Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all! We have been experiencing an issue on site where threads have been missing the latest postings. The platform host Vanilla are working on this issue. A workaround that has been used by some is to navigate back from 1 to 10+ pages to re-sync the thread and this will then show the latest posts. Thanks, Mike.
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
Browser Malware
-
03-04-2015 3:32pmI've a bit of malware on Firefox at the moment. Ad pop-ups, web-page redirects, giving search engine results. I've deleted some add-ons that related to it and scanned with Avast, Malwarebytes and Adwcleaner, but no luck. They all brought up infections that I deleted, but the problem persists. Chrome was easy enough to deal with, I just had to deleted the add-ons, but Firefox is a bit more stubborn. The malware is even present when I start the browser in safe mode and further scans aren't showing up any more infections. I'm at a loss as what to do next, if anyone has any tips.
I've scanned with Farbar. If anyone a bit more technologically could spot anything that might be the problem, it'd be much appreciated:FireFox: ======== FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\z7j24lun.default FF DefaultSearchUrl: https://www.google.com/search FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: about:home FF Keyword.URL: https://www.google.com/search FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-03] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-03] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-03] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-03] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin HKU\S-1-5-21-2304693183-1762852275-1586279311-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\USER\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google) FF Plugin HKU\S-1-5-21-2304693183-1762852275-1586279311-1001: @talk.google.com/O1DPlugin -> C:\Users\USER\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google) FF Plugin HKU\S-1-5-21-2304693183-1762852275-1586279311-1001: @tools.google.com/Google Update;version=3 -> C:\Users\USER\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin HKU\S-1-5-21-2304693183-1762852275-1586279311-1001: @tools.google.com/Google Update;version=9 -> C:\Users\USER\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin HKU\S-1-5-21-2304693183-1762852275-1586279311-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\USER\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-13] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2304693183-1762852275-1586279311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\USER\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google) FF Plugin HKU\S-1-5-21-2304693183-1762852275-1586279311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\USER\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google) FF Plugin HKU\S-1-5-21-2304693183-1762852275-1586279311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\USER\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin HKU\S-1-5-21-2304693183-1762852275-1586279311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\USER\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin HKU\S-1-5-21-2304693183-1762852275-1586279311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\USER\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-13] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Users\USER\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\USER\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google) FF Extension: Adblock Plus - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\z7j24lun.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-24] FF Extension: Greasemonkey - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\z7j24lun.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-05-24] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-02]
0
Comments
-
can you post the malwarebytes, adwcleaner, avast logs
don't put them in code boxes0 -
Download and Run TFC and then download and run Spybot S&D 1.6 First, Update Definitions and Allow Teatimer, Run immunisation and then run a scan.0
-
-
-
Thanks for the replies, lads. Appreciate the help.Download and Run TFC and then download and run Spybot S&D 1.6 First, Update Definitions and Allow Teatimer, Run immunisation and then run a scan.always run RKill before you run any anti-malware applications, it stops most malware processes before you scan
No luck, unfortunately. I might just uninstall and delete the whole thing and either re-install or just use Chrome from now on. I was slow to do that at first because of my bookmarks, scripts etc. and I don't want to end up backing up infected files, but I won't be able to use it anyway with all the pop ups.can you post the malwarebytes, adwcleaner, avast logs
don't put them in code boxes
I haven't put up the Avast log because it has 11.5M characters, but here are the other two:
Adwcleaner
# AdwCleaner v4.200 - Logfile created 02/04/2015 at 22:50:00
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : USER - USERS
# Running from : C:\Users\USER\Downloads\adwcleaner_4.200.exe
# Option : Scan
***** [ Services ] *****
Service Found : APNMCP
Service Found : DptfParticipantProcessorService
Service Found : DptfPolicyLpmService
***** [ Files / Folders ] *****
File Found : C:\END
File Found : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Found : C:\Users\USER\AppData\Roaming\LiveSupport.exe_log.txt
File Found : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\8hvln11f.default\user.js
File Found : C:\Users\USER\AppData\Roaming\regsvr32.exe_log.txt
File Found : C:\WINDOWS\System32\DptfParticipantProcessorService.exe
File Found : C:\WINDOWS\System32\DptfPolicyLpmService.exe
Folder Found : C:\Program Files (x86)\AskPartnerNetwork
Folder Found : C:\Program Files (x86)\coupons and fun
Folder Found : C:\Program Files (x86)\Delta
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\trolatunt
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AskPartnerNetwork
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Premium
Folder Found : C:\Users\Guest\AppData\LocalLow\Delta
Folder Found : C:\Users\USER\AppData\Local\AskPartnerNetwork
Folder Found : C:\Users\USER\AppData\Local\globalUpdate
Folder Found : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pogchimbndbckepmhaagnapfmlfgnala
Folder Found : C:\Users\USER\AppData\LocalLow\Delta
Folder Found : C:\Users\USER\AppData\Roaming\Allmyapps
Folder Found : C:\Users\USER\AppData\Roaming\Babylon
Folder Found : C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Allmyapps
Folder Found : C:\Users\USER\Documents\Optimizer Pro
Folder Found : C:\Users\USER\Documents\PC Speed Maximizer
Folder Found : C:\Users\USERS~1\AppData\Local\Temp\apn
***** [ Scheduled tasks ] *****
Task Found : fsupdate
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\coupons and fun
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Goobzo
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\AskPartnerNetwork
Key Found : [x64] HKCU\Software\coupons and fun
Key Found : [x64] HKCU\Software\Delta
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\Goobzo
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Delta
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Goobzo
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4254522D-5637-006A-76A7-A75C790C0F02}
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Found : [x64] HKLM\SOFTWARE\ShopperPro
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v36.0.4 (x86 en-US)
[z7j24lun.default] - Line Found : user_pref("extensions.a2eb528f3950d48a3be4b5d7de6c8331ea41e199b6ca44d23ab8773f2d1973314com35510.35510.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3A183015%2C%22ver%22%3A2%2[...]
[z7j24lun.default] - Line Found : user_pref("extensions.a2eb528f3950d48a3be4b5d7de6c8331ea41e199b6ca44d23ab8773f2d1973314com35510.35510.internaldb.Resources_resource_646958.value", "%22function%20startAskCom%28e%2Ct%2Cr%29%7Bfunction%[...]
[z7j24lun.default] - Line Found : user_pref("extensions.a2eb528f3950d48a3be4b5d7de6c8331ea41e199b6ca44d23ab8773f2d1973314com35510.35510.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
-\\ Google Chrome v41.0.2272.101
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
[C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : oglkiljdmflopemijdadoiepkhcaodjn
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [9847 bytes] - [02/04/2015 22:50:00]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9906 bytes] ##########
Malwarebytes
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/04/02 20:52:39 +0100</date>
<logfile>mbam-log-2015-04-02 (20-52-36).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2015.04.02.05</malware-database>
<rootkit-database>v2015.03.31.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>USER</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>397905</objects>
<time>2800</time>
<processes>0</processes>
<modules>0</modules>
<keys>25</keys>
<values>3</values>
<datas>0</datas>
<folders>10</folders>
<files>19</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKU\S-1-5-21-2304693183-1762852275-1586279311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}</path><vendor>PUP.Optional.Babylon.A</vendor><action>success</action><hash>70a375d78ffb47ef72efa18f9073c739</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\trolatunt</path><vendor>PUP.Optional.Trolatunt.A</vendor><action>success</action><hash>e62d272595f55ed83bdec732ca3931cf</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>2ee509434941a393913e28b8fd068878</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>43d0123aabdf14223c2f41fe9a6b8977</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>9b7870dc8efc033370fc89b660a5728e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>ea2968e4dab09d994c77875d788b40c0</hash></key>
<key><path>HKU\S-1-5-21-2304693183-1762852275-1586279311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY</path><vendor>PUP.Optional.GlobalUpdate.C</vendor><action>success</action><hash>f91aa1abfc8e32045c5007ac7e850000</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}</path><vendor>PUP.Optional.ShopperPro</vendor><action>success</action><hash>3ad9e4684644ef479fb68d71de2739c7</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}</path><vendor>PUP.Optional.ShopperPro</vendor><action>success</action><hash>3ad9e4684644ef479fb68d71de2739c7</hash></key>
<value><path>HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE</path><valuename>path</valuename><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><valuedata>C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe</valuedata><hash>2ee509434941a393913e28b8fd068878</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT</path><valuename>InstallDir</valuename><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><valuedata>C:\PROGRA~2\SearchProtect</valuedata><hash>ea2968e4dab09d994c77875d788b40c0</hash></value>
<value><path>HKU\S-1-5-21-2304693183-1762852275-1586279311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY</path><valuename>source</valuename><vendor>PUP.Optional.GlobalUpdate.C</vendor><action>success</action><valuedata>IE</valuedata><hash>f91aa1abfc8e32045c5007ac7e850000</hash></value>
<folder><path>C:\ProgramData\374311380</path><vendor>Rogue.Multiple</vendor><action>success</action><hash>090a75d78208d75fb3d86b0348bb23dd</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Download</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Download\{DD1B4183-F36A-4489-9A68-4205A6801149}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Download\{DD1B4183-F36A-4489-9A68-4205A6801149}\1.3.25.27</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Install</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Install\{15E1F432-DA4D-40CD-9599-78B240D33F77}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Offline</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Offline\{175E5C2C-0DB2-4E02-A2CA-2CD740CBD841}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></folder>
<file><path>C:\Users\USER\AppData\Roaming\trz113F.tmp</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>c84be4686228bd795e5e1b3a837d817f</hash></file>
<file><path>C:\Users\USER\AppData\Roaming\trz3C19.tmp</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>1cf7b29af991af8703b933226f91b947</hash></file>
<file><path>C:\Users\USER\Downloads\SoftonicDownloader_for_bluestacks-app-player.exe</path><vendor>PUP.Optional.Softonic</vendor><action>success</action><hash>e33087c5a9e13ef8dff62a30e719867a</hash></file>
<file><path>C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>5eb589c3eaa0e155c893ad90a5606b95</hash></file>
<file><path>C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>d24167e57c0ebd7906561726c73ebe42</hash></file>
<file><path>C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>82918dbf7e0ca690bda0d06de81df10f</hash></file>
<file><path>C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>e62de5676a207eb8b1adee4ff70ef907</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\Download\{DD1B4183-F36A-4489-9A68-4205A6801149}\1.3.25.27\setup.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e75ec604a4084b214b90f84d0335ea2</hash></file>
</items>
</mbam-log>0 -
Advertisement
-
you deleted what adwcleaner found right ?
Download OTL to your Desktop- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Quick Scan button. Do not change any settings. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files here
0 -
Yes, I've deleted everything that was detected.
OTL logfile created on: 06-Apr-15 12:15:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\USER\Desktop\Anti-Malware\OLT
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17351)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
3.89 Gb Total Physical Memory | 2.87 Gb Available Physical Memory | 73.86% Memory free
7.89 Gb Paging File | 6.37 Gb Available in Paging File | 80.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.31 Gb Total Space | 261.32 Gb Free Space | 58.82% Space Free | Partition Type: NTFS
Computer Name: USERS | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2015-04-06 12:12:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\USER\Desktop\Anti-Malware\OLT\OTL.exe
PRC - [2014-10-07 16:36:00 | 000,782,040 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
PRC - [2014-10-07 16:33:56 | 000,388,824 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2014-08-08 16:15:30 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014-05-31 23:19:48 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-10-23 23:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\USER\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2012-09-11 17:43:14 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012-08-25 01:17:14 | 000,107,192 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012-08-25 01:17:10 | 000,192,000 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012-08-11 01:37:48 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012-07-17 22:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012-07-17 22:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012-06-27 20:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012-06-25 18:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012-04-06 14:13:56 | 000,178,032 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\SLManagerEasy\Inputps.exe
PRC - [2011-11-21 22:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2010-03-16 16:03:38 | 000,095,608 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
PRC - [2009-11-18 18:31:20 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\EyeDefender\EyeDefender.exe
PRC - [2009-01-26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
========== Modules (No Company Name) ==========
MOD - [2013-12-14 12:49:46 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2012-08-25 01:17:08 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2009-11-18 18:31:20 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\EyeDefender\EyeDefender.exe
========== Services (SafeList) ==========
SRV:64bit: - [2014-09-24 09:38:43 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014-09-24 09:16:43 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014-09-24 09:16:43 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014-09-24 09:03:47 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014-09-24 09:03:47 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014-09-24 08:50:29 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014-09-24 08:50:27 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014-09-24 08:33:15 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014-09-24 08:32:55 | 002,898,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014-09-24 08:24:03 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014-09-24 08:24:02 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014-09-24 08:23:54 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014-09-24 08:23:52 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014-09-24 08:23:51 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014-09-24 08:23:47 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014-09-24 08:23:47 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014-09-24 08:23:45 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014-05-31 23:19:48 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013-08-22 12:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013-08-22 12:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013-08-22 12:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013-08-22 12:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013-08-22 12:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013-08-22 11:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013-08-22 11:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013-08-22 10:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013-08-22 10:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013-08-22 10:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-08-22 10:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-08-22 10:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013-08-22 10:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013-08-22 10:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013-08-22 10:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012-09-14 12:55:00 | 000,027,792 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2012-04-20 22:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2015-04-03 12:25:23 | 000,268,464 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015-03-27 06:00:17 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015-01-02 20:45:12 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014-10-07 16:36:00 | 000,782,040 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe -- (BstHdUpdaterSvc)
SRV - [2014-10-07 16:33:56 | 000,388,824 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2014-10-07 16:33:20 | 000,409,304 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2014-09-24 09:16:42 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014-09-24 08:32:55 | 002,898,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013-10-01 14:02:42 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013-08-22 04:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013-08-22 03:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012-09-11 19:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012-08-11 02:28:14 | 000,211,584 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012-08-11 01:37:48 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2012-07-17 22:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-07-17 22:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-06-27 20:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012-06-25 18:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011-11-21 22:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010-03-16 16:03:38 | 000,095,608 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe -- (bufssvr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014-09-24 09:46:53 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014-09-24 09:03:47 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014-09-24 09:03:47 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014-09-24 09:03:47 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014-09-24 08:50:37 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014-09-24 08:50:30 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014-09-24 08:50:28 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014-09-24 08:33:00 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014-09-24 08:32:59 | 000,149,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014-09-24 08:32:54 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014-09-24 08:32:54 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014-09-24 08:23:53 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014-09-24 08:23:48 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014-09-24 08:23:32 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014-09-24 08:23:31 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014-09-24 08:23:31 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2014-09-24 08:23:31 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014-09-24 08:23:31 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014-09-24 08:23:31 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014-09-24 08:23:31 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014-09-24 08:23:30 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014-09-24 08:23:30 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014-09-24 08:23:30 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014-09-24 07:53:14 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014-09-24 07:53:09 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2014-05-31 23:20:21 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014-05-31 23:20:20 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014-05-31 23:20:20 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014-05-31 23:19:51 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014-05-31 23:19:51 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014-05-31 23:19:51 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014-05-31 23:19:51 | 000,029,208 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014-05-31 23:19:50 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014-05-24 16:23:32 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014-04-28 07:33:30 | 000,599,240 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013-10-01 14:02:30 | 004,177,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013-08-22 23:51:12 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013-08-22 23:51:12 | 000,026,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013-08-22 14:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013-08-22 14:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013-08-22 13:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013-08-22 13:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013-08-22 13:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-08-22 13:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013-08-22 13:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013-08-22 13:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013-08-22 13:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013-08-22 13:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013-08-22 13:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013-08-22 13:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013-08-22 13:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013-08-22 13:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013-08-22 13:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013-08-22 13:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013-08-22 13:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013-08-22 13:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013-08-22 13:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013-08-22 13:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013-08-22 13:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013-08-22 13:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013-08-22 13:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013-08-22 13:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-08-22 13:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013-08-22 13:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013-08-22 13:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013-08-22 13:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013-08-22 13:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013-08-22 12:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013-08-22 12:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013-08-22 12:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013-08-22 12:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013-08-22 12:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013-08-22 12:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013-08-22 12:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-08-22 12:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013-08-22 12:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013-08-22 12:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013-08-22 12:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013-08-22 12:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013-08-22 12:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013-08-22 12:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013-08-22 12:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013-08-22 12:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013-08-22 12:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013-08-22 12:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013-08-22 12:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013-08-22 12:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013-08-22 12:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013-08-22 09:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013-08-13 00:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013-08-10 01:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013-07-30 19:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013-07-25 20:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013-06-18 15:45:02 | 003,680,256 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athw8x.sys -- (athr)
DRV:64bit: - [2013-06-18 15:44:59 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012-09-14 12:54:52 | 002,203,792 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012-09-11 17:43:44 | 000,056,704 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2012-08-27 04:11:04 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012-08-02 04:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012-07-25 02:21:22 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012-07-24 04:16:28 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012-07-13 09:50:40 | 000,361,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfManager.sys -- (DptfManager)
DRV:64bit: - [2012-07-13 09:50:40 | 000,064,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevGen.sys -- (DptfDevGen)
DRV:64bit: - [2012-07-13 09:50:38 | 000,107,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevDram.sys -- (DptfDevDram)
DRV:64bit: - [2012-07-13 09:50:36 | 000,042,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevFan.sys -- (DptfDevFan)
DRV:64bit: - [2012-07-13 09:50:34 | 000,096,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevPch.sys -- (DptfDevPch)
DRV:64bit: - [2012-07-13 09:50:32 | 000,228,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevProc.sys -- (DptfDevProc)
DRV:64bit: - [2012-07-02 23:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012-05-31 04:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV - [2014-10-07 16:33:44 | 000,122,072 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2011-09-07 17:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009-07-03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "IE"
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Google"
FF - prefs.js..browser.search.defaulturl: "https://www.google.com/search"
FF - prefs.js..browser.search.hiddenOneOffs: "DuckDuckGo"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.region: "IE"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:3.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0
FF - prefs.js..keyword.URL: "https://www.google.com/search"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\USER\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\USER\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\USER\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\USER\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\USER\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-31 23:19:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2015-04-03 12:29:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2014-05-24 17:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\Extensions
[2014-06-26 19:39:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\8hvln11f.default\extensions
[2015-04-03 16:12:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\z7j24lun.default\extensions
[2015-04-03 16:12:00 | 000,970,672 | ---- | M] () (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\firefox\profiles\z7j24lun.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015-03-22 23:50:59 | 000,322,179 | ---- | M] () (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\firefox\profiles\z7j24lun.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014-06-27 18:35:11 | 000,002,823 | ---- | M] () -- C:\Users\USER\AppData\Roaming\mozilla\firefox\profiles\z7j24lun.default\searchplugins\Google.xml
[2015-04-03 11:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015-04-03 11:59:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014-05-31 23:19:52 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
CHR - plugin: Wajam (Enabled) = F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Adobe Acrobat (Enabled) = F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft® DRM (Enabled) = F:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = F:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = F:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: iTunes Application Detector (Enabled) = F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Ma-Config.com plugin (Enabled) = F:\Program Files\ma-config.com\nphardwaredetection.dll
CHR - plugin: Silverlight Plug-In (Enabled) = f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: No name found = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.226.0.1_0\
CHR - Extension: No name found = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.12_0\
CHR - Extension: No name found = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\
CHR - Extension: No name found = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\
O1 HOSTS File: ([2013-08-22 14:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ASUS Browser Extension x64) - {78234974-0C4B-4111-BDEB-D9A104418772} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ASUS Browser Extension x86) - {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [ASUSQuickGesture(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.)
O4:64bit: - HKLM..\Run: [ASUSQuickGesture(x86)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (ASUSTeK Computer Inc.)
O4:64bit: - HKLM..\Run: [ASUSTPLoader(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (AsusTek)
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Qualcomm Atheros Commnucations)
O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysNative\DptfPolicyLpmServiceHelper.exe ()
O4:64bit: - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe (VIA)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [EyeDefender] C:\Program Files (x86)\EyeDefender\EyeDefender.exe ()
O4 - HKCU..\Run: [f.lux] C:\Users\USER\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A820FDF-CB9F-4608-9DA3-98C034C3A5DA}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2015-04-04 11:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2015-04-04 11:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2015-04-04 11:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2015-04-04 01:17:02 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\Anti-Malware
[2015-04-03 12:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2015-04-03 12:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2015-04-03 12:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2015-04-03 12:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015-04-03 12:14:44 | 000,000,000 | ---D | C] -- C:\FRST
[2015-04-02 22:49:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015-03-31 12:09:07 | 000,000,000 | ---D | C] -- C:\Users\USER\Documents\Masters Application
[2015-03-16 21:41:04 | 000,000,000 | ---D | C] -- C:\Users\USER\Tracing
[2015-03-08 13:32:42 | 000,000,000 | ---D | C] -- C:\Users\USER\Documents\CCFC
[2013-07-08 20:38:34 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
========== Files - Modified Within 30 Days ==========
[2015-04-06 12:01:00 | 000,001,366 | ---- | M] () -- C:\WINDOWS\tasks\coupons_and_fun_notification_service.job
[2015-04-06 12:01:00 | 000,000,728 | ---- | M] () -- C:\WINDOWS\tasks\coupons_and_fun_updating_service.job
[2015-04-06 11:55:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015-04-06 11:50:20 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2304693183-1762852275-1586279311-1001UA.job
[2015-04-06 11:36:11 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015-04-06 11:27:51 | 000,000,529 | ---- | M] () -- C:\Users\USER\AppData\Roaming\sp_data.sys
[2015-04-06 11:27:30 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015-04-06 11:26:43 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015-04-04 11:27:39 | 000,001,281 | ---- | M] () -- C:\Users\USER\Desktop\Spybot - Search & Destroy.lnk
[2015-04-04 10:51:20 | 000,863,592 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015-04-04 10:51:20 | 000,739,076 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015-04-04 10:51:20 | 000,138,670 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015-04-04 01:39:45 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015-04-04 01:39:41 | 506,969,831 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2015-04-04 01:39:38 | 3340,009,472 | -HS- | M] () -- C:\hiberfil.sys
[2015-04-03 17:42:40 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015-04-03 11:59:12 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015-04-02 22:30:07 | 000,000,004 | ---- | M] () -- C:\WINDOWS\SysWow64\029B560A371F4E00AB32838EBC01B9E7
[2015-04-02 20:51:51 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015-04-02 09:50:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2304693183-1762852275-1586279311-1001Core.job
[2015-03-31 09:14:36 | 000,004,387 | ---- | M] () -- C:\Users\USER\AppData\Roaming\OejwHEavA9GO1
[2015-03-31 09:14:36 | 000,004,387 | ---- | M] () -- C:\Users\USER\AppData\Roaming\FrCdWYH0665l7dbKJ
[2015-03-31 09:14:20 | 000,005,655 | ---- | M] () -- C:\Users\USER\AppData\Roaming\L2lK5ZbAXKSBfNDr
[2015-03-31 09:14:20 | 000,005,655 | ---- | M] () -- C:\Users\USER\AppData\Roaming\BEE1KPIGS
[2015-03-27 11:40:24 | 000,003,388 | ---- | M] () -- C:\Users\USER\AppData\Local\recently-used.xbel
========== Files Created - No Company Name ==========
[2015-04-04 11:27:39 | 000,001,281 | ---- | C] () -- C:\Users\USER\Desktop\Spybot - Search & Destroy.lnk
[2015-04-02 17:01:01 | 000,000,004 | ---- | C] () -- C:\WINDOWS\SysWow64\029B560A371F4E00AB32838EBC01B9E7
[2015-04-02 16:01:42 | 000,000,728 | ---- | C] () -- C:\WINDOWS\tasks\coupons_and_fun_updating_service.job
[2015-04-02 16:01:41 | 000,001,366 | ---- | C] () -- C:\WINDOWS\tasks\coupons_and_fun_notification_service.job
[2015-03-31 09:14:36 | 000,004,387 | ---- | C] () -- C:\Users\USER\AppData\Roaming\OejwHEavA9GO1
[2015-03-31 09:14:36 | 000,004,387 | ---- | C] () -- C:\Users\USER\AppData\Roaming\FrCdWYH0665l7dbKJ
[2015-03-31 09:14:20 | 000,005,655 | ---- | C] () -- C:\Users\USER\AppData\Roaming\L2lK5ZbAXKSBfNDr
[2015-03-31 09:14:20 | 000,005,655 | ---- | C] () -- C:\Users\USER\AppData\Roaming\BEE1KPIGS
[2015-03-27 11:40:24 | 000,003,388 | ---- | C] () -- C:\Users\USER\AppData\Local\recently-used.xbel
[2014-09-24 08:24:06 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014-09-24 08:23:34 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013-10-01 14:02:30 | 000,303,104 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013-10-01 14:02:26 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013-10-01 14:02:26 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013-08-22 16:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013-08-22 16:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013-08-22 15:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013-08-22 08:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013-08-22 04:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013-08-22 00:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013-08-22 00:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013-07-14 12:04:17 | 000,000,254 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2013-01-31 20:28:26 | 000,060,864 | ---- | C] () -- C:\Users\USER\g2mdlhlpx.exe
[2013-01-03 23:52:07 | 000,000,021 | ---- | C] () -- C:\Users\USER\AppData\Roaming\my_intel.sys
[2012-11-15 20:07:14 | 000,000,529 | ---- | C] () -- C:\Users\USER\AppData\Roaming\sp_data.sys
[2012-09-11 01:37:22 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012-09-11 01:37:22 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012-09-11 01:37:22 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS
========== ZeroAccess Check ==========
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-09-24 08:33:02 | 021,266,336 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-09-24 08:33:14 | 018,760,328 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014-12-31 17:54:35 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\.minecraft
[2014-01-02 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\AVAST Software
[2014-05-24 16:26:35 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\AVG
[2014-11-11 00:45:41 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\AVG2015
[2013-02-04 21:30:50 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\DAEMON Tools Lite
[2014-06-02 22:12:20 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Dropbox
[2014-06-02 22:12:19 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\DropboxMaster
[2012-12-07 15:17:57 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\OpenOffice.org
[2014-05-29 20:43:41 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Sports Interactive
[2013-12-29 20:50:59 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\SystemRequirementsLab
[2013-01-30 22:17:26 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\TeamViewer
[2014-11-11 00:44:51 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\TuneUp Software
[2013-10-02 14:52:52 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Unity
[2014-10-03 11:54:04 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\uTorrent
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:56E2E879
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720
< End of report >0 -
OTL logfile created on: 06-Apr-15 12:15:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\USER\Desktop\Anti-Malware\OLT
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17351)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
3.89 Gb Total Physical Memory | 2.87 Gb Available Physical Memory | 73.86% Memory free
7.89 Gb Paging File | 6.37 Gb Available in Paging File | 80.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.31 Gb Total Space | 261.32 Gb Free Space | 58.82% Space Free | Partition Type: NTFS
Computer Name: USERS | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2015-04-06 12:12:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\USER\Desktop\Anti-Malware\OLT\OTL.exe
PRC - [2014-10-07 16:36:00 | 000,782,040 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
PRC - [2014-10-07 16:33:56 | 000,388,824 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2014-08-08 16:15:30 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014-05-31 23:19:48 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-10-23 23:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\USER\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2012-09-11 17:43:14 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012-08-25 01:17:14 | 000,107,192 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012-08-25 01:17:10 | 000,192,000 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012-08-11 01:37:48 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012-07-17 22:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012-07-17 22:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012-06-27 20:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012-06-25 18:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012-04-06 14:13:56 | 000,178,032 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\SLManagerEasy\Inputps.exe
PRC - [2011-11-21 22:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2010-03-16 16:03:38 | 000,095,608 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
PRC - [2009-11-18 18:31:20 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\EyeDefender\EyeDefender.exe
PRC - [2009-01-26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
========== Modules (No Company Name) ==========
MOD - [2013-12-14 12:49:46 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2012-08-25 01:17:08 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2009-11-18 18:31:20 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\EyeDefender\EyeDefender.exe
========== Services (SafeList) ==========
SRV:64bit: - [2014-09-24 09:38:43 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014-09-24 09:16:43 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014-09-24 09:16:43 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014-09-24 09:03:47 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014-09-24 09:03:47 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014-09-24 08:50:29 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014-09-24 08:50:27 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014-09-24 08:33:15 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014-09-24 08:32:55 | 002,898,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014-09-24 08:24:03 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014-09-24 08:24:02 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014-09-24 08:23:54 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014-09-24 08:23:52 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014-09-24 08:23:51 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014-09-24 08:23:47 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014-09-24 08:23:47 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014-09-24 08:23:45 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014-05-31 23:19:48 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013-08-22 12:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013-08-22 12:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013-08-22 12:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013-08-22 12:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013-08-22 12:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013-08-22 11:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013-08-22 11:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013-08-22 10:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013-08-22 10:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013-08-22 10:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-08-22 10:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-08-22 10:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013-08-22 10:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013-08-22 10:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013-08-22 10:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012-09-14 12:55:00 | 000,027,792 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2012-04-20 22:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2015-04-03 12:25:23 | 000,268,464 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015-03-27 06:00:17 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015-01-02 20:45:12 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014-10-07 16:36:00 | 000,782,040 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe -- (BstHdUpdaterSvc)
SRV - [2014-10-07 16:33:56 | 000,388,824 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2014-10-07 16:33:20 | 000,409,304 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2014-09-24 09:16:42 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014-09-24 08:32:55 | 002,898,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013-10-01 14:02:42 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013-08-22 04:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013-08-22 03:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012-09-11 19:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012-08-11 02:28:14 | 000,211,584 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012-08-11 01:37:48 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2012-07-17 22:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-07-17 22:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-06-27 20:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012-06-25 18:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011-11-21 22:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010-03-16 16:03:38 | 000,095,608 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe -- (bufssvr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014-09-24 09:46:53 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014-09-24 09:03:47 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014-09-24 09:03:47 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014-09-24 09:03:47 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014-09-24 08:50:37 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014-09-24 08:50:30 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014-09-24 08:50:28 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014-09-24 08:33:00 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014-09-24 08:32:59 | 000,149,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014-09-24 08:32:54 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014-09-24 08:32:54 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014-09-24 08:23:53 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014-09-24 08:23:48 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014-09-24 08:23:32 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014-09-24 08:23:31 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014-09-24 08:23:31 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2014-09-24 08:23:31 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014-09-24 08:23:31 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014-09-24 08:23:31 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014-09-24 08:23:31 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014-09-24 08:23:30 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014-09-24 08:23:30 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014-09-24 08:23:30 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014-09-24 07:53:14 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014-09-24 07:53:09 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2014-05-31 23:20:21 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014-05-31 23:20:20 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014-05-31 23:20:20 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014-05-31 23:19:51 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014-05-31 23:19:51 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014-05-31 23:19:51 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014-05-31 23:19:51 | 000,029,208 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014-05-31 23:19:50 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014-05-24 16:23:32 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014-04-28 07:33:30 | 000,599,240 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013-10-01 14:02:30 | 004,177,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013-08-22 23:51:12 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013-08-22 23:51:12 | 000,026,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013-08-22 14:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013-08-22 14:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013-08-22 13:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013-08-22 13:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013-08-22 13:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-08-22 13:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013-08-22 13:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013-08-22 13:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013-08-22 13:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013-08-22 13:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013-08-22 13:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013-08-22 13:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013-08-22 13:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013-08-22 13:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013-08-22 13:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013-08-22 13:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013-08-22 13:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013-08-22 13:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013-08-22 13:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013-08-22 13:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013-08-22 13:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013-08-22 13:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013-08-22 13:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013-08-22 13:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-08-22 13:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013-08-22 13:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013-08-22 13:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013-08-22 13:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013-08-22 13:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013-08-22 12:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013-08-22 12:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013-08-22 12:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013-08-22 12:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013-08-22 12:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013-08-22 12:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013-08-22 12:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-08-22 12:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013-08-22 12:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013-08-22 12:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013-08-22 12:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013-08-22 12:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013-08-22 12:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013-08-22 12:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013-08-22 12:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013-08-22 12:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013-08-22 12:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013-08-22 12:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013-08-22 12:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013-08-22 12:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013-08-22 12:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013-08-22 09:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013-08-13 00:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013-08-10 01:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013-07-30 19:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013-07-25 20:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013-06-18 15:45:02 | 003,680,256 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athw8x.sys -- (athr)
DRV:64bit: - [2013-06-18 15:44:59 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012-09-14 12:54:52 | 002,203,792 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012-09-11 17:43:44 | 000,056,704 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2012-08-27 04:11:04 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012-08-02 04:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012-07-25 02:21:22 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012-07-24 04:16:28 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012-07-13 09:50:40 | 000,361,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfManager.sys -- (DptfManager)
DRV:64bit: - [2012-07-13 09:50:40 | 000,064,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevGen.sys -- (DptfDevGen)
DRV:64bit: - [2012-07-13 09:50:38 | 000,107,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevDram.sys -- (DptfDevDram)
DRV:64bit: - [2012-07-13 09:50:36 | 000,042,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevFan.sys -- (DptfDevFan)
DRV:64bit: - [2012-07-13 09:50:34 | 000,096,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevPch.sys -- (DptfDevPch)
DRV:64bit: - [2012-07-13 09:50:32 | 000,228,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevProc.sys -- (DptfDevProc)
DRV:64bit: - [2012-07-02 23:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012-05-31 04:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV - [2014-10-07 16:33:44 | 000,122,072 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2011-09-07 17:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009-07-03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "IE"
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Google"
FF - prefs.js..browser.search.defaulturl: "https://www.google.com/search"
FF - prefs.js..browser.search.hiddenOneOffs: "DuckDuckGo"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.region: "IE"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:3.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0
FF - prefs.js..keyword.URL: "https://www.google.com/search"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\USER\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\USER\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\USER\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\USER\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\USER\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-31 23:19:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2015-04-03 12:29:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2014-05-24 17:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\Extensions
[2014-06-26 19:39:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\8hvln11f.default\extensions
[2015-04-03 16:12:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\z7j24lun.default\extensions
[2015-04-03 16:12:00 | 000,970,672 | ---- | M] () (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\firefox\profiles\z7j24lun.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015-03-22 23:50:59 | 000,322,179 | ---- | M] () (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\firefox\profiles\z7j24lun.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014-06-27 18:35:11 | 000,002,823 | ---- | M] () -- C:\Users\USER\AppData\Roaming\mozilla\firefox\profiles\z7j24lun.default\searchplugins\Google.xml
[2015-04-03 11:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015-04-03 11:59:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014-05-31 23:19:52 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
CHR - plugin: Wajam (Enabled) = F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Adobe Acrobat (Enabled) = F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft® DRM (Enabled) = F:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = F:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = F:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: iTunes Application Detector (Enabled) = F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Ma-Config.com plugin (Enabled) = F:\Program Files\ma-config.com\nphardwaredetection.dll
CHR - plugin: Silverlight Plug-In (Enabled) = f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: No name found = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.226.0.1_0\
CHR - Extension: No name found = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.12_0\
CHR - Extension: No name found = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\
CHR - Extension: No name found = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\
O1 HOSTS File: ([2013-08-22 14:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ASUS Browser Extension x64) - {78234974-0C4B-4111-BDEB-D9A104418772} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ASUS Browser Extension x86) - {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [ASUSQuickGesture(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.)
O4:64bit: - HKLM..\Run: [ASUSQuickGesture(x86)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (ASUSTeK Computer Inc.)
O4:64bit: - HKLM..\Run: [ASUSTPLoader(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (AsusTek)
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Qualcomm Atheros Commnucations)
O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysNative\DptfPolicyLpmServiceHelper.exe ()
O4:64bit: - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe (VIA)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [EyeDefender] C:\Program Files (x86)\EyeDefender\EyeDefender.exe ()
O4 - HKCU..\Run: [f.lux] C:\Users\USER\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A820FDF-CB9F-4608-9DA3-98C034C3A5DA}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2015-04-04 11:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2015-04-04 11:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2015-04-04 11:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2015-04-04 01:17:02 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\Anti-Malware
[2015-04-03 12:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2015-04-03 12:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2015-04-03 12:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2015-04-03 12:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015-04-03 12:14:44 | 000,000,000 | ---D | C] -- C:\FRST
[2015-04-02 22:49:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015-03-31 12:09:07 | 000,000,000 | ---D | C] -- C:\Users\USER\Documents\Masters Application
[2015-03-16 21:41:04 | 000,000,000 | ---D | C] -- C:\Users\USER\Tracing
[2015-03-08 13:32:42 | 000,000,000 | ---D | C] -- C:\Users\USER\Documents\CCFC
[2013-07-08 20:38:34 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
========== Files - Modified Within 30 Days ==========
[2015-04-06 12:01:00 | 000,001,366 | ---- | M] () -- C:\WINDOWS\tasks\coupons_and_fun_notification_service.job
[2015-04-06 12:01:00 | 000,000,728 | ---- | M] () -- C:\WINDOWS\tasks\coupons_and_fun_updating_service.job
[2015-04-06 11:55:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015-04-06 11:50:20 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2304693183-1762852275-1586279311-1001UA.job
[2015-04-06 11:36:11 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015-04-06 11:27:51 | 000,000,529 | ---- | M] () -- C:\Users\USER\AppData\Roaming\sp_data.sys
[2015-04-06 11:27:30 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015-04-06 11:26:43 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015-04-04 11:27:39 | 000,001,281 | ---- | M] () -- C:\Users\USER\Desktop\Spybot - Search & Destroy.lnk
[2015-04-04 10:51:20 | 000,863,592 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015-04-04 10:51:20 | 000,739,076 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015-04-04 10:51:20 | 000,138,670 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015-04-04 01:39:45 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015-04-04 01:39:41 | 506,969,831 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2015-04-04 01:39:38 | 3340,009,472 | -HS- | M] () -- C:\hiberfil.sys
[2015-04-03 17:42:40 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015-04-03 11:59:12 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015-04-02 22:30:07 | 000,000,004 | ---- | M] () -- C:\WINDOWS\SysWow64\029B560A371F4E00AB32838EBC01B9E7
[2015-04-02 20:51:51 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015-04-02 09:50:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2304693183-1762852275-1586279311-1001Core.job
[2015-03-31 09:14:36 | 000,004,387 | ---- | M] () -- C:\Users\USER\AppData\Roaming\OejwHEavA9GO1
[2015-03-31 09:14:36 | 000,004,387 | ---- | M] () -- C:\Users\USER\AppData\Roaming\FrCdWYH0665l7dbKJ
[2015-03-31 09:14:20 | 000,005,655 | ---- | M] () -- C:\Users\USER\AppData\Roaming\L2lK5ZbAXKSBfNDr
[2015-03-31 09:14:20 | 000,005,655 | ---- | M] () -- C:\Users\USER\AppData\Roaming\BEE1KPIGS
[2015-03-27 11:40:24 | 000,003,388 | ---- | M] () -- C:\Users\USER\AppData\Local\recently-used.xbel
========== Files Created - No Company Name ==========
[2015-04-04 11:27:39 | 000,001,281 | ---- | C] () -- C:\Users\USER\Desktop\Spybot - Search & Destroy.lnk
[2015-04-02 17:01:01 | 000,000,004 | ---- | C] () -- C:\WINDOWS\SysWow64\029B560A371F4E00AB32838EBC01B9E7
[2015-04-02 16:01:42 | 000,000,728 | ---- | C] () -- C:\WINDOWS\tasks\coupons_and_fun_updating_service.job
[2015-04-02 16:01:41 | 000,001,366 | ---- | C] () -- C:\WINDOWS\tasks\coupons_and_fun_notification_service.job
[2015-03-31 09:14:36 | 000,004,387 | ---- | C] () -- C:\Users\USER\AppData\Roaming\OejwHEavA9GO1
[2015-03-31 09:14:36 | 000,004,387 | ---- | C] () -- C:\Users\USER\AppData\Roaming\FrCdWYH0665l7dbKJ
[2015-03-31 09:14:20 | 000,005,655 | ---- | C] () -- C:\Users\USER\AppData\Roaming\L2lK5ZbAXKSBfNDr
[2015-03-31 09:14:20 | 000,005,655 | ---- | C] () -- C:\Users\USER\AppData\Roaming\BEE1KPIGS
[2015-03-27 11:40:24 | 000,003,388 | ---- | C] () -- C:\Users\USER\AppData\Local\recently-used.xbel
[2014-09-24 08:24:06 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014-09-24 08:23:34 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013-10-01 14:02:30 | 000,303,104 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013-10-01 14:02:26 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013-10-01 14:02:26 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013-08-22 16:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013-08-22 16:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013-08-22 15:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013-08-22 08:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013-08-22 04:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013-08-22 00:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013-08-22 00:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013-07-14 12:04:17 | 000,000,254 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2013-01-31 20:28:26 | 000,060,864 | ---- | C] () -- C:\Users\USER\g2mdlhlpx.exe
[2013-01-03 23:52:07 | 000,000,021 | ---- | C] () -- C:\Users\USER\AppData\Roaming\my_intel.sys
[2012-11-15 20:07:14 | 000,000,529 | ---- | C] () -- C:\Users\USER\AppData\Roaming\sp_data.sys
[2012-09-11 01:37:22 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012-09-11 01:37:22 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012-09-11 01:37:22 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS
========== ZeroAccess Check ==========
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-09-24 08:33:02 | 021,266,336 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-09-24 08:33:14 | 018,760,328 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014-12-31 17:54:35 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\.minecraft
[2014-01-02 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\AVAST Software
[2014-05-24 16:26:35 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\AVG
[2014-11-11 00:45:41 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\AVG2015
[2013-02-04 21:30:50 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\DAEMON Tools Lite
[2014-06-02 22:12:20 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Dropbox
[2014-06-02 22:12:19 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\DropboxMaster
[2012-12-07 15:17:57 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\OpenOffice.org
[2014-05-29 20:43:41 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Sports Interactive
[2013-12-29 20:50:59 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\SystemRequirementsLab
[2013-01-30 22:17:26 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\TeamViewer
[2014-11-11 00:44:51 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\TuneUp Software
[2013-10-02 14:52:52 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Unity
[2014-10-03 11:54:04 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\uTorrent
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:56E2E879
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720
< End of report >0 -
open OTL copy this into the box
:OTL
CHR - plugin: Wajam (Enabled) = F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
[2015-04-06 12:01:00 | 000,001,366 | ---- | M] () -- C:\WINDOWS\tasks\coupons_and_fun_notification_service.job
[2015-04-06 12:01:00 | 000,000,728 | ---- | M] () -- C:\WINDOWS\tasks\coupons_and_fun_updating_service.job
[2015-03-31 09:14:36 | 000,004,387 | ---- | M] () -- C:\Users\USER\AppData\Roaming\OejwHEavA9GO1
[2015-03-31 09:14:36 | 000,004,387 | ---- | M] () -- C:\Users\USER\AppData\Roaming\FrCdWYH0665l7dbKJ
[2015-03-31 09:14:20 | 000,005,655 | ---- | M] () -- C:\Users\USER\AppData\Roaming\L2lK5ZbAXKSBfNDr
[2015-03-31 09:14:20 | 000,005,655 | ---- | M] () -- C:\Users\USER\AppData\Roaming\BEE1KPIGS
:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c
click run fix post the log it gives0 -
All processes killed
Error: Unable to interpret <CHR - plugin: Wajam (Enabled) = F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll> in the current context!
Error: Unable to interpret <[2015-04-06 12:01:00 | 000,001,366 | ---- | M] () -- C:\WINDOWS\tasks\coupons_and_fun_notification_service.job> in the current context!
Error: Unable to interpret <[2015-04-06 12:01:00 | 000,000,728 | ---- | M] () -- C:\WINDOWS\tasks\coupons_and_fun_updating_service.job> in the current context!
Error: Unable to interpret <[2015-03-31 09:14:36 | 000,004,387 | ---- | M] () -- C:\Users\USER\AppData\Roaming\OejwHEavA9GO1> in the current context!
Error: Unable to interpret <[2015-03-31 09:14:36 | 000,004,387 | ---- | M] () -- C:\Users\USER\AppData\Roaming\FrCdWYH0665l7dbKJ> in the current context!
Error: Unable to interpret <[2015-03-31 09:14:20 | 000,005,655 | ---- | M] () -- C:\Users\USER\AppData\Roaming\L2lK5ZbAXKSBfNDr> in the current context!
Error: Unable to interpret <[2015-03-31 09:14:20 | 000,005,655 | ---- | M] () -- C:\Users\USER\AppData\Roaming\BEE1KPIGS> in the current context!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default.migrated0 -
Advertisement
-
you need to copy this part at the start of the fix
:OTL
can u try it again0 -
Yes, my apologies. Here's the log:
All processes killed
========== OTL ==========
File F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll not found.
C:\Windows\Tasks\coupons_and_fun_notification_service.job moved successfully.
C:\Windows\Tasks\coupons_and_fun_updating_service.job moved successfully.
C:\Users\USER\AppData\Roaming\OejwHEavA9GO1 moved successfully.
C:\Users\USER\AppData\Roaming\FrCdWYH0665l7dbKJ moved successfully.
C:\Users\USER\AppData\Roaming\L2lK5ZbAXKSBfNDr moved successfully.
C:\Users\USER\AppData\Roaming\BEE1KPIGS moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default.migrated
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: USER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 26348 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5900893 bytes
->Google Chrome cache emptied: 36536281 bytes
->Flash cache emptied: 973 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 119371545 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 298980 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 155.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Default.migrated
User: Guest
->Flash cache emptied: 0 bytes
User: USER
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Default.migrated
User: Guest
User: USER
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\USER\Desktop\Anti-Malware\OLT\cmd.bat deleted successfully.
C:\Users\USER\Desktop\Anti-Malware\OLT\cmd.txt deleted successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 04062015_153623
Files\Folders moved on Reboot...
C:\Users\USER\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...0 -
it still giving you problems ?0
-
-
Yeah, Firefox still has the pop-ups.
Chrome must still have had some hidden adware in it that my scans missed, so thanks for getting rid of that before it popped up again.
Reset Firefox - https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings
and
Reset Chrome - https://support.google.com/chrome/answer/3296214?hl=en
Run TFC then
Update definitions on Spybot Search & Destroy and run it again.
When finished, clean and follow any instructions.
When that is finished, can you post back here.0 -
also post the full frst log0
-
Apologies in the delay getting back to you, I appreciate your continued help. I've done all that, but still no luck. I've done a FRST scan just now after following the above instructions.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by USER (administrator) on USERS on 12-04-2015 16:54:43
Running from C:\Users\USER\Desktop\Anti-Malware\FRST
Loaded Profiles: USER (Available profiles: USER & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] ()
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5292688 2012-09-18] (VIA)
HKLM\...\Run: [VIAAUD] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe [2540176 2012-09-18] (VIA)
HKLM\...\Run: [ASUSQuickGesture(x86)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUSTPLoader(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-09-11] (AsusTek)
HKLM\...\Run: [ASUSQuickGesture(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-11] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-11] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-25] (ASUS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-08] (AVAST Software)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3649040 2014-10-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2304693183-1762852275-1586279311-1001\...\Run: [Google Update] => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-12-01] (Google Inc.)
HKU\S-1-5-21-2304693183-1762852275-1586279311-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2304693183-1762852275-1586279311-1001\...\Run: [f.lux] => C:\Users\USER\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2304693183-1762852275-1586279311-1001\...\Run: [EyeDefender] => C:\Program Files (x86)\EyeDefender\EyeDefender.exe [163840 2009-11-18] ()
HKU\S-1-5-21-2304693183-1762852275-1586279311-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2304693183-1762852275-1586279311-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-2304693183-1762852275-1586279311-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-2304693183-1762852275-1586279311-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2304693183-1762852275-1586279311-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-04-08] (Microsoft Corporation)
BHO: ASUS Browser Extension x64 -> {78234974-0C4B-4111-BDEB-D9A104418772} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll [2012-09-11] (ASUSTeK Computer Inc.)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-11] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-05-31] (AVAST Software)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-08] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-04-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-03] (Oracle Corporation)
BHO-x32: ASUS Browser Extension x86 -> {78234974-0C4B-4111-BDEB-D9A104418771} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll [2012-09-11] (ASUSTeK Computer Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-05-31] (AVAST Software)
BHO-x32: No Name -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-03] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
Toolbar: HKLM-x32 - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-08] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\9cc1vqus.default-1428785744633
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-03] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-03] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-08] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-2304693183-1762852275-1586279311-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\USER\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-2304693183-1762852275-1586279311-1001: @talk.google.com/O1DPlugin -> C:\Users\USER\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-2304693183-1762852275-1586279311-1001: @tools.google.com/Google Update;version=3 -> C:\Users\USER\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-2304693183-1762852275-1586279311-1001: @tools.google.com/Google Update;version=9 -> C:\Users\USER\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-2304693183-1762852275-1586279311-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\USER\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-13] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\USER\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\USER\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-02]
Chrome:
=======
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Cast) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-20]
CHR Extension: (Adblock Plus) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-11] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-31] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 bufssvr; C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe [95608 2010-03-16] (BUFFALO INC.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-09-14] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-24] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-11] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-31] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [56704 2012-09-11] (ASUS Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-24] (Disc Soft Ltd)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-24] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-11 22:07 - 2015-04-06 15:36 - 00000098 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150411-220747.backup
2015-04-11 21:55 - 2015-04-11 21:55 - 00000000 ____D () C:\Users\USER\Desktop\Old Firefox Data
2015-04-08 14:25 - 2015-04-08 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-08 14:23 - 2015-04-08 14:22 - 00199772 _____ () C:\WINDOWSGARABD.tt2
2015-04-08 14:23 - 2015-04-08 14:22 - 00198072 _____ () C:\WINDOWSGARA.tt2
2015-04-08 14:23 - 2015-04-08 14:22 - 00189464 _____ () C:\WINDOWSGARAIT.tt2
2015-04-08 14:23 - 2015-04-08 14:22 - 00181124 _____ () C:\WINDOWSARIALNI.tt2
2015-04-08 14:23 - 2015-04-08 14:22 - 00180740 _____ () C:\WINDOWSARIALNB.tt2
2015-04-08 14:23 - 2015-04-08 14:22 - 00180084 _____ () C:\WINDOWSARIALNBI.tt2
2015-04-08 14:23 - 2015-04-08 14:22 - 00175956 _____ () C:\WINDOWSARIALN.tt2
2015-04-08 14:21 - 2015-04-08 14:21 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-04-08 14:20 - 2015-04-08 14:21 - 01075376 _____ (Microsoft Corporation) C:\Users\Guest\Downloads\Setup.X86.en-us_O365ProPlusRetail_139ad96e-0ae7-4843-a9fe-65f487aef253_TX_PR_.exe
2015-04-06 15:04 - 2015-04-06 15:04 - 00000000 ____D () C:\_OTL
2015-04-04 11:27 - 2015-04-11 21:58 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-04-04 11:27 - 2015-04-04 11:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-04 11:27 - 2015-04-04 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-04-04 01:39 - 2015-04-04 10:45 - 00285136 _____ () C:\WINDOWS\Minidump\040415-28078-01.dmp
2015-04-04 01:17 - 2015-04-12 16:18 - 00000000 ____D () C:\Users\USER\Desktop\Anti-Malware
2015-04-03 17:40 - 2015-04-03 17:40 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\USER\Downloads\rkill.com
2015-04-03 12:29 - 2015-04-03 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-04-03 12:29 - 2015-04-03 12:29 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-04-03 12:29 - 2015-04-03 12:29 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-04-03 12:22 - 2015-04-03 12:23 - 42096984 _____ (Apple Inc.) C:\Users\USER\Downloads\QuickTimeInstaller(1).exe
2015-04-03 12:17 - 2015-04-03 12:18 - 00031880 _____ () C:\Users\USER\Downloads\Addition.txt
2015-04-03 12:14 - 2015-04-12 16:54 - 00000000 ____D () C:\FRST
2015-04-03 12:14 - 2015-04-03 12:18 - 00033059 _____ () C:\Users\USER\Downloads\FRST.txt
2015-04-03 11:57 - 2015-04-03 11:57 - 00243368 _____ () C:\Users\USER\Downloads\Firefox Setup Stub 37.0.exe
2015-04-02 22:49 - 2015-04-04 12:05 - 00000000 ____D () C:\AdwCleaner
2015-04-02 17:01 - 2015-04-02 22:30 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-02 16:01 - 2015-04-02 16:01 - 00004368 _____ () C:\WINDOWS\System32\Tasks\coupons_and_fun_notification_service
2015-04-02 16:01 - 2015-04-02 16:01 - 00003730 _____ () C:\WINDOWS\System32\Tasks\coupons_and_fun_updating_service
2015-03-31 12:09 - 2015-04-02 10:57 - 00000000 ____D () C:\Users\USER\Documents\Masters Application
2015-03-27 11:40 - 2015-03-27 11:40 - 00003388 _____ () C:\Users\USER\AppData\Local\recently-used.xbel
2015-03-16 21:41 - 2015-03-16 21:41 - 00000000 ____D () C:\Users\USER\Tracing
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-12 16:55 - 2012-12-01 21:53 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-12 16:50 - 2012-12-27 15:07 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2304693183-1762852275-1586279311-1001UA.job
2015-04-12 16:36 - 2012-12-01 21:00 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-12 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-12 10:23 - 2012-11-15 20:15 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2304693183-1762852275-1586279311-1001
2015-04-12 10:19 - 2012-12-01 21:00 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-12 10:19 - 2012-11-15 20:07 - 00000529 _____ () C:\Users\USER\AppData\Roaming\sp_data.sys
2015-04-12 00:35 - 2012-12-25 01:48 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Skype
2015-04-11 16:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-11 10:09 - 2013-09-07 13:51 - 00000401 _____ () C:\Users\Guest\AppData\Roaming\sp_data.sys
2015-04-09 12:25 - 2013-09-07 13:51 - 00000000 ____D () C:\Users\Guest\AppData\Local\Packages
2015-04-08 14:49 - 2012-09-11 01:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-04-08 14:24 - 2013-09-07 13:51 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2015-04-08 14:18 - 2014-09-24 08:15 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-08 14:13 - 2013-08-22 15:46 - 00333250 _____ () C:\WINDOWS\setupact.log
2015-04-06 15:37 - 2014-11-12 20:29 - 00669770 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-06 15:37 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-04 01:39 - 2015-03-05 23:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-04 01:39 - 2015-01-16 14:50 - 506969831 _____ () C:\WINDOWS\MEMORY.DMP
2015-04-04 01:39 - 2015-01-16 14:50 - 00000000 ____D () C:\WINDOWS\Minidump
2015-04-04 01:39 - 2014-09-24 08:03 - 00016862 _____ () C:\WINDOWS\PFRO.log
2015-04-04 01:39 - 2014-05-24 17:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-03 17:42 - 2014-05-24 18:33 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-03 12:26 - 2013-08-09 14:47 - 00000000 ____D () C:\Users\USER\AppData\Local\Adobe
2015-04-03 12:25 - 2012-12-01 21:53 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-03 12:20 - 2013-11-26 12:29 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-03 12:18 - 2013-11-26 12:29 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-04-03 12:18 - 2013-01-02 05:41 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-03 11:59 - 2014-05-24 17:25 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-03 11:59 - 2014-05-24 17:25 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-02 22:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-04-02 22:29 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-02 20:51 - 2014-05-24 18:33 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-02 20:51 - 2014-05-24 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-02 20:51 - 2014-05-24 18:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-02 20:14 - 2012-12-02 03:46 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-04-02 10:45 - 2014-02-16 14:23 - 00000000 ____D () C:\Users\USER\Documents\CV
2015-04-02 09:50 - 2012-12-27 15:07 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2304693183-1762852275-1586279311-1001Core.job
2015-03-30 16:07 - 2013-05-22 18:31 - 00000000 ____D () C:\Users\USER\Documents\Aistí & Essays & Notes
2015-03-30 16:07 - 2013-01-07 16:05 - 00000000 ____D () C:\Users\USER\Documents\Articles
2015-03-30 02:06 - 2014-11-12 20:11 - 00000000 ____D () C:\Users\USER
2015-03-29 12:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-28 13:31 - 2015-01-06 20:53 - 00034816 _____ () C:\Users\USER\Documents\Expenses 2015.xls
2015-03-27 11:44 - 2014-04-14 17:35 - 00000000 ____D () C:\Users\USER\.gimp-2.8
2015-03-20 10:03 - 2014-10-13 22:39 - 00000000 ____D () C:\Users\USER\AppData\Local\gtk-2.0
2015-03-16 21:40 - 2014-03-03 20:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-16 21:40 - 2012-12-25 01:48 - 00000000 ____D () C:\ProgramData\Skype
==================== Files in the root of some directories =======
2013-07-08 20:38 - 2013-07-08 20:38 - 9842040 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2013-01-03 23:52 - 2013-01-03 23:52 - 0000021 _____ () C:\Users\USER\AppData\Roaming\my_intel.sys
2012-11-15 20:07 - 2015-04-12 10:19 - 0000529 _____ () C:\Users\USER\AppData\Roaming\sp_data.sys
2015-03-27 11:40 - 2015-03-27 11:40 - 0003388 _____ () C:\Users\USER\AppData\Local\recently-used.xbel
2012-09-11 01:37 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2012-09-11 01:37 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-09-11 01:37 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-12 20:02
==================== End Of Log ============================0 -
this should do it
open OTL copy this into the box
:OTL
[2012-09-11 01:37:22 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012-09-11 01:37:22 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012-09-11 01:37:22 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS
click run fix post the log it gives0 -
Still there, unfortunately.
========== OTL ==========
C:\ProgramData\SetStretch.exe moved successfully.
C:\ProgramData\SetStretch.cmd moved successfully.
C:\ProgramData\SetStretch.VBS moved successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 04122015_1908250 -
are you able to tell me what avast found, since you cant post the log ?0
-
Advertisement
-
Of the recent Avast scans that I did, only one found infected files. They were these three:
C: \Users\USER\AppData\Roaming\trz113F.tmp
C: \Users\USER\AppData\Roaming\trzCAA.tmp
C: \Users\USER\AppData\Roaming\trz3C19.tmp
According to Avast, their status is Win32:Dropper-gen [DRP] for the first and third and Win32:Malware-gen for the second. I deleted them. I've scanned it a number of times since, but no more infected files have been found.0 -
not sure what to do now, try mess around with chrome settings, use it in safe mode etc0
-
Can you describe what popups/adverts you are getting and what does your homepage look like,
if possible a screenshot.
Also, reset your Hosts file0 -
not sure what to do now, try mess around with chrome settings, use it in safe mode etc
Chrome is fine, I managed to fix that at the start. With your instructions, I seemed to have removed a few hidden things that weren't giving overt problems, as well. I'll try playing around with Firefox, see if it sorts it out.
Thanks for your help, I very much appreciate it.Can you describe what popups/adverts you are getting and what does your homepage look like,
if possible a screenshot.
Also, reset your Hosts file
Adverts at the top of the page, bottom, side, between posts. Banners, videos etc. It says below each "Ads by name". It also hyperlinks certain words/phrases throughout the page. I've put up a few screenshots below (the top banner in the first screenshot is a proper Boards ad, the rest are all from the malware).
What other effects would resetting the hosts file do? How would it affect other files on my computer?
0 -
Ever used Process Explorer? You can get it from the Sysinternals site.
It's brilliant for figuring out this kind of thing. The malware will be running either as it's own process (unlikely, considering all the scans you've done so far) or within the browser process. If its in the browser process you can track it down by clicking on the browser entry in Process Explorer and Ctrl-L to see the list of files open in that program. Look for any suspiciously named files, random alphanumeric strings and the like.0 -
Resetting hosts file won't do anything, except maybe affect any cracked porograms that you may have on your pc.
Update Malwarebytes. Run a threat scan. Clean anything it finds.
Now download Hitmanpro
Download and install it. Click 'Next' when it has finished scanning, and activate free 30 day license to remove all detected threats.
In any order
Open Internet Explorer:
click on the gear cog (Or 'Tools' if on older version) on the top right hand side of it, then click again on Internet Options -> Advanced tab -> Reset.
Open Firefox:
Click on 'Help' -> Troubleshooting information -> Reset Firefox.
Open Chrome:
Click on the Three Lines on the top right hand side of the browser.
-> More Tools -> Extensions
Remove any extensions that you are unsure of, by clicking on the the rubbish bin.
(Remove them all if you want).
If it stops you, and you see Installed by enterprise policy
post it back here.
Download and run Eusing Free Registry Cleaner
When all is finished and hopefully clean. You can uninstall all of the extra programs that you have installed over the last couple of days.0 -
Followed all those instructions, then again on safe mode. It made a few fixes and found a bit of malware, but no luck. I deleted the Firefox folder in AppData\Roaming, but that didn't work either. I've no idea where the thing is hiding.
I used Process Explorer as well, but couldn't find it. Tried killing a few things in Firefox. The closest I came was one of the advert banners crashing (it wasn't Flash that I disabled when that happened).0 -
Right, there are a few different directions to take, and software to try.
If nothing else, can you try Spyhunter4
I'm not sure if it allows 1 or any free cleans. But just use it to detect. and post a log or screenshot of anything it detects.0 -
-
Advertisement
-
don't waste your money, if mbam isn't finding anything then spyhunter is BSing you
try this, download combofix, run it and post the log it gives
http://www.bleepingcomputer.com/download/combofix/0 -
don't waste your money, if mbam isn't finding anything then spyhunter is BSing you
try this, download combofix, run it and post the log it gives
http://www.bleepingcomputer.com/download/combofix/
Oh yeah, wasn't planning on buying it. Assumed it was the old trick of saying the computer was riddled, but there was one programme alright in the IE folder that I removed.
ComboFix isn't compatible with Windows 8.1 and it doesn't run on compatibility mode, so I can't use it.0 -
don't waste your money, if mbam isn't finding anything then spyhunter is BSing you
try this, download combofix, run it and post the log it gives
http://www.bleepingcomputer.com/download/combofix/
It's not.Oh yeah, wasn't planning on buying it. Assumed it was the old trick of saying the computer was riddled, but there was one programme alright in the IE folder that I removed.
ComboFix isn't compatible with Windows 8.1 and it doesn't run on compatibility mode, so I can't use it.
Spyhunter is very good. I'm not going to go into it too much here. PM'ing instead. I asked for the Screenshots, as I wanted to see what was caught by them, and not by the others.0 -
Can you check your DNS settings ?
1.Run a nslookup against boards.ie and post back the results.
2. Check that your not routing your HTTP connections through a web server proxy and could be intercepting the page and injecting ads.
Tools->Internet Options->Connections tab->Lan Settings button
http://www.lagado.com/proxy-test
3. Also post back a traceroute to boards.ie
4. Use a tool called autoruns by sysinternals, this will show all service started on boot up and within the browser such as addons etc0 -
I managed to get this fixed in the end, without losing any of my Firefox data etc by moving some things about and re-installing FF fully.
Thanks a million to everyone that helped, I really appreciate it. I was never here before, but this is a gem of a forum with plenty of helpful people.
Allyall, I'm trying to send you a PM, but your inbox is full. If you could make space so I can send it on, that'd be great.0 -
I managed to get this fixed in the end, without losing any of my Firefox data etc by moving some things about and re-installing FF fully.
Thanks a million to everyone that helped, I really appreciate it. I was never here before, but this is a gem of a forum with plenty of helpful people.
Allyall, I'm trying to send you a PM, but your inbox is full. If you could make space so I can send it on, that'd be great.
Sorry, Cleaned it out now.
*********
Hopefully this is what helped. My fault for not mentioning it along with the reset earlier..
--
But if anyone has similar problems in future, this may be the quicker fix.
--
Do this after any scans (Clean Reinstall of Firefox)- Download the installer for Firefox from https://www.mozilla.org/firefox/all/
- Exit out of your Firefox
- Rename the program folder
C:\Program Files (x86)\Mozilla Firefox to C:\Program Files (x86)\OldFirefox
If it's 32 Bit Windows
C:\Program Files\Mozilla Firefox to C:\Program Files\OldFirefox
Run the installer you downloaded. It should automatically use your existing settings.
- Sometimes plugins may not appear in the new installation, but they will be in the OldFirefox folder.
If something is missing, check here:
C:\Program Files\OldFirefox\Plugins
C:\Program Files\OldFirefox\browser\plugins
It may save someone a lot of time.0 -
Advertisement
-
Does Combofix work on Windows 8.1?0
-
no0
-
Which is better AdBlock or AdBlockPlus or should I add on the two? And I want to download Windows Defender but it won't because Laptop has McAfee pre-installed. Is McAfee any good? Something called SmartSearch is also pre-installed, is it any good or is it just taking up space?0
-
kissmequick wrote: »Which is better AdBlock or AdBlockPlus or should I add on the two? And I want to download Windows Defender but it won't because Laptop has McAfee pre-installed. Is McAfee any good? Something called SmartSearch is also pre-installed, is it any good or is it just taking up space?
Either would be fine, but not both. I use Adblock Plus.
Smart Search isn't yet available in Ireland (afaik), and that's probably not a bad thing, as it's giftwrapped to look like a good thing for the user, while it is gathering data for the advertisers.
http://www.dummies.com/how-to/content/the-problem-with-windows-81-smart-search.html
If you are not paying for McAfee, then uninstall it and try Windows Defender.0 -
-
Advertisement
-
Smart Search comes with Windows 8.1.0 -
Yeah it's an 8.1. Thanks.
Am thinking this .1 could be a whole lotta trouble for the sake of a decimal point. Re-installed Chrome. It's now as slow as my last banjaxed pooter and now I can't open Yahoo.
I have about 40 Malware Scanner things running so as not to catch any bad guys! :pac: I guess all those could be slowing it down though? Well if I see one feckin' worm or trojan or whatever I'll go berserk. People what is pepperflash?! Is it bad or is it good?! I think I remember looking it up before and it seemed to be suggested that it was a baddie. I un-installed Chrome when it was going slow and through having a few cross words with Internet Explorer I in-advertently opened up Google Chrome! Even though it was supposed to be un-installed ...:rolleyes: And anyways in the Google Folder is this thing called Pepperflash.0 -
Hey Guys,
Every now and then chrome gets infected by some sort of malware, mystartsearch and gets flooded with ads. I run adwcleaner, windows defendor, ccleaner and uninstall & reinstall chrome and everything fine. But I seem to have to go through this process every few weeks when chrome restarts while i'm on it and it's infected again.
Anyone have any ideas as to what is going on? Thank you!0 -
you must be installing some "good" toolbar/extension/program that is re-infecting you0
Advertisement