\Program Files (x86)\Secunia 2016-08-24 05:00 - 2016-08-24 05:00 - 04002104 _____ (Secunia) C:\Users\Hanna\Downloads\PSISetup.exe 2016-08-23 23:56 - 2016-08-24 00:00 - 00448512 _____ (OldTimer Tools) C:\Users\Hanna\Desktop\TFC.exe 2016-08-23 09:01 - 2016-08-26 11:54 - 00110032 _____ C:\Windows\system32\Drivers\ccavsfi.dat 2016-08-23 07:42 - 2016-08-23 09:33 - 00000000 ____D C:\AdwCleaner 2016-08-23 06:41 - 2016-08-17 15:58 - 00300600 _____ (COMODO) C:\Windows\system32\iseguard64.dll 2016-08-23 06:41 - 2016-08-17 15:57 - 00230464 _____ (COMODO) C:\Windows\SysWOW64\iseguard32.dll 2016-08-23 06:41 - 2016-08-17 15:57 - 00048800 _____ (COMODO) C:\Windows\system32\Drivers\isedrv.sys 2016-08-23 06:40 - 2016-08-25 22:26 - 00002075 _____ C:\Users\Public\Desktop\COMODO Cloud Antivirus.lnk 2016-08-23 06:40 - 2016-08-25 22:26 - 00000000 ____D C:\Program Files (x86)\COMODO 2016-08-23 06:39 - 2016-08-23 06:50 - 00000000 ____D C:\ProgramData\COMODO 2016-08-23 06:18 - 2016-08-23 06:20 - 06251792 _____ (COMODO) C:\Users\Hanna\Downloads\ccav_installer.exe 2016-08-23 04:34 - 2016-08-26 11:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-08-23 04:34 - 2016-08-23 04:34 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-08-23 04:34 - 2016-08-23 04:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-08-23 04:34 - 2016-08-23 04:34 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-08-23 04:34 - 2016-08-23 04:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-08-23 04:34 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-08-23 04:34 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-08-23 04:34 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-08-22 21:51 - 2016-08-22 21:55 - 22851472 _____ (Malwarebytes ) C:\Users\Hanna\Downloads\mbam-setup-2.2.1.1043.exe 2016-08-22 12:07 - 2016-08-22 12:14 - 00000000 ____D C:\Users\Hanna\AppData\Local\Mozilla 2016-08-22 12:07 - 2016-08-22 12:08 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\Mozilla 2016-08-22 12:07 - 2016-08-22 12:07 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-08-22 12:07 - 2016-08-22 12:07 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-08-22 12:07 - 2016-08-22 12:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-08-22 12:07 - 2016-08-22 12:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-08-22 11:59 - 2016-08-22 11:59 - 00242160 _____ C:\Users\Hanna\Downloads\Firefox Setup Stub 48.0.1 (1).exe 2016-08-22 11:57 - 2016-08-22 11:57 - 00242160 _____ C:\Users\Hanna\Downloads\Firefox Setup Stub 48.0.1.exe 2016-08-19 10:41 - 2016-08-19 10:41 - 00603640 _____ (Visicom Media inc.) C:\Users\Hanna\Downloads\ManyCamWebInstaller (1).exe 2016-08-17 15:26 - 2016-07-08 23:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-08-17 15:26 - 2016-07-08 23:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-08-14 18:33 - 2016-08-14 18:33 - 00000000 ____D C:\ShadowPlay 2016-08-10 13:12 - 2016-08-02 22:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-08-10 13:12 - 2016-08-02 14:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-08-10 13:12 - 2016-08-02 14:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-08-10 13:12 - 2016-08-02 14:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-08-10 13:12 - 2016-08-02 14:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-08-10 13:12 - 2016-08-02 14:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-08-10 13:12 - 2016-08-02 13:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-08-10 13:12 - 2016-08-02 13:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-08-10 13:12 - 2016-08-02 13:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-08-10 13:12 - 2016-08-02 13:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-08-10 13:12 - 2016-08-02 13:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-08-10 13:12 - 2016-08-02 13:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-08-10 13:12 - 2016-08-02 13:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-08-10 13:12 - 2016-08-02 13:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-08-10 13:12 - 2016-08-02 13:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-08-10 13:12 - 2016-08-02 13:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-08-10 13:12 - 2016-08-02 13:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-08-10 13:12 - 2016-08-02 13:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-08-10 13:12 - 2016-08-02 13:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-08-10 13:12 - 2016-08-02 12:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-08-10 13:11 - 2016-08-02 22:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-08-10 13:11 - 2016-08-02 14:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-08-10 13:11 - 2016-08-02 14:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-08-10 13:11 - 2016-08-02 14:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-08-10 13:11 - 2016-08-02 14:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-08-10 13:11 - 2016-08-02 14:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-08-10 13:11 - 2016-08-02 14:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-08-10 13:11 - 2016-08-02 14:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-08-10 13:11 - 2016-08-02 14:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-08-10 13:11 - 2016-08-02 14:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-08-10 13:11 - 2016-08-02 14:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-08-10 13:11 - 2016-08-02 14:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-08-10 13:11 - 2016-08-02 14:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-08-10 13:11 - 2016-08-02 14:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-08-10 13:11 - 2016-08-02 14:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-08-10 13:11 - 2016-08-02 14:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-08-10 13:11 - 2016-08-02 14:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-08-10 13:11 - 2016-08-02 13:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-08-10 13:11 - 2016-08-02 13:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-08-10 13:11 - 2016-08-02 13:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-08-10 13:11 - 2016-08-02 13:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-08-10 13:11 - 2016-08-02 13:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-08-10 13:11 - 2016-08-02 13:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-08-10 13:11 - 2016-08-02 13:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-08-10 13:11 - 2016-08-02 13:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-08-10 13:11 - 2016-08-02 13:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-08-10 13:11 - 2016-08-02 13:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-08-10 13:11 - 2016-08-02 13:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-08-10 13:11 - 2016-08-02 13:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-08-10 13:11 - 2016-08-02 13:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-08-10 13:11 - 2016-08-02 13:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-08-10 13:11 - 2016-08-02 13:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-08-10 13:11 - 2016-08-02 13:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-08-10 13:11 - 2016-08-02 13:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-08-10 13:11 - 2016-08-02 13:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-08-10 13:11 - 2016-08-02 13:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-08-10 13:11 - 2016-08-02 13:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-08-10 13:11 - 2016-08-02 13:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-08-10 13:11 - 2016-08-02 13:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-08-10 13:11 - 2016-08-02 13:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-08-10 13:11 - 2016-08-02 13:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-08-10 13:11 - 2016-08-02 13:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-08-10 13:11 - 2016-08-02 13:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-08-10 13:11 - 2016-08-02 12:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-08-10 13:11 - 2016-08-02 12:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-08-10 13:11 - 2016-08-02 12:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-08-10 13:01 - 2016-07-08 23:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-08-10 13:01 - 2016-07-08 23:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-08-10 13:01 - 2016-07-08 23:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-08-10 13:01 - 2016-07-08 23:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-08-10 13:01 - 2016-07-08 23:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-08-10 13:01 - 2016-07-08 23:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-08-10 13:01 - 2016-07-08 22:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-08-10 13:01 - 2016-07-08 22:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-08-10 13:01 - 2016-07-08 22:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-08-10 13:01 - 2016-07-08 22:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-08-10 13:01 - 2016-07-08 22:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-08-10 13:01 - 2016-07-08 22:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-08-10 12:57 - 2016-07-08 23:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-08-09 10:19 - 2016-08-09 10:19 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\NVIDIA 2016-08-08 09:36 - 2016-08-08 09:36 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2016-08-08 09:32 - 2016-08-08 09:32 - 00000144 _____ C:\Windows\Sierra.ini 2016-08-08 09:32 - 2016-08-08 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra 2016-08-08 09:30 - 2016-08-08 09:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-08-08 09:30 - 2016-08-08 09:30 - 00000000 ____D C:\Sierra 2016-08-08 09:27 - 2016-08-08 09:28 - 00000000 ____D C:\Users\Hanna\Downloads\Emperor_Rise_of_the_Middle_Kingdom 2016-08-08 07:33 - 2016-08-08 09:25 - 661213913 _____ C:\Users\Hanna\Downloads\Emperor_Rise_of_the_Middle_Kingdom.zip 2016-07-31 21:01 - 2016-07-31 21:00 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll 2016-07-30 22:21 - 2016-07-30 22:21 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-07-29 23:30 - 2016-07-30 22:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2016-07-29 23:30 - 2016-07-29 23:30 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2016-07-29 23:30 - 2016-07-29 23:30 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-07-29 23:29 - 2016-07-30 22:20 - 00000000 ____D C:\ProgramData\Adobe 2016-07-29 23:14 - 2016-07-29 23:14 - 01202888 _____ (Adobe Systems Incorporated) C:\Users\Hanna\Downloads\reader11_en_xa_install.exe 2016-07-28 18:41 - 2016-07-28 18:41 - 00001055 _____ C:\Users\Public\Desktop\StarCraft II.lnk 2016-07-28 18:41 - 2016-07-28 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II 2016-07-28 11:49 - 2016-08-23 20:34 - 00000000 ____D C:\Program Files (x86)\StarCraft II 2016-07-28 11:49 - 2016-08-09 13:03 - 00000000 ____D C:\Users\Hanna\Documents\StarCraft II 2016-07-28 08:45 - 2016-07-28 08:45 - 00000000 ____D C:\ProgramData\FLEXnet 2016-07-28 01:03 - 2016-08-13 15:09 - 00000000 ____D C:\Users\Hanna\Documents\Autodesk Application Manager 2016-07-28 00:57 - 2016-07-28 00:57 - 00002039 _____ C:\Users\Public\Desktop\Autodesk ReCap.lnk 2016-07-28 00:49 - 2016-07-28 00:49 - 00002098 _____ C:\Users\Public\Desktop\AutoCAD 2015 - English.lnk 2016-07-28 00:49 - 2016-07-28 00:49 - 00000000 ____D C:\Users\Hanna\Documents\Inventor Server SDK ACAD 2015 2016-07-28 00:23 - 2016-08-09 09:30 - 00000000 ____D C:\Users\Hanna\AppData\Local\Autodesk 2016-07-28 00:20 - 2016-07-28 00:20 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared 2016-07-28 00:16 - 2016-07-28 01:03 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared 2016-07-28 00:16 - 2016-07-28 00:16 - 00000000 ____D C:\Users\Public\Documents\Autodesk 2016-07-27 23:54 - 2016-07-27 23:54 - 00000153 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc 2016-07-27 23:54 - 2016-07-27 23:54 - 00000000 ____D C:\Program Files (x86)\Autodesk 2016-07-27 23:51 - 2016-08-22 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk 2016-07-27 23:51 - 2016-07-28 00:57 - 00000000 ____D C:\Program Files\Autodesk 2016-07-27 23:51 - 2016-07-27 23:51 - 00001219 _____ C:\Users\Public\Desktop\LMTOOLS Utility.lnk 2016-07-27 23:43 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2016-07-27 23:43 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2016-07-27 23:43 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2016-07-27 23:43 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2016-07-27 23:43 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2016-07-27 23:43 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2016-07-27 23:43 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2016-07-27 23:43 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2016-07-27 23:43 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2016-07-27 23:43 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2016-07-27 23:42 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2016-07-27 23:42 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2016-07-27 23:42 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2016-07-27 23:42 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2016-07-27 23:42 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2016-07-27 23:42 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2016-07-27 23:42 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2016-07-27 23:42 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2016-07-27 23:38 - 2016-08-22 11:52 - 00000000 ____D C:\ProgramData\Autodesk 2016-07-27 23:38 - 2016-08-09 09:50 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\Autodesk 2016-07-27 23:38 - 2016-07-27 23:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-26 11:53 - 2009-07-14 12:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-08-26 11:53 - 2009-07-14 12:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-08-26 11:46 - 2016-06-24 10:14 - 00000000 ____D C:\Program Files (x86)\Steam 2016-08-26 11:46 - 2016-06-23 22:23 - 00000960 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-08-26 11:46 - 2016-06-23 09:56 - 00001004 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-08-26 11:45 - 2016-06-24 11:06 - 00000000 ____D C:\ProgramData\NVIDIA 2016-08-26 11:45 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-08-26 11:28 - 2016-06-23 22:23 - 00000964 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-08-26 11:12 - 2016-06-23 09:56 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-08-26 11:02 - 2016-06-25 20:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-08-25 22:43 - 2016-06-23 09:33 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\Camfrog 2016-08-25 12:41 - 2016-06-23 22:23 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-08-25 12:16 - 2009-07-14 10:34 - 00000215 _____ C:\Windows\system.ini 2016-08-25 07:41 - 2016-06-23 22:49 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-08-24 06:03 - 2016-07-14 15:14 - 00000000 ____D C:\Program Files (x86)\ManyCam 2016-08-24 05:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf 2016-08-24 04:47 - 2016-06-24 00:11 - 00000000 ___RD C:\Users\Hanna\Dropbox 2016-08-24 04:46 - 2016-06-23 22:23 - 00000000 ____D C:\Users\Hanna\AppData\Local\Dropbox 2016-08-24 03:53 - 2016-06-24 00:19 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\vlc 2016-08-23 21:36 - 2016-07-04 20:25 - 00000000 ____D C:\Users\Hanna\AppData\Local\Battle.net 2016-08-23 20:25 - 2016-07-04 19:52 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-08-23 09:32 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF 2016-08-22 13:26 - 2009-07-14 13:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI 2016-08-21 05:53 - 2016-06-25 20:37 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-08-19 03:01 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache 2016-08-15 22:54 - 2016-06-23 22:49 - 00000931 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2016-08-15 22:00 - 2016-06-24 22:13 - 00000000 ____D C:\Users\Hanna\AppData\Local\CrashDumps 2016-08-14 08:41 - 2016-07-19 09:12 - 00000000 ____D C:\Program Files (x86)\Diablo III 2016-08-11 23:10 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\LiveKernelReports 2016-08-11 03:27 - 2009-07-14 12:45 - 00341776 _____ C:\Windows\system32\FNTCACHE.DAT 2016-08-11 03:10 - 2016-06-28 19:41 - 00000000 ____D C:\Windows\system32\MRT 2016-08-11 03:01 - 2016-06-28 19:41 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-08-08 13:44 - 2016-06-23 02:35 - 00000000 ____D C:\Users\Hanna\AppData\Local\VirtualStore 2016-08-05 09:17 - 2016-06-23 10:12 - 00002145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-05 09:17 - 2016-06-23 10:12 - 00002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-08-03 06:13 - 2016-07-01 01:18 - 00000000 ____D C:\Users\Hanna\AppData\Local\ElevatedDiagnostics 2016-08-01 10:23 - 2016-07-04 20:25 - 00000000 ____D C:\Users\Hanna\AppData\Local\Blizzard Entertainment 2016-08-01 10:21 - 2016-07-04 20:25 - 00000000 ____D C:\ProgramData\Blizzard Entertainment 2016-07-31 21:26 - 2016-06-23 21:00 - 00000000 ____D C:\ProgramData\Oracle 2016-07-31 21:02 - 2016-06-24 14:52 - 00000000 ____D C:\Program Files (x86)\Java 2016-07-31 21:01 - 2016-06-23 21:00 - 00000000 ____D C:\Users\Hanna\.oracle_jre_usage 2016-07-31 21:01 - 2016-06-23 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-07-31 21:01 - 2016-06-23 21:00 - 00000000 ____D C:\Program Files\Java 2016-07-31 21:00 - 2016-06-23 21:00 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2016-07-31 20:59 - 2016-06-24 14:53 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-07-29 23:14 - 2016-06-24 22:01 - 00000000 ____D C:\Users\Hanna\AppData\Local\Adobe 2016-07-29 04:07 - 2016-06-23 09:56 - 00004004 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-07-29 04:07 - 2016-06-23 09:56 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-07-28 01:03 - 2016-06-24 18:04 - 00000000 ____D C:\ProgramData\Package Cache 2016-07-28 00:50 - 2016-06-23 09:31 - 00090032 _____ C:\Users\Hanna\AppData\Local\GDIPFONTCACHEV1.DAT 2016-07-28 00:49 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\Downloaded Program Files 2016-07-27 23:40 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared ==================== Files in the root of some directories ======= 2016-07-27 23:54 - 2016-07-27 23:54 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Some files in TEMP: ==================== C:\Users\Hanna\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-08-19 02:54 ==================== End of FRST.txt ============================ ----------------------------------------------------------------------------------------------------- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01 Ran by Hanna (26-08-2016 11:55:26) Running from C:\Users\Hanna\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2016-06-22 18:35:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2353525251-3153904798-3974892558-500 - Administrator - Disabled) Guest (S-1-5-21-2353525251-3153904798-3974892558-501 - Limited - Disabled) Hanna (S-1-5-21-2353525251-3153904798-3974892558-1000 - Administrator - Enabled) => C:\Users\Hanna HomeGroupUser$ (S-1-5-21-2353525251-3153904798-3974892558-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Cloud Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2} AS: COMODO Sandbox (Disabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated) AutoCAD 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden AutoCAD 2015 Help - English (Version: 20.0.51.0 - Autodesk) Hidden AutoCAD 2015 Language Pack - English (Version: 20.0.51.0 - Autodesk) Hidden Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk) Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.51.0 - Autodesk) Autodesk AutoCAD 2015 Help - English (HKLM\...\AutoCAD 2015 Help - English) (Version: 20.0.51.0 - Autodesk) Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk) Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk) Autodesk CAD Manager Tools (HKLM\...\{5783F2D7-0111-0409-0110-0060B0CE6BBA}) (Version: 16.0.0.65 - Autodesk) Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk) Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk) Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk) Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk) Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.12.0 - Autodesk) Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.3.1.39 - Autodesk) Autodesk ReCap (Version: 1.3.1.39 - Autodesk) Hidden CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Camfrog Video Chat 6.11 (HKLM-x32\...\Camfrog) (Version: 6.11.549 - Camshare, Inc.) COMODO Cloud Antivirus (HKLM-x32\...\COMODO Cloud Antivirus_list_uninstall) (Version: 1.5.398119.328 - COMODO) COMODO Cloud Antivirus (x32 Version: 1.5.328.0 - COMODO) Hidden Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Dota 2 (HKLM\...\Steam App 570) (Version: - Valve) Dropbox (HKLM-x32\...\Dropbox) (Version: 8.4.21 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.45.1 - Dropbox, Inc.) Hidden Emperor: Rise of the Middle Kingdom (HKLM-x32\...\{821DABD6-26F2-49E5-AE55-40A589ADBE6D}) (Version: - ) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.397428.24 - Comodo) Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) ManyCam 4.1.0 (HKLM-x32\...\ManyCam) (Version: 4.1.0 - Visicom Media Inc.) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 48.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.1 (x86 en-US)) (Version: 48.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.1 - Mozilla) NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation) NVIDIA 3D Vision Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.39 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation) NVIDIA Graphics Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.14 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software) Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.64630 - TeamViewer) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.) Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17323 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2353525251-3153904798-3974892558-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2353525251-3153904798-3974892558-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2353525251-3153904798-3974892558-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {048C540D-3ACC-47E4-9936-04C67BC299CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-23] (Google Inc.) Task: {14193DF9-29DC-45F5-8FA1-F218C8882967} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-14] (Adobe Systems Incorporated) Task: {1AFD00AE-D6E4-49B1-8A01-B082176B5860} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-23] (Dropbox, Inc.) Task: {5E2936EF-A4E6-4F5F-849C-0AFEFC83922B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated) Task: {8B75D45E-39B0-4E15-8C1C-6D27D3170285} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {A0369758-8D7C-4748-BBAD-470788E0906B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-23] (Dropbox, Inc.) Task: {B46291B0-9954-47A3-8AC5-C99CB6BE2AD6} - System32\Tasks\{1C35AF9C-4102-EB46-2DC1-514C7A9A651C} => C:\Users\Hanna\AppData\Roaming\PRICEF~1\PRICEF~1.EXE <==== ATTENTION Task: {C2C57B2F-3907-4152-8AD5-A0B9110850AD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {F2909B79-687A-4820-BCED-1A867D76102E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-23] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-06-24 18:24 - 2016-06-03 11:26 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-06-25 11:36 - 2016-08-09 07:27 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2016-06-25 11:36 - 2015-07-02 06:06 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2016-06-25 11:36 - 2015-07-02 06:06 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2016-06-25 11:36 - 2015-07-02 06:06 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2016-06-25 11:36 - 2016-08-24 03:33 - 02321184 _____ () C:\Program Files (x86)\Steam\video.dll 2016-06-25 11:36 - 2016-01-27 15:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2016-06-25 11:36 - 2016-01-27 15:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2016-06-25 11:36 - 2016-01-27 15:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2016-06-25 11:36 - 2016-01-27 15:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2016-06-25 11:36 - 2016-01-27 15:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2016-06-25 11:36 - 2016-08-24 03:33 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-06-25 11:36 - 2016-07-05 06:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2016-06-25 11:36 - 2016-08-05 04:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1" ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:34 - 2016-06-25 12:54 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: Autodesk Content Service => 2 MSCONFIG\Services: dbupdate => 2 MSCONFIG\Services: dbupdatem => 3 MSCONFIG\Services: FlexNet Licensing Service 64 => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{FF092E04-D25E-4D2F-A3F3-57B9E61228BB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{EA73D585-5CD4-4EC4-BB19-F1020647524B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{E35CC08F-7CFB-443B-BA1A-25B3A384F88C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{D8C25251-6094-4849-AC01-CB05A9166902}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{21850165-6B43-4F04-B539-4F7B3656209B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{B2824062-98AA-4A4D-9564-32C7F2F53819}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{75413E2C-8675-4163-8D8F-DF5D186A976A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{8C5439FF-FA54-4EAB-ACE3-51111D4EFB27}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{5E5A0F09-C218-4E70-A6C7-A47AF9A15966}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{FEBECEC9-C5E1-47E0-9DE3-B1668417C134}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{4809DDA0-E46C-44B8-ABDC-A5038F1D8ECD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{AFDF6392-4DC4-4474-A21B-F0E93714E130}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [UDP Query User{DFE12F7D-8301-47A6-9FA4-00302131C9E1}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [TCP Query User{C3931B49-7483-49C8-A7C6-1A36A2F7466F}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [UDP Query User{214249F7-FE5E-40A0-A7EA-F0959E9DF606}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [{4D66D214-72A0-4344-BF73-19562EB6EB9D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{279639FF-6197-4C98-B4A4-AB34E0C18725}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{94F50EF5-31A5-4D29-BEE1-90578528592F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{A19598BA-56C5-49E5-809E-DD7447060ABB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [TCP Query User{A666417D-83DE-426C-9516-FD2818B81B95}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe FirewallRules: [UDP Query User{89556781-296E-41CF-AFA4-2C9F2BD4474F}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe FirewallRules: [{0829652C-EA11-4516-BE2A-B234CDB05CF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{AE9E9DF5-3C1E-418B-8245-D006ECF79B14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{245E316A-3A9B-4BB5-A170-FA528C3028AE}] => (Allow) LPort=50248 FirewallRules: [TCP Query User{35E358A7-172F-46AE-B9E0-61ED6A7EB698}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe FirewallRules: [UDP Query User{E215D426-5D4A-4F12-9A10-D41BF98A91AE}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe FirewallRules: [{143B16E3-85D2-4FC1-8736-74392FAC08DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{B2B589A4-C909-4844-B5CB-FFFA48C6C05D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{DF3603B6-7F14-4E88-BEFC-6C0AFB9B0834}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{65D273E7-7754-4691-825D-1A96C59360A2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{0B74481A-0BE1-4C64-99C3-966A0BFBC124}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{D94D15A2-9EE2-4772-90A9-0F691FAE2872}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AAC6A394-A08D-4ED2-8917-9DB978AE911C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3CFAA92C-A506-46F8-AACC-5B93A1348731}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Restore Points ========================= 21-08-2016 19:00:14 Windows Backup 23-08-2016 06:39:56 Installed COMODO Cloud Antivirus 23-08-2016 20:09:25 Windows Update 24-08-2016 05:58:57 Device Driver Package Install: Visicom Media Inc. Imaging devices 24-08-2016 05:59:34 Device Driver Package Install: Visicom Media Inc. Sound, video and game controllers 25-08-2016 06:53:41 JRT Pre-Junkware Removal 25-08-2016 22:24:23 Installed COMODO Cloud Antivirus ==================== Faulty Device Manager Devices ============= Name: SM Bus Controller Description: SM Bus Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Ethernet Controller Description: Ethernet Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/26/2016 11:46:48 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/25/2016 11:11:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/25/2016 10:20:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/25/2016 07:41:20 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/25/2016 07:33:56 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/25/2016 07:03:33 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/24/2016 08:50:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/24/2016 11:11:31 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/24/2016 09:35:36 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/24/2016 01:50:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (08/25/2016 11:09:45 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 23:07:33 on ‎25/‎08/‎2016 was unexpected. Error: (08/25/2016 10:25:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ccavsrv service. Error: (08/25/2016 10:18:40 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 12:54:13 on ‎25/‎08/‎2016 was unexpected. Error: (08/25/2016 12:16:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/25/2016 12:12:43 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/25/2016 07:38:13 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (08/25/2016 07:33:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Steam Client Service service failed to start due to the following error: %%1053 = The service did not respond to the start or control request in a timely fashion. Error: (08/25/2016 07:33:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (08/25/2016 06:54:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ccavsrv service terminated unexpectedly. It has done this 1 time(s). Error: (08/24/2016 08:48:39 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 20:45:23 on ‎24/‎08/‎2016 was unexpected. CodeIntegrity: =================================== Date: 2016-08-26 11:45:20.746 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-26 11:45:20.746 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 23:09:59.667 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 23:09:59.667 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 22:18:57.778 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 22:18:57.778 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 12:18:24.557 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 12:18:24.542 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 07:39:48.488 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 07:39:48.488 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD A6-3500 APU with Radeon(tm) HD Graphics Percentage of memory in use: 45% Total physical RAM: 4093.43 MB Available physical RAM: 2215.32 MB Total Virtual: 8185.04 MB Available Virtual: 6057.47 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.83 GB) (Free:137.49 GB) NTFS Drive d: () (Fixed) (Total:232.83 GB) (Free:24.42 GB) NTFS Drive e: (Feb 12 2014) (CDROM) (Total:3.73 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E3BD4EDE) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  5. I did not need RKill. Here is Combofix log: ComboFix 16-08-21.02 - Hanna 25/08/2016 12:08:20.1.3 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.60.1033.18.4093.2592 [GMT 8:00] Running from: c:\users\Hanna\Desktop\ComboFix.exe AV: COMODO Cloud Antivirus *Enabled/Updated* {D0CC7563-ABD2-DEBE-138E-FDD553335AF2} SP: COMODO Sandbox *Disabled/Updated* {6BAD9487-8DE8-D130-293E-C6A728B4104F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2016-07-25 to 2016-08-25 ))))))))))))))))))))))))))))))) . . 2016-08-25 04:16 . 2016-08-25 04:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2016-08-25 04:14 . 2016-08-25 04:14 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98554866-F625-4059-9914-EF205A46F531}\offreg.4316.dll 2016-08-24 23:47 . 2016-08-24 23:47 -------- d-----w- c:\users\Hanna\AppData\Local\CrashRpt 2016-08-24 22:06 . 2016-08-24 22:06 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2016-08-24 21:25 . 2016-08-24 21:25 -------- d-----w- c:\program files\RogueKiller 2016-08-24 21:22 . 2016-08-24 21:22 -------- d-----w- c:\programdata\RogueKiller 2016-08-23 22:37 . 2016-08-23 22:40 -------- d-----w- C:\FRST 2016-08-23 22:00 . 2016-08-24 23:42 -------- d-----w- c:\users\Hanna\AppData\Local\ManyCam 2016-08-23 21:58 . 2016-08-23 21:58 -------- d-----w- c:\users\Hanna\AppData\Roaming\ManyCam 2016-08-23 21:58 . 2016-08-23 22:01 -------- d-----w- c:\programdata\ManyCam 2016-08-23 21:26 . 2016-08-23 21:26 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98554866-F625-4059-9914-EF205A46F531}\offreg.3516.dll 2016-08-23 21:18 . 2016-08-23 21:18 -------- d-----w- c:\program files (x86)\Secunia 2016-08-23 12:09 . 2016-08-02 22:36 11847048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98554866-F625-4059-9914-EF205A46F531}\mpengine.dll 2016-08-22 23:42 . 2016-08-23 01:33 -------- d-----w- C:\AdwCleaner 2016-08-22 22:41 . 2016-08-17 07:58 300600 ----a-w- c:\windows\system32\iseguard64.dll 2016-08-22 22:41 . 2016-08-17 07:57 230464 ----a-w- c:\windows\SysWow64\iseguard32.dll 2016-08-22 22:41 . 2016-08-17 07:57 48800 ----a-w- c:\windows\system32\drivers\isedrv.sys 2016-08-22 22:40 . 2016-08-22 22:41 -------- d-----w- c:\program files (x86)\COMODO 2016-08-22 22:39 . 2016-08-22 22:50 -------- d-----w- c:\programdata\COMODO 2016-08-22 20:34 . 2016-08-25 03:35 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2016-08-22 20:34 . 2016-08-22 20:34 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2016-08-22 20:34 . 2016-08-22 20:34 -------- d-----w- c:\programdata\Malwarebytes 2016-08-22 20:34 . 2016-03-10 06:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys 2016-08-22 20:34 . 2016-03-10 06:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2016-08-22 20:34 . 2016-03-10 06:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys 2016-08-22 04:07 . 2016-08-22 04:14 -------- d-----w- c:\users\Hanna\AppData\Local\Mozilla 2016-08-22 04:07 . 2016-08-22 04:07 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2016-08-17 07:26 . 2016-07-08 15:32 2048 ----a-w- c:\windows\system32\tzres.dll 2016-08-17 07:26 . 2016-07-08 15:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2016-08-17 01:30 . 2016-08-17 01:30 569520 ----a-w- c:\windows\system32\CcavGuard64.dll 2016-08-17 01:30 . 2016-08-17 01:30 441000 ----a-w- c:\windows\SysWow64\CcavGuard32.dll 2016-08-17 01:29 . 2016-08-17 01:29 140152 ----a-w- c:\windows\system32\drivers\CmdCCAV.sys 2016-08-14 10:33 . 2016-08-14 10:33 -------- d-----w- C:\ShadowPlay 2016-08-10 05:11 . 2016-08-02 06:03 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2016-08-10 05:01 . 2016-07-08 15:32 343552 ----a-w- c:\windows\system32\schannel.dll 2016-08-10 04:57 . 2016-07-08 15:01 3218944 ----a-w- c:\windows\system32\win32k.sys 2016-08-09 02:19 . 2016-08-09 02:19 -------- d-----w- c:\users\Hanna\AppData\Roaming\NVIDIA 2016-08-08 01:30 . 2016-08-08 01:30 -------- d-----w- C:\Sierra 2016-08-08 01:30 . 2016-08-08 01:30 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information 2016-08-08 01:29 . 2016-08-08 01:29 -------- d-----w- c:\program files (x86)\Common Files\InstallShield 2016-07-31 13:01 . 2016-07-31 13:00 110144 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-64.dll 2016-07-31 13:01 . 2016-07-31 13:01 -------- d-----w- c:\program files (x86)\Common Files\Java 2016-07-29 15:30 . 2016-07-30 14:46 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2016-07-28 03:49 . 2016-08-23 12:34 -------- d-----w- c:\program files (x86)\StarCraft II 2016-07-28 00:45 . 2016-07-28 00:45 -------- d-----w- c:\programdata\FLEXnet 2016-07-27 16:57 . 2016-07-27 16:57 520584 ----a-r- c:\users\Hanna\AppData\Roaming\Microsoft\Installer\{9D589081-AFC2-4932-9071-AC585AC1EA83}\UninstallTool.D01EB5D5_0EC4_4BDF_A131_1989F9F14A91.exe 2016-07-27 16:23 . 2016-08-09 01:30 -------- d-----w- c:\users\Hanna\AppData\Local\Autodesk 2016-07-27 16:20 . 2016-07-27 16:20 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2016-07-27 16:16 . 2016-07-27 17:03 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2016-07-27 15:54 . 2016-08-22 03:52 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared 2016-07-27 15:54 . 2016-07-27 15:54 -------- d-----w- c:\program files (x86)\Autodesk 2016-07-27 15:51 . 2016-07-27 16:57 -------- d-----w- c:\program files\Autodesk 2016-07-27 15:43 . 2010-06-01 20:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2016-07-27 15:43 . 2010-06-01 20:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll 2016-07-27 15:43 . 2010-06-01 20:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll 2016-07-27 15:43 . 2010-06-01 20:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll 2016-07-27 15:43 . 2010-06-01 20:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll 2016-07-27 15:43 . 2010-06-01 20:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll 2016-07-27 15:43 . 2010-05-26 03:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2016-07-27 15:43 . 2010-05-26 03:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll 2016-07-27 15:43 . 2010-05-26 03:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll 2016-07-27 15:43 . 2010-05-26 03:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll 2016-07-27 15:42 . 2006-03-31 04:40 352464 ----a-w- c:\windows\system32\xactengine2_1.dll 2016-07-27 15:42 . 2006-03-31 04:39 83664 ----a-w- c:\windows\system32\xinput1_1.dll 2016-07-27 15:42 . 2006-02-03 00:41 16592 ----a-w- c:\windows\system32\x3daudio1_0.dll 2016-07-27 15:42 . 2006-03-31 04:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll 2016-07-27 15:38 . 2016-08-22 03:52 -------- d-----w- c:\programdata\Autodesk 2016-07-27 15:38 . 2016-08-09 01:50 -------- d-----w- c:\users\Hanna\AppData\Roaming\Autodesk . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2016-08-10 19:01 . 2016-06-28 11:41 147640136 -c--a-w- c:\windows\system32\MRT.exe 2016-07-31 13:00 . 2016-06-23 13:00 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2016-07-31 12:59 . 2016-06-24 06:53 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2016-07-26 06:24 . 2010-11-21 03:27 504488 ------w- c:\windows\system32\MpSigStub.exe 2016-07-14 10:07 . 2016-06-25 12:37 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2016-07-14 10:07 . 2016-06-25 12:37 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2016-07-12 14:31 . 2016-07-12 14:31 1598 ----a-w- c:\windows\system32\cc_20160712_223133.reg 2016-06-26 00:35 . 2016-07-13 10:01 41704 ----a-w- c:\windows\system32\CompatTelRunner.exe 2016-06-26 00:27 . 2016-07-13 10:01 756736 ----a-w- c:\windows\system32\win32spl.dll 2016-06-26 00:27 . 2016-07-13 10:01 344576 ----a-w- c:\windows\system32\ntprint.dll 2016-06-26 00:27 . 2016-07-13 10:01 970240 ----a-w- c:\windows\system32\localspl.dll 2016-06-26 00:27 . 2016-07-13 10:01 22528 ----a-w- c:\windows\system32\inetppui.dll 2016-06-26 00:27 . 2016-07-13 10:01 166400 ----a-w- c:\windows\system32\inetpp.dll 2016-06-26 00:27 . 2016-07-13 10:01 1208320 ----a-w- c:\windows\system32\aeinv.dll 2016-06-25 19:54 . 2016-07-13 10:01 497152 ----a-w- c:\windows\SysWow64\win32spl.dll 2016-06-25 19:53 . 2016-07-13 10:01 297472 ----a-w- c:\windows\SysWow64\ntprint.dll 2016-06-25 19:53 . 2016-07-13 10:01 48640 ----a-w- c:\windows\system32\wpnpinst.exe 2016-06-25 19:53 . 2016-07-13 10:01 61952 ----a-w- c:\windows\system32\ntprint.exe 2016-06-25 19:41 . 2016-07-13 10:01 61952 ----a-w- c:\windows\SysWow64\ntprint.exe 2016-06-24 06:22 . 2016-06-24 06:22 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2016-06-24 06:22 . 2016-06-24 06:22 942592 ----a-w- c:\windows\system32\jsIntl.dll 2016-06-24 06:22 . 2016-06-24 06:22 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2016-06-24 06:22 . 2016-06-24 06:22 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2016-06-24 06:22 . 2016-06-24 06:22 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2016-06-24 06:22 . 2016-06-24 06:22 81408 ----a-w- c:\windows\system32\icardie.dll 2016-06-24 06:22 . 2016-06-24 06:22 77312 ----a-w- c:\windows\system32\tdc.ocx 2016-06-24 06:22 . 2016-06-24 06:22 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2016-06-24 06:22 . 2016-06-24 06:22 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2016-06-24 06:22 . 2016-06-24 06:22 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2016-06-24 06:22 . 2016-06-24 06:22 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2016-06-24 06:22 . 2016-06-24 06:22 62464 ----a-w- c:\windows\system32\pngfilt.dll 2016-06-24 06:22 . 2016-06-24 06:22 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2016-06-24 06:22 . 2016-06-24 06:22 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2016-06-24 06:22 . 2016-06-24 06:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2016-06-24 06:22 . 2016-06-24 06:22 48640 ----a-w- c:\windows\system32\mshtmler.dll 2016-06-24 06:22 . 2016-06-24 06:22 48128 ----a-w- c:\windows\system32\imgutil.dll 2016-06-24 06:22 . 2016-06-24 06:22 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2016-06-24 06:22 . 2016-06-24 06:22 30208 ----a-w- c:\windows\system32\licmgr10.dll 2016-06-24 06:22 . 2016-06-24 06:22 247808 ----a-w- c:\windows\system32\msls31.dll 2016-06-24 06:22 . 2016-06-24 06:22 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2016-06-24 06:22 . 2016-06-24 06:22 235520 ----a-w- c:\windows\system32\url.dll 2016-06-24 06:22 . 2016-06-24 06:22 235008 ----a-w- c:\windows\system32\elshyph.dll 2016-06-24 06:22 . 2016-06-24 06:22 182272 ----a-w- c:\windows\SysWow64\msls31.dll 2016-06-24 06:22 . 2016-06-24 06:22 167424 ----a-w- c:\windows\system32\iexpress.exe 2016-06-24 06:22 . 2016-06-24 06:22 151552 ----a-w- c:\windows\SysWow64\iexpress.exe 2016-06-24 06:22 . 2016-06-24 06:22 143872 ----a-w- c:\windows\system32\wextract.exe 2016-06-24 06:22 . 2016-06-24 06:22 139264 ----a-w- c:\windows\SysWow64\wextract.exe 2016-06-24 06:22 . 2016-06-24 06:22 13824 ----a-w- c:\windows\system32\mshta.exe 2016-06-24 06:22 . 2016-06-24 06:22 135680 ----a-w- c:\windows\system32\iepeers.dll 2016-06-24 06:22 . 2016-06-24 06:22 13312 ----a-w- c:\windows\SysWow64\mshta.exe 2016-06-24 06:22 . 2016-06-24 06:22 13312 ----a-w- c:\windows\system32\msfeedssync.exe 2016-06-24 06:22 . 2016-06-24 06:22 131072 ----a-w- c:\windows\system32\IEAdvpack.dll 2016-06-24 06:22 . 2016-06-24 06:22 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2016-06-24 06:22 . 2016-06-24 06:22 105984 ----a-w- c:\windows\system32\iesysprep.dll 2016-06-23 12:27 . 2016-06-23 12:27 53248 ----a-r- c:\users\Hanna\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2016-06-23 02:22 . 2016-06-23 02:22 68608 ----a-w- c:\windows\system32\taskhost.exe 2016-06-23 02:21 . 2016-06-23 02:21 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2016-06-23 02:21 . 2016-06-23 02:21 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2016-06-23 02:21 . 2016-06-23 02:21 363008 ----a-w- c:\windows\system32\dxgi.dll 2016-06-23 02:21 . 2016-06-23 02:21 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2016-06-23 02:21 . 2016-06-23 02:21 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 296960 ----a-w- c:\windows\system32\d3d10core.dll 2016-06-23 02:21 . 2016-06-23 02:21 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2016-06-23 02:21 . 2016-06-23 02:21 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2016-06-23 02:21 . 2016-06-23 02:21 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2016-06-23 02:21 . 2016-06-23 02:21 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2016-06-23 02:21 . 2016-06-23 02:21 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2016-06-23 02:21 . 2016-06-23 02:21 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2016-06-23 02:21 . 2016-06-23 02:21 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2016-06-23 02:21 . 2016-06-23 02:21 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2016-06-23 02:21 . 2016-06-23 02:21 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2016-06-23 02:21 . 2016-06-23 02:21 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2016-06-23 02:21 . 2016-06-23 02:21 1238528 ----a-w- c:\windows\system32\d3d10.dll 2016-06-23 02:21 . 2016-06-23 02:21 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2016-06-23 02:21 . 2016-06-23 02:21 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll 2016-06-23 02:21 . 2016-06-23 02:21 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2016-06-23 02:19 . 2016-06-23 02:19 1887232 ----a-w- c:\windows\system32\d3d11.dll 2016-06-23 02:19 . 2016-06-23 02:19 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll 2016-06-22 13:06 . 2016-07-13 10:01 268800 ----a-w- c:\windows\system32\centel.dll 2016-06-17 18:24 . 2016-07-13 10:01 571904 ----a-w- c:\windows\system32\generaltel.dll 2016-06-17 18:24 . 2016-07-13 10:01 544256 ----a-w- c:\windows\system32\devinv.dll 2016-06-17 18:24 . 2016-07-13 10:01 294912 ----a-w- c:\windows\system32\invagent.dll 2016-06-17 18:24 . 2016-07-13 10:01 76800 ----a-w- c:\windows\system32\acmigration.dll 2016-06-17 18:24 . 2016-07-13 10:01 219136 ----a-w- c:\windows\system32\aepic.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 216896 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.40.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10] @="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 216896 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.40.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 216896 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.40.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3] @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 216896 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.40.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4] @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 216896 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.40.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 216896 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.40.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6] @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 216896 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.40.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 216896 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.40.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8] @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 216896 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.40.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt9] @="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 216896 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.40.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2016-08-23 2857248] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-06-21 598552] "CCAV"="c:\program files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe" [2016-08-17 5335664] "IseUI"="c:\program files (x86)\COMODO\Internet Security Essentials\vkise.exe" [2016-08-17 3170504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x] R4 dbupdate;Perkhidmatan Kemas Kini Dropbox (dbupdate);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x] R4 dbupdatem;Perkhidmatan Kemas Kini Dropbox (dbupdatem);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x] R4 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x] S0 cmdccav;cmdccav;c:\windows\system32\drivers\CmdCCAV.sys;c:\windows\SYSNATIVE\drivers\CmdCCAV.sys [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x] S1 isedrv;Internet Security Essentials;c:\windows\system32\drivers\isedrv.sys;c:\windows\SYSNATIVE\drivers\isedrv.sys [x] S2 camfrog_update_service;Camfrog Update Service;c:\program files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe;c:\program files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [x] S2 ccavsrv;ccavsrv;c:\program files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe;c:\program files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x] S2 isesrv;isesrv;c:\program files (x86)\COMODO\Internet Security Essentials\isesrv.exe;c:\program files (x86)\COMODO\Internet Security Essentials\isesrv.exe [x] S2 mfemms;McAfee Service Controller;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [x] S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech HD Webcam C525(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv.sys [x] S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x] S3 mfeaack;McAfee Inc. mfeaack;c:\windows\system32\drivers\mfeaack.sys;c:\windows\SYSNATIVE\drivers\mfeaack.sys [x] S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc . Contents of the 'Scheduled Tasks' folder . 2016-08-20 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-14 10:07] . 2016-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-25 10:07] . 2016-08-24 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job - c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-23 14:23] . 2016-08-25 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job - c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-23 14:23] . 2016-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-06-23 01:56] . 2016-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-06-23 01:56] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 260928 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.40.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10] @="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 260928 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.40.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 260928 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.40.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3] @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 260928 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.40.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4] @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 260928 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.40.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 260928 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.40.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6] @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 260928 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.40.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 260928 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.40.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8] @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 260928 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.40.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt9] @="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 260928 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.40.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-06-14 2397120] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-06-14 1767944] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\ieovjxsy.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.com . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2016-08-25 12:20:33 ComboFix-quarantined-files.txt 2016-08-25 04:20 . Pre-Run: 142,908,207,104 bytes free Post-Run: 142,579,150,848 bytes free . - - End Of File - - B2732CBF57F4A5148A0461DC5846AF18 A36C5E4F47E84449FF07ED3517B43A31
  6. Ok thanks! Scans finished, here is the log files: RogueKiller V12.5.1.0 (x64) [Aug 22 2016] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Hanna [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Delete -- Date : 08/25/2016 06:06:32 (Duration : 00:40:34) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 0 ¤¤¤ ¤¤¤ Tasks : 2 ¤¤¤ [Suspicious.Path] %WINDIR%\Tasks\{1C35AF9C-4102-EB46-2DC1-514C7A9A651C}.job -- C:\Users\Hanna\AppData\Roaming\PRICEF~1\PRICEF~1.EXE (/Check) -> Not selected [Suspicious.Path] \{1C35AF9C-4102-EB46-2DC1-514C7A9A651C} -- C:\Users\Hanna\AppData\Roaming\PRICEF~1\PRICEF~1.EXE (/Check) -> Not selected ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++ --- User --- [MBR] 9e16ea85824da21bad5fb35bec49e26a [BSP] bb583f63d1ba254b791e2520857e91df : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238419 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 488488960 | Size: 238419 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK ----------------------------------------------------------------------------------------- Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 25/8/2016 Scan Time: 2:20 AM Logfile: mbamlog.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.08.24.10 Rootkit Database: v2016.08.15.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Hanna Scan Type: Threat Scan Result: Completed Objects Scanned: 305282 Time Elapsed: 10 min, 38 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) --------------------------------------------------------------------------------- # AdwCleaner v6.000 - Logfile created 23/08/2016 at 09:33:17 # Updated on 12/08/2016 by ToolsLib # Database : 2016-08-12.4 [Local] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : Hanna - HANNA-PC # Running from : C:\Users\Hanna\Desktop\AdwCleaner.exe # Mode: Scan # Support : https://toolslib.net/forum ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** No malicious registry element found. ***** [ Web browsers ] ***** No malicious Firefox based browser items found. No malicious Chromium based browser items found. ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [974 Bytes] - [23/08/2016 08:20:43] C:\AdwCleaner\AdwCleaner[S0].txt - [1142 Bytes] - [23/08/2016 07:57:34] C:\AdwCleaner\AdwCleaner[S1].txt - [1135 Bytes] - [23/08/2016 09:33:17] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1208 Bytes] ########## ------------------------------------------------------------------------------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.7 (07.03.2016) Operating System: Windows 7 Home Premium x64 Ran by Hanna (Administrator) on Thu 25/08/2016 at 6:53:35.40 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 11 Successfully deleted: C:\Users\Hanna\AppData\Local\{DDCAEB96-F962-872E-94FA-A2C6B0925E5E} (Empty Folder) Successfully deleted: C:\Users\Hanna\AppData\Local\crashrpt (Folder) Successfully deleted: C:\Windows\system32\Tasks\HannaSpeciosityStitchersV2 (Task) Successfully deleted: C:\Users\Hanna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHOOIZ0Y (Temporary Internet Files Folder) Successfully deleted: C:\Users\Hanna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O0ITGB44 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Hanna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQJDN7YL (Temporary Internet Files Folder) Successfully deleted: C:\Users\Hanna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZVOE101H (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHOOIZ0Y (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O0ITGB44 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQJDN7YL (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZVOE101H (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 25/08/2016 at 6:59:07.17 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  7. I'm logged in her machine thru Teamviewer. There was no anti-virus. I installed Comodo and Malwarebytes. I'm not sure if its clean or not please have a look. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01 Ran by Hanna (administrator) on HANNA-PC (24-08-2016 06:37:59) Running from C:\Users\Hanna\Desktop Loaded Profiles: Hanna (Available Profiles: Hanna) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Camshare Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe (COMODO) C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (COMODO) C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe (COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Camshare, Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Visicom Media Inc.) C:\Program Files (x86)\ManyCam\ManyCam.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-15] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-15] (NVIDIA Corporation) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23892200 2016-08-17] (Dropbox, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM-x32\...\Run: [CCAV] => C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe [5335664 2016-08-17] (COMODO) HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3170504 2016-08-17] (COMODO) HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-17] (Valve Corporation) HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\...\Policies\Explorer: [] ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-04-15] (Autodesk, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-17] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{9B600081-1220-4ADF-A474-73AD8682340D}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-31] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-31] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-31] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-31] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\ieovjxsy.default FF Homepage: hxxp://google.com FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-31] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-31] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-31] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-31] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-03] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-03] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-24] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Slaid Google) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-23] CHR Extension: (Dokumen Google) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-23] CHR Extension: (Google Drive) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-23] CHR Extension: (YouTube) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-23] CHR Extension: (Helaian Google) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-23] CHR Extension: (Dokumen Google Luar Talian) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-23] CHR Extension: (Chrome Web Store Payments) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-23] CHR Extension: (Gmail) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-23] CHR Extension: (Chrome Media Router) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-19] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.) R2 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1063968 2016-03-15] (Camshare Inc.) R2 ccavsrv; C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe [5335664 2016-08-17] (COMODO) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-23] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-23] (Dropbox, Inc.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-15] (NVIDIA Corporation) R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [124104 2016-08-17] (COMODO) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382488 2016-01-26] (McAfee, Inc.) S3 mfevtp; C:\Windows\system32\mfevtps.exe [279488 2016-01-26] (McAfee, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-15] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-15] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-15] (NVIDIA Corporation) S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7248144 2016-08-09] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 cmdccav; C:\Windows\System32\drivers\CmdCCAV.sys [140152 2016-08-17] (COMODO) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation) R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [48800 2016-08-17] (COMODO) R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-15] (Visicom Media Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-24] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-15] (Visicom Media Inc.) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [422184 2016-01-29] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2016-01-29] (McAfee, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-15] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-06-03] (NVIDIA Corporation) S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-24 06:37 - 2016-08-24 06:38 - 00016679 _____ C:\Users\Hanna\Desktop\FRST.txt 2016-08-24 06:37 - 2016-08-24 06:37 - 00000000 ____D C:\FRST 2016-08-24 06:31 - 2016-08-24 06:31 - 02396672 _____ (Farbar) C:\Users\Hanna\Desktop\FRST64.exe 2016-08-24 06:04 - 2016-08-24 06:04 - 00001374 _____ C:\Users\Hanna\Desktop\ManyCam - Shortcut.lnk 2016-08-24 06:00 - 2016-08-24 06:11 - 00000000 ____D C:\Users\Hanna\AppData\Local\ManyCam 2016-08-24 05:59 - 2016-08-24 05:59 - 00000000 ____D C:\Windows\LastGood 2016-08-24 05:59 - 2016-08-24 05:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam 2016-08-24 05:58 - 2016-08-24 06:01 - 00000000 ____D C:\ProgramData\ManyCam 2016-08-24 05:58 - 2016-08-24 05:58 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\ManyCam 2016-08-24 05:18 - 2016-08-24 05:18 - 00001033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk 2016-08-24 05:18 - 2016-08-24 05:18 - 00000000 ____D C:\Program Files (x86)\Secunia 2016-08-24 05:00 - 2016-08-24 05:00 - 04002104 _____ (Secunia) C:\Users\Hanna\Downloads\PSISetup.exe 2016-08-23 23:56 - 2016-08-24 00:00 - 00448512 _____ (OldTimer Tools) C:\Users\Hanna\Desktop\TFC.exe 2016-08-23 09:01 - 2016-08-24 06:38 - 00097040 _____ C:\Windows\system32\Drivers\ccavsfi.dat 2016-08-23 07:42 - 2016-08-23 09:33 - 00000000 ____D C:\AdwCleaner 2016-08-23 06:41 - 2016-08-17 15:58 - 00300600 _____ (COMODO) C:\Windows\system32\iseguard64.dll 2016-08-23 06:41 - 2016-08-17 15:57 - 00230464 _____ (COMODO) C:\Windows\SysWOW64\iseguard32.dll 2016-08-23 06:41 - 2016-08-17 15:57 - 00048800 _____ (COMODO) C:\Windows\system32\Drivers\isedrv.sys 2016-08-23 06:40 - 2016-08-23 06:41 - 00000000 ____D C:\Program Files (x86)\COMODO 2016-08-23 06:40 - 2016-08-23 06:40 - 00002075 _____ C:\Users\Public\Desktop\COMODO Cloud Antivirus.lnk 2016-08-23 06:40 - 2016-08-23 06:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO 2016-08-23 06:39 - 2016-08-23 06:50 - 00000000 ____D C:\ProgramData\COMODO 2016-08-23 06:18 - 2016-08-23 06:20 - 06251792 _____ (COMODO) C:\Users\Hanna\Downloads\ccav_installer.exe 2016-08-23 04:34 - 2016-08-24 04:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-08-23 04:34 - 2016-08-23 04:34 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-08-23 04:34 - 2016-08-23 04:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-08-23 04:34 - 2016-08-23 04:34 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-08-23 04:34 - 2016-08-23 04:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-08-23 04:34 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-08-23 04:34 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-08-23 04:34 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-08-22 21:51 - 2016-08-22 21:55 - 22851472 _____ (Malwarebytes ) C:\Users\Hanna\Downloads\mbam-setup-2.2.1.1043.exe 2016-08-22 21:38 - 2016-08-22 21:38 - 00000000 ____D C:\Users\Hanna\AppData\Local\CrashRpt 2016-08-22 12:07 - 2016-08-22 12:14 - 00000000 ____D C:\Users\Hanna\AppData\Local\Mozilla 2016-08-22 12:07 - 2016-08-22 12:08 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\Mozilla 2016-08-22 12:07 - 2016-08-22 12:07 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-08-22 12:07 - 2016-08-22 12:07 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-08-22 12:07 - 2016-08-22 12:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-08-22 12:07 - 2016-08-22 12:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-08-22 11:59 - 2016-08-22 11:59 - 00242160 _____ C:\Users\Hanna\Downloads\Firefox Setup Stub 48.0.1 (1).exe 2016-08-22 11:57 - 2016-08-22 11:57 - 00242160 _____ C:\Users\Hanna\Downloads\Firefox Setup Stub 48.0.1.exe 2016-08-20 03:42 - 2016-08-20 03:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-08-19 10:41 - 2016-08-19 10:41 - 00603640 _____ (Visicom Media inc.) C:\Users\Hanna\Downloads\ManyCamWebInstaller (1).exe 2016-08-17 15:26 - 2016-07-08 23:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-08-17 15:26 - 2016-07-08 23:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-08-17 09:30 - 2016-08-17 09:30 - 00569520 _____ (COMODO) C:\Windows\system32\CcavGuard64.dll 2016-08-17 09:30 - 2016-08-17 09:30 - 00441000 _____ (COMODO) C:\Windows\SysWOW64\CcavGuard32.dll 2016-08-17 09:29 - 2016-08-17 09:29 - 00140152 _____ (COMODO) C:\Windows\system32\Drivers\CmdCCAV.sys 2016-08-14 18:33 - 2016-08-14 18:33 - 00000000 ____D C:\ShadowPlay 2016-08-10 13:12 - 2016-08-02 22:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-08-10 13:12 - 2016-08-02 14:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-08-10 13:12 - 2016-08-02 14:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-08-10 13:12 - 2016-08-02 14:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-08-10 13:12 - 2016-08-02 14:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-08-10 13:12 - 2016-08-02 14:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-08-10 13:12 - 2016-08-02 13:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-08-10 13:12 - 2016-08-02 13:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-08-10 13:12 - 2016-08-02 13:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-08-10 13:12 - 2016-08-02 13:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-08-10 13:12 - 2016-08-02 13:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-08-10 13:12 - 2016-08-02 13:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-08-10 13:12 - 2016-08-02 13:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-08-10 13:12 - 2016-08-02 13:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-08-10 13:12 - 2016-08-02 13:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-08-10 13:12 - 2016-08-02 13:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-08-10 13:12 - 2016-08-02 13:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-08-10 13:12 - 2016-08-02 13:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-08-10 13:12 - 2016-08-02 13:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-08-10 13:12 - 2016-08-02 12:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-08-10 13:11 - 2016-08-02 22:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-08-10 13:11 - 2016-08-02 14:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-08-10 13:11 - 2016-08-02 14:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-08-10 13:11 - 2016-08-02 14:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-08-10 13:11 - 2016-08-02 14:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-08-10 13:11 - 2016-08-02 14:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-08-10 13:11 - 2016-08-02 14:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-08-10 13:11 - 2016-08-02 14:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-08-10 13:11 - 2016-08-02 14:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-08-10 13:11 - 2016-08-02 14:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-08-10 13:11 - 2016-08-02 14:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-08-10 13:11 - 2016-08-02 14:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-08-10 13:11 - 2016-08-02 14:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-08-10 13:11 - 2016-08-02 14:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-08-10 13:11 - 2016-08-02 14:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-08-10 13:11 - 2016-08-02 14:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-08-10 13:11 - 2016-08-02 14:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-08-10 13:11 - 2016-08-02 13:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-08-10 13:11 - 2016-08-02 13:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-08-10 13:11 - 2016-08-02 13:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-08-10 13:11 - 2016-08-02 13:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-08-10 13:11 - 2016-08-02 13:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-08-10 13:11 - 2016-08-02 13:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-08-10 13:11 - 2016-08-02 13:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-08-10 13:11 - 2016-08-02 13:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-08-10 13:11 - 2016-08-02 13:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-08-10 13:11 - 2016-08-02 13:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-08-10 13:11 - 2016-08-02 13:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-08-10 13:11 - 2016-08-02 13:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-08-10 13:11 - 2016-08-02 13:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-08-10 13:11 - 2016-08-02 13:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-08-10 13:11 - 2016-08-02 13:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-08-10 13:11 - 2016-08-02 13:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-08-10 13:11 - 2016-08-02 13:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-08-10 13:11 - 2016-08-02 13:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-08-10 13:11 - 2016-08-02 13:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-08-10 13:11 - 2016-08-02 13:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-08-10 13:11 - 2016-08-02 13:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-08-10 13:11 - 2016-08-02 13:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-08-10 13:11 - 2016-08-02 13:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-08-10 13:11 - 2016-08-02 13:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-08-10 13:11 - 2016-08-02 13:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-08-10 13:11 - 2016-08-02 13:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-08-10 13:11 - 2016-08-02 12:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-08-10 13:11 - 2016-08-02 12:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-08-10 13:11 - 2016-08-02 12:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-08-10 13:01 - 2016-07-08 23:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-08-10 13:01 - 2016-07-08 23:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-08-10 13:01 - 2016-07-08 23:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-08-10 13:01 - 2016-07-08 23:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-08-10 13:01 - 2016-07-08 23:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-08-10 13:01 - 2016-07-08 23:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-08-10 13:01 - 2016-07-08 22:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-08-10 13:01 - 2016-07-08 22:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-08-10 13:01 - 2016-07-08 22:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-08-10 13:01 - 2016-07-08 22:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-08-10 13:01 - 2016-07-08 22:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-08-10 13:01 - 2016-07-08 22:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-08-10 12:57 - 2016-07-08 23:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-08-09 10:19 - 2016-08-09 10:19 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\NVIDIA 2016-08-08 09:36 - 2016-08-08 09:36 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2016-08-08 09:32 - 2016-08-08 09:32 - 00000144 _____ C:\Windows\Sierra.ini 2016-08-08 09:32 - 2016-08-08 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra 2016-08-08 09:30 - 2016-08-08 09:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-08-08 09:30 - 2016-08-08 09:30 - 00000000 ____D C:\Sierra 2016-08-08 09:27 - 2016-08-08 09:28 - 00000000 ____D C:\Users\Hanna\Downloads\Emperor_Rise_of_the_Middle_Kingdom 2016-08-08 07:33 - 2016-08-08 09:25 - 661213913 _____ C:\Users\Hanna\Downloads\Emperor_Rise_of_the_Middle_Kingdom.zip 2016-07-31 21:01 - 2016-07-31 21:00 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll 2016-07-30 22:21 - 2016-07-30 22:21 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-07-29 23:30 - 2016-07-30 22:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2016-07-29 23:30 - 2016-07-29 23:30 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2016-07-29 23:30 - 2016-07-29 23:30 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-07-29 23:29 - 2016-07-30 22:20 - 00000000 ____D C:\ProgramData\Adobe 2016-07-29 23:14 - 2016-07-29 23:14 - 01202888 _____ (Adobe Systems Incorporated) C:\Users\Hanna\Downloads\reader11_en_xa_install.exe 2016-07-28 18:41 - 2016-07-28 18:41 - 00001055 _____ C:\Users\Public\Desktop\StarCraft II.lnk 2016-07-28 18:41 - 2016-07-28 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II 2016-07-28 11:49 - 2016-08-23 20:34 - 00000000 ____D C:\Program Files (x86)\StarCraft II 2016-07-28 11:49 - 2016-08-09 13:03 - 00000000 ____D C:\Users\Hanna\Documents\StarCraft II 2016-07-28 08:45 - 2016-07-28 08:45 - 00000000 ____D C:\ProgramData\FLEXnet 2016-07-28 01:03 - 2016-08-13 15:09 - 00000000 ____D C:\Users\Hanna\Documents\Autodesk Application Manager 2016-07-28 00:57 - 2016-07-28 00:57 - 00002039 _____ C:\Users\Public\Desktop\Autodesk ReCap.lnk 2016-07-28 00:49 - 2016-07-28 00:49 - 00002098 _____ C:\Users\Public\Desktop\AutoCAD 2015 - English.lnk 2016-07-28 00:49 - 2016-07-28 00:49 - 00000000 ____D C:\Users\Hanna\Documents\Inventor Server SDK ACAD 2015 2016-07-28 00:23 - 2016-08-09 09:30 - 00000000 ____D C:\Users\Hanna\AppData\Local\Autodesk 2016-07-28 00:20 - 2016-07-28 00:20 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared 2016-07-28 00:16 - 2016-07-28 01:03 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared 2016-07-28 00:16 - 2016-07-28 00:16 - 00000000 ____D C:\Users\Public\Documents\Autodesk 2016-07-27 23:54 - 2016-07-27 23:54 - 00000153 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc 2016-07-27 23:54 - 2016-07-27 23:54 - 00000000 ____D C:\Program Files (x86)\Autodesk 2016-07-27 23:51 - 2016-08-22 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk 2016-07-27 23:51 - 2016-07-28 00:57 - 00000000 ____D C:\Program Files\Autodesk 2016-07-27 23:51 - 2016-07-27 23:51 - 00001219 _____ C:\Users\Public\Desktop\LMTOOLS Utility.lnk 2016-07-27 23:43 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2016-07-27 23:43 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2016-07-27 23:43 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2016-07-27 23:43 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2016-07-27 23:43 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2016-07-27 23:43 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2016-07-27 23:43 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2016-07-27 23:43 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2016-07-27 23:43 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2016-07-27 23:43 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2016-07-27 23:42 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2016-07-27 23:42 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2016-07-27 23:42 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2016-07-27 23:42 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2016-07-27 23:42 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2016-07-27 23:42 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2016-07-27 23:42 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2016-07-27 23:42 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2016-07-27 23:38 - 2016-08-22 11:52 - 00000000 ____D C:\ProgramData\Autodesk 2016-07-27 23:38 - 2016-08-09 09:50 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\Autodesk 2016-07-27 23:38 - 2016-07-27 23:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-24 06:36 - 2009-07-14 12:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-08-24 06:36 - 2009-07-14 12:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-08-24 06:28 - 2016-06-23 22:23 - 00000964 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-08-24 06:12 - 2016-06-23 09:56 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-08-24 06:03 - 2016-07-14 15:14 - 00000000 ____D C:\Program Files (x86)\ManyCam 2016-08-24 06:02 - 2016-06-25 20:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-08-24 05:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf 2016-08-24 05:55 - 2016-06-23 22:49 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-08-24 04:47 - 2016-06-24 00:11 - 00000000 ___RD C:\Users\Hanna\Dropbox 2016-08-24 04:46 - 2016-06-23 22:23 - 00000000 ____D C:\Users\Hanna\AppData\Local\Dropbox 2016-08-24 04:12 - 2016-06-23 09:56 - 00001004 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-08-24 03:53 - 2016-06-24 00:19 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\vlc 2016-08-24 03:16 - 2016-06-24 10:14 - 00000000 ____D C:\Program Files (x86)\Steam 2016-08-24 01:49 - 2016-06-23 22:23 - 00000960 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-08-24 01:48 - 2016-06-24 11:06 - 00000000 ____D C:\ProgramData\NVIDIA 2016-08-24 01:48 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-08-23 22:43 - 2016-06-23 09:33 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\Camfrog 2016-08-23 21:36 - 2016-07-04 20:25 - 00000000 ____D C:\Users\Hanna\AppData\Local\Battle.net 2016-08-23 20:25 - 2016-07-04 19:52 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-08-23 09:32 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF 2016-08-22 13:26 - 2009-07-14 13:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI 2016-08-21 05:53 - 2016-06-25 20:37 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-08-20 03:42 - 2016-06-23 22:23 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-08-19 03:01 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache 2016-08-15 22:54 - 2016-06-23 22:49 - 00000931 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2016-08-15 22:00 - 2016-06-24 22:13 - 00000000 ____D C:\Users\Hanna\AppData\Local\CrashDumps 2016-08-14 08:41 - 2016-07-19 09:12 - 00000000 ____D C:\Program Files (x86)\Diablo III 2016-08-11 23:10 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\LiveKernelReports 2016-08-11 03:27 - 2009-07-14 12:45 - 00341776 _____ C:\Windows\system32\FNTCACHE.DAT 2016-08-11 03:10 - 2016-06-28 19:41 - 00000000 ____D C:\Windows\system32\MRT 2016-08-11 03:01 - 2016-06-28 19:41 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-08-08 13:44 - 2016-06-23 02:35 - 00000000 ____D C:\Users\Hanna\AppData\Local\VirtualStore 2016-08-05 09:17 - 2016-06-23 10:12 - 00002145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-05 09:17 - 2016-06-23 10:12 - 00002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-08-03 06:13 - 2016-07-01 01:18 - 00000000 ____D C:\Users\Hanna\AppData\Local\ElevatedDiagnostics 2016-08-01 10:23 - 2016-07-04 20:25 - 00000000 ____D C:\Users\Hanna\AppData\Local\Blizzard Entertainment 2016-08-01 10:21 - 2016-07-04 20:25 - 00000000 ____D C:\ProgramData\Blizzard Entertainment 2016-07-31 21:26 - 2016-06-23 21:00 - 00000000 ____D C:\ProgramData\Oracle 2016-07-31 21:02 - 2016-06-24 14:52 - 00000000 ____D C:\Program Files (x86)\Java 2016-07-31 21:01 - 2016-06-23 21:00 - 00000000 ____D C:\Users\Hanna\.oracle_jre_usage 2016-07-31 21:01 - 2016-06-23 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-07-31 21:01 - 2016-06-23 21:00 - 00000000 ____D C:\Program Files\Java 2016-07-31 21:00 - 2016-06-23 21:00 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2016-07-31 20:59 - 2016-06-24 14:53 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-07-29 23:14 - 2016-06-24 22:01 - 00000000 ____D C:\Users\Hanna\AppData\Local\Adobe 2016-07-29 04:07 - 2016-06-23 09:56 - 00004004 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-07-29 04:07 - 2016-06-23 09:56 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-07-28 01:03 - 2016-06-24 18:04 - 00000000 ____D C:\ProgramData\Package Cache 2016-07-28 00:50 - 2016-06-23 09:31 - 00090032 _____ C:\Users\Hanna\AppData\Local\GDIPFONTCACHEV1.DAT 2016-07-28 00:49 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\Downloaded Program Files 2016-07-27 23:40 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2016-07-26 14:24 - 2010-11-21 11:27 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2016-07-27 23:54 - 2016-07-27 23:54 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Files to move or delete: ==================== C:\Windows\Tasks\{1C35AF9C-4102-EB46-2DC1-514C7A9A651C}.job ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-08-19 02:54 ==================== End of FRST.txt ============================ -------------------- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01 Ran by Hanna (24-08-2016 06:39:33) Running from C:\Users\Hanna\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2016-06-22 18:35:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2353525251-3153904798-3974892558-500 - Administrator - Disabled) Guest (S-1-5-21-2353525251-3153904798-3974892558-501 - Limited - Disabled) Hanna (S-1-5-21-2353525251-3153904798-3974892558-1000 - Administrator - Enabled) => C:\Users\Hanna HomeGroupUser$ (S-1-5-21-2353525251-3153904798-3974892558-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Cloud Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2} AS: COMODO Sandbox (Disabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated) AutoCAD 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden AutoCAD 2015 Help - English (Version: 20.0.51.0 - Autodesk) Hidden AutoCAD 2015 Language Pack - English (Version: 20.0.51.0 - Autodesk) Hidden Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk) Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.51.0 - Autodesk) Autodesk AutoCAD 2015 Help - English (HKLM\...\AutoCAD 2015 Help - English) (Version: 20.0.51.0 - Autodesk) Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk) Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk) Autodesk CAD Manager Tools (HKLM\...\{5783F2D7-0111-0409-0110-0060B0CE6BBA}) (Version: 16.0.0.65 - Autodesk) Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk) Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk) Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk) Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk) Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.12.0 - Autodesk) Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.3.1.39 - Autodesk) Autodesk ReCap (Version: 1.3.1.39 - Autodesk) Hidden CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Camfrog Video Chat 6.11 (HKLM-x32\...\Camfrog) (Version: 6.11.549 - Camshare, Inc.) COMODO Cloud Antivirus (HKLM-x32\...\COMODO Cloud Antivirus_list_uninstall) (Version: 1.4.397436.312 - COMODO) COMODO Cloud Antivirus (x32 Version: 1.4.312.0 - COMODO) Hidden Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Dota 2 (HKLM\...\Steam App 570) (Version: - Valve) Dropbox (HKLM-x32\...\Dropbox) (Version: 8.4.19 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.45.1 - Dropbox, Inc.) Hidden Emperor: Rise of the Middle Kingdom (HKLM-x32\...\{821DABD6-26F2-49E5-AE55-40A589ADBE6D}) (Version: - ) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.397428.24 - Comodo) Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) ManyCam 4.1.0 (HKLM-x32\...\ManyCam) (Version: 4.1.0 - Visicom Media Inc.) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 48.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.1 (x86 en-US)) (Version: 48.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.1 - Mozilla) NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation) NVIDIA 3D Vision Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.39 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation) NVIDIA Graphics Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.14 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.64630 - TeamViewer) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.) Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17323 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2353525251-3153904798-3974892558-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2353525251-3153904798-3974892558-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2353525251-3153904798-3974892558-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {048C540D-3ACC-47E4-9936-04C67BC299CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-23] (Google Inc.) Task: {14193DF9-29DC-45F5-8FA1-F218C8882967} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-14] (Adobe Systems Incorporated) Task: {1AFD00AE-D6E4-49B1-8A01-B082176B5860} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-23] (Dropbox, Inc.) Task: {5E2936EF-A4E6-4F5F-849C-0AFEFC83922B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated) Task: {8B75D45E-39B0-4E15-8C1C-6D27D3170285} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {A0369758-8D7C-4748-BBAD-470788E0906B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-23] (Dropbox, Inc.) Task: {A189F785-D96B-4F91-91B2-BBF2AC7175C6} - System32\Tasks\HannaSpeciosityStitchersV2 => Rundll32.exe RottedRetypes.dll,main 7 1 <==== ATTENTION Task: {B46291B0-9954-47A3-8AC5-C99CB6BE2AD6} - System32\Tasks\{1C35AF9C-4102-EB46-2DC1-514C7A9A651C} => C:\Users\Hanna\AppData\Roaming\PRICEF~1\PRICEF~1.EXE <==== ATTENTION Task: {C2C57B2F-3907-4152-8AD5-A0B9110850AD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {F2909B79-687A-4820-BCED-1A867D76102E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-23] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\{1C35AF9C-4102-EB46-2DC1-514C7A9A651C}.job => C:\Users\Hanna\AppData\Roaming\PRICEF~1\PRICEF~1.EXE <==== ATTENTION ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-06-24 18:24 - 2016-06-03 11:26 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2012-11-14 11:22 - 2012-11-14 11:22 - 02010624 _____ () C:\Program Files (x86)\ManyCam\opencv_core220.dll 2012-11-14 11:23 - 2012-11-14 11:23 - 01241088 _____ () C:\Program Files (x86)\ManyCam\opencv_imgproc220.dll 2012-11-14 11:23 - 2012-11-14 11:23 - 00241152 _____ () C:\Program Files (x86)\ManyCam\opencv_objdetect220.dll 2012-11-14 11:23 - 2012-11-14 11:23 - 00775680 _____ () C:\Program Files (x86)\ManyCam\opencv_highgui220.dll 2012-11-14 11:23 - 2012-11-14 11:23 - 00201216 _____ () C:\Program Files (x86)\ManyCam\opencv_video220.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1" ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:34 - 2016-06-25 12:54 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{FF092E04-D25E-4D2F-A3F3-57B9E61228BB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{EA73D585-5CD4-4EC4-BB19-F1020647524B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{E35CC08F-7CFB-443B-BA1A-25B3A384F88C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{D8C25251-6094-4849-AC01-CB05A9166902}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{21850165-6B43-4F04-B539-4F7B3656209B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{B2824062-98AA-4A4D-9564-32C7F2F53819}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{75413E2C-8675-4163-8D8F-DF5D186A976A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{8C5439FF-FA54-4EAB-ACE3-51111D4EFB27}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{5E5A0F09-C218-4E70-A6C7-A47AF9A15966}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{FEBECEC9-C5E1-47E0-9DE3-B1668417C134}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{4809DDA0-E46C-44B8-ABDC-A5038F1D8ECD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{AFDF6392-4DC4-4474-A21B-F0E93714E130}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [UDP Query User{DFE12F7D-8301-47A6-9FA4-00302131C9E1}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [TCP Query User{C3931B49-7483-49C8-A7C6-1A36A2F7466F}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [UDP Query User{214249F7-FE5E-40A0-A7EA-F0959E9DF606}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [{4D66D214-72A0-4344-BF73-19562EB6EB9D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{279639FF-6197-4C98-B4A4-AB34E0C18725}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{94F50EF5-31A5-4D29-BEE1-90578528592F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{A19598BA-56C5-49E5-809E-DD7447060ABB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [TCP Query User{A666417D-83DE-426C-9516-FD2818B81B95}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe FirewallRules: [UDP Query User{89556781-296E-41CF-AFA4-2C9F2BD4474F}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe FirewallRules: [{0829652C-EA11-4516-BE2A-B234CDB05CF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{AE9E9DF5-3C1E-418B-8245-D006ECF79B14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{245E316A-3A9B-4BB5-A170-FA528C3028AE}] => (Allow) LPort=50248 FirewallRules: [TCP Query User{35E358A7-172F-46AE-B9E0-61ED6A7EB698}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe FirewallRules: [UDP Query User{E215D426-5D4A-4F12-9A10-D41BF98A91AE}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe FirewallRules: [{143B16E3-85D2-4FC1-8736-74392FAC08DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{B2B589A4-C909-4844-B5CB-FFFA48C6C05D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{DF3603B6-7F14-4E88-BEFC-6C0AFB9B0834}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{65D273E7-7754-4691-825D-1A96C59360A2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{0B74481A-0BE1-4C64-99C3-966A0BFBC124}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{02A2E419-E838-4163-88C2-C4A7C7EFBB84}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{D94D15A2-9EE2-4772-90A9-0F691FAE2872}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AAC6A394-A08D-4ED2-8917-9DB978AE911C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Restore Points ========================= 16-08-2016 20:18:28 Windows Update 17-08-2016 16:18:05 Windows Update 21-08-2016 19:00:14 Windows Backup 23-08-2016 06:39:56 Installed COMODO Cloud Antivirus 23-08-2016 20:09:25 Windows Update 24-08-2016 05:58:57 Device Driver Package Install: Visicom Media Inc. Imaging devices 24-08-2016 05:59:34 Device Driver Package Install: Visicom Media Inc. Sound, video and game controllers ==================== Faulty Device Manager Devices ============= Name: SM Bus Controller Description: SM Bus Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Ethernet Controller Description: Ethernet Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/24/2016 01:50:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/23/2016 08:02:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/23/2016 08:02:39 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: An error has occurred (StartServiceCtrlDispatcher failed [1063]). Error: (08/23/2016 09:03:39 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/22/2016 09:38:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/22/2016 07:11:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/22/2016 01:22:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/22/2016 12:45:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/22/2016 11:00:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/22/2016 10:09:58 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (08/24/2016 12:11:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/23/2016 08:00:58 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:35:15 on ‎23/‎08/‎2016 was unexpected. Error: (08/23/2016 08:20:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ccavsrv service terminated unexpectedly. It has done this 1 time(s). Error: (08/23/2016 08:20:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Internet Security Essentials Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/23/2016 08:20:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s). Error: (08/23/2016 08:20:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (08/23/2016 08:20:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (08/23/2016 08:20:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (08/23/2016 08:20:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The NVIDIA Streamer Network Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/23/2016 08:20:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The TeamViewer 11 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-08-24 05:56:18.301 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 05:56:18.275 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 04:40:17.965 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 04:40:17.944 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 03:32:54.680 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 03:32:54.665 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 01:48:48.479 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 01:48:48.448 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 00:44:28.588 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 00:44:28.572 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD A6-3500 APU with Radeon(tm) HD Graphics Percentage of memory in use: 66% Total physical RAM: 4093.43 MB Available physical RAM: 1355.44 MB Total Virtual: 8185.04 MB Available Virtual: 4897.07 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.83 GB) (Free:134.9 GB) NTFS Drive d: () (Fixed) (Total:232.83 GB) (Free:24.42 GB) NTFS Drive e: (Feb 12 2014) (CDROM) (Total:3.73 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E3BD4EDE) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  8. I am but I have to close this thread. My friend sold the computer and buy a new one.
  9. Thanks a lot Broni the machine is working much better now.
  10. Sophos scanned clean so i dont have a log from it. Here is other logs thanks for help: Results of screen317's Security Check version 1.014 --- 12/23/15 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Kaspersky Anti-Virus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java(TM) 6 Update 22 Java version 32-bit out of Date! Adobe Flash Player 21.0.0.213 Mozilla Firefox (47.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Kaspersky Lab Kaspersky Anti-Virus 16.0.1 avp.exe Kaspersky Lab Kaspersky Anti-Virus 16.0.1 avpui.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` ---------------------------------------------------------------------------------- Farbar Service Scanner Version: 27-01-2016 Ran by Administrator (administrator) on 31-07-2016 at 10:45:01 Running from "C:\Users\Administrator\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is unreachable Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
  11. Fix result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016 Ran by Administrator (2016-07-31 08:29:26) Run:1 Running from C:\Users\Administrator\Desktop Loaded Profiles: Administrator (Available Profiles: renelfa & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-628892942-4087894465-2007994320-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = BHO-x32: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-26] <==== ATTENTION (Points to *.cfg file) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\DAA53B07EC93AD2B96D3681A368CD85CDAA5 [2015-09-11] <==== ATTENTION FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2014-05-27] <==== ATTENTION S3 cpuz134; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X] 2013-06-26 22:56 - 2014-06-23 14:40 - 0003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml 2015-11-30 12:27 - 2015-11-30 12:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-07-12 10:43 - 2013-07-12 10:43 - 0000056 ____H () C:\ProgramData\ezsidmv.dat DeleteKey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FLVPlayer4Free Toolbar" Task: {1332EF96-5277-4619-AB2D-A4942FC85B05} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {B491162C-6991-440C-8538-BE7EC95FBFED} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION Task: {E1DFFA99-06A8-4C3A-9987-8BF6B685FCDA} - \{F1F010C5-CC7B-426E-BD00-4205FD46E0E4} -> No File <==== ATTENTION Task: {E59CDDFB-0142-49BC-9558-90FFE0D9D8E7} - System32\Tasks\Beach Video => Rundll32.exe "C:\Users\renelfa\AppData\Local\Beach Video\Bin\BeachVideo.dll",#3 <==== ATTENTION C:\Users\renelfa\AppData\Local\Beach Video Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [112] ***************** "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully "HKU\S-1-5-21-628892942-4087894465-2007994320-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" => key removed successfully HKCR\Wow6432Node\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} => key not found. "HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js => moved successfully C:\Program Files (x86)\mozilla firefox\DAA53B07EC93AD2B96D3681A368CD85CDAA5 => moved successfully C:\Program Files (x86)\mozilla firefox\firefox.cfg => moved successfully cpuz134 => service removed successfully hwdatacard => service removed successfully hwusbdev => service removed successfully klkbdflt2 => service could not remove C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml => moved successfully C:\ProgramData\DP45977C.lfl => moved successfully C:\ProgramData\ezsidmv.dat => moved successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FLVPlayer4Free Toolbar => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1332EF96-5277-4619-AB2D-A4942FC85B05}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1332EF96-5277-4619-AB2D-A4942FC85B05}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B491162C-6991-440C-8538-BE7EC95FBFED}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B491162C-6991-440C-8538-BE7EC95FBFED}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1DFFA99-06A8-4C3A-9987-8BF6B685FCDA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1DFFA99-06A8-4C3A-9987-8BF6B685FCDA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F1F010C5-CC7B-426E-BD00-4205FD46E0E4}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E59CDDFB-0142-49BC-9558-90FFE0D9D8E7}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E59CDDFB-0142-49BC-9558-90FFE0D9D8E7}" => key removed successfully C:\Windows\System32\Tasks\Beach Video => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Beach Video" => key removed successfully "C:\Users\renelfa\AppData\Local\Beach Video" => not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => key removed successfully C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully. ==== End of Fixlog 08:29:26 ====
  12. ok frst finished here is logs: FRST.txt Addition.txt
  13. i did not need to use rkill, here is combofix log: ComboFix 16-07-25.01 - Administrator 07/31/2016 7:14.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.63.1033.18.4012.2047 [GMT 8:00] Running from: c:\users\Administrator\Desktop\ComboFix.exe AV: Kaspersky Anti-Virus *Disabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98} SP: Kaspersky Anti-Virus *Disabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\users\renelfa\AppData\Local\TempDIR . . ((((((((((((((((((((((((( Files Created from 2016-06-28 to 2016-07-30 ))))))))))))))))))))))))))))))) . . 2016-07-30 22:31 . 2016-07-30 22:31 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C9BA5E68-1A3A-4195-B833-B0F4EF3C088C}\offreg.4060.dll 2016-07-30 18:50 . 2016-07-30 19:16 -------- dc----w- C:\AdwCleaner 2016-07-30 17:26 . 2016-07-30 17:26 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2016-07-30 17:25 . 2016-07-30 17:25 -------- d-----w- c:\program files\RogueKiller 2016-07-30 17:25 . 2016-07-30 17:25 -------- d-----w- c:\programdata\RogueKiller 2016-07-29 19:26 . 2016-06-21 22:04 12007136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C9BA5E68-1A3A-4195-B833-B0F4EF3C088C}\mpengine.dll 2016-07-29 18:45 . 2016-07-29 18:57 -------- dc----w- C:\FRST 2016-07-29 16:20 . 2016-07-30 21:58 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2016-07-29 16:18 . 2016-03-10 06:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys 2016-07-29 16:18 . 2016-03-10 06:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2016-07-29 16:18 . 2016-03-10 06:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys 2016-07-29 16:18 . 2016-07-29 16:18 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2016-07-29 16:18 . 2016-07-29 16:18 -------- d-----w- c:\programdata\Malwarebytes 2016-07-13 21:22 . 2016-06-26 00:27 756736 ----a-w- c:\windows\system32\win32spl.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2016-07-26 06:24 . 2010-11-21 03:27 504488 ------w- c:\windows\system32\MpSigStub.exe 2016-07-14 01:35 . 2011-11-22 02:12 144749672 ----a-w- c:\windows\system32\MRT.exe 2016-07-09 18:41 . 2011-11-22 02:11 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2016-06-14 15:21 . 2016-07-13 21:22 2560 ----a-w- c:\windows\apppatch\AcRes.dll 2016-05-18 16:10 . 2016-06-15 18:52 312832 ----a-w- c:\windows\SysWow64\gdi32.dll 2016-05-18 16:09 . 2016-06-15 18:52 405504 ----a-w- c:\windows\system32\gdi32.dll 2016-05-18 12:22 . 2016-03-21 17:00 77904 ----a-w- c:\windows\SysWow64\drivers\360AvFlt.sys 2016-05-13 22:15 . 2016-06-15 18:50 382184 ----a-w- c:\windows\system32\atmfd.dll 2016-05-13 22:09 . 2016-06-15 18:50 41472 ----a-w- c:\windows\system32\lpk.dll 2016-05-13 22:09 . 2016-06-15 18:50 100864 ----a-w- c:\windows\system32\fontsub.dll 2016-05-13 22:09 . 2016-06-15 18:50 14336 ----a-w- c:\windows\system32\dciman32.dll 2016-05-13 22:09 . 2016-06-15 18:50 46080 ----a-w- c:\windows\system32\atmlib.dll 2016-05-13 21:54 . 2016-06-15 18:50 308456 ----a-w- c:\windows\SysWow64\atmfd.dll 2016-05-13 21:50 . 2016-06-15 18:50 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2016-05-13 21:49 . 2016-06-15 18:50 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2016-05-13 21:49 . 2016-06-15 18:50 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2016-05-13 21:27 . 2016-06-15 18:50 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2016-05-12 17:20 . 2016-06-15 18:51 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2016-05-12 17:20 . 2016-06-15 18:51 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2016-05-12 17:15 . 2016-06-15 18:52 105472 ----a-w- c:\windows\system32\winipsec.dll 2016-05-12 17:15 . 2016-06-15 18:51 2048 ----a-w- c:\windows\system32\tzres.dll 2016-05-12 17:15 . 2016-06-15 18:51 210432 ----a-w- c:\windows\system32\wdigest.dll 2016-05-12 17:15 . 2016-06-15 18:51 86528 ----a-w- c:\windows\system32\TSpkg.dll 2016-05-12 17:15 . 2016-06-15 18:51 28672 ----a-w- c:\windows\system32\sspisrv.dll 2016-05-12 17:15 . 2016-06-15 18:51 135680 ----a-w- c:\windows\system32\sspicli.dll 2016-05-12 17:14 . 2016-06-15 18:51 1212928 ----a-w- c:\windows\system32\rpcrt4.dll 2016-05-12 17:14 . 2016-06-15 18:51 344064 ----a-w- c:\windows\system32\schannel.dll 2016-05-12 17:14 . 2016-06-15 18:51 28160 ----a-w- c:\windows\system32\secur32.dll 2016-05-12 17:14 . 2016-06-15 18:51 190464 ----a-w- c:\windows\system32\rpchttp.dll 2016-05-12 17:14 . 2016-06-15 18:52 373760 ----a-w- c:\windows\system32\polstore.dll 2016-05-12 17:14 . 2016-06-15 18:51 312320 ----a-w- c:\windows\system32\ncrypt.dll 2016-05-12 17:14 . 2016-06-15 18:51 60416 ----a-w- c:\windows\system32\msobjs.dll 2016-05-12 17:14 . 2016-06-15 18:51 316416 ----a-w- c:\windows\system32\msv1_0.dll 2016-05-12 17:14 . 2016-06-15 18:51 146432 ----a-w- c:\windows\system32\msaudite.dll 2016-05-12 17:14 . 2016-06-15 18:51 1464320 ----a-w- c:\windows\system32\lsasrv.dll 2016-05-12 17:14 . 2016-06-15 18:52 502272 ----a-w- c:\windows\system32\IPSECSVC.DLL 2016-05-12 17:14 . 2016-06-15 18:51 730624 ----a-w- c:\windows\system32\kerberos.dll 2016-05-12 17:14 . 2016-06-15 18:52 96256 ----a-w- c:\windows\system32\gpapi.dll 2016-05-12 17:14 . 2016-06-15 18:52 794624 ----a-w- c:\windows\system32\gpsvc.dll 2016-05-12 17:14 . 2016-06-15 18:52 75776 ----a-w- c:\windows\system32\FwRemoteSvr.dll 2016-05-12 17:14 . 2016-06-15 18:51 43520 ----a-w- c:\windows\system32\cryptbase.dll 2016-05-12 17:14 . 2016-06-15 18:51 22016 ----a-w- c:\windows\system32\credssp.dll 2016-05-12 17:14 . 2016-06-15 18:51 463872 ----a-w- c:\windows\system32\certcli.dll 2016-05-12 17:14 . 2016-06-15 18:51 690688 ----a-w- c:\windows\system32\adtschema.dll 2016-05-12 15:18 . 2016-06-15 18:51 666112 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2016-05-12 15:18 . 2016-06-15 18:51 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2016-05-12 15:18 . 2016-06-15 18:52 70144 ----a-w- c:\windows\SysWow64\winipsec.dll 2016-05-12 15:18 . 2016-06-15 18:51 172032 ----a-w- c:\windows\SysWow64\wdigest.dll 2016-05-12 15:18 . 2016-06-15 18:51 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2016-05-12 15:18 . 2016-06-15 18:51 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll 2016-05-12 15:18 . 2016-06-15 18:51 251392 ----a-w- c:\windows\SysWow64\schannel.dll 2016-05-12 15:18 . 2016-06-15 18:51 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2016-05-12 15:18 . 2016-06-15 18:51 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll 2016-05-12 15:18 . 2016-06-15 18:52 274944 ----a-w- c:\windows\SysWow64\polstore.dll 2016-05-12 15:18 . 2016-06-15 18:51 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll 2016-05-12 15:18 . 2016-06-15 18:51 260608 ----a-w- c:\windows\SysWow64\msv1_0.dll 2016-05-12 15:18 . 2016-06-15 18:51 60416 ----a-w- c:\windows\SysWow64\msobjs.dll 2016-05-12 15:18 . 2016-06-15 18:51 146432 ----a-w- c:\windows\SysWow64\msaudite.dll 2016-05-12 15:18 . 2016-06-15 18:51 553472 ----a-w- c:\windows\SysWow64\kerberos.dll 2016-05-12 15:18 . 2016-06-15 18:52 79360 ----a-w- c:\windows\SysWow64\gpapi.dll 2016-05-12 15:18 . 2016-06-15 18:52 44032 ----a-w- c:\windows\SysWow64\FwRemoteSvr.dll 2016-05-12 15:18 . 2016-06-15 18:51 342528 ----a-w- c:\windows\SysWow64\certcli.dll 2016-05-12 15:18 . 2016-06-15 18:51 17408 ----a-w- c:\windows\SysWow64\credssp.dll 2016-05-12 15:18 . 2016-06-15 18:51 690688 ----a-w- c:\windows\SysWow64\adtschema.dll 2016-05-12 15:05 . 2016-06-15 18:51 64000 ----a-w- c:\windows\system32\auditpol.exe 2016-05-12 14:58 . 2016-06-15 18:51 159744 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2016-05-12 14:58 . 2016-06-15 18:51 464896 ----a-w- c:\windows\system32\drivers\srv.sys 2016-05-12 14:58 . 2016-06-15 18:51 405504 ----a-w- c:\windows\system32\drivers\srv2.sys 2016-05-12 14:58 . 2016-06-15 18:51 168960 ----a-w- c:\windows\system32\drivers\srvnet.sys 2016-05-12 14:58 . 2016-06-15 18:51 291328 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2016-05-12 14:58 . 2016-06-15 18:51 129536 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2016-05-12 14:57 . 2016-06-15 18:51 30720 ----a-w- c:\windows\system32\lsass.exe 2016-05-12 14:56 . 2016-06-15 18:51 50176 ----a-w- c:\windows\SysWow64\auditpol.exe 2016-05-12 14:51 . 2016-06-15 18:51 36352 ----a-w- c:\windows\SysWow64\cryptbase.dll 2016-05-12 13:05 . 2016-06-15 18:51 459640 ----a-w- c:\windows\system32\drivers\cng.sys 2016-05-12 13:05 . 2016-06-15 18:51 297984 ----a-w- c:\windows\system32\bcryptprimitives.dll 2016-05-12 13:04 . 2016-06-15 18:51 249352 ----a-w- c:\windows\SysWow64\bcryptprimitives.dll 2016-05-11 17:02 . 2016-06-15 18:50 296448 ----a-w- c:\windows\system32\ws2_32.dll 2016-05-11 17:02 . 2016-06-15 18:50 444928 ----a-w- c:\windows\system32\winhttp.dll 2016-05-11 17:02 . 2016-06-15 18:50 483840 ----a-w- c:\windows\system32\StructuredQuery.dll 2016-05-11 17:02 . 2016-06-15 18:50 327168 ----a-w- c:\windows\system32\mswsock.dll 2016-05-11 15:19 . 2016-06-15 18:50 206336 ----a-w- c:\windows\SysWow64\ws2_32.dll 2016-05-11 15:19 . 2016-06-15 18:50 351744 ----a-w- c:\windows\SysWow64\winhttp.dll 2016-05-11 15:19 . 2016-06-15 18:50 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll 2016-05-11 15:19 . 2016-06-15 18:50 231424 ----a-w- c:\windows\SysWow64\mswsock.dll 2016-05-11 15:11 . 2016-06-15 18:50 25088 ----a-w- c:\windows\system32\netbtugc.exe 2016-05-11 15:01 . 2016-06-15 18:50 26624 ----a-w- c:\windows\SysWow64\netbtugc.exe 2016-05-11 14:58 . 2016-06-15 18:50 262144 ----a-w- c:\windows\system32\drivers\netbt.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "VAIO Boot Manager"="c:\program files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe" [2011-05-26 2104456] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 AVP16.0.1;Kaspersky Anti-Virus Service 16.0.1;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R3 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x] R3 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x] R3 cpuz134;cpuz134;c:\users\ADMINI~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\ADMINI~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x] R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] R3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys;c:\windows\SYSNATIVE\drivers\vasdDev.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] R4 camfrog_update_service;Camfrog Update Service;c:\program files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe;c:\program files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [x] R4 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x] R4 FPLService;TrueSuiteService;c:\program files\TrueSuite\TrueSuite.Service.exe;c:\program files\TrueSuite\TrueSuite.Service.exe [x] R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] R4 klvssbrigde64;klvssbrigde64;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\vssbridge64.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\vssbridge64.exe [x] R4 ManyCam Service;ManyCam Service;c:\programdata\ManyCam\Service\ManyCamService.exe;c:\programdata\ManyCam\Service\ManyCamService.exe [x] R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x] R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x] R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R4 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x] R4 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x] R4 SpeedupService;Avira System Speedup;c:\program files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe;c:\program files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [x] R4 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x] R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x] R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] R4 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe [x] R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x] R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x] R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x] R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x] R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x] R4 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x] R4 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x] R4 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\vuagent.exe;c:\program files\Sony\VAIO Update\vuagent.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 cm_km;Kaspersky Lab ZAO Cryptographic Module x64 (Weak);c:\windows\system32\DRIVERS\cm_km.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km.sys [x] S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupdisk.sys [x] S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupflt.sys [x] S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 Klwtp;KLwtp - WFP callout traffic inspector;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x] S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x] S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys;c:\windows\SYSNATIVE\DRIVERS\ATSwpWDF.sys [x] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x] S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv.sys [x] S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 semav6msr64;semav6msr64;c:\windows\system32\drivers\semav6msr64.sys;c:\windows\SYSNATIVE\drivers\semav6msr64.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}] 2016-06-30 11:55 322232 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll . Contents of the 'Scheduled Tasks' folder . 2016-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-628892942-4087894465-2007994320-1000Core.job - c:\users\renelfa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-16 17:08] . 2016-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-628892942-4087894465-2007994320-1000UA.job - c:\users\renelfa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-16 17:08] . . --------- X64 Entries ----------- . . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 Trusted Zone: localhost TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3pn1lbf4.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q= . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-10 - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-{d785af9d-83ca-47a5-ac6c-0ee102cf8664} - c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (Administrator) "{03993315-5CE9-4F00-8790-D14A94F1D91A}"=hex:51,66,7a,6c,4c,1d,3b,1b,05,2b,89, 12,d6,06,6d,0b,9f,99,8e,13,94,ba,9b,0e "{001032CB-B0AC-4F2C-A650-AD4B2B26E5DA}"=hex:51,66,7a,6c,4c,1d,3b,1b,db,2a,00, 11,93,ea,41,0b,be,59,f2,12,2b,6d,a7,ce . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,a6,e7,85,b7,2a,b5,49,8c,0a,60,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,a6,e7,85,b7,2a,b5,49,8c,0a,60,\ . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3G2" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3GP" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3G2" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3GP" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AVI" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.CDA" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.m3u" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M4A" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP4" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MOV" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP3" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP3" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP4" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP4" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.TTS" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.TTS" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAV" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAX" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMA" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMD" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMS" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMV" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMZ" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WPL" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WVX" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_182_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_182_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_182_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_182_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_182.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.21" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_182.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_182.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_182.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2016-07-31 07:32:05 ComboFix-quarantined-files.txt 2016-07-30 23:32 . Pre-Run: 163,010,768,896 bytes free Post-Run: 165,325,901,824 bytes free . - - End Of File - - 3450992A460DF18E01D004798EEAAE53 A36C5E4F47E84449FF07ED3517B43A31
  14. could not find in add remove programs. Beach Video cant uninstall FLVPlayer4Free Toolbar could not find in add remove programs. Food Web cant uninstall iLivid could not find in add remove programs. Internet Explorer Toolbar 4.9 by SweetPacks cant uninstall TotalRecipeSearch Toolbar I have the other logs: having a problem copy and pastingi uploaded the logs here rk_1353.tmp.txt mbamlog.txt AdwCleaner[C1].txt JRT.txt
  15. Installed Malwarebyts and it shows notifications of infections. I have the FRST log: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016 Ran by Administrator (administrator) on RENELFA-VAIO (30-07-2016 02:49:43) Running from C:\Users\Administrator\Desktop Loaded Profiles: Administrator (Available Profiles: renelfa & Administrator) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avpui.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe () C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe (© 2015 Microsoft Corporation) C:\Users\Administrator\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [VAIO Boot Manager] => C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe [2104456 2011-05-26] (Sony Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-628892942-4087894465-2007994320-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-628892942-4087894465-2007994320-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: E - E:\AutoRun.exe HKU\S-1-5-21-628892942-4087894465-2007994320-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {8f001068-1579-11e5-aa78-001e101f0000} - D:\AutoRun.exe HKU\S-1-5-21-628892942-4087894465-2007994320-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {8f001082-1579-11e5-aa78-001e101f0000} - E:\AutoRun.exe HKU\S-1-5-21-628892942-4087894465-2007994320-500\...\MountPoints2: E - E:\AutoRun.exe HKU\S-1-5-21-628892942-4087894465-2007994320-500\...\MountPoints2: {8f001068-1579-11e5-aa78-001e101f0000} - D:\AutoRun.exe HKU\S-1-5-21-628892942-4087894465-2007994320-500\...\MountPoints2: {8f001082-1579-11e5-aa78-001e101f0000} - E:\AutoRun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-05-14] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\renelfa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2014-11-24] ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Administrator\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (No File) Startup: C:\Users\renelfa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-05-18] ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll No File Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll No File Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll No File Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll No File Winsock: Catalog9 16 C:\Windows\system32\LavasoftTcpService.dll No File Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-04-06] (Lavasoft Limited) Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-04-06] (Lavasoft Limited) Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-04-06] (Lavasoft Limited) Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-04-06] (Lavasoft Limited) Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-04-06] (Lavasoft Limited) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{2916C742-E622-4F19-9B7D-CBB6E1B1521C}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{A81D6164-4287-47C1-9979-4E88918E97BF}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{ED951445-CF47-459E-84B1-C128EFDFC26A}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q= HKU\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-628892942-4087894465-2007994320-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= URLSearchHook: [S-1-5-21-628892942-4087894465-2007994320-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] ATTENTION => Default URLSearchHook is missing SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&i=48&did=10844&ppd=search,46968506281,firefox,p,,c,Firefox,,,www.fileparade.com&barid=1523565870650591158 SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&i=48&did=10844&ppd=search,46968506281,firefox,p,,c,Firefox,,,www.fileparade.com&barid=1523565870650591158 SearchScopes: HKU\S-1-5-21-628892942-4087894465-2007994320-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = SearchScopes: HKU\S-1-5-21-628892942-4087894465-2007994320-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {1DC492A7-9CCF-42E5-8A74-844E3EE90A90} URL = hxxp://www.search.ask.com/web?tpid=CMG-SP3&o=APN11868&pf=V7&p2=^BZ6^YYYYYY^CJ^PH&gct=&itbv=12.34.1.2220&apn_uid=F2659D22-B2DE-418D-97E3-2FCBAB1C8D64&apn_ptnrs=^BZ6&apn_dtid=^YYYYYY^CJ^PH&apn_dbr=firefox.exe_0_40.0.3.5716&doi=2015-09-18&trgb=FF&q={searchTerms}&psv=&pt=tb SearchScopes: HKU\S-1-5-21-628892942-4087894465-2007994320-500 -> DefaultScope {A1745D2C-3D60-4B28-A1DC-1631FFB13374} URL = hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-628892942-4087894465-2007994320-500 -> {A1745D2C-3D60-4B28-A1DC-1631FFB13374} URL = hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-628892942-4087894465-2007994320-500 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://ph.search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10290__160406__yaie&p={searchTerms} BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab) BHO: TrueSuite WebStore -> {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation) BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll [2011-02-14] (AuthenTec Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-14] (Sun Microsystems, Inc.) BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab) BHO-x32: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File BHO-x32: TrueSuite WebStore -> {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll [2011-02-14] (AuthenTec Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Toolbar BHO -> {ab56dfde-0c14-45b3-9df6-7b0eba617870} -> C:\PROGRA~2\TOTALR~2\bar\1.bin\14bar.dll => No File BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-14] (Sun Microsystems, Inc.) Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab) Toolbar: HKLM-x32 - TotalRecipeSearch - {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll No File Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3pn1lbf4.default FF NewTab: hxxps://ph.search.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10290__160406__ysff FF DefaultSearchEngine: Bing FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Homepage: www.google.com FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-20] () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-14] (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-20] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File] FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] () FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-14] (Sun Microsystems, Inc.) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-05-19] (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File] FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File] FF Plugin-x32: @TotalRecipeSearch_14.com/Plugin -> C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll [No File] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-628892942-4087894465-2007994320-1000.bak-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0: @nsroblox.roblox.com/launcher -> C:\Users\renelfa\AppData\Local\Roblox\Versions\version-187659e292024b9d\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-628892942-4087894465-2007994320-1000.bak-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\renelfa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-03-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-03-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-03-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-03-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-03-06] (Apple Inc.) FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3pn1lbf4.default\searchplugins\bing-.xml [2016-05-24] FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3pn1lbf4.default\searchplugins\yahoo-lavasoft.xml [2016-04-06] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-08-26] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-09-13] FF Extension: Avira Browser Safety - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3pn1lbf4.default\Extensions\abs@avira.com [2016-07-15] FF Extension: Bing Search - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3pn1lbf4.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-05-24] FF Extension: TrueSuite Website Log On - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com [2016-05-16] [not signed] FF Extension: TrueSuite WebStore - C:\Program Files (x86)\Mozilla Firefox\extensions\webstore@truesuite.com [2016-05-16] [not signed] FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-04-29] FF HKLM-x32\...\Firefox\Extensions: [14ffxtbr@TotalRecipeSearch_14.com] - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin => not found FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\FFExt\light_plugin_firefox\addon.xpi FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-04-29] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-26] <==== ATTENTION (Points to *.cfg file) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\DAA53B07EC93AD2B96D3681A368CD85CDAA5 [2015-09-11] <==== ATTENTION FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2014-05-27] <==== ATTENTION FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-03-26] <==== ATTENTION Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com CHR StartupUrls: Default -> "hxxp://www.google.com" CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-24] CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-24] CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-24] CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-24] CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-24] CHR Extension: (Kaspersky Protection) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-08-24] CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-24] CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-24] CHR Extension: (AVG Security Toolbar) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-08-24] CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-24] CHR Extension: (Website Logon) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokdoppleiafjmfmggefbkghfblaplo [2015-08-24] CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-24] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi CHR HKLM-x32\...\Chrome\Extension: [oiokdoppleiafjmfmggefbkghfblaplo] - C:\Program Files\TrueSuite\x86\tschrome.crx [2010-11-30] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-19] (ArcSoft Inc.) R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab) S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation) S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation) S4 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1063968 2016-03-15] (Camshare Inc.) R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] () S4 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [290120 2011-02-14] (AuthenTec, Inc) S4 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab) S4 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-04-06] (Lavasoft Limited) S4 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-06] () S4 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-01-04] (PC Tools) S4 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [24224 2016-02-26] (Avira Operations GmbH & Co. KG) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7183632 2016-07-18] (TeamViewer GmbH) S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-24] (ArcSoft, Inc.) S4 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] () S4 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-21] (Sony Corporation) S4 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-07-31] (Sony Corporation) S4 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [17168 2016-04-06] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-27] (ArcSoft, Inc.) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [236976 2016-04-29] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [997808 2016-04-29] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50776 2016-04-29] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [112520 2015-12-03] (AO Kaspersky Lab) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab) R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-30] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.) R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [29352 2015-10-20] () S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-08-24] () S3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1454896 2015-07-21] (ShiningMorning Inc.) S3 cpuz134; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-30 02:49 - 2016-07-30 02:51 - 00029947 _____ C:\Users\Administrator\Desktop\FRST.txt 2016-07-30 02:48 - 2016-07-30 02:48 - 00001068 _____ C:\Users\Administrator\Desktop\mbamlog.txt 2016-07-30 02:45 - 2016-07-30 02:49 - 00000000 ___DC C:\FRST 2016-07-30 00:22 - 2016-07-30 00:23 - 02394112 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe 2016-07-30 00:20 - 2016-07-30 01:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-07-30 00:18 - 2016-07-30 00:18 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-07-30 00:18 - 2016-07-30 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-07-30 00:18 - 2016-07-30 00:18 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-07-30 00:18 - 2016-07-30 00:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-07-30 00:18 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-07-30 00:18 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-07-30 00:18 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-07-30 00:15 - 2016-07-30 00:17 - 22851472 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mbam-setup-2.2.1.1043.exe 2016-07-14 05:25 - 2016-06-11 14:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-07-14 05:25 - 2016-06-11 12:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-07-14 05:25 - 2016-06-11 05:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-07-14 05:25 - 2016-06-11 05:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-07-14 05:25 - 2016-06-11 05:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-07-14 05:25 - 2016-06-11 05:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-07-14 05:25 - 2016-06-11 05:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-07-14 05:25 - 2016-06-11 05:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-07-14 05:25 - 2016-06-11 05:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-07-14 05:25 - 2016-06-11 05:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-07-14 05:25 - 2016-06-11 05:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-07-14 05:25 - 2016-06-11 05:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-07-14 05:25 - 2016-06-11 05:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-07-14 05:25 - 2016-06-11 05:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-07-14 05:25 - 2016-06-11 05:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-07-14 05:25 - 2016-06-11 05:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-07-14 05:25 - 2016-06-11 05:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-07-14 05:25 - 2016-06-11 05:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-07-14 05:25 - 2016-06-11 04:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-07-14 05:25 - 2016-06-11 04:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-07-14 05:25 - 2016-06-11 04:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-07-14 05:25 - 2016-06-11 04:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-07-14 05:25 - 2016-06-11 04:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-07-14 05:25 - 2016-06-11 04:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-07-14 05:25 - 2016-06-11 04:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-07-14 05:25 - 2016-06-11 04:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-07-14 05:25 - 2016-06-11 04:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-07-14 05:25 - 2016-06-11 04:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-07-14 05:25 - 2016-06-11 04:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-07-14 05:25 - 2016-06-11 04:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-07-14 05:25 - 2016-06-11 04:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-07-14 05:25 - 2016-06-11 04:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-07-14 05:25 - 2016-06-11 03:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-07-14 05:25 - 2016-06-11 03:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-07-14 05:25 - 2016-06-11 03:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-07-14 05:25 - 2016-06-11 03:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-07-14 05:25 - 2016-06-11 03:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-07-14 05:25 - 2016-06-11 02:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-07-14 05:25 - 2016-06-11 02:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-07-14 05:25 - 2016-06-11 02:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-07-14 05:25 - 2016-06-11 02:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-07-14 05:25 - 2016-06-11 02:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-07-14 05:25 - 2016-06-11 02:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-07-14 05:25 - 2016-06-11 02:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-07-14 05:25 - 2016-06-11 02:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-07-14 05:25 - 2016-06-11 02:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-07-14 05:25 - 2016-06-11 02:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-07-14 05:25 - 2016-06-11 02:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-07-14 05:25 - 2016-06-11 02:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-07-14 05:25 - 2016-06-11 02:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-07-14 05:25 - 2016-06-11 02:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-07-14 05:25 - 2016-06-11 02:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-07-14 05:25 - 2016-06-11 02:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-07-14 05:25 - 2016-06-11 02:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-07-14 05:25 - 2016-06-11 02:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-07-14 05:25 - 2016-06-11 02:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-07-14 05:25 - 2016-06-11 02:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-07-14 05:25 - 2016-06-11 02:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-07-14 05:25 - 2016-06-11 02:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-07-14 05:25 - 2016-06-11 02:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-07-14 05:25 - 2016-06-11 02:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-07-14 05:25 - 2016-06-11 02:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-07-14 05:25 - 2016-06-11 01:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-07-14 05:25 - 2016-06-11 01:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-07-14 05:25 - 2016-06-11 01:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-07-14 05:25 - 2016-06-11 01:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-07-14 05:22 - 2016-06-26 08:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-07-14 05:22 - 2016-06-26 08:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-07-14 05:22 - 2016-06-26 08:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2016-07-14 05:22 - 2016-06-26 08:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2016-07-14 05:22 - 2016-06-26 08:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll 2016-07-14 05:22 - 2016-06-26 08:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll 2016-07-14 05:22 - 2016-06-26 08:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll 2016-07-14 05:22 - 2016-06-26 03:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2016-07-14 05:22 - 2016-06-26 03:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll 2016-07-14 05:22 - 2016-06-26 03:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe 2016-07-14 05:22 - 2016-06-26 03:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe 2016-07-14 05:22 - 2016-06-26 03:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe 2016-07-14 05:22 - 2016-06-22 21:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2016-07-14 05:22 - 2016-06-18 02:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-07-14 05:22 - 2016-06-18 02:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-07-14 05:22 - 2016-06-18 02:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-07-14 05:22 - 2016-06-18 02:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-07-14 05:22 - 2016-06-18 02:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2016-07-14 05:22 - 2016-06-18 02:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-07-14 05:22 - 2016-06-14 23:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-30 02:00 - 2009-07-14 12:45 - 00028576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-30 02:00 - 2009-07-14 12:45 - 00028576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-30 01:45 - 2016-06-12 07:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\ManyCam 2016-07-30 01:14 - 2012-04-16 22:51 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-628892942-4087894465-2007994320-1000UA.job 2016-07-30 01:14 - 2012-04-16 22:51 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-628892942-4087894465-2007994320-1000Core.job 2016-07-30 00:53 - 2016-06-03 03:32 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2016-07-30 00:35 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-07-30 00:04 - 2011-09-06 11:39 - 00000000 ____D C:\Windows\pss 2016-07-29 23:55 - 2015-08-24 13:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype 2016-07-29 22:53 - 2016-02-02 17:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-07-29 22:53 - 2014-12-27 00:34 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-07-29 06:14 - 2015-09-16 12:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Camfrog 2016-07-29 01:55 - 2016-02-06 07:27 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-07-26 12:35 - 2015-08-24 13:33 - 00035840 ___SH C:\Users\renelfa\Thumbs.db 2016-07-24 01:31 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF 2016-07-23 07:55 - 2016-03-22 00:01 - 00000931 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2016-07-23 07:55 - 2016-03-22 00:01 - 00000919 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk 2016-07-23 03:06 - 2009-07-14 13:13 - 00802218 _____ C:\Windows\system32\PerfStringBackup.INI 2016-07-23 03:06 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf 2016-07-21 04:58 - 2015-08-13 22:26 - 00000000 ____D C:\Users\TEMP 2016-07-21 04:58 - 2011-09-05 21:00 - 00000000 ____D C:\Users\renelfa 2016-07-21 03:01 - 2015-04-05 03:02 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-07-21 03:01 - 2015-04-05 03:02 - 00000000 ___SD C:\Windows\system32\GWX 2016-07-20 00:45 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache 2016-07-19 22:54 - 2012-08-26 21:32 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-07-19 22:54 - 2011-09-06 13:03 - 00000000 ____D C:\ProgramData\Skype 2016-07-18 19:00 - 2011-12-24 14:38 - 00000290 _____ C:\Windows\Tasks\RMSchedule.job 2016-07-14 12:14 - 2016-03-22 22:13 - 00445696 _____ C:\Windows\system32\FNTCACHE.DAT 2016-07-14 12:11 - 2014-12-13 03:37 - 00000000 ____D C:\Windows\system32\appraiser 2016-07-14 12:11 - 2011-03-15 05:26 - 00000000 ____D C:\Program Files\Windows Journal 2016-07-14 10:18 - 2013-07-21 09:08 - 00000000 ____D C:\Windows\system32\MRT 2016-07-14 09:35 - 2011-11-22 10:12 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-06-30 06:27 - 2015-08-24 13:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics ==================== Files in the root of some directories ======= 2013-06-26 22:56 - 2014-06-23 14:40 - 0003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml 2015-11-30 12:27 - 2015-11-30 12:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-07-12 10:43 - 2013-07-12 10:43 - 0000056 ____H () C:\ProgramData\ezsidmv.dat Some files in TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\avgnt.exe C:\Users\Administrator\AppData\Local\Temp\BSvcProcessor.exe C:\Users\Administrator\AppData\Local\Temp\BSvcUpdater.exe C:\Users\Administrator\AppData\Local\Temp\GLF9BA.EXE C:\Users\Administrator\AppData\Local\Temp\GLFFE53.EXE C:\Users\Administrator\AppData\Local\Temp\SkypeSetup.exe C:\Users\Administrator\AppData\Local\Temp\UNINSTALL.EXE C:\Users\renelfa\AppData\Local\Temp\1085.exe C:\Users\renelfa\AppData\Local\Temp\1239.exe C:\Users\renelfa\AppData\Local\Temp\12540.exe C:\Users\renelfa\AppData\Local\Temp\14805.exe C:\Users\renelfa\AppData\Local\Temp\15603.exe C:\Users\renelfa\AppData\Local\Temp\15692.exe C:\Users\renelfa\AppData\Local\Temp\16764.exe C:\Users\renelfa\AppData\Local\Temp\17217.exe C:\Users\renelfa\AppData\Local\Temp\18160.exe C:\Users\renelfa\AppData\Local\Temp\1881.exe C:\Users\renelfa\AppData\Local\Temp\196.exe C:\Users\renelfa\AppData\Local\Temp\19979.exe C:\Users\renelfa\AppData\Local\Temp\20004.exe C:\Users\renelfa\AppData\Local\Temp\20983.exe C:\Users\renelfa\AppData\Local\Temp\21377.exe C:\Users\renelfa\AppData\Local\Temp\21689.exe C:\Users\renelfa\AppData\Local\Temp\22805.exe C:\Users\renelfa\AppData\Local\Temp\24164.exe C:\Users\renelfa\AppData\Local\Temp\25438.exe C:\Users\renelfa\AppData\Local\Temp\2738.exe C:\Users\renelfa\AppData\Local\Temp\27482.exe C:\Users\renelfa\AppData\Local\Temp\28871.exe C:\Users\renelfa\AppData\Local\Temp\30258.exe C:\Users\renelfa\AppData\Local\Temp\31622.exe C:\Users\renelfa\AppData\Local\Temp\32204.exe C:\Users\renelfa\AppData\Local\Temp\4593.exe C:\Users\renelfa\AppData\Local\Temp\6486.exe C:\Users\renelfa\AppData\Local\Temp\7331.exe C:\Users\renelfa\AppData\Local\Temp\858.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-07-27 09:53 ==================== End of FRST.txt ============================ -------------------------------------------------------------------------------------------------- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016 Ran by Administrator (2016-07-30 02:52:30) Running from C:\Users\Administrator\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2011-09-05 13:00:39) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-628892942-4087894465-2007994320-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-628892942-4087894465-2007994320-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-628892942-4087894465-2007994320-1002 - Limited - Enabled) renelfa (S-1-5-21-628892942-4087894465-2007994320-1000 - Administrator - Enabled) => C:\Users\TEMP ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-628892942-4087894465-2007994320-1000.bak-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\uTorrent) (Version: 1.9.0 - ) Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.) Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.142 - ArcSoft) ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.392 - ArcSoft) ATI Catalyst Install Manager (HKLM\...\{158BEEC4-CC30-BF2F-248D-B52AF953E9C1}) (Version: 3.0.829.0 - ATI Technologies, Inc.) AuthenTec TrueSuite (HKLM\...\{81B43AC9-B334-45D0-8D15-0A3642AFBDA1}) (Version: 4.0.100.16 - AuthenTec, Inc.) AuthenTec WinBio FingerPrint Software (HKLM\...\{20F5F93B-9A27-4508-87B0-BFD7494FBEC4}) (Version: 3.1.0.80 - AuthenTec, Inc.) Beach Video (HKU\S-1-5-21-628892942-4087894465-2007994320-1000.bak-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\{9563BC59-9556-4805-8CD4-886781779D8D}) (Version: 1.6.1 - Builder Logo corp) <==== ATTENTION Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Camfrog Video Chat 6.11 (HKLM-x32\...\Camfrog) (Version: 6.11.543 - Camshare, Inc.) Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version: - Canon Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Điều khiển ActiveX Windows Live Mesh dành cho kết nối từ xa (HKLM-x32\...\{4A48F20C-BEE3-4661-B55D-9280D06E5DA3}) (Version: 15.4.5722.2 - Microsoft Corporation) EPSON L110 Series Printer Uninstall (HKLM\...\EPSON L110 Series) (Version: - SEIKO EPSON Corporation) EPSON L210 Series Printer Uninstall (HKLM\...\EPSON L210 Series) (Version: - SEIKO EPSON Corporation) Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) FLVPlayer4Free Toolbar (HKLM-x32\...\FLVPlayer4Free Toolbar) (Version: - ) <==== ATTENTION Food Web (HKU\S-1-5-21-628892942-4087894465-2007994320-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\{9563BC59-9556-4805-8CD4-886781779D8D}) (Version: 1.6.0 - Cooking Builder corp) <==== ATTENTION Food Web (HKU\S-1-5-21-628892942-4087894465-2007994320-500\...\{9563BC59-9556-4805-8CD4-886781779D8D}) (Version: 1.6.0 - Cooking Builder corp) <==== ATTENTION iLivid (x32 Version: 1.92.0.118480 - Bandoo Media Inc.) Hidden <==== ATTENTION Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}) (Version: 14.0.2000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) Internet Explorer Toolbar 4.9 by SweetPacks (HKLM-x32\...\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}) (Version: 4.9.0000 - SweetIM Technologies Ltd.) <==== ATTENTION iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.) Java(TM) 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle) Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab) Kaspersky Anti-Virus (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) ManyCam 5.3.0 (HKLM-x32\...\ManyCam) (Version: 5.3.0 - Visicom Media Inc.) Media Gallery (Version: 1.5.0.16020 - Your Company Name) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (العربية) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (简体中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2052) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (繁體中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1028) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla) MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation) PMB VAIO Edition Guide (x32 Version: 1.5.00.02250 - Sony Corporation) Hidden PMB VAIO Edition Plug-in (Version: 1.5.00.04010 - Sony Corporation) Hidden PMB VAIO Edition Plug-in (x32 Version: 1.5.00.02250 - Sony Corporation) Hidden PMB VAIO Edition Plug-in (x32 Version: 1.5.00.04060 - Sony Corporation) Hidden Punch! Home Design - AS4000 (HKLM-x32\...\Punch! Home Design - AS4000) (Version: - ) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Quantum GIS Lisboa 1.8.0 Lisboa (HKLM-x32\...\Quantum GIS Lisboa) (Version: - QGIS Development Team) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6225 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.) Remote Keyboard (x32 Version: 1.1.1.03020 - Sony Corporation) Hidden Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden ROBLOX Player for renelfa (HKU\S-1-5-21-628892942-4087894465-2007994320-1000.bak-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.1.0.9134 - Microsoft Corporation) Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.) Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.63017 - TeamViewer) TotalRecipeSearch Toolbar (HKLM-x32\...\TotalRecipeSearch_14bar Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION Unity Web Player (HKU\S-1-5-21-628892942-4087894465-2007994320-1000.bak-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VAIO - Media Gallery (HKLM-x32\...\{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}) (Version: 1.5.0.16020 - Sony Corporation) VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}) (Version: 1.5.00.02250 - Sony Corporation) VAIO - PMB VAIO Edition Plug-in (HKLM-x32\...\InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}) (Version: 1.5.00.04060 - Sony Corporation) VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.0.1.03020 - Sony Corporation) VAIO Care (HKLM\...\{6EEC3E9C-3479-42EB-B93C-E7DF7927DD82}) (Version: 8.4.4.09181 - Sony Corporation) VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.5.0.03040 - Sony Corporation) VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.0.0.14140 - Sony Corporation) VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.6.0.13140 - Sony Corporation) VAIO Data Restore Tool (x32 Version: 1.6.0.13140 - Sony Corporation) Hidden VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation) VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden VAIO Event Service (HKLM-x32\...\{73D8886A-D416-4687-B609-0D3836BA410C}) (Version: 5.5.0.03040 - Sony Corporation) VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.3.0.11090 - Sony Corporation) VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.4.0.03240 - Sony Corporation) VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280 - Sony Corporation) Hidden VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 1.0.0.14150 - Sony Corporation) VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 1.3.0.02180 - Sony Corporation) VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.4.5.5 - Sony Corporation) VAIO Quick Web Access (x32 Version: 1.4.5.5 - Sony Corporation) Hidden VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.1.09010 - Sony Corporation) VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.5.0.03280 - Sony Corporation) VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.4.0.14230 - Sony Corporation) VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.1.0.08060 - Sony Corporation) VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VESx64 (Version: 1.0.0 - Sony Corporation) Hidden VESx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VIx64 (Version: 1.0.0 - Sony Corporation) Hidden VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden Web Companion (HKLM-x32\...\{d785af9d-83ca-47a5-ac6c-0ee102cf8664}) (Version: 2.3.1395.2683 - Lavasoft) WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation) Windows iLivid Toolbar (HKLM-x32\...\Windows Searchqu Toolbar) (Version: 3.0.0.118320 - Bandoo Media, Inc) <==== ATTENTION Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation) معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (HKLM-x32\...\{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}) (Version: 15.4.5722.2 - Microsoft Corporation) 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation) 適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {05EB321B-56F0-4335-BCEC-8E6ED7509489} - System32\Tasks\{F39D1ACE-B67C-4DE1-8C52-69CD62216ABF} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.59.124&amp;LastError=404 Task: {09721309-2A98-4485-A1D2-CC07A8FAF609} - System32\Tasks\Sony Corporation\VAIO Boot Manager\VAIO Boot Manager => C:\Program Files (x86)\Sony\VAIO Boot Manager\SetProcessTask.exe [2011-05-26] (Sony Corporation) Task: {1332EF96-5277-4619-AB2D-A4942FC85B05} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION Task: {194B8E5B-4BB5-4FAB-B077-F5C9DE3C5BCB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {1E6C3FCD-D617-4D98-9E0B-EB28E13026C0} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation) Task: {21583C95-DCCA-4528-8453-533504BB1D09} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation) Task: {234D5CD6-F9BE-4915-BFEE-57B895BDE046} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-628892942-4087894465-2007994320-1000Core => C:\Users\renelfa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-31] (Facebook Inc.) Task: {2518D841-67EA-4A1D-B678-1C7763C647AC} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation) Task: {253785BF-781B-4930-9918-0C20F64A704E} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-02-15] (Sony Corporation) Task: {26B8D4FC-37E0-4BA4-ABFE-F873EDF273BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-20] (Adobe Systems Incorporated) Task: {2A6F5FA2-BA8C-48F1-8816-41E905842C64} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {2B8BF5DA-7D04-44EF-8F82-4F5634437E05} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-11-17] (Sony Corporation) Task: {2CEEB018-BD2E-405F-B35D-5A414E3D65DB} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2015-08-06] (Sony Corporation) Task: {2E67307B-3932-4A93-AF5D-7FE5E103EB92} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-02-15] (Sony Corporation) Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {3A245649-2706-4465-9F19-05C4F384628A} - System32\Tasks\{7B58BA10-09FC-4E99-A326-BD67D4256FF6} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.59.124/en/abandoninstall?source=lightinstaller&amp;page=tsInstall&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled Task: {4CE0B04B-5573-4251-8351-0D30E08D1998} - System32\Tasks\{8F27933E-8578-4A55-97B7-B493053697E5} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.59.124/en/abandoninstall?source=lightinstaller&amp;page=tsInstall&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled Task: {50045614-C126-4ADC-8E69-95E8CE110F62} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation) Task: {57769D2C-D96F-4E8A-A9D1-6D41864FFCD1} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-02-15] (Sony Corporation) Task: {6A1A7B16-F4F5-47E8-8107-40996CB2E313} - System32\Tasks\Food Web => Rundll32.exe "C:\Users\Administrator\AppData\Local\Food Web\Bin\FoodWeb.dll",#3 <==== ATTENTION Task: {6A9F8858-8505-4308-AC86-6BA7C84204C4} - System32\Tasks\RMSchedule => C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe [2012-01-04] (PC Tools) Task: {75D5FD11-F03E-4139-886E-55758FB75EF5} - System32\Tasks\Sony Corporation\VAIO Event Service\Level4Daily => C:\Program Files (x86)\Sony\VAIO Event Service\WBCBatteryCare.exe [2011-03-06] (Sony Corporation) Task: {79FAC5D9-06B9-43E9-9D5E-00AFAAC52D4D} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\update.exe [2012-01-04] (PC Tools) Task: {7BF74E65-8BE6-46EF-B21C-F4BC08024AC4} - System32\Tasks\Sony Corporation\VAIO Event Service\Level4Month => C:\Program Files (x86)\Sony\VAIO Event Service\WBCBatteryCare.exe [2011-03-06] (Sony Corporation) Task: {84451F16-4419-4C64-9D36-1DCE4C3BD8C3} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation) Task: {95A8F386-73D1-4FC9-8F11-74B3E04CF204} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation) Task: {A0F2EFB0-71F3-4789-9BF9-3D945B735BE1} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2015-02-04] (Sony Corporation) Task: {A43AF132-9C5A-4B6B-898E-C01B48FF14B3} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation) Task: {A50E0259-EEB4-478B-8EC7-5AFB547DD1A5} - System32\Tasks\{D0837020-1DFC-4E33-9B96-95BC21B8D835} => pcalua.exe -a C:\ProgramData\Installations\{D0D14551-3A2D-433B-861F-F4DCE5422759}\Nokia_PC_Suite_eng_web(2).exe Task: {A6B393C0-3073-4006-9703-8E76526EDB25} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2015-07-23] (Sony Corporation) Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {B491162C-6991-440C-8538-BE7EC95FBFED} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION Task: {B90019DC-FEDC-4CBF-9FB2-E5ABA48DA882} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-11-17] (Sony Corporation) Task: {BBE0E788-29EA-4912-B9E0-05D9FDB5F5FC} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-02-16] (Sony Corporation) Task: {C933BA20-6E2A-45D1-B17F-A8AD19CA9842} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation) Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION Task: {D135452E-8687-44CD-A113-4ADD711AC7E6} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation) Task: {D34398AA-F09F-4B07-8F68-A65997F54467} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-628892942-4087894465-2007994320-1000UA => C:\Users\renelfa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-31] (Facebook Inc.) Task: {D5CBFD88-ABF0-427A-B217-8F03C626A466} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2015-07-31] (Sony Corporation) Task: {E1DFFA99-06A8-4C3A-9987-8BF6B685FCDA} - \{F1F010C5-CC7B-426E-BD00-4205FD46E0E4} -> No File <==== ATTENTION Task: {E25425A7-DE9E-44EB-BC27-D2AB795933DB} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs" Task: {E59CDDFB-0142-49BC-9558-90FFE0D9D8E7} - System32\Tasks\Beach Video => Rundll32.exe "C:\Users\renelfa\AppData\Local\Beach Video\Bin\BeachVideo.dll",#3 <==== ATTENTION Task: {E8175E71-3186-49EF-BAF1-230E8F60AFBF} - System32\Tasks\Avira System Speedup Tray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2016-02-26] (Avira Operations GmbH & Co. KG) Task: {EDB5FA54-D478-4715-9075-EC0FD166C59A} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation) Task: {F431C4BA-3DE8-4414-A5B0-3182EB416BC9} - System32\Tasks\{86E1D58C-FF2F-4381-8381-DBF4C1C3EA86} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.59.124&amp;LastError=12007 Task: {F4A1FC34-225D-4031-B42E-8F08E083FD5C} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-628892942-4087894465-2007994320-1000Core.job => C:\Users\renelfa\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-628892942-4087894465-2007994320-1000UA.job => C:\Users\renelfa\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2011-01-06 03:53 - 2011-01-06 03:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2015-08-26 13:06 - 2015-08-26 13:06 - 00413336 _____ () C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe 2015-08-26 13:06 - 2015-08-26 13:06 - 00709272 _____ () C:\Program Files\Sony\VAIO Care\ESRV\intel_modeler.dll 2015-08-26 13:06 - 2015-08-26 13:06 - 00130712 _____ () C:\Program Files\Sony\VAIO Care\ESRV\intel_process_input.dll 2015-08-26 13:06 - 2015-08-26 13:06 - 00025752 _____ () C:\Program Files\Sony\VAIO Care\ESRV\intel_system_power_state_input.dll 2015-08-26 13:06 - 2015-08-26 13:06 - 00059544 _____ () C:\Program Files\Sony\VAIO Care\ESRV\intel_quality_and_reliability_input.dll 2015-08-26 13:06 - 2015-08-26 13:06 - 00194712 _____ () C:\Program Files\Sony\VAIO Care\ESRV\acpi_battery_input.dll 2015-08-26 13:06 - 2015-08-26 13:06 - 00159896 _____ () C:\Program Files\Sony\VAIO Care\ESRV\sema_thermal_input.dll 2015-08-26 13:06 - 2015-08-26 13:06 - 00158360 _____ () C:\Program Files\Sony\VAIO Care\ESRV\wifi_input.dll 2015-08-26 13:06 - 2015-08-26 13:06 - 00050840 _____ () C:\Program Files\Sony\VAIO Care\ESRV\devices_use_input.dll 2015-08-26 13:06 - 2015-08-26 13:06 - 00032920 _____ () C:\Program Files\Sony\VAIO Care\ESRV\intel_disktrace_input.dll 2011-01-06 03:53 - 2011-01-06 03:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\kpcengine.2.3.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [112] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-628892942-4087894465-2007994320-500\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-628892942-4087894465-2007994320-500\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:34 - 2016-07-30 00:29 - 00000802 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-628892942-4087894465-2007994320-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: ACDaemon => 3 MSCONFIG\Services: AdobeARMservice => 3 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AMD External Events Utility => 3 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: btwdins => 2 MSCONFIG\Services: camfrog_update_service => 3 MSCONFIG\Services: EPSON_PM_RPCV4_05 => 2 MSCONFIG\Services: EvtEng => 2 MSCONFIG\Services: FPLService => 2 MSCONFIG\Services: IAStorDataMgrSvc => 2 MSCONFIG\Services: IconMan_R => 2 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: klvssbrigde64 => 3 MSCONFIG\Services: LavasoftTcpService => 2 MSCONFIG\Services: LMS => 3 MSCONFIG\Services: ManyCam Service => 2 MSCONFIG\Services: McComponentHostService => 3 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: MyWiFiDHCPDNS => 3 MSCONFIG\Services: PCToolsSSDMonitorSvc => 2 MSCONFIG\Services: PMBDeviceInfoProvider => 2 MSCONFIG\Services: RegSrvc => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: SOHCImp => 3 MSCONFIG\Services: SOHDs => 3 MSCONFIG\Services: SpeedupService => 3 MSCONFIG\Services: SpfService => 3 MSCONFIG\Services: TeamViewer => 2 MSCONFIG\Services: uCamMonitor => 2 MSCONFIG\Services: UNS => 2 MSCONFIG\Services: USER_ESRV_SVC => 3 MSCONFIG\Services: VAIO Event Service => 2 MSCONFIG\Services: VAIO Power Management => 2 MSCONFIG\Services: VCFw => 3 MSCONFIG\Services: VcmIAlzMgr => 3 MSCONFIG\Services: VcmINSMgr => 3 MSCONFIG\Services: VcmXmlIfHelper => 3 MSCONFIG\Services: VCService => 3 MSCONFIG\Services: VSNService => 2 MSCONFIG\Services: VUAgent => 3 MSCONFIG\Services: WCAssistantService => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupreg: Apoint => %ProgramFiles%\Apoint\Apoint.exe MSCONFIG\startupreg: Avira System Speedup User Starter => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe MSCONFIG\startupreg: BingSvc => C:\Users\Administrator\AppData\Local\Microsoft\BingSvc\BingSvc.exe MSCONFIG\startupreg: ClientAppLogon => C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe MSCONFIG\startupreg: ClientAppLogon32 => C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe MSCONFIG\startupreg: ISBMgr.exe => "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SSDMonitor => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe MSCONFIG\startupreg: TotalRecipeSearch Search Scope Monitor => "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h MSCONFIG\startupreg: TotalRecipeSearch_14 Browser Plugin Loader => C:\PROGRA~2\TOTALR~2\bar\1.bin\14brmon.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{FA4A9C37-9EBE-4AC5-9792-6F7C7B16C55D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{2CFB641C-85D2-46A7-BAF3-B2EC0D42EBC3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{0D894B1F-C173-4D7A-ABEB-ED89EECDD12D}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [UDP Query User{7848CA77-3E49-4825-8D41-B486F03F07E1}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [TCP Query User{5729A08C-16E5-403B-83A2-A841A6E8F030}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe FirewallRules: [UDP Query User{CB0F3F5F-9C44-42AD-8EDA-83D1BD58DD37}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe FirewallRules: [TCP Query User{B972813E-A420-413D-B77F-E6C239E915A7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{09346798-337C-4DF6-9702-38EFA4324670}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{955305A4-7F02-4BD2-B3A4-718ABF2A0CFB}C:\program files\sony\vaio care\vcsystemtray.exe] => (Allow) C:\program files\sony\vaio care\vcsystemtray.exe FirewallRules: [UDP Query User{8E8B79EE-74C5-49E1-A0E9-850EEF69F836}C:\program files\sony\vaio care\vcsystemtray.exe] => (Allow) C:\program files\sony\vaio care\vcsystemtray.exe FirewallRules: [TCP Query User{EBB3D760-4C64-4BB0-82AE-927F33C03DC4}C:\program files\sony\vaio care\vcsystemtray.exe] => (Allow) C:\program files\sony\vaio care\vcsystemtray.exe FirewallRules: [UDP Query User{2802D1C8-E662-4238-B238-A2F37258526C}C:\program files\sony\vaio care\vcsystemtray.exe] => (Allow) C:\program files\sony\vaio care\vcsystemtray.exe FirewallRules: [TCP Query User{79801468-2A0D-4329-BE80-09CB05C3CC06}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [UDP Query User{5999A077-817D-4834-AB5A-57FC0319583B}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [TCP Query User{28AC08EA-C385-4C1D-A9A9-EF854113866E}C:\program files (x86)\itunes\itunes.exe] => (Block) C:\program files (x86)\itunes\itunes.exe FirewallRules: [UDP Query User{F6D612E1-2622-4A9F-A1CC-7053FDECD15D}C:\program files (x86)\itunes\itunes.exe] => (Block) C:\program files (x86)\itunes\itunes.exe FirewallRules: [TCP Query User{B0079CF9-DBB6-4E34-95E6-7E5D5647B0C3}C:\program files\sony\vaio care\vcadmin.exe] => (Allow) C:\program files\sony\vaio care\vcadmin.exe FirewallRules: [UDP Query User{E2B16248-5D7E-43BF-8FDD-73499DB76CC3}C:\program files\sony\vaio care\vcadmin.exe] => (Allow) C:\program files\sony\vaio care\vcadmin.exe FirewallRules: [TCP Query User{4C9B621A-4B33-4F27-B4DA-5476DC1628F2}C:\program files\sony\vaio care\vcadmin.exe] => (Allow) C:\program files\sony\vaio care\vcadmin.exe FirewallRules: [UDP Query User{086423CC-DBBD-4612-BF1B-ED97258D52C5}C:\program files\sony\vaio care\vcadmin.exe] => (Allow) C:\program files\sony\vaio care\vcadmin.exe FirewallRules: [TCP Query User{9C2BA161-159F-49C3-85D5-B9B88149DE91}C:\program files (x86)\itunes\itunes.exe] => (Allow) C:\program files (x86)\itunes\itunes.exe FirewallRules: [TCP Query User{60DEFEC3-96BE-4C8C-8BAF-F0F0DA6C81E0}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Allow) C:\program files (x86)\torntv.com\torntv downloader.exe FirewallRules: [UDP Query User{3A16372A-C2E3-4C3D-A269-2CB874D8ABA2}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Allow) C:\program files (x86)\torntv.com\torntv downloader.exe FirewallRules: [TCP Query User{3E422B0B-D928-4A14-8C69-CC3873BEBA57}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe FirewallRules: [UDP Query User{6C2C602B-3E66-48E4-9CA5-FF1397290DC5}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe FirewallRules: [{DA94F8D1-01A0-4B6B-B372-54EA01DF2BC9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{5FCFED31-871C-4916-980F-1092B8423333}C:\program files\sony\vaio care\vaioshell.exe] => (Allow) C:\program files\sony\vaio care\vaioshell.exe FirewallRules: [UDP Query User{AAA233E6-1180-40B2-AF30-76907471AC4C}C:\program files\sony\vaio care\vaioshell.exe] => (Allow) C:\program files\sony\vaio care\vaioshell.exe FirewallRules: [{E35FE268-97B5-4D37-8819-D237D2068F85}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A06339DB-BC0A-4E6F-BEEE-5E35934F736E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [TCP Query User{112F85FF-F308-4976-A70D-6A52981C16B2}C:\program files\sony\vaio care\vaioshell.exe] => (Allow) C:\program files\sony\vaio care\vaioshell.exe FirewallRules: [UDP Query User{49759737-401F-4054-AA1B-83D499951B08}C:\program files\sony\vaio care\vaioshell.exe] => (Allow) C:\program files\sony\vaio care\vaioshell.exe FirewallRules: [{B6D99F10-6909-4A7C-910E-0D66AD545645}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe FirewallRules: [{796339B5-573E-449A-A08F-C62910E958A4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9488DC8F-61D8-41E6-AA72-91A39471CCA3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1A10E220-4189-4E17-9BCC-4F77875B50D3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{DAF842D4-8D0E-492C-99D0-342870BC7FC1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{A9F6C593-AA9B-4A94-AD23-EEB2AF396A11}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{247BDEED-2F2C-49E9-86D5-5E919BBE4282}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Restore Points ========================= 19-07-2016 23:21:01 Windows Update 21-07-2016 03:00:17 Windows Update 27-07-2016 03:59:01 Windows Update 30-07-2016 00:26:59 Removed عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة 30-07-2016 00:29:43 Removed Internet Explorer Toolbar 4.9 by SweetPacks ==================== Faulty Device Manager Devices ============= Name: AMD Radeon(TM) HD 6470M Description: AMD Radeon(TM) HD 6470M Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: ATI Technologies Inc. Service: amdkmdap Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/30/2016 12:37:11 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/30/2016 12:30:20 AM) (Source: MsiInstaller) (EventID: 11723) (User: renelfa-VAIO) Description: Product: Internet Explorer Toolbar 4.9 by SweetPacks -- Error 1723.There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor. Action UnRegisterToolbar, entry: UnRegisterToolbar, library: C:\Windows\Installer\MSIA296.tmp Error: (07/30/2016 12:29:43 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-628892942-4087894465-2007994320-1000.bak). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {7fe0ad5b-ba59-4acb-8da7-bd38d599a6c8} Error: (07/30/2016 12:26:59 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-628892942-4087894465-2007994320-1000.bak). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {7fe0ad5b-ba59-4acb-8da7-bd38d599a6c8} Error: (07/30/2016 12:07:15 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/30/2016 12:06:03 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: renelfa-VAIO) Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly. DETAIL - Access is denied. Error: (07/29/2016 10:36:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/29/2016 10:17:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/29/2016 01:54:26 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/27/2016 10:58:48 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/30/2016 01:12:57 AM) (Source: NetBT) (EventID: 4319) (User: ) Description: A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. Error: (07/30/2016 01:12:57 AM) (Source: NetBT) (EventID: 4319) (User: ) Description: A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. Error: (07/30/2016 01:12:57 AM) (Source: NetBT) (EventID: 4319) (User: ) Description: A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. Error: (07/30/2016 01:12:55 AM) (Source: NetBT) (EventID: 4319) (User: ) Description: A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. Error: (07/30/2016 12:48:37 AM) (Source: bowser) (EventID: 8003) (User: ) Description: The master browser has received a server announcement from the computer USER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2916C742-E622-4F19-9B7D-CBB6E1B1521C}. The master browser is stopping or an election is being forced. Error: (07/30/2016 12:36:59 AM) (Source: NetBT) (EventID: 4319) (User: ) Description: A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. Error: (07/30/2016 12:36:59 AM) (Source: NetBT) (EventID: 4319) (User: ) Description: A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. Error: (07/30/2016 12:36:59 AM) (Source: NetBT) (EventID: 4319) (User: ) Description: A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. Error: (07/30/2016 12:36:58 AM) (Source: NetBT) (EventID: 4319) (User: ) Description: A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. Error: (07/30/2016 12:34:16 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {51FA2736-5DEE-11D4-98E8-006008BF430C} ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz Percentage of memory in use: 69% Total physical RAM: 4011.86 MB Available physical RAM: 1242.29 MB Total Virtual: 8021.9 MB Available Virtual: 4724.57 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:453.91 GB) (Free:150.57 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 76646BD3) Partition 1: (Not Active) - (Size=11.8 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================