View Full Version : Malware on laptop #2
captngaryr
2014-12-10, 18:06
Posting with Adam has revealed additional malware on my wife's laptop. Since then I have run Spybot on it again and the performance is improved. What should I now do to confirm that it is indeed clean?
Thanks,
Gary
LiquidTension
2014-12-10, 21:05
Hi Gary,
Please rerun FRST and post the two logs (FRST.txt and Addition.txt) generated.
captngaryr
2014-12-10, 21:37
See logs below:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-12-2014 01
Ran by Jan (administrator) on JRUSSELL-PC on 10-12-2014 14:33:09
Running from C:\Users\Jan\Desktop
Loaded Profiles: Jan & Gary (Available profiles: Jan & Gary)
Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-15] (Synaptics, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\MountPoints2: {2dda9459-3161-11df-bdc6-806e6f6e6963} - D:\Setup.exe
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-307368558-4187912120-227459302-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-307368558-4187912120-227459302-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ig
HKU\S-1-5-21-307368558-4187912120-227459302-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-307368558-4187912120-227459302-1000 -> {FD48298C-FE41-4BA1-AD03-69FF6400DA56} URL = http://www.amazon.com/s?ie=UTF8&tag=amznsearch.ms-20&index=aps&link%5Fcode=qs&field-keywords={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1000 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1004 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1004 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1004 -> No Name - {9302E698-7E00-43AB-B867-C6E759BC2ADA} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1004 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.243.0.12
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default ->
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-09]
CHR Extension: (Adblock Plus) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-09]
CHR Extension: (God is Love) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmoefmiillanibjonlncaemnefahnea [2014-10-02]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-12-09]
CHR Extension: (Google Wallet) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-12-09]
CHR HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Jan\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-11-21]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [62464 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [59392 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [27648 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Appinfo; C:\Windows\System32\appinfo.dll [47104 2013-02-26] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\Windows\System32\appmgmts.dll [149504 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [720896 2008-12-01] (ATI Technologies Inc.) [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [475136 2014-10-02] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [475136 2014-10-02] (Microsoft Corporation) [File not signed]
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [88064 2010-11-20] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [76800 2009-07-13] (Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [494592 2010-11-20] (Microsoft Corporation) [File not signed]
R2 BITS; C:\Windows\System32\qmgr.dll [585728 2010-11-20] (Microsoft Corporation) [File not signed]
R3 Browser; C:\Windows\System32\browser.dll [102912 2012-07-04] (Microsoft Corporation) [File not signed]
S3 bthserv; C:\Windows\system32\bthserv.dll [64512 2009-07-13] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\Windows\System32\certprop.dll [67584 2010-11-20] (Microsoft Corporation) [File not signed]
S3 COMSysApp; C:\Windows\system32\dllhost.exe [7168 2009-07-13] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [143872 2014-07-06] (Microsoft Corporation) [File not signed]
R2 CscService; C:\Windows\System32\cscsvc.dll [546304 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [376832 2010-11-20] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [1333016 2008-11-22] (Diskeeper Corporation)
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [132608 2011-03-03] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [214016 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DPS; C:\Windows\system32\dps.dll [144384 2010-11-20] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\Windows\System32\eapsvc.dll [98304 2009-07-13] (Microsoft Corporation) [File not signed]
S3 EFS; C:\Windows\System32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556544 2010-11-20] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-13] (Microsoft Corporation) [File not signed]
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1086976 2010-11-20] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [271360 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [523264 2010-11-20] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\Windows\system32\fdPHost.dll [12800 2009-07-13] (Microsoft Corporation) [File not signed]
R2 FDResPub; C:\Windows\system32\fdrespub.dll [28160 2009-07-13] (Microsoft Corporation) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-03-16] (Macrovision Europe Ltd.) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [906240 2013-10-06] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [593408 2010-11-20] (Microsoft Corporation) [File not signed]
S3 hidserv; C:\Windows\system32\hidserv.dll [49152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [71168 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [194560 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [102912 2014-11-21] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [679424 2013-10-11] (Microsoft Corporation) [File not signed]
R2 IPBusEnum; C:\Windows\system32\ipbusenum.dll [78848 2009-07-13] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [499712 2012-10-03] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [308736 2009-07-13] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [168960 2010-11-20] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [84480 2010-11-20] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [189952 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [18432 2009-07-13] (Microsoft Corporation) [File not signed]
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [68096 2010-11-20] (Microsoft Corporation) [File not signed]
S2 MMCSS; C:\Windows\system32\mmcss.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [566272 2010-11-20] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [114688 2009-07-13] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [73216 2010-11-20] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 napagent; C:\Windows\system32\qagentRT.dll [330240 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [280576 2009-07-13] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [242176 2012-10-03] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [19456 2009-07-13] (Microsoft Corporation) [File not signed]
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 p2psvc; C:\Windows\system32\p2psvc.dll [327680 2009-07-13] (Microsoft Corporation) [File not signed]
R3 PcaSvc; C:\Windows\System32\pcasvc.dll [154624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 PeerDistSvc; C:\Windows\system32\peerdistsvc.dll [1004544 2009-07-13] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1508864 2010-11-20] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [293376 2011-05-24] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [20480 2009-07-13] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [350208 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [119808 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [164352 2012-04-30] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [210944 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [90624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\Windows\System32\rasmans.dll [286208 2010-11-20] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [75264 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [112640 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [43520 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [9216 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [376832 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\Windows\system32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [132608 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [750592 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [67584 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [125952 2010-11-20] (Microsoft Corporation) [File not signed]
S3 seclogon; C:\Windows\system32\seclogon.dll [21504 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [300544 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [317440 2012-02-11] (Microsoft Corporation) [File not signed]
R2 sppsvc; C:\Windows\system32\sppsvc.exe [3179520 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [53760 2010-11-20] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [162816 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [90112 2009-07-13] (Microsoft Corporation) [File not signed]
R2 StiSvc; C:\Windows\System32\wiaservc.dll [463360 2010-11-20] (Microsoft Corporation) [File not signed]
S3 StorSvc; C:\Windows\system32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [313856 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\Windows\system32\sysmain.dll [1159168 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [73216 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TBS; C:\Windows\System32\tbssvc.dll [55808 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [523776 2014-10-13] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-13] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [77312 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [204800 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2009-07-13] (Microsoft Corporation) [File not signed]
S3 UmRdpService; C:\Windows\System32\umrdp.dll [171008 2010-11-20] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\System32\upnphost.dll [266752 2009-07-13] (Microsoft Corporation) [File not signed]
R2 UxSms; C:\Windows\System32\uxsms.dll [29696 2009-07-13] (Microsoft Corporation) [File not signed]
S3 VaultSvc; C:\Windows\system32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [453632 2010-11-20] (Microsoft Corporation) [File not signed]
S3 VSS; C:\Windows\system32\vssvc.exe [1025536 2010-11-20] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [288768 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1203200 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [151552 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32768 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [76288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [76288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [205824 2013-07-04] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [147968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [61440 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [65024 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation) [File not signed]
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [351232 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [168960 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [1177088 2014-10-02] (Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [829440 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [136192 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121792 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [85504 2010-11-20] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\Windows\System32\wscsvc.dll [73728 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [427520 2011-05-03] (Microsoft Corporation) [File not signed]
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [73216 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [185344 2014-01-27] (Microsoft Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [164864 2010-11-20] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [10240 2010-11-20] (Microsoft Corporation) [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2014-05-30] (Microsoft Corporation) [File not signed]
R3 AmdK8; C:\Windows\System32\DRIVERS\amdk8.sys [55296 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [52736 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2010-11-20] (Microsoft Corporation) [File not signed]
R3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
R3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [4179968 2008-12-01] (ATI Technologies Inc.) [File not signed]
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-13] (Broadcom Corporation) [File not signed]
S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-13] (Broadcom Corporation) [File not signed]
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl6.sys [1131008 2009-07-13] (Broadcom Corporation) [File not signed]
R3 bcm4sbxp; C:\Windows\System32\DRIVERS\bcm4sbxp.sys [46080 2009-07-13] (Broadcom Corporation) [File not signed]
R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [35328 2009-07-13] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-22] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [13568 2009-07-13] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [5248 2009-07-13] (Brother Industries, Ltd.) [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [56320 2009-07-13] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-13] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\system32\drivers\cdrom.sys [108544 2010-11-20] (Microsoft Corporation) [File not signed]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [37888 2009-07-13] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14080 2009-07-13] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [31232 2010-11-20] (Microsoft Corporation) [File not signed]
R1 CSC; C:\Windows\System32\drivers\csc.sys [388096 2010-11-20] (Microsoft Corporation) [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2010-11-20] (Microsoft Corporation) [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-13] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5120 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-13] (Broadcom Corporation) [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [7168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\system32\Drivers\exfat.sys [142336 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [148480 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-13] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [19968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-13] (Hauppauge Computer Works, Inc.) [File not signed]
R3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [304128 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [108544 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [21504 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [91136 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [37888 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [24064 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513536 2010-11-20] (Microsoft Corporation) [File not signed]
R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [80896 2009-07-13] (Microsoft Corporation) [File not signed]
S3 intelppm; C:\Windows\system32\DRIVERS\intelppm.sys [53760 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [65536 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [28160 2010-11-20] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-13] (Microsoft Corporation) [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-13] (Microsoft Corporation) [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-13] (Microsoft Corporation) [File not signed]
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [26112 2009-07-13] (Microsoft Corporation) [File not signed]
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2013-07-04] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123904 2011-04-26] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [223744 2011-07-08] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [96768 2011-04-26] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2009-07-13] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-13] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [46080 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48640 2010-11-20] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2010-11-20] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-13] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62464 2009-07-13] (Microsoft Corporation) [File not signed]
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.) [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [79360 2009-07-13] (Microsoft Corporation) [File not signed]
S2 Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [8704 2009-07-13] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-13] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [52224 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-13] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-13] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [242688 2010-11-20] (Microsoft Corporation) [File not signed]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [18944 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2010-11-20] (Microsoft Corporation) [File not signed]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [133632 2010-11-20] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [15872 2010-11-20] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [184320 2014-07-16] (Microsoft Corporation) [File not signed]
R2 rimmptsk; C:\Windows\System32\DRIVERS\rimmptsk.sys [32256 2006-11-14] (REDC) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [5632 2010-11-20] (Microsoft Corporation) [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2010-11-20] (Microsoft Corporation) [File not signed]
R3 sdbus; C:\Windows\system32\drivers\sdbus.sys [84992 2010-11-20] (Microsoft Corporation) [File not signed]
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [83456 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [19968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [11264 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [13824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-13] (Microsoft Corporation) [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [311808 2011-04-28] (Microsoft Corporation) [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [310272 2011-04-28] (Microsoft Corporation) [File not signed]
R3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [207360 2009-07-13] (Conexant Systems, Inc.) [File not signed]
R3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-13] (Conexant Systems, Inc.) [File not signed]
R3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT3.SYS [661504 2009-07-13] (Conexant Systems, Inc.) [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114688 2011-04-28] (Microsoft Corporation) [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [35328 2012-10-03] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [18432 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24576 2012-02-16] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2014-11-10] (Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2014-07-16] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [52224 2010-11-20] (Microsoft Corporation) [File not signed]
S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2010-11-20] (Microsoft Corporation) [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2010-11-20] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\system32\drivers\umbus.sys [39936 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [76288 2013-11-26] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [43520 2013-11-26] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2013-11-26] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [20480 2013-11-26] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [76288 2011-03-10] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [24064 2013-11-26] (Microsoft Corporation) [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ViaC7; C:\Windows\system32\DRIVERS\viac7.sys [52736 2009-07-13] (Microsoft Corporation) [File not signed]
S3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [17920 2010-11-20] (Microsoft Corporation) [File not signed]
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation) [File not signed]
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation) [File not signed]
S3 vpcuxd; C:\Windows\system32\drivers\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation) [File not signed]
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-13] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-13] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [21632 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] (Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [35968 2010-11-20] (Microsoft Corporation) [File not signed]
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2009-07-13] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-25] (Microsoft Corporation) [File not signed]
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 MpKslf1af6dfc; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8137E546-70DE-40C4-A048-F9A9783463F9}\MpKslf1af6dfc.sys [X]
S3 RapportIaso; \??\c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-10 14:33 - 2014-12-10 14:33 - 00048977 _____ () C:\Users\Jan\Desktop\FRST.txt
2014-12-10 14:32 - 2014-12-10 14:32 - 01111040 _____ (Farbar) C:\Users\Jan\Desktop\FRST.exe
2014-12-10 13:29 - 2014-12-10 13:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-10 13:24 - 2014-12-10 13:24 - 00001064 _____ () C:\Users\Jan\Desktop\JRT.txt
2014-12-10 13:21 - 2014-12-10 13:21 - 00000000 ____D () C:\Windows\ERUNT
2014-12-10 13:20 - 2014-12-10 13:20 - 01707646 _____ (Thisisu) C:\Users\Jan\Downloads\JRT.exe
2014-12-10 13:16 - 2014-12-10 13:16 - 00000318 _____ () C:\Windows\PFRO.log
2014-12-10 13:16 - 2014-12-10 13:16 - 00000056 _____ () C:\Windows\setupact.log
2014-12-10 13:16 - 2014-12-10 13:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-10 13:09 - 2014-12-10 13:15 - 00000000 ____D () C:\AdwCleaner
2014-12-10 13:08 - 2014-12-10 13:09 - 02166272 _____ () C:\Users\Jan\Downloads\AdwCleaner (1).exe
2014-12-10 12:43 - 2014-12-10 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-12-10 12:06 - 2014-12-10 12:06 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 12:04 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 12:04 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 12:04 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 12:04 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 12:04 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 11:32 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 11:32 - 2014-11-10 20:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 11:31 - 2014-12-03 23:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 11:31 - 2014-12-03 23:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 11:31 - 2014-12-03 23:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 11:31 - 2014-12-03 23:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 11:31 - 2014-12-03 23:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 11:31 - 2014-12-03 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 11:31 - 2014-12-03 23:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 11:31 - 2014-12-01 18:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 11:31 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 11:31 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 11:31 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 11:31 - 2014-11-21 21:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 11:31 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 11:31 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 11:31 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 11:31 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 11:31 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 11:31 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 11:31 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 11:31 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 11:31 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 11:31 - 2014-11-21 20:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 11:31 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 11:31 - 2014-11-21 20:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 11:31 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 11:31 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 11:31 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 11:31 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 11:31 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 11:31 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 11:31 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 11:31 - 2014-11-21 20:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 11:31 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 11:31 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 11:31 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 11:31 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 11:31 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 11:31 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 11:31 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 11:30 - 2014-10-29 20:46 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 11:30 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 11:30 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 11:30 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 11:30 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 11:30 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 11:30 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 11:30 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-12-09 16:19 - 2014-12-09 16:19 - 00852487 _____ () C:\Users\Jan\Downloads\SecurityCheck.exe
2014-12-09 16:06 - 2014-12-09 16:06 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-12-09 16:06 - 2014-12-09 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-09 16:06 - 2014-12-09 16:06 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-12-09 16:00 - 2014-12-09 16:00 - 00638888 _____ (Oracle Corporation) C:\Users\Jan\Downloads\chromeinstall-8u25 (1).exe
2014-12-09 15:55 - 2014-12-09 15:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-09 15:53 - 2014-12-09 15:53 - 00638888 _____ (Oracle Corporation) C:\Users\Jan\Downloads\chromeinstall-8u25.exe
2014-12-09 15:50 - 2014-12-09 15:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 15:50 - 2014-12-09 15:50 - 00001949 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-12-09 15:40 - 2014-12-09 15:41 - 17711760 _____ (Adobe Systems Inc.) C:\Users\Jan\Downloads\AdobeAIRInstaller (1).exe
2014-12-09 12:17 - 2014-12-09 12:18 - 05162080 _____ (Piriform Ltd) C:\Users\Jan\Downloads\ccsetup500.exe
2014-12-09 12:11 - 2014-12-09 12:11 - 00000997 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-12-09 12:11 - 2014-12-09 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-12-09 12:11 - 2014-12-09 12:11 - 00000000 ____D () C:\ProgramData\Licenses
2014-12-09 12:11 - 2014-12-09 12:11 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-12-09 12:10 - 2014-12-09 12:11 - 04095448 _____ (BrightFort LLC ) C:\Users\Jan\Downloads\spywareblastersetup50.exe
2014-12-08 07:36 - 2014-12-08 07:38 - 00030869 _____ () C:\Users\Jan\Downloads\Addition.txt
2014-12-08 07:31 - 2014-12-08 07:38 - 00027217 _____ () C:\Users\Jan\Downloads\FRST.txt
2014-12-08 07:27 - 2014-12-10 14:33 - 00000000 ____D () C:\FRST
2014-12-08 07:26 - 2014-12-08 07:26 - 01111040 _____ (Farbar) C:\Users\Jan\Downloads\FRST.exe
2014-11-19 13:35 - 2014-11-19 13:35 - 00001775 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-19 13:35 - 2014-11-19 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-19 13:34 - 2014-11-19 13:35 - 00000000 ____D () C:\Program Files\QuickTime
2014-11-19 13:30 - 2014-11-19 13:31 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-19 10:02 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 10:02 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
2014-11-17 20:51 - 2014-12-10 13:18 - 00000000 ___RD () C:\Users\Jan\Google Drive
2014-11-17 20:51 - 2014-11-17 20:51 - 00001684 _____ () C:\Users\Jan\Desktop\Google Drive.lnk
2014-11-13 10:38 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 10:38 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 10:38 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 10:37 - 2014-10-09 19:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 10:37 - 2014-10-02 20:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 10:37 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 10:37 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 10:37 - 2014-10-02 20:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 10:37 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 10:37 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 10:37 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 10:37 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 10:37 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 10:37 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 10:37 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 10:37 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 10:37 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 10:36 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 10:36 - 2014-10-13 20:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 10:36 - 2014-10-13 20:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 10:36 - 2014-10-13 20:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 10:36 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 10:36 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-10 14:13 - 2014-08-24 12:08 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-10 14:02 - 2012-07-12 20:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-10 13:22 - 2010-03-16 20:08 - 01697761 _____ () C:\Windows\WindowsUpdate.log
2014-12-10 13:17 - 2014-08-24 12:08 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-10 13:17 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-10 13:15 - 2009-07-13 23:34 - 00024384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-10 13:15 - 2009-07-13 23:34 - 00024384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-10 12:57 - 2010-03-16 19:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-10 12:18 - 2011-02-04 17:33 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-10 12:06 - 2014-07-12 08:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 12:06 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 12:03 - 2013-10-06 20:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 11:55 - 2010-03-16 17:26 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 16:05 - 2010-03-16 18:38 - 00000000 ____D () C:\Program Files\Java
2014-12-09 15:55 - 2011-04-06 06:22 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-12-09 15:55 - 2011-04-06 06:22 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-09 15:55 - 2011-04-06 06:22 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-09 15:52 - 2010-03-16 18:34 - 00000000 ____D () C:\Users\Jan\AppData\Local\Adobe
2014-12-09 15:50 - 2010-03-16 18:31 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-09 15:49 - 2010-03-16 18:29 - 00000000 ____D () C:\Program Files\Adobe
2014-12-09 15:44 - 2010-03-16 18:41 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-12-09 13:10 - 2014-08-24 12:10 - 00002161 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-09 12:20 - 2011-02-05 11:20 - 00000925 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-09 12:20 - 2011-02-05 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-09 12:20 - 2010-03-16 19:03 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-09 12:19 - 2010-03-16 19:03 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-03 11:14 - 2010-04-06 18:28 - 00000348 _____ () C:\Windows\Tasks\File Helper.job
2014-11-19 13:31 - 2014-04-14 17:45 - 00001713 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-19 13:31 - 2011-08-27 07:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-19 13:31 - 2011-08-07 21:01 - 00000000 ____D () C:\Program Files\iTunes
2014-11-19 13:30 - 2010-03-21 08:34 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-19 13:29 - 2014-09-09 09:07 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-11-17 20:51 - 2010-03-16 17:17 - 00000000 ____D () C:\Users\Jan
2014-11-17 14:36 - 2010-03-16 17:21 - 00855842 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-16 09:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-11-16 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-16 08:02 - 2009-07-13 23:33 - 00494072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-16 08:00 - 2014-06-22 14:40 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Copy
2014-11-16 07:23 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Branding
Files to move or delete:
====================
C:\Users\Jan\gotomypc_533.exe
Some content of TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\Quarantine.exe
C:\Users\Jan\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-10-23 14:09] - [2014-07-16 20:39] - 0304128 ____A (Microsoft Corporation) 52449FD429D6053B78AE564DEF303870
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-08 09:19
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-12-2014 01
Ran by Jan at 2014-12-10 14:34:32
Running from C:\Users\Jan\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 7.1.0 Professional (HKLM\...\Adobe Acrobat 7.0 Professional - V) (Version: 7.1.0 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 2.61 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon)
AOL Toolbar (HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\AOL Toolbar) (Version: - )
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 5.1 (HKLM\...\MP Navigator EX 5.1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Click to Call with Skype (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8153 - Skype Technologies S.A.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Diskeeper 2009 Professional (HKLM\...\{76C038B6-95BF-47CE-85C8-2EE5915D145C}) (Version: 13.0.835.32 - Diskeeper Corporation)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Hallmark Card Studio 2013 Deluxe (HKLM\...\{A6E08FBC-FC99-4CEE-B645-83A42107BE89}) (Version: 14.0.1.1 - Creative Home)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: - )
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Menu Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2008 Standard Edition - ENU (HKLM\...\Microsoft Visual Studio 2008 Standard Edition - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{05EC21B8-4593-3037-A781-A6B5AFFCB19D}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{64c5b887-b5ee-42b8-8596-78905a6b5f1f}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (HKLM\...\{B268E9A1-04A9-40D0-9866-846BE2B74BA7}) (Version: 6.1.5288.17011 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Movie Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 (HKLM\...\{bb0d5197-d91a-468a-9db1-81a26079efb3}) (Version: - Nero AG)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PhotoshopdotcomInspirationBrowser (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0 - Dell)
Quicken 2008 (HKLM\...\{3B0F52AC-EF5C-4831-B221-06C782E41280}) (Version: 17.1.7.5 - Intuit)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
SoundTrax (Version: 4.4.37.1 - Nero AG) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.0.1.3 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC Runtimes MSI (Version: 9.0.21022 - Microsoft) Hidden
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Chrome\Application\22.0.1229.79\delegate_execute.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9}\InprocServer32 -> C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{B6CE1A28-A831-43E4-A81F-E2B429D66231}\InprocServer32 -> C:\Users\Gary\AppData\Local\ASKTOO~1\DOWNLO~1\Nero.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:04 - 2012-07-09 22:38 - 00442794 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {251E0412-86EB-42B7-94A0-29DE0DCD0BDB} - System32\Tasks\{99F1D448-A035-4D4F-B08F-9C298D14B85F} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {38DE698E-135F-4EED-8F3B-A2EF9C1B39FF} - System32\Tasks\{79264564-4269-4F7C-9782-8BF89C64B272} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {40338CA4-7958-4930-82BF-10DF2B107DB6} - System32\Tasks\{D7439C65-FF1E-41AA-BB9F-75C89A7549AC} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {40B7D9F5-4481-4EA5-9662-A63CC8B3ECC1} - System32\Tasks\{83E63673-3C17-4770-BEBB-C50A06012874} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {411AD518-21A1-49A9-82D0-12FC8917F531} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {48142775-11AB-4946-9210-B627B68295B7} - System32\Tasks\{6FB82D0E-1363-417B-8F9C-A78ACCFE2080} => C:\Afterguard\bin\Debug\Afterguard.exe
Task: {4C81F37B-FE0A-4E33-9775-1A3EA6596E01} - System32\Tasks\{6067FE0F-DDAC-40AE-A6A1-BC4E26B1BB72} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {4D1DCB40-B06D-438D-892D-4EFB1D50BCA0} - System32\Tasks\{ED214480-C912-40DF-829B-8CA52DA87986} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {62056E0A-81D1-48B9-BD24-C484100DACC8} - System32\Tasks\{1B439A72-430A-486F-B961-F88DF8C70E21} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {6C2AC357-C59D-47B3-9CDF-C5607457A104} - System32\Tasks\{406B4CEE-0D01-4045-A0CE-20A7F974F844} => Chrome.exe
Task: {7D1B07E5-B607-4F8F-992C-200674D05A59} - System32\Tasks\{9DCDDC15-D6DB-4AA8-B2B7-B625D0FAAB98} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {7EB4BD7D-9DE6-4741-B1F8-8A3CF08AF1B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-11] (Adobe Systems Incorporated)
Task: {80693FBD-4D93-4DC9-8927-5CF96870D9B3} - System32\Tasks\{E04C7935-726F-4382-8430-75237BAB080B} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {994EA4B5-55B0-4BDC-807E-7925400F3FCE} - System32\Tasks\{A73CB635-FBA9-44F2-A2B3-C1040CA7CADA} => C:\Program Files\Afterguard\Afterguard.exe
Task: {9AD505CE-6B6C-4F3C-B411-CE48C6F04A19} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)
Task: {9FC1A73E-5B08-424C-B1D5-B9B6821C7CAD} - System32\Tasks\File Helper => C:\Program Files\File Helper\2.3.0.7\FileHelper.exe
Task: {AA36AF76-442A-455E-B12E-3CF5DF7FD67E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-24] (Google Inc.)
Task: {B059A988-388E-474F-8681-E7A775D2F5D4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-24] (Google Inc.)
Task: {C178D654-6519-428D-A010-7FB0C03A4298} - System32\Tasks\{E257D6F2-B178-4A17-BADF-354AE9A944D9} => C:\Program Files\Afterguard\Afterguard.exe
Task: {CB9C61F9-38E2-4654-B4E6-BC7B16178DC4} - System32\Tasks\{EB860F96-35B3-4C95-AEEF-EB8C3D25B74F} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {D792FD41-A978-448A-98A7-F5290796060C} - System32\Tasks\{3DD3FD94-1E5A-4562-BB3D-9C3251B95397} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {F5A94878-E9B4-406A-BC49-47743E556941} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FBB02DE7-DE01-4BA4-8B07-D1DB42C6FBA8} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)
Task: {FE772D3B-1926-48EC-B1A1-911F1FE6A731} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\File Helper.job => C:\Program Files\File Helper\2.3.0.7\FileHelper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-10 13:17 - 2014-12-10 13:17 - 00098816 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\win32api.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00110080 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\pywintypes27.dll
2014-12-10 13:17 - 2014-12-10 13:17 - 00364544 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\pythoncom27.dll
2014-12-10 13:17 - 2014-12-10 13:17 - 00045568 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\_socket.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 01160704 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\_ssl.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00320512 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\win32com.shell.shell.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00713216 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\_hashlib.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 01175040 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\wx._core_.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00805888 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\wx._gdi_.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00811008 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\wx._windows_.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 01062400 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\wx._controls_.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00735232 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\wx._misc_.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00128512 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\_elementtree.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00127488 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\pyexpat.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00557056 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\pysqlite2._sqlite.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00007168 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\hashobjs_ext.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00087552 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\_ctypes.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00119808 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\win32file.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00108544 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\win32security.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00018432 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\win32event.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00038912 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\win32inet.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00070656 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\wx._html2.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00167936 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\win32gui.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00011264 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\win32crypt.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00027136 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\_multiprocessing.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00686080 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\unicodedata.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00122368 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\wx._wizard.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00010240 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\select.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00024064 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\win32pipe.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00025600 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\win32pdh.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00525640 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\windows._lib_cacheinvalidation.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00035840 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\win32process.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00017408 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\win32profile.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00022528 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\win32ts.pyd
2014-12-10 13:17 - 2014-12-10 13:17 - 00078336 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI35522\wx._animate.pyd
2014-12-09 13:10 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-09 13:10 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeActiveFileMonitor7.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Nero BackItUp Scheduler 4.0 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk => C:\Windows\pss\Event Planner Reminder.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 7.0 => "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Wondershare Helper Compact => "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-307368558-4187912120-227459302-500 - Administrator - Disabled)
Gary (S-1-5-21-307368558-4187912120-227459302-1004 - Administrator - Enabled) => C:\Users\Gary
Guest (S-1-5-21-307368558-4187912120-227459302-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-307368558-4187912120-227459302-1002 - Limited - Enabled)
Jan (S-1-5-21-307368558-4187912120-227459302-1000 - Administrator - Enabled) => C:\Users\Jan
==================== Faulty Device Manager Devices =============
Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: MpKslf1af6dfc
Description: MpKslf1af6dfc
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKslf1af6dfc
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: AMD Processor model unknown
Percentage of memory in use: 55%
Total physical RAM: 1918.05 MB
Available physical RAM: 861.12 MB
Total Pagefile: 4990.05 MB
Available Pagefile: 3699.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.16 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:38.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 08037D17)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
LiquidTension
2014-12-11, 04:55
Hi Gary,
Please do the following.
STEP 1
http://i.imgur.com/BY4dvz9.png AdwCleaner
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
STEP 2
http://i.imgur.com/E3feWj5.png Junkware Removal Tool (JRT)
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) and save the file to your Desktop.
Note: If you unchecked any items in AdwCleaner, please backup the associated files/folders prior to running JRT.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Right-Click JRT.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts and allow the scan to run uninterrupted.
Upon completion, a log (JRT.txt) will open on your desktop.
Re-enable your anti-virus software.
Copy the contents of JRT.txt and paste in your next reply.
STEP 3
http://i.imgur.com/EtQetiM.png Uninstall/Reinstall Chrome
Follow these instructions on how to backup your Chrome bookmarks: Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome).
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for the following programmes, right-click and click Uninstall.
Google Chrome
Follow the prompts.
Reboot if necessary.
Download and install http://i.imgur.com/U5NwUGc.png Google Chrome (http://www.google.com/intl/en_uk/chrome/browser/).
STEP 4
http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan
Right-Click FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
======================================================
STEP 5
http://i.imgur.com/pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
AdwCleaner[S0].txt
JRT.txt
Did Chrome uninstall/reinstall OK?
FRST.txt
Addition.txt
captngaryr
2014-12-11, 13:40
AdwCleaner did not find any issues, probably because I had already run these scanners previously.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Enterprise x86
Ran by Jan on Thu 12/11/2014 at 6:21:10.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/11/2014 at 6:23:54.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-12-2014 01
Ran by Jan (administrator) on JRUSSELL-PC on 11-12-2014 06:33:09
Running from C:\Users\Jan\Desktop
Loaded Profiles: Jan & Gary (Available profiles: Jan & Gary)
Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\Jan\AppData\Local\Temp\{1C4D44F9-7570-432E-B1B4-73678912A976}\GoogleUpdate.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-15] (Synaptics, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\MountPoints2: {2dda9459-3161-11df-bdc6-806e6f6e6963} - D:\Setup.exe
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-307368558-4187912120-227459302-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-307368558-4187912120-227459302-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ig
HKU\S-1-5-21-307368558-4187912120-227459302-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-307368558-4187912120-227459302-1000 -> {FD48298C-FE41-4BA1-AD03-69FF6400DA56} URL = http://www.amazon.com/s?ie=UTF8&tag=amznsearch.ms-20&index=aps&link%5Fcode=qs&field-keywords={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1000 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1004 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1004 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1004 -> No Name - {9302E698-7E00-43AB-B867-C6E759BC2ADA} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1004 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.243.0.12
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-09]
CHR Extension: (Adblock Plus) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-09]
CHR Extension: (God is Love) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmoefmiillanibjonlncaemnefahnea [2014-10-02]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-12-09]
CHR Extension: (Google Wallet) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-12-09]
CHR HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Jan\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-11-21]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [62464 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [59392 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [27648 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Appinfo; C:\Windows\System32\appinfo.dll [47104 2013-02-26] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\Windows\System32\appmgmts.dll [149504 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [720896 2008-12-01] (ATI Technologies Inc.) [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [475136 2014-10-02] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [475136 2014-10-02] (Microsoft Corporation) [File not signed]
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [88064 2010-11-20] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [76800 2009-07-13] (Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [494592 2010-11-20] (Microsoft Corporation) [File not signed]
R2 BITS; C:\Windows\System32\qmgr.dll [585728 2010-11-20] (Microsoft Corporation) [File not signed]
R3 Browser; C:\Windows\System32\browser.dll [102912 2012-07-04] (Microsoft Corporation) [File not signed]
S3 bthserv; C:\Windows\system32\bthserv.dll [64512 2009-07-13] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\Windows\System32\certprop.dll [67584 2010-11-20] (Microsoft Corporation) [File not signed]
S3 COMSysApp; C:\Windows\system32\dllhost.exe [7168 2009-07-13] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [143872 2014-07-06] (Microsoft Corporation) [File not signed]
R2 CscService; C:\Windows\System32\cscsvc.dll [546304 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [376832 2010-11-20] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [1333016 2008-11-22] (Diskeeper Corporation)
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [132608 2011-03-03] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [214016 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DPS; C:\Windows\system32\dps.dll [144384 2010-11-20] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\Windows\System32\eapsvc.dll [98304 2009-07-13] (Microsoft Corporation) [File not signed]
S3 EFS; C:\Windows\System32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556544 2010-11-20] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-13] (Microsoft Corporation) [File not signed]
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1086976 2010-11-20] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [271360 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [523264 2010-11-20] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\Windows\system32\fdPHost.dll [12800 2009-07-13] (Microsoft Corporation) [File not signed]
R2 FDResPub; C:\Windows\system32\fdrespub.dll [28160 2009-07-13] (Microsoft Corporation) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-03-16] (Macrovision Europe Ltd.) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [906240 2013-10-06] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [593408 2010-11-20] (Microsoft Corporation) [File not signed]
S3 hidserv; C:\Windows\system32\hidserv.dll [49152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [71168 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [194560 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [102912 2014-11-21] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [679424 2013-10-11] (Microsoft Corporation) [File not signed]
R2 IPBusEnum; C:\Windows\system32\ipbusenum.dll [78848 2009-07-13] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [499712 2012-10-03] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [308736 2009-07-13] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [168960 2010-11-20] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [84480 2010-11-20] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [189952 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [18432 2009-07-13] (Microsoft Corporation) [File not signed]
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [68096 2010-11-20] (Microsoft Corporation) [File not signed]
R2 MMCSS; C:\Windows\system32\mmcss.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [566272 2010-11-20] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [114688 2009-07-13] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [73216 2010-11-20] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 napagent; C:\Windows\system32\qagentRT.dll [330240 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [280576 2009-07-13] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [242176 2012-10-03] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [19456 2009-07-13] (Microsoft Corporation) [File not signed]
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 p2psvc; C:\Windows\system32\p2psvc.dll [327680 2009-07-13] (Microsoft Corporation) [File not signed]
R3 PcaSvc; C:\Windows\System32\pcasvc.dll [154624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 PeerDistSvc; C:\Windows\system32\peerdistsvc.dll [1004544 2009-07-13] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1508864 2010-11-20] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [293376 2011-05-24] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [20480 2009-07-13] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [350208 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [119808 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [164352 2012-04-30] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [210944 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [90624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\Windows\System32\rasmans.dll [286208 2010-11-20] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [75264 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [112640 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [43520 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [9216 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [376832 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\Windows\system32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [132608 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [750592 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [67584 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [125952 2010-11-20] (Microsoft Corporation) [File not signed]
S3 seclogon; C:\Windows\system32\seclogon.dll [21504 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [300544 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [317440 2012-02-11] (Microsoft Corporation) [File not signed]
R2 sppsvc; C:\Windows\system32\sppsvc.exe [3179520 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [53760 2010-11-20] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [162816 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [90112 2009-07-13] (Microsoft Corporation) [File not signed]
R2 StiSvc; C:\Windows\System32\wiaservc.dll [463360 2010-11-20] (Microsoft Corporation) [File not signed]
S3 StorSvc; C:\Windows\system32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [313856 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\Windows\system32\sysmain.dll [1159168 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [73216 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TBS; C:\Windows\System32\tbssvc.dll [55808 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [523776 2014-10-13] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-13] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [77312 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [204800 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2009-07-13] (Microsoft Corporation) [File not signed]
S3 UmRdpService; C:\Windows\System32\umrdp.dll [171008 2010-11-20] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\System32\upnphost.dll [266752 2009-07-13] (Microsoft Corporation) [File not signed]
R2 UxSms; C:\Windows\System32\uxsms.dll [29696 2009-07-13] (Microsoft Corporation) [File not signed]
S3 VaultSvc; C:\Windows\system32\lsass.exe [22528 2014-04-11] (Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [453632 2010-11-20] (Microsoft Corporation) [File not signed]
S3 VSS; C:\Windows\system32\vssvc.exe [1025536 2010-11-20] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [288768 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1203200 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [151552 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32768 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [76288 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\Windows\system32\wdi.dll [76288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [205824 2013-07-04] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [147968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [61440 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [65024 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation) [File not signed]
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [351232 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [168960 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [1177088 2014-10-02] (Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [829440 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [136192 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121792 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [85504 2010-11-20] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\Windows\System32\wscsvc.dll [73728 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [427520 2011-05-03] (Microsoft Corporation) [File not signed]
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [73216 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [185344 2014-01-27] (Microsoft Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [164864 2010-11-20] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [10240 2010-11-20] (Microsoft Corporation) [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2014-05-30] (Microsoft Corporation) [File not signed]
R3 AmdK8; C:\Windows\System32\DRIVERS\amdk8.sys [55296 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [52736 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2010-11-20] (Microsoft Corporation) [File not signed]
R3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
R3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [4179968 2008-12-01] (ATI Technologies Inc.) [File not signed]
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-13] (Broadcom Corporation) [File not signed]
S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-13] (Broadcom Corporation) [File not signed]
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl6.sys [1131008 2009-07-13] (Broadcom Corporation) [File not signed]
R3 bcm4sbxp; C:\Windows\System32\DRIVERS\bcm4sbxp.sys [46080 2009-07-13] (Broadcom Corporation) [File not signed]
R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [35328 2009-07-13] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-22] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [13568 2009-07-13] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [5248 2009-07-13] (Brother Industries, Ltd.) [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [56320 2009-07-13] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-13] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\system32\drivers\cdrom.sys [108544 2010-11-20] (Microsoft Corporation) [File not signed]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [37888 2009-07-13] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14080 2009-07-13] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [31232 2010-11-20] (Microsoft Corporation) [File not signed]
R1 CSC; C:\Windows\System32\drivers\csc.sys [388096 2010-11-20] (Microsoft Corporation) [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2010-11-20] (Microsoft Corporation) [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-13] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5120 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-13] (Broadcom Corporation) [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [7168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\system32\Drivers\exfat.sys [142336 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [148480 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-13] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [19968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-13] (Hauppauge Computer Works, Inc.) [File not signed]
R3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [304128 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [108544 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [21504 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [91136 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [37888 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [24064 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513536 2010-11-20] (Microsoft Corporation) [File not signed]
R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [80896 2009-07-13] (Microsoft Corporation) [File not signed]
S3 intelppm; C:\Windows\system32\DRIVERS\intelppm.sys [53760 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [65536 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [28160 2010-11-20] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-13] (Microsoft Corporation) [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-13] (Microsoft Corporation) [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-13] (Microsoft Corporation) [File not signed]
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [26112 2009-07-13] (Microsoft Corporation) [File not signed]
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2013-07-04] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123904 2011-04-26] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [223744 2011-07-08] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [96768 2011-04-26] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2009-07-13] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-13] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [46080 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48640 2010-11-20] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2010-11-20] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-13] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62464 2009-07-13] (Microsoft Corporation) [File not signed]
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.) [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [79360 2009-07-13] (Microsoft Corporation) [File not signed]
S2 Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [8704 2009-07-13] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-13] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [52224 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-13] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-13] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [242688 2010-11-20] (Microsoft Corporation) [File not signed]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [18944 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2010-11-20] (Microsoft Corporation) [File not signed]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [133632 2010-11-20] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [15872 2010-11-20] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [184320 2014-07-16] (Microsoft Corporation) [File not signed]
R2 rimmptsk; C:\Windows\System32\DRIVERS\rimmptsk.sys [32256 2006-11-14] (REDC) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [5632 2010-11-20] (Microsoft Corporation) [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2010-11-20] (Microsoft Corporation) [File not signed]
R3 sdbus; C:\Windows\system32\drivers\sdbus.sys [84992 2010-11-20] (Microsoft Corporation) [File not signed]
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [83456 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [19968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [11264 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [13824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-13] (Microsoft Corporation) [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [311808 2011-04-28] (Microsoft Corporation) [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [310272 2011-04-28] (Microsoft Corporation) [File not signed]
R3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [207360 2009-07-13] (Conexant Systems, Inc.) [File not signed]
R3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-13] (Conexant Systems, Inc.) [File not signed]
R3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT3.SYS [661504 2009-07-13] (Conexant Systems, Inc.) [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114688 2011-04-28] (Microsoft Corporation) [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [35328 2012-10-03] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [18432 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24576 2012-02-16] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2014-11-10] (Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2014-07-16] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [52224 2010-11-20] (Microsoft Corporation) [File not signed]
S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2010-11-20] (Microsoft Corporation) [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2010-11-20] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\system32\drivers\umbus.sys [39936 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [76288 2013-11-26] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [43520 2013-11-26] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2013-11-26] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [20480 2013-11-26] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [76288 2011-03-10] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [24064 2013-11-26] (Microsoft Corporation) [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ViaC7; C:\Windows\system32\DRIVERS\viac7.sys [52736 2009-07-13] (Microsoft Corporation) [File not signed]
S3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [17920 2010-11-20] (Microsoft Corporation) [File not signed]
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation) [File not signed]
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation) [File not signed]
S3 vpcuxd; C:\Windows\system32\drivers\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation) [File not signed]
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-13] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-13] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [21632 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] (Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [35968 2010-11-20] (Microsoft Corporation) [File not signed]
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2009-07-13] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-25] (Microsoft Corporation) [File not signed]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 MpKslf1af6dfc; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8137E546-70DE-40C4-A048-F9A9783463F9}\MpKslf1af6dfc.sys [X]
S3 RapportIaso; \??\c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-11 06:33 - 2014-12-11 06:33 - 00048933 _____ () C:\Users\Jan\Desktop\FRST.txt
2014-12-11 06:30 - 2014-12-11 06:30 - 00002161 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 06:30 - 2014-12-11 06:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-11 06:25 - 2014-12-11 06:25 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieBrowserModeList
2014-12-11 06:23 - 2014-12-11 06:23 - 00000629 _____ () C:\Users\Jan\Desktop\JRT.txt
2014-12-11 06:19 - 2014-12-11 06:19 - 01707646 _____ (Thisisu) C:\Users\Jan\Desktop\JRT.exe
2014-12-11 06:04 - 2014-12-11 06:04 - 00280383 _____ () C:\Users\Jan\Documents\bookmarks_12_11_14.html
2014-12-10 14:32 - 2014-12-10 14:32 - 01111040 _____ (Farbar) C:\Users\Jan\Desktop\FRST.exe
2014-12-10 13:29 - 2014-12-10 13:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-10 13:21 - 2014-12-10 13:21 - 00000000 ____D () C:\Windows\ERUNT
2014-12-10 13:20 - 2014-12-10 13:20 - 01707646 _____ (Thisisu) C:\Users\Jan\Downloads\JRT.exe
2014-12-10 13:16 - 2014-12-11 05:57 - 00000682 _____ () C:\Windows\PFRO.log
2014-12-10 13:16 - 2014-12-11 05:57 - 00000112 _____ () C:\Windows\setupact.log
2014-12-10 13:16 - 2014-12-10 13:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-10 13:08 - 2014-12-10 13:09 - 02166272 _____ () C:\Users\Jan\Downloads\AdwCleaner (1).exe
2014-12-10 12:43 - 2014-12-10 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-12-10 12:06 - 2014-12-10 12:06 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 12:04 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 12:04 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 12:04 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 12:04 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 12:04 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 11:32 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 11:32 - 2014-11-10 20:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 11:31 - 2014-12-03 23:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 11:31 - 2014-12-03 23:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 11:31 - 2014-12-03 23:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 11:31 - 2014-12-03 23:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 11:31 - 2014-12-03 23:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 11:31 - 2014-12-03 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 11:31 - 2014-12-03 23:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 11:31 - 2014-12-01 18:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 11:31 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 11:31 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 11:31 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 11:31 - 2014-11-21 21:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 11:31 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 11:31 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 11:31 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 11:31 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 11:31 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 11:31 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 11:31 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 11:31 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 11:31 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 11:31 - 2014-11-21 20:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 11:31 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 11:31 - 2014-11-21 20:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 11:31 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 11:31 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 11:31 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 11:31 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 11:31 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 11:31 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 11:31 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 11:31 - 2014-11-21 20:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 11:31 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 11:31 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 11:31 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 11:31 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 11:31 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 11:31 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 11:31 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 11:30 - 2014-10-29 20:46 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 11:30 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 11:30 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 11:30 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 11:30 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 11:30 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 11:30 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 11:30 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-12-09 16:19 - 2014-12-09 16:19 - 00852487 _____ () C:\Users\Jan\Downloads\SecurityCheck.exe
2014-12-09 16:06 - 2014-12-09 16:06 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-12-09 16:06 - 2014-12-09 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-09 16:06 - 2014-12-09 16:06 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-12-09 16:00 - 2014-12-09 16:00 - 00638888 _____ (Oracle Corporation) C:\Users\Jan\Downloads\chromeinstall-8u25 (1).exe
2014-12-09 15:55 - 2014-12-09 15:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-09 15:53 - 2014-12-09 15:53 - 00638888 _____ (Oracle Corporation) C:\Users\Jan\Downloads\chromeinstall-8u25.exe
2014-12-09 15:50 - 2014-12-09 15:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 15:50 - 2014-12-09 15:50 - 00001949 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-12-09 15:40 - 2014-12-09 15:41 - 17711760 _____ (Adobe Systems Inc.) C:\Users\Jan\Downloads\AdobeAIRInstaller (1).exe
2014-12-09 12:17 - 2014-12-09 12:18 - 05162080 _____ (Piriform Ltd) C:\Users\Jan\Downloads\ccsetup500.exe
2014-12-09 12:11 - 2014-12-09 12:11 - 00000997 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-12-09 12:11 - 2014-12-09 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-12-09 12:11 - 2014-12-09 12:11 - 00000000 ____D () C:\ProgramData\Licenses
2014-12-09 12:11 - 2014-12-09 12:11 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-12-09 12:10 - 2014-12-09 12:11 - 04095448 _____ (BrightFort LLC ) C:\Users\Jan\Downloads\spywareblastersetup50.exe
2014-12-08 07:36 - 2014-12-08 07:38 - 00030869 _____ () C:\Users\Jan\Downloads\Addition.txt
2014-12-08 07:31 - 2014-12-08 07:38 - 00027217 _____ () C:\Users\Jan\Downloads\FRST.txt
2014-12-08 07:27 - 2014-12-11 06:33 - 00000000 ____D () C:\FRST
2014-12-08 07:26 - 2014-12-08 07:26 - 01111040 _____ (Farbar) C:\Users\Jan\Downloads\FRST.exe
2014-11-19 13:35 - 2014-11-19 13:35 - 00001775 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-19 13:35 - 2014-11-19 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-19 13:34 - 2014-11-19 13:35 - 00000000 ____D () C:\Program Files\QuickTime
2014-11-19 13:30 - 2014-11-19 13:31 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-19 10:02 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 10:02 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
2014-11-17 20:51 - 2014-12-11 05:58 - 00000000 ___RD () C:\Users\Jan\Google Drive
2014-11-17 20:51 - 2014-11-17 20:51 - 00001684 _____ () C:\Users\Jan\Desktop\Google Drive.lnk
2014-11-13 10:38 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 10:38 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 10:38 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 10:37 - 2014-10-09 19:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 10:37 - 2014-10-02 20:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 10:37 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 10:37 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 10:37 - 2014-10-02 20:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 10:37 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 10:37 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 10:37 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 10:37 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 10:37 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 10:37 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 10:37 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 10:37 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 10:37 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 10:36 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 10:36 - 2014-10-13 20:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 10:36 - 2014-10-13 20:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 10:36 - 2014-10-13 20:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 10:36 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 10:36 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-11 06:30 - 2010-03-17 13:30 - 00000000 ____D () C:\Program Files\Google
2014-12-11 06:13 - 2014-08-24 12:08 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-11 06:03 - 2012-07-12 20:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-11 06:02 - 2010-03-16 20:08 - 01709814 _____ () C:\Windows\WindowsUpdate.log
2014-12-11 05:58 - 2014-08-24 12:08 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-11 05:57 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-10 21:56 - 2009-07-13 23:34 - 00024384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-10 21:56 - 2009-07-13 23:34 - 00024384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-10 16:13 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-12-10 12:57 - 2010-03-16 19:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-10 12:18 - 2011-02-04 17:33 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-10 12:06 - 2014-07-12 08:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 12:06 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 12:03 - 2013-10-06 20:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 11:55 - 2010-03-16 17:26 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 16:05 - 2010-03-16 18:38 - 00000000 ____D () C:\Program Files\Java
2014-12-09 15:55 - 2011-04-06 06:22 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-12-09 15:55 - 2011-04-06 06:22 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-09 15:55 - 2011-04-06 06:22 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-09 15:52 - 2010-03-16 18:34 - 00000000 ____D () C:\Users\Jan\AppData\Local\Adobe
2014-12-09 15:50 - 2010-03-16 18:31 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-09 15:49 - 2010-03-16 18:29 - 00000000 ____D () C:\Program Files\Adobe
2014-12-09 15:44 - 2010-03-16 18:41 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-12-09 12:20 - 2011-02-05 11:20 - 00000925 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-09 12:20 - 2011-02-05 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-09 12:20 - 2010-03-16 19:03 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-09 12:19 - 2010-03-16 19:03 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-03 11:14 - 2010-04-06 18:28 - 00000348 _____ () C:\Windows\Tasks\File Helper.job
2014-11-19 13:31 - 2014-04-14 17:45 - 00001713 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-19 13:31 - 2011-08-27 07:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-19 13:31 - 2011-08-07 21:01 - 00000000 ____D () C:\Program Files\iTunes
2014-11-19 13:30 - 2010-03-21 08:34 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-19 13:29 - 2014-09-09 09:07 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-11-17 20:51 - 2010-03-16 17:17 - 00000000 ____D () C:\Users\Jan
2014-11-17 14:36 - 2010-03-16 17:21 - 00855842 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-16 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-16 08:02 - 2009-07-13 23:33 - 00494072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-16 08:00 - 2014-06-22 14:40 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Copy
2014-11-16 07:23 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Branding
Files to move or delete:
====================
C:\Users\Jan\gotomypc_533.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-10-23 14:09] - [2014-07-16 20:39] - 0304128 ____A (Microsoft Corporation) 52449FD429D6053B78AE564DEF303870
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-08 09:19
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-12-2014 01
Ran by Jan at 2014-12-11 06:34:57
Running from C:\Users\Jan\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 7.1.0 Professional (HKLM\...\Adobe Acrobat 7.0 Professional - V) (Version: 7.1.0 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 2.61 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon)
AOL Toolbar (HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\AOL Toolbar) (Version: - )
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 5.1 (HKLM\...\MP Navigator EX 5.1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Click to Call with Skype (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8153 - Skype Technologies S.A.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Diskeeper 2009 Professional (HKLM\...\{76C038B6-95BF-47CE-85C8-2EE5915D145C}) (Version: 13.0.835.32 - Diskeeper Corporation)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Hallmark Card Studio 2013 Deluxe (HKLM\...\{A6E08FBC-FC99-4CEE-B645-83A42107BE89}) (Version: 14.0.1.1 - Creative Home)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: - )
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Menu Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2008 Standard Edition - ENU (HKLM\...\Microsoft Visual Studio 2008 Standard Edition - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{05EC21B8-4593-3037-A781-A6B5AFFCB19D}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{64c5b887-b5ee-42b8-8596-78905a6b5f1f}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (HKLM\...\{B268E9A1-04A9-40D0-9866-846BE2B74BA7}) (Version: 6.1.5288.17011 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Movie Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 (HKLM\...\{bb0d5197-d91a-468a-9db1-81a26079efb3}) (Version: - Nero AG)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PhotoshopdotcomInspirationBrowser (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0 - Dell)
Quicken 2008 (HKLM\...\{3B0F52AC-EF5C-4831-B221-06C782E41280}) (Version: 17.1.7.5 - Intuit)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
SoundTrax (Version: 4.4.37.1 - Nero AG) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.0.1.3 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC Runtimes MSI (Version: 9.0.21022 - Microsoft) Hidden
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Chrome\Application\22.0.1229.79\delegate_execute.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9}\InprocServer32 -> C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{B6CE1A28-A831-43E4-A81F-E2B429D66231}\InprocServer32 -> C:\Users\Gary\AppData\Local\ASKTOO~1\DOWNLO~1\Nero.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:04 - 2012-07-09 22:38 - 00442794 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {251E0412-86EB-42B7-94A0-29DE0DCD0BDB} - System32\Tasks\{99F1D448-A035-4D4F-B08F-9C298D14B85F} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {38DE698E-135F-4EED-8F3B-A2EF9C1B39FF} - System32\Tasks\{79264564-4269-4F7C-9782-8BF89C64B272} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {40338CA4-7958-4930-82BF-10DF2B107DB6} - System32\Tasks\{D7439C65-FF1E-41AA-BB9F-75C89A7549AC} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {40B7D9F5-4481-4EA5-9662-A63CC8B3ECC1} - System32\Tasks\{83E63673-3C17-4770-BEBB-C50A06012874} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {411AD518-21A1-49A9-82D0-12FC8917F531} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {48142775-11AB-4946-9210-B627B68295B7} - System32\Tasks\{6FB82D0E-1363-417B-8F9C-A78ACCFE2080} => C:\Afterguard\bin\Debug\Afterguard.exe
Task: {4C81F37B-FE0A-4E33-9775-1A3EA6596E01} - System32\Tasks\{6067FE0F-DDAC-40AE-A6A1-BC4E26B1BB72} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {4D1DCB40-B06D-438D-892D-4EFB1D50BCA0} - System32\Tasks\{ED214480-C912-40DF-829B-8CA52DA87986} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {62056E0A-81D1-48B9-BD24-C484100DACC8} - System32\Tasks\{1B439A72-430A-486F-B961-F88DF8C70E21} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {6C2AC357-C59D-47B3-9CDF-C5607457A104} - System32\Tasks\{406B4CEE-0D01-4045-A0CE-20A7F974F844} => Chrome.exe
Task: {7D1B07E5-B607-4F8F-992C-200674D05A59} - System32\Tasks\{9DCDDC15-D6DB-4AA8-B2B7-B625D0FAAB98} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {7EB4BD7D-9DE6-4741-B1F8-8A3CF08AF1B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-11] (Adobe Systems Incorporated)
Task: {80693FBD-4D93-4DC9-8927-5CF96870D9B3} - System32\Tasks\{E04C7935-726F-4382-8430-75237BAB080B} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {994EA4B5-55B0-4BDC-807E-7925400F3FCE} - System32\Tasks\{A73CB635-FBA9-44F2-A2B3-C1040CA7CADA} => C:\Program Files\Afterguard\Afterguard.exe
Task: {9FC1A73E-5B08-424C-B1D5-B9B6821C7CAD} - System32\Tasks\File Helper => C:\Program Files\File Helper\2.3.0.7\FileHelper.exe
Task: {AA36AF76-442A-455E-B12E-3CF5DF7FD67E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-24] (Google Inc.)
Task: {B059A988-388E-474F-8681-E7A775D2F5D4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-24] (Google Inc.)
Task: {B6B2F074-1086-4ED1-9558-5044A09F9734} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)
Task: {C178D654-6519-428D-A010-7FB0C03A4298} - System32\Tasks\{E257D6F2-B178-4A17-BADF-354AE9A944D9} => C:\Program Files\Afterguard\Afterguard.exe
Task: {CB9C61F9-38E2-4654-B4E6-BC7B16178DC4} - System32\Tasks\{EB860F96-35B3-4C95-AEEF-EB8C3D25B74F} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {D1AB04FD-1F53-4D0E-97AA-6953EB4812B9} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)
Task: {D792FD41-A978-448A-98A7-F5290796060C} - System32\Tasks\{3DD3FD94-1E5A-4562-BB3D-9C3251B95397} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {F5A94878-E9B4-406A-BC49-47743E556941} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FE772D3B-1926-48EC-B1A1-911F1FE6A731} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\File Helper.job => C:\Program Files\File Helper\2.3.0.7\FileHelper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-11 05:58 - 2014-12-11 05:58 - 00098816 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\win32api.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00110080 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\pywintypes27.dll
2014-12-11 05:58 - 2014-12-11 05:58 - 00364544 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\pythoncom27.dll
2014-12-11 05:58 - 2014-12-11 05:58 - 00045568 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\_socket.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 01160704 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\_ssl.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00320512 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\win32com.shell.shell.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00713216 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\_hashlib.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 01175040 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\wx._core_.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00805888 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\wx._gdi_.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00811008 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\wx._windows_.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 01062400 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\wx._controls_.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00735232 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\wx._misc_.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00128512 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\_elementtree.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00127488 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\pyexpat.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00557056 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\pysqlite2._sqlite.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00007168 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\hashobjs_ext.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00087552 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\_ctypes.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00119808 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\win32file.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00108544 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\win32security.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00018432 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\win32event.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00038912 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\win32inet.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00070656 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\wx._html2.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00167936 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\win32gui.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00011264 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\win32crypt.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00027136 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\_multiprocessing.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00686080 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\unicodedata.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00122368 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\wx._wizard.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00010240 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\select.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00024064 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\win32pipe.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00025600 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\win32pdh.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00525640 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\windows._lib_cacheinvalidation.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00035840 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\win32process.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00017408 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\win32profile.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00022528 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\win32ts.pyd
2014-12-11 05:58 - 2014-12-11 05:58 - 00078336 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI33882\wx._animate.pyd
2014-12-11 06:30 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-11 06:30 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeActiveFileMonitor7.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Nero BackItUp Scheduler 4.0 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk => C:\Windows\pss\Event Planner Reminder.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 7.0 => "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Wondershare Helper Compact => "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-307368558-4187912120-227459302-500 - Administrator - Disabled)
Gary (S-1-5-21-307368558-4187912120-227459302-1004 - Administrator - Enabled) => C:\Users\Gary
Guest (S-1-5-21-307368558-4187912120-227459302-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-307368558-4187912120-227459302-1002 - Limited - Enabled)
Jan (S-1-5-21-307368558-4187912120-227459302-1000 - Administrator - Enabled) => C:\Users\Jan
==================== Faulty Device Manager Devices =============
Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: MpKslf1af6dfc
Description: MpKslf1af6dfc
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKslf1af6dfc
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: AMD Processor model unknown
Percentage of memory in use: 61%
Total physical RAM: 1918.05 MB
Available physical RAM: 745.64 MB
Total Pagefile: 4990.05 MB
Available Pagefile: 3649.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.2 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:38.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 08037D17)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Chrome installed OK.
LiquidTension
2014-12-11, 18:37
Hi Gary,
Let me know how your computer is performing after completing the steps below.
STEP 1
http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script
Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.
Copy the entire contents of the codebox below and paste into the Notepad document.
start
HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\MountPoints2: {2dda9459-3161-11df-bdc6-806e6f6e6963} - D:\Setup.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1000 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1004 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1004 -> No Name - {9302E698-7E00-43AB-B867-C6E759BC2ADA} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1004 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
S3 RapportIaso; \??\c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-12-11 06:25 - 2014-12-11 06:25 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieBrowserModeList
2014-12-09 12:17 - 2014-12-09 12:18 - 05162080 _____ (Piriform Ltd) C:\Users\Jan\Downloads\ccsetup500.exe
C:\Users\Jan\gotomypc_533.exe
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Chrome\Application\22.0.1229.79\delegate_execute.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9}\InprocServer32 -> C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll No File
C:\Program Files\TotalRecipeSearch_14
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{B6CE1A28-A831-43E4-A81F-E2B429D66231}\InprocServer32 -> C:\Users\Gary\AppData\Local\ASKTOO~1\DOWNLO~1\Nero.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
Click File, Save As and type fixlist.txt as the File Name.
Important: The file must be saved in the same location as FRST.exe.
NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.
Right-Click FRST.exe and select Run as administrator to run the programme.
Click Fix.
A log (Fixlog.txt) will open on your desktop.Copy the contents of the log and paste in your next reply.
STEP 2
http://i.imgur.com/GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)
Please download the Malwarebytes Anti-Malware (http://www.malwarebytes.org/products/) setup file to your Desktop.
Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
Open Malwarebytes Anti-Malware and click Update Now.
Once updated, click the Settings tab and tick Scan for rootkits.
Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs and double-click the Scan Log.
Click Copy to Clipboard and paste the log in your next reply.
STEP 3
http://i.imgur.com/mlEX1wH.png RogueKiller
Please download RogueKiller (x32) (http://www.bleepingcomputer.com/download/roguekiller/dl/121/) and save the file to your Desktop.
Close any running programmes.
Right-Click RogueKiller.exe and select Run as administrator to run the programme.
Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
A browser window may open. Close the browser window.
Click http://i.imgur.com/jpgUwzp.png. Upon completion, click http://i.imgur.com/phPvmc6.png.
Close the programme. Do not fix anything!
A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.
STEP 4
http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Hide advanced settings. Place a checkmark next to:
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something unique such as MyEsetScan.
Push the Back button.
Place a checkmark next to http://i.imgur.com/KN1w2nv.png and click Finish.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.
======================================================
STEP 5
http://i.imgur.com/pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
Fixlog.txt
MBAM Log
RKreport.txt
ESET Log
LiquidTension
2014-12-11, 18:46
In addition to the above -
Press the Windows Key + r on your keyboard at the same time. Type wuapp.exe and click OK.
Click Installed Updates.
Is KB3004394 installed?
captngaryr
2014-12-11, 19:41
I am unable to run MalWareBites because it has been installed before and then removed.
LiquidTension
2014-12-11, 19:46
Are you unable to reinstall Malwarebytes, Gary?
captngaryr
2014-12-11, 19:58
Apparently not.
The laptop is running strangely, in that, sometime it runs ok, and then slows down dramatically!
Here is RougeKiller report
RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Jan [Administrator]
Mode : Scan -- Date : 12/11/2014 12:55:45
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 12 ¤¤¤
[PUM.HomePage] HKEY_USERS\S-1-5-21-307368558-4187912120-227459302-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 71.243.0.12 [UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 71.243.0.12 [UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 71.243.0.12 [UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B2EF5681-3DCE-4ADD-82F8-E1DF063A883B} | DhcpNameServer : 192.168.1.1 71.243.0.12 [UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B2EF5681-3DCE-4ADD-82F8-E1DF063A883B} | DhcpNameServer : 192.168.1.1 71.243.0.12 [UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B2EF5681-3DCE-4ADD-82F8-E1DF063A883B} | DhcpNameServer : 192.168.1.1 71.243.0.12 [UNITED STATES (US)] -> Found
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-307368558-4187912120-227459302-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-307368558-4187912120-227459302-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHZ2120BH G2 ATA Device +++++
--- User ---
[MBR] a995b15356cdb4e86f93edbb9c75f57e
[BSP] b2a406d82b9d7e1efead4fc3dfdf45ff : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 114470 MB
User = LL1 ... OK
User = LL2 ... OK
LiquidTension
2014-12-11, 20:05
Apparently not.
Why not? Do you receive an error?
and then slows down dramatically!
We can address this once I've seen all your logs.
Please post Fixlist.txt, and the ESET log once the scan is complete.
And please answer my question concerning the Windows Update.
captngaryr
2014-12-11, 20:37
I could install and run Malwarebytes, but it would not let me click Update Now (or other requested choices) but instead posted a pop-up that said my trial license had expired. The ESET scan is running now, but is running very slowly. I will post it as soon as it finishes.
Best regards,
Gary
captngaryr
2014-12-11, 23:07
Yes, KB3004394 is installed. All Windows is up to date as of yesterday.
Fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-12-2014 01
Ran by Jan at 2014-12-11 12:15:27 Run:1
Running from C:\Users\Jan\Desktop
Loaded Profiles: Jan & Gary (Available profiles: Jan & Gary)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\MountPoints2: {2dda9459-3161-11df-bdc6-806e6f6e6963} - D:\Setup.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1000 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1004 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1004 -> No Name - {9302E698-7E00-43AB-B867-C6E759BC2ADA} - No File
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1004 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
S3 RapportIaso; \??\c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-12-11 06:25 - 2014-12-11 06:25 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieBrowserModeList
2014-12-09 12:17 - 2014-12-09 12:18 - 05162080 _____ (Piriform Ltd) C:\Users\Jan\Downloads\ccsetup500.exe
C:\Users\Jan\gotomypc_533.exe
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Chrome\Application\22.0.1229.79\delegate_execute.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9}\InprocServer32 -> C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll No File
C:\Program Files\TotalRecipeSearch_14
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{B6CE1A28-A831-43E4-A81F-E2B429D66231}\InprocServer32 -> C:\Users\Gary\AppData\Local\ASKTOO~1\DOWNLO~1\Nero.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Jan\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
CustomCLSID: HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************
"HKU\S-1-5-21-307368558-4187912120-227459302-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2dda9459-3161-11df-bdc6-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{2dda9459-3161-11df-bdc6-806e6f6e6963}" => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} => value deleted successfully.
"HKCR\CLSID\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}" => Key not found.
HKU\S-1-5-21-307368558-4187912120-227459302-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKU\S-1-5-21-307368558-4187912120-227459302-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => value deleted successfully.
"HKCR\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}" => Key not found.
HKU\S-1-5-21-307368558-4187912120-227459302-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => value deleted successfully.
"HKCR\CLSID\{BA00B7B1-0351-477A-B948-23E3EE5A73D4}" => Key not found.
HKU\S-1-5-21-307368558-4187912120-227459302-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => value deleted successfully.
"HKCR\CLSID\{BA00B7B1-0351-477A-B948-23E3EE5A73D4}" => Key not found.
HKU\S-1-5-21-307368558-4187912120-227459302-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKU\S-1-5-21-307368558-4187912120-227459302-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9302E698-7E00-43AB-B867-C6E759BC2ADA} => value deleted successfully.
"HKCR\CLSID\{9302E698-7E00-43AB-B867-C6E759BC2ADA}" => Key not found.
HKU\S-1-5-21-307368558-4187912120-227459302-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => value deleted successfully.
"HKCR\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}" => Key not found.
RapportIaso => Service deleted successfully.
SBRE => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\Jan\AppData\Local\EmieBrowserModeList => Moved successfully.
C:\Users\Jan\Downloads\ccsetup500.exe => Moved successfully.
C:\Users\Jan\gotomypc_533.exe => Moved successfully.
"HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => Key deleted successfully.
"HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}" => Key deleted successfully.
"HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}" => Key deleted successfully.
"HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}" => Key deleted successfully.
"HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}" => Key deleted successfully.
"HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => Key deleted successfully.
"HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}" => Key deleted successfully.
"HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}" => Key deleted successfully.
"HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully.
"HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9}" => Key deleted successfully.
"C:\Program Files\TotalRecipeSearch_14" => File/Directory not found.
"HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{B6CE1A28-A831-43E4-A81F-E2B429D66231}" => Key deleted successfully.
"HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}" => Key deleted successfully.
"HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}" => Key deleted successfully.
"HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => Key deleted successfully.
"HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}" => Key deleted successfully.
"HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.
"HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKU\S-1-5-21-307368558-4187912120-227459302-1004_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => Key deleted successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh winsock reset all =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh int ipv4 reset =========
Reseting Global, OK!
Reseting Interface, OK!
Reseting Route, OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= netsh int ipv6 reset =========
Reseting Interface, OK!
Restart the computer to complete this action.
========= End of CMD: =========
EmptyTemp: => Removed 336.1 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
MyEsetLog.txt
C:\ccsetup311.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\FRST\Quarantine\C\Users\Jan\Downloads\ccsetup500.exe.xBAD Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\akgpcdalpfphjmfifkmfbpdmgdmeeaeo\124\content.js JS/Chromex.Agent.L trojan
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\akgpcdalpfphjmfifkmfbpdmgdmeeaeo\124\S.js JS/Kryptik.ATB trojan
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmlmagkbjnbhonjmeihmahmeabaafc\222\content.js JS/Chromex.Agent.L trojan
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmlmagkbjnbhonjmeihmahmeabaafc\222\GQz1fi6I.js JS/Kryptik.ATB trojan
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo\103\lsdb.js JS/Kryptik.ATB trojan
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo\103\z5M3W.js JS/Kryptik.ATB trojan
C:\Users\Gary\AppData\Roaming\Blitware\FileHelper\updates\2.5.1.0\filehelper_setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\akgpcdalpfphjmfifkmfbpdmgdmeeaeo\124\content.js JS/Chromex.Agent.L trojan
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\akgpcdalpfphjmfifkmfbpdmgdmeeaeo\124\S.js JS/Kryptik.ATB trojan
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\inmmlmagkbjnbhonjmeihmahmeabaafc\222\content.js JS/Chromex.Agent.L trojan
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\inmmlmagkbjnbhonjmeihmahmeabaafc\222\GQz1fi6I.js JS/Kryptik.ATB trojan
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo\103\lsdb.js JS/Kryptik.ATB trojan
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo\103\z5M3W.js JS/Kryptik.ATB trojan
C:\Users\Jan\Documents\SweetImSetup.exe a variant of Win32/SweetIM.B potentially unwanted application
C:\Users\Jan\Documents\SplashMoney\To Palm\SecurityScannerFull.msi a variant of Win32/Adware.DisableSpyware application
C:\Users\Jan\Downloads\AdwCleaner.exe a variant of Win32/InstallCore.TR potentially unwanted application
C:\Users\Jan\Downloads\filehelper_setup_eps.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Jan\Downloads\iTunes_Setup (1).exe Win32/InstallCore.MM potentially unwanted application
C:\Users\Jan\Downloads\iTunes_Setup.exe Win32/InstallCore.MM potentially unwanted application
C:\Users\Jan\Downloads\WeatherBugSetup (1).msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Jan\Downloads\WeatherBugSetup (2).msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Jan\Downloads\WeatherBugSetup.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Jan\Pictures\CouponPrinter.exe a variant of Win32/Adware.Softomate.AD application
C:\Users\Jan\Pictures\CrawlerScreensaver.exe Win32/Toolbar.Crawler.A potentially unwanted application
RogueKiller did not generate a report for some reason. Should I rerun it?
Best regards,
Gary
captngaryr
2014-12-11, 23:09
Oops, here is the RogueKiller report:
RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Jan [Administrator]
Mode : Scan -- Date : 12/11/2014 12:55:45
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 12 ¤¤¤
[PUM.HomePage] HKEY_USERS\S-1-5-21-307368558-4187912120-227459302-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 71.243.0.12 [UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 71.243.0.12 [UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 71.243.0.12 [UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B2EF5681-3DCE-4ADD-82F8-E1DF063A883B} | DhcpNameServer : 192.168.1.1 71.243.0.12 [UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B2EF5681-3DCE-4ADD-82F8-E1DF063A883B} | DhcpNameServer : 192.168.1.1 71.243.0.12 [UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B2EF5681-3DCE-4ADD-82F8-E1DF063A883B} | DhcpNameServer : 192.168.1.1 71.243.0.12 [UNITED STATES (US)] -> Found
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-307368558-4187912120-227459302-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-307368558-4187912120-227459302-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHZ2120BH G2 ATA Device +++++
--- User ---
[MBR] a995b15356cdb4e86f93edbb9c75f57e
[BSP] b2a406d82b9d7e1efead4fc3dfdf45ff : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 114470 MB
User = LL1 ... OK
User = LL2 ... OK
Best regards,
Gary
LiquidTension
2014-12-12, 04:30
Hi Gary,
could install and run Malwarebytes, but it would not let me click Update Now (or other requested choices) but instead posted a pop-up that said my trial license had expired.
You should have the option to revert MBAM back to the free version, which will allow you to use the programme as an on-demand scanner.
Yes, KB3004394 is installed. All Windows is up to date as of yesterday.
There's an issue with KB3004394. See below.
http://answers.micro...m=1418317736941
http://www.sevenforu...-caution-3.html
http://www.sevenforu...stem-files.html
http://www.infoworld...il-defende.html
http://www.bleepingc...error-messages/
http://forums.whatth...129065&p=859478
We need to uninstall the update.
Follow these instructions (http://windows.microsoft.com/en-GB/windows7/create-a-restore-point) on creating a Restore Point.
Press the Windows Key + r on your keyboard at the same time. Type wuapp.exe and click OK.
Click Installed Updates.
Scroll down to KB3004394, right-click the item and click Uninstall. Accept any prompts.
Please do the following afterwards.
Let me know how the PC is performing once complete. Are you still experiencing slowness?
STEP 1
http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
Copy the entire contents of the codebox below and paste into the Notepad document.
start
C:\ccsetup311.exe
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\akgpcdalpfphjmfifkmfbpdmgdmeeaeo
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmlmagkbjnbhonjmeihmahmeabaafc
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo
C:\Users\Gary\AppData\Roaming\Blitware
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\akgpcdalpfphjmfifkmfbpdmgdmeeaeo
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\inmmlmagkbjnbhonjmeihmahmeabaafc
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo
C:\Users\Jan\Documents\SweetImSetup.exe
C:\Users\Jan\Documents\SplashMoney\To Palm\SecurityScannerFull.msi
C:\Users\Jan\Downloads\AdwCleaner.exe
C:\Users\Jan\Downloads\filehelper_setup_eps.exe
C:\Users\Jan\Downloads\iTunes_Setup (1).exe
C:\Users\Jan\Downloads\iTunes_Setup.exe
C:\Users\Jan\Downloads\WeatherBugSetup (1).msi
C:\Users\Jan\Downloads\WeatherBugSetup (2).msi
C:\Users\Jan\Downloads\WeatherBugSetup.msi
C:\Users\Jan\Pictures\CouponPrinter.exe
C:\Users\Jan\Pictures\CrawlerScreensaver.exe
CMD: ipconfig /flushdns
EmptyTemp:
end
Click File, Save As and type fixlist.txt as the File Name.
Important: The file must be saved in the same location as FRST.exe.
NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.
Right-Click FRST.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Fix.
A log (Fixlog.txt) will open on your desktop.Copy the contents of the log and paste in your next reply.
STEP 2
http://i.imgur.com/b8zkrsY.png Browser Reset
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
http://i.imgur.com/ehzOq95.png Internet Explorer: Backup Internet Explorer Favourites (http://www.wikihow.com/Back-Up-Favorites-in-Internet-Explorer)
http://i.imgur.com/U5NwUGc.png Chrome: Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome)
Proceed with the reset once done.
http://i.imgur.com/ehzOq95.png Internet Explorer: How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)
http://i.imgur.com/U5NwUGc.png Chrome: Chrome - Reset browser settings (https://support.google.com/chrome/answer/3296214?hl=en)
captngaryr
2014-12-12, 05:33
The informational links associated with KB3004394 appear to be broken. Therefore I couldn't read them.
Never-the-less, I did remove KB3004394.
See fixlog.txt below:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-12-2014 01
Ran by Jan at 2014-12-11 22:18:13 Run:2
Running from C:\Users\Jan\Desktop
Loaded Profile: Jan (Available profiles: Jan & Gary)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
C:\ccsetup311.exe
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\akgpcdalpfphjmfifkmfbpdmgdmeeaeo
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmlmagkbjnbhonjmeihmahmeabaafc
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo
C:\Users\Gary\AppData\Roaming\Blitware
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\akgpcdalpfphjmfifkmfbpdmgdmeeaeo
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\inmmlmagkbjnbhonjmeihmahmeabaafc
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo
C:\Users\Jan\Documents\SweetImSetup.exe
C:\Users\Jan\Documents\SplashMoney\To Palm\SecurityScannerFull.msi
C:\Users\Jan\Downloads\AdwCleaner.exe
C:\Users\Jan\Downloads\filehelper_setup_eps.exe
C:\Users\Jan\Downloads\iTunes_Setup (1).exe
C:\Users\Jan\Downloads\iTunes_Setup.exe
C:\Users\Jan\Downloads\WeatherBugSetup (1).msi
C:\Users\Jan\Downloads\WeatherBugSetup (2).msi
C:\Users\Jan\Downloads\WeatherBugSetup.msi
C:\Users\Jan\Pictures\CouponPrinter.exe
C:\Users\Jan\Pictures\CrawlerScreensaver.exe
CMD: ipconfig /flushdns
EmptyTemp:
end
*****************
C:\ccsetup311.exe => Moved successfully.
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\akgpcdalpfphjmfifkmfbpdmgdmeeaeo => Moved successfully.
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmlmagkbjnbhonjmeihmahmeabaafc => Moved successfully.
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo => Moved successfully.
C:\Users\Gary\AppData\Roaming\Blitware => Moved successfully.
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\akgpcdalpfphjmfifkmfbpdmgdmeeaeo => Moved successfully.
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\inmmlmagkbjnbhonjmeihmahmeabaafc => Moved successfully.
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo => Moved successfully.
C:\Users\Jan\Documents\SweetImSetup.exe => Moved successfully.
C:\Users\Jan\Documents\SplashMoney\To Palm\SecurityScannerFull.msi => Moved successfully.
C:\Users\Jan\Downloads\AdwCleaner.exe => Moved successfully.
C:\Users\Jan\Downloads\filehelper_setup_eps.exe => Moved successfully.
C:\Users\Jan\Downloads\iTunes_Setup (1).exe => Moved successfully.
C:\Users\Jan\Downloads\iTunes_Setup.exe => Moved successfully.
C:\Users\Jan\Downloads\WeatherBugSetup (1).msi => Moved successfully.
C:\Users\Jan\Downloads\WeatherBugSetup (2).msi => Moved successfully.
C:\Users\Jan\Downloads\WeatherBugSetup.msi => Moved successfully.
C:\Users\Jan\Pictures\CouponPrinter.exe => Moved successfully.
C:\Users\Jan\Pictures\CrawlerScreensaver.exe => Moved successfully.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
EmptyTemp: => Removed 159.2 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
I will try to revert Malwarebytes back to a free version and will report back.
I am not sure if the laptop is performing better or not, yet. Sometimes it appears to be slow and at other times it seems fine. I'm also not sure that the problem is malware related or someting else in the OS setup.
I will report back shortly.
Best regards,
Gary
captngaryr
2014-12-12, 13:25
Hi Adam,
I was unable to figure out how to revert Malwarebytes back to a free version. Any suggestions would be appreceiated.
This computer still goes through frequent spells where it is very slow (virtually locked up). I have no idea what is causing it.
Best regards,
Gary
LiquidTension
2014-12-12, 16:40
Hi Gary,
The informational links associated with KB3004394 appear to be broken.
Sorry about that. Here they are:
http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/windows-update-kb3004394-issues/ace25277-7f65-4486-bc44-c1b106907a18?page=1&tm=1418317736941
http://www.sevenforums.com/windows-updates-activation/354798-latest-windows-update-issues-caution-3.html
http://www.sevenforums.com/windows-updates-activation/354853-warning-kb3004394-corrupts-system-files.html
http://www.infoworld.com/article/2858014/operating-systems/botched-kb-3004394-triggers-uacs-diagnostic-tool-error-0x8000706f7-amd-catalyst-driver-fail-defende.html
http://www.bleepingcomputer.com/forums/t/559332/windows-update-kb3004394-triggers-error-messages/
http://forums.whatthetech.com/index.php?showtopic=129065&p=859478
I was unable to figure out how to revert Malwarebytes back to a free version. Any suggestions would be appreceiated.
See if this helps:
https://helpdesk.malwarebytes.org/hc/en-us/articles/201948497-I-keep-getting-notified-that-my-trial-has-expired-how-do-I-revert-to-the-free-version-
If not, we'll completely remove the programme, and install the Free version.
This computer still goes through frequent spells where it is very slow (virtually locked up). I have no idea what is causing it.
Okay.
Lets do a few more checks for malware, and we can move onto non-malware troubleshooting if necessary.
Follow these instructions (http://windows.microsoft.com/en-GB/windows7/create-a-restore-point) on creating a Restore Point.
STEP 1
http://i.imgur.com/9SN2ePL.png ComboFix
Note: Please read through these instructions before running ComboFix.
Please download ComboFix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) and save the file to your Desktop. << Important!
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Right-Click ComboFix.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Allow ComboFix to complete it's removal routine (please refer to Important Notes:).
Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.
Re-enable your anti-virus software.
Important Notes:
Do NOT mouse click ComboFix's window whilst it is running. This may cause the programme to stall.
Do NOT use your computer whilst ComboFix is running.
Your Desktop/taskbar may disappear whilst ComboFix is running; this is normal.
If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.
ComboFix will disconnect your machine from the Internet as soon as it starts.
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If you are unable to access the Internet after running ComboFix, please reboot your computer.
STEP 2
http://i.imgur.com/YARWD1t.png TDSSKiller Scan
Please download TDSSKiller (http://www.bleepingcomputer.com/download/tdsskiller/dl/4/) and save the file to your Desktop.
Right-Click TDSSKiller.exe and select http:///i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Change parameters. Place a checkmark next to Loaded Modules, Verfiy file digital signatures and Detect TDLFS file system.
Note: If you receive the following message: Extended Monitoring Driver is required, click Reboot now, and continue from here following the reboot.
Click Start Scan. Do not use the computer during the scan.
If objects are found, change the action to skip.
Click Continue and close the window.
A log will be created and saved to the root directory (usually C:\). Upload the file to my channel (http://www.bleepingcomputer.com/submit-malware.php?channel=174).
STEP 3
http://i.imgur.com/7D2ig3K.png Emsisoft Emergency Kit (Portable)
Please download Emsisoft Emergency Kit (http://www.emsisoft.com/en/software/eek/download) and save the file to a your Desktop.
Double-click EmsisoftEmergencyKit.exe.
Click Extract.
Upon completion, double-click the Emsisoft Emergency Kit shortcut on your Desktop to start the programme.
Click Yes to update the programme definitions.
Click Yes to detect Potentially Unwanted Programs (PUP's).
Click Scan now.
Select Full Scan and click Scan.
Close any High Risk notification screen that may appear.
When the scan is finished click Quarantine selected objects if malicious objects were found.
Click View Report, and open the most recent log.
Copy the contents of the log and paste in your next reply.
======================================================
STEP 4
http://i.imgur.com/pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
Could you revert MBAM to the free version?
ComboFix.txt
TDSSKiller log (uploaded!)
Emsisoft log
captngaryr
2014-12-12, 20:11
Hi Adam,
I was able to Malwarebytes running but it found no threats.
Combofix.log
ComboFix 14-12-10.03 - Jan 12/12/2014 11:04:36.1.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.1918.721 [GMT -5:00]
Running from: c:\users\Jan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system64
c:\windows\system64\msvcp100.dll
c:\windows\system64\msvcr100.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-11-12 to 2014-12-12 )))))))))))))))))))))))))))))))
.
.
2014-12-12 15:09 . 2014-12-12 15:12 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-12 15:09 . 2014-11-21 11:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-12 15:09 . 2014-11-21 11:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-12 15:09 . 2014-11-21 11:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-12 15:09 . 2014-12-12 15:09 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-12-12 03:12 . 2014-12-12 03:12 -------- d-----w- c:\users\Jan\AppData\Local\CrashDumps
2014-12-11 20:58 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CDF0A757-F3E6-4E50-88BD-D13EDCEA3055}\mpengine.dll
2014-12-11 17:38 . 2014-12-11 17:38 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-11 17:38 . 2014-12-11 17:38 -------- d-----w- c:\programdata\RogueKiller
2014-12-11 17:33 . 2014-12-11 17:33 -------- d-----w- c:\users\Default\AppData\Local\Google
2014-12-11 17:20 . 2014-12-11 17:20 -------- d-sh--w- c:\users\Jan\AppData\Local\EmieBrowserModeList
2014-12-11 13:51 . 2014-12-11 13:51 -------- d-----w- c:\programdata\Unchecky
2014-12-11 13:51 . 2014-12-11 13:51 -------- d-----w- c:\program files\Unchecky
2014-12-10 18:21 . 2014-12-10 18:21 -------- d-----w- c:\windows\ERUNT
2014-12-10 17:06 . 2014-12-10 17:06 -------- d-----w- c:\windows\system32\appraiser
2014-12-10 17:04 . 2014-07-07 01:37 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-10 17:04 . 2014-07-07 01:40 103424 ----a-w- c:\windows\system32\mfps.dll
2014-12-10 17:04 . 2014-07-07 01:39 23040 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-10 17:04 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\system32\mf.dll
2014-12-10 17:04 . 2014-07-07 01:39 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-10 16:32 . 2014-11-11 01:32 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-12-10 16:32 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-10 16:30 . 2014-10-30 01:45 155136 ----a-w- c:\windows\system32\charmap.exe
2014-12-10 16:30 . 2014-10-03 01:45 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 16:30 . 2014-10-03 01:45 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-10 16:30 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
2014-12-10 16:30 . 2014-10-03 01:44 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2014-12-10 16:30 . 2014-10-03 01:45 145920 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-09 21:06 . 2014-12-09 21:06 -------- d-----w- c:\program files\Common Files\Java
2014-12-09 21:06 . 2014-12-09 21:06 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-12-09 20:55 . 2014-12-09 20:55 -------- d-----w- c:\programdata\Oracle
2014-12-09 17:11 . 2014-12-09 17:11 -------- d-----w- c:\programdata\Licenses
2014-12-09 17:11 . 2014-12-09 17:11 -------- d-----w- c:\program files\SpywareBlaster
2014-12-08 12:27 . 2014-12-12 03:18 -------- d-----w- C:\FRST
2014-12-03 06:31 . 2014-12-03 06:31 227048 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2014-11-19 18:35 . 2014-11-19 18:35 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-11-19 18:35 . 2014-11-19 18:35 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-11-19 18:35 . 2014-11-19 18:35 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-11-19 18:35 . 2014-11-19 18:35 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-11-19 18:35 . 2014-11-19 18:35 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-11-19 18:34 . 2014-11-19 18:35 -------- d-----w- c:\program files\QuickTime
2014-11-19 18:30 . 2014-11-19 18:31 -------- d-----w- c:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-19 15:02 . 2014-11-11 02:44 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 15:02 . 2014-11-11 02:44 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-18 19:56 . 2014-11-18 19:56 1202848 ----a-w- c:\windows\system32\FM20.DLL
2014-11-18 01:51 . 2014-12-12 11:12 -------- d-----r- c:\users\Jan\Google Drive
2014-11-13 15:38 . 2014-10-18 01:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-13 15:38 . 2014-08-12 01:36 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-13 15:38 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2014-11-13 15:36 . 2014-10-25 01:32 67584 ----a-w- c:\windows\system32\packager.dll
2014-11-13 15:36 . 2014-10-14 01:46 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-13 15:36 . 2014-10-14 01:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-11-13 15:36 . 2014-10-14 01:56 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-13 15:36 . 2014-10-14 01:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-13 15:36 . 2014-10-14 01:47 146432 ----a-w- c:\windows\system32\msaudite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-02 04:17 . 2011-10-09 22:20 8941456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-30 11:24 . 2010-03-16 22:28 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-02 19:23 . 2014-10-02 19:23 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-10-02 19:23 . 2014-10-02 19:23 69632 ----a-w- c:\windows\system32\QuickTime.qts
2014-09-27 12:42 . 2014-09-27 12:42 675988 ----a-w- c:\windows\system32\Minecraft-Installer.exe
2014-09-25 01:40 . 2014-09-30 21:34 519680 ----a-w- c:\windows\system32\qdvd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-21 22:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 22:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 22:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-21 22:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-21 22:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-11-21 43816]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-10-17 43816]
"AppleIEDAV"="c:\program files\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2014-08-05 1080104]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2014-10-21 22869088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-03 1021128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk
backup=c:\windows\pss\Event Planner Reminder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 06:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-03 06:31 1021128 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 06:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-10-11 18:05 60712 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2011-07-25 15:10 468112 ----a-w- c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-10-15 10:42 157480 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 19:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-06-08 22:40 128560 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 19:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact]
2013-05-04 14:27 1694208 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
R1 MpKslf1af6dfc;MpKslf1af6dfc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8137E546-70DE-40C4-A048-F9A9783463F9}\MpKslf1af6dfc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [2010-11-20 12800]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-06 1343400]
R4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Unchecky;Unchecky;c:\program files\Unchecky\bin\unchecky_svc.exe [2014-12-11 111208]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-11 11:30 1087816 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 21:02]
.
2014-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-24 17:07]
.
2014-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-24 17:07]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uInternet Settings,ProxyOverride = <-loopback>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-12-12 11:17:58
ComboFix-quarantined-files.txt 2014-12-12 16:17
.
Pre-Run: 40,743,718,912 bytes free
Post-Run: 40,703,213,568 bytes free
.
- - End Of File - - D8A7A71601DC929CE002485C4B25C02C
A36C5E4F47E84449FF07ED3517B43A31
I will upload TDSSKillerLog and run Emisoft next.
Best regards,
Gary
captngaryr
2014-12-12, 20:14
TDSSKillerLog Uploaded.
Gary
LiquidTension
2014-12-12, 21:39
Thanks Gary.
Instructions to follow once you've posted the Emsisoft log.
captngaryr
2014-12-12, 22:48
Hi Adam,
Here is the Emisoft report.
Emsisoft Emergency Kit - Version 9.0
Last update: 12/12/2014 1:27:58 PM
User account: JRussell-PC\Jan
Scan settings:
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
Scan start: 12/12/2014 1:29:23 PM
Key: HKEY_USERS\S-1-5-21-307368558-4187912120-227459302-1000\SOFTWARE\AOL TOOLBAR detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-307368558-4187912120-227459302-1004\SOFTWARE\AOL TOOLBAR detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\AOL TOOLBAR detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\PCPOWERSPEED detected: Application.InstallAd (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} detected: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} detected: Application.Win32.InstallAd (A)
C:\FRST\Quarantine\C\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo\103\z5M3W.js -> (INFECTED_JS) detected: JS:Trojan.Script.CMO (B)
C:\FRST\Quarantine\C\Users\Jan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo\103\z5M3W.js -> (INFECTED_JS) detected: JS:Trojan.Script.CMO (B)
C:\FRST\Quarantine\C\Users\Jan\Documents\SplashMoney\To Palm\SecurityScannerFull.msi.xBAD -> (Embedded CAB) -> PO1_1163A1920E2C4BCA945E74D38DCDD210_603D17085DCD499E983B29042767E53B detected: Application.Generic.345282 (B)
C:\FRST\Quarantine\C\Users\Jan\Pictures\CouponPrinter.exe.xBAD -> (payload) detected: Adware.Generic.132199 (B)
Scanned 243620
Found 11
Scan end: 12/12/2014 3:41:06 PM
Scan time: 2:11:43
C:\FRST\Quarantine\C\Users\Jan\Pictures\CouponPrinter.exe.xBAD Quarantined Adware.Generic.132199 (B)
C:\FRST\Quarantine\C\Users\Jan\Documents\SplashMoney\To Palm\SecurityScannerFull.msi.xBAD Quarantined Application.Generic.345282 (B)
C:\FRST\Quarantine\C\Users\Jan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo\103\z5M3W.js Quarantined JS:Trojan.Script.CMO (B)
C:\FRST\Quarantine\C\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo\103\z5M3W.js Quarantined JS:Trojan.Script.CMO (B)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} Quarantined Application.Win32.InstallAd (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\PCPOWERSPEED Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\AOL TOOLBAR Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-307368558-4187912120-227459302-1004\SOFTWARE\AOL TOOLBAR Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-307368558-4187912120-227459302-1000\SOFTWARE\AOL TOOLBAR Quarantined Application.InstallAd (A)
Quarantined 10
LiquidTension
2014-12-13, 06:03
Hi Gary,
That log doesn't look too bad.
-------------
Moving on.
Please describe in detail the exact nature of the issue(s) you're currently experiencing.
Elaborate on slowness - what is slow? Startup/shut down, browsing the Internet, opening programmes, etc?
Does this only occur when you are connected to the Internet? What are you doing when this occurs?
captngaryr
2014-12-13, 14:42
Hi Adam,
OK, so now you're asking the difficult questions. The laptop belongs to my wife, so I don't use it every day, but from my limited assessment, the laptop is very slow to do anything for the first 5 minutes or so after boot up. That means applications load slowly and Chrome is so slow that it times out when accessing a web page. After a while it speeds up and performs adequately. The machine is not a fast machine anyway. It is a Dell Inspiron 1501 with a AMD 64 Athalon x2 processor. It is a 1.8 GHz processor with 2 GB or ram. It is running Windows 7 Enterprise Any thoughts?
Best regards,
Gary
LiquidTension
2014-12-13, 18:57
Hi Gary,
Thank you for your description.
Please temporarily uninstall Spybot Search and Destroy.
Then do the following.
Let me know if you notice a difference in performance.
http://i.imgur.com/F0hoanr.png Clean Boot
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type msconfig and click OK.
If prompted for an administrator password or for confirmation, type the password, or provide confirmation.
In the General tab, click Selective Startup.
Remove the checkmark next to Load startup items.
Click the Services tab.
Place a checkmark next to Hide all Microsoft services.
Click Disable all, followed by OK.
When prompted, click Restart and boot normally into Windows.
Check your computer startup performance.
captngaryr
2014-12-13, 19:41
Hi Adam,
Chrome didn't time out this time but was still pretty slow. Then after a couple of minutes, it sped up. Nothing definitive.
best regards,
Gary
LiquidTension
2014-12-14, 05:22
Hi Gary,
Please reverse the clean boot steps.
-------------
Troubleshooting a slow computer isn't always straight forward - there can be many issues responsible.
Lets get a fresh set of FRST logs and go from there.
http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan
Right-Click FRST.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
captngaryr
2014-12-14, 14:48
Hi Adam,
Here they are:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-12-2014
Ran by Jan (administrator) on JRUSSELL-PC on 14-12-2014 06:29:50
Running from C:\Users\Jan\Desktop
Loaded Profile: Jan (Available profiles: Jan & Gary)
Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Creative Home) C:\Program Files\Creative Home\Hallmark Card Studio 2013 Deluxe\Planner\PLNRnote.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Wondershare Helper Compact] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1694208 2013-05-04] (Wondershare)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-15] (Synaptics, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128560 2007-06-08] (CyberLink Corp.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk
ShortcutTarget: Event Planner Reminder.lnk -> C:\Program Files\Creative Home\Hallmark Card Studio 2013 Deluxe\Planner\PLNRnote.exe (Creative Home)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-307368558-4187912120-227459302-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-307368558-4187912120-227459302-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-307368558-4187912120-227459302-1000 -> {FD48298C-FE41-4BA1-AD03-69FF6400DA56} URL = http://www.amazon.com/s?ie=UTF8&tag=amznsearch.ms-20&index=aps&link%5Fcode=qs&field-keywords={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-307368558-4187912120-227459302-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.243.0.12
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (PalmSource Package Installer) - C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Jan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Profile: C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-09]
CHR Extension: (Adblock Plus) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-09]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-11]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-12-09]
CHR Extension: (Google Wallet) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-12-09]
CHR HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Jan\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-11-21]
CHR HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [1333016 2008-11-22] (Diskeeper Corporation)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-03-16] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [111208 2014-12-11] (RaMMicHaeL)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2014-12-12] (Emsisoft GmbH)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\system32\drivers\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Jan\AppData\Local\Temp\catchme.sys [X]
S1 MpKslf1af6dfc; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8137E546-70DE-40C4-A048-F9A9783463F9}\MpKslf1af6dfc.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-14 06:29 - 2014-12-14 06:29 - 00000000 ____D () C:\Users\Jan\Desktop\FRST-OlderVersion
2014-12-12 13:24 - 2014-12-12 13:24 - 00000743 _____ () C:\Users\Jan\Desktop\Start Emsisoft Emergency Kit.lnk
2014-12-12 13:24 - 2014-12-12 13:24 - 00000000 ____D () C:\EEK
2014-12-12 13:21 - 2014-12-12 13:22 - 166945400 _____ () C:\Users\Jan\Desktop\EmsisoftEmergencyKit.exe
2014-12-12 12:51 - 2014-12-12 12:51 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Jan\Desktop\tdsskiller.exe
2014-12-12 11:17 - 2014-12-12 11:17 - 00016831 _____ () C:\ComboFix.txt
2014-12-12 11:01 - 2014-12-12 11:18 - 00000000 ____D () C:\Qoobox
2014-12-12 11:01 - 2014-12-12 11:15 - 00000000 ____D () C:\Windows\erdnt
2014-12-12 11:01 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-12 11:01 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-12 11:01 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-12 11:01 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-12 11:01 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-12 11:01 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-12 11:01 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-12 11:01 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-12 10:59 - 2014-12-12 11:00 - 05600944 ____R (Swearware) C:\Users\Jan\Desktop\ComboFix.exe
2014-12-12 10:09 - 2014-12-12 10:12 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-12 10:09 - 2014-12-12 10:09 - 00001020 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-12 10:09 - 2014-12-12 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-12 10:09 - 2014-12-12 10:09 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-12 10:09 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-12 10:09 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-12 10:09 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-12 10:07 - 2014-12-12 10:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jan\Desktop\mbam-setup-2.0.4.1028 (1).exe
2014-12-11 22:12 - 2014-12-11 22:12 - 00000000 ____D () C:\Users\Jan\AppData\Local\CrashDumps
2014-12-11 16:11 - 2014-12-11 16:11 - 00003020 _____ () C:\Users\Jan\Desktop\RKreport_SCN_12112014_125545.log
2014-12-11 15:57 - 2014-12-11 15:57 - 00003287 _____ () C:\Users\Jan\Desktop\MyEsetScan.txt
2014-12-11 13:00 - 2014-12-11 13:00 - 02347384 _____ (ESET) C:\Users\Jan\Desktop\esetsmartinstaller_enu.exe
2014-12-11 12:38 - 2014-12-11 12:38 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-11 12:38 - 2014-12-11 12:38 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-11 12:35 - 2014-12-11 12:35 - 15201368 _____ () C:\Users\Jan\Desktop\RogueKiller.exe
2014-12-11 12:33 - 2014-12-11 12:33 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-12-11 12:33 - 2014-12-11 12:33 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-12-11 12:27 - 2014-12-11 12:29 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jan\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-11 12:20 - 2014-12-11 12:20 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieBrowserModeList
2014-12-11 08:51 - 2014-12-11 08:51 - 00881704 _____ (RaMMicHaeL) C:\Users\Jan\Desktop\unchecky_setup.exe
2014-12-11 08:51 - 2014-12-11 08:51 - 00000949 _____ () C:\Users\Public\Desktop\Unchecky.lnk
2014-12-11 08:51 - 2014-12-11 08:51 - 00000000 ____D () C:\ProgramData\Unchecky
2014-12-11 08:51 - 2014-12-11 08:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2014-12-11 08:51 - 2014-12-11 08:51 - 00000000 ____D () C:\Program Files\Unchecky
2014-12-11 06:34 - 2014-12-11 06:35 - 00030178 _____ () C:\Users\Jan\Desktop\Addition.txt
2014-12-11 06:33 - 2014-12-14 06:30 - 00018301 _____ () C:\Users\Jan\Desktop\FRST.txt
2014-12-11 06:30 - 2014-12-11 06:30 - 00002161 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 06:30 - 2014-12-11 06:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-11 06:23 - 2014-12-11 06:23 - 00000629 _____ () C:\Users\Jan\Desktop\JRT.txt
2014-12-11 06:19 - 2014-12-11 06:19 - 01707646 _____ (Thisisu) C:\Users\Jan\Desktop\JRT.exe
2014-12-11 06:04 - 2014-12-11 06:04 - 00280383 _____ () C:\Users\Jan\Documents\bookmarks_12_11_14.html
2014-12-10 14:32 - 2014-12-14 06:29 - 01111552 _____ (Farbar) C:\Users\Jan\Desktop\FRST.exe
2014-12-10 13:29 - 2014-12-10 13:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-10 13:21 - 2014-12-10 13:21 - 00000000 ____D () C:\Windows\ERUNT
2014-12-10 13:20 - 2014-12-10 13:20 - 01707646 _____ (Thisisu) C:\Users\Jan\Downloads\JRT.exe
2014-12-10 13:16 - 2014-12-14 06:26 - 00000728 _____ () C:\Windows\setupact.log
2014-12-10 13:16 - 2014-12-12 12:57 - 00003500 _____ () C:\Windows\PFRO.log
2014-12-10 13:16 - 2014-12-10 13:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-10 13:08 - 2014-12-10 13:09 - 02166272 _____ () C:\Users\Jan\Downloads\AdwCleaner (1).exe
2014-12-10 12:43 - 2014-12-10 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-12-10 12:06 - 2014-12-10 12:06 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 12:04 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 12:04 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 12:04 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 12:04 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 12:04 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 11:32 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 11:32 - 2014-11-10 20:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 11:31 - 2014-12-03 23:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 11:31 - 2014-12-03 23:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 11:31 - 2014-12-03 23:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 11:31 - 2014-12-03 23:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 11:31 - 2014-12-03 23:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 11:31 - 2014-12-03 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 11:31 - 2014-12-03 23:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 11:31 - 2014-12-01 18:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 11:31 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 11:31 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 11:31 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 11:31 - 2014-11-21 21:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 11:31 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 11:31 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 11:31 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 11:31 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 11:31 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 11:31 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 11:31 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 11:31 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 11:31 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 11:31 - 2014-11-21 20:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 11:31 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 11:31 - 2014-11-21 20:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 11:31 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 11:31 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 11:31 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 11:31 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 11:31 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 11:31 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 11:31 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 11:31 - 2014-11-21 20:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 11:31 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 11:31 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 11:31 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 11:31 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 11:31 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 11:31 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 11:31 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 11:30 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 11:30 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 11:30 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 11:30 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 11:30 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 11:30 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 16:19 - 2014-12-09 16:19 - 00852487 _____ () C:\Users\Jan\Downloads\SecurityCheck.exe
2014-12-09 16:06 - 2014-12-09 16:06 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-12-09 16:06 - 2014-12-09 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-09 16:06 - 2014-12-09 16:06 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-12-09 16:00 - 2014-12-09 16:00 - 00638888 _____ (Oracle Corporation) C:\Users\Jan\Downloads\chromeinstall-8u25 (1).exe
2014-12-09 15:55 - 2014-12-09 15:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-09 15:53 - 2014-12-09 15:53 - 00638888 _____ (Oracle Corporation) C:\Users\Jan\Downloads\chromeinstall-8u25.exe
2014-12-09 15:50 - 2014-12-09 15:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 15:50 - 2014-12-09 15:50 - 00001949 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-12-09 15:40 - 2014-12-09 15:41 - 17711760 _____ (Adobe Systems Inc.) C:\Users\Jan\Downloads\AdobeAIRInstaller (1).exe
2014-12-09 12:11 - 2014-12-09 12:11 - 00000997 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-12-09 12:11 - 2014-12-09 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-12-09 12:11 - 2014-12-09 12:11 - 00000000 ____D () C:\ProgramData\Licenses
2014-12-09 12:11 - 2014-12-09 12:11 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-12-09 12:10 - 2014-12-09 12:11 - 04095448 _____ (BrightFort LLC ) C:\Users\Jan\Downloads\spywareblastersetup50.exe
2014-12-08 07:36 - 2014-12-08 07:38 - 00030869 _____ () C:\Users\Jan\Downloads\Addition.txt
2014-12-08 07:31 - 2014-12-08 07:38 - 00027217 _____ () C:\Users\Jan\Downloads\FRST.txt
2014-12-08 07:27 - 2014-12-14 06:29 - 00000000 ____D () C:\FRST
2014-12-08 07:26 - 2014-12-08 07:26 - 01111040 _____ (Farbar) C:\Users\Jan\Downloads\FRST.exe
2014-11-19 13:35 - 2014-11-19 13:35 - 00001775 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-19 13:35 - 2014-11-19 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-19 13:34 - 2014-11-19 13:35 - 00000000 ____D () C:\Program Files\QuickTime
2014-11-19 13:30 - 2014-11-19 13:31 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-19 10:02 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 10:02 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
2014-11-17 20:51 - 2014-12-14 06:27 - 00000000 ___RD () C:\Users\Jan\Google Drive
2014-11-17 20:51 - 2014-11-17 20:51 - 00001684 _____ () C:\Users\Jan\Desktop\Google Drive.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-14 06:31 - 2014-08-24 12:08 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-14 06:30 - 2010-03-16 20:08 - 02001155 _____ () C:\Windows\WindowsUpdate.log
2014-12-14 06:26 - 2014-08-24 12:08 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-14 06:26 - 2010-03-21 10:24 - 00000000 ____D () C:\MDT
2014-12-14 06:26 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-14 06:24 - 2009-07-13 23:34 - 00024384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-14 06:24 - 2009-07-13 23:34 - 00024384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 06:23 - 2014-08-24 12:27 - 00000000 ____D () C:\Windows\pss
2014-12-14 06:17 - 2012-07-12 20:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-13 12:21 - 2010-03-16 19:07 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-12-13 12:20 - 2010-03-16 19:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-12 11:18 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Default
2014-12-12 11:18 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-12-12 11:14 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini
2014-12-12 07:47 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-12-11 12:34 - 2014-10-02 16:23 - 00001960 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-12-11 12:34 - 2014-10-02 16:23 - 00001958 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-12-11 12:34 - 2014-10-02 16:23 - 00001948 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-12-11 12:34 - 2014-10-02 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-12-11 12:22 - 2014-10-01 17:34 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-11 12:20 - 2010-03-16 17:17 - 00000000 ____D () C:\Users\Jan
2014-12-11 12:15 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-12-11 06:30 - 2010-03-17 13:30 - 00000000 ____D () C:\Program Files\Google
2014-12-10 12:18 - 2011-02-04 17:33 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-10 12:06 - 2014-07-12 08:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 12:06 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 12:03 - 2013-10-06 20:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 11:55 - 2010-03-16 17:26 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 16:05 - 2010-03-16 18:38 - 00000000 ____D () C:\Program Files\Java
2014-12-09 15:55 - 2011-04-06 06:22 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-12-09 15:55 - 2011-04-06 06:22 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-09 15:55 - 2011-04-06 06:22 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-09 15:52 - 2010-03-16 18:34 - 00000000 ____D () C:\Users\Jan\AppData\Local\Adobe
2014-12-09 15:50 - 2010-03-16 18:31 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-09 15:49 - 2010-03-16 18:29 - 00000000 ____D () C:\Program Files\Adobe
2014-12-09 15:44 - 2010-03-16 18:41 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-12-09 12:20 - 2011-02-05 11:20 - 00000925 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-09 12:20 - 2011-02-05 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-09 12:20 - 2010-03-16 19:03 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-09 12:19 - 2010-03-16 19:03 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-19 13:31 - 2014-04-14 17:45 - 00001713 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-19 13:31 - 2011-08-27 07:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-19 13:31 - 2011-08-07 21:01 - 00000000 ____D () C:\Program Files\iTunes
2014-11-19 13:30 - 2010-03-21 08:34 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-19 13:29 - 2014-09-09 09:07 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-11-17 14:36 - 2010-03-16 17:21 - 00855842 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-16 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-16 08:02 - 2009-07-13 23:33 - 00494072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-16 08:00 - 2014-06-22 14:40 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Copy
2014-11-16 07:23 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Branding
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-08 09:19
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-12-2014
Ran by Jan at 2014-12-14 06:33:46
Running from C:\Users\Jan\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 7.1.0 Professional (HKLM\...\Adobe Acrobat 7.0 Professional - V) (Version: 7.1.0 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 2.61 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon)
AOL Toolbar (HKU\S-1-5-21-307368558-4187912120-227459302-1000\...\AOL Toolbar) (Version: - )
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 5.1 (HKLM\...\MP Navigator EX 5.1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Click to Call with Skype (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8153 - Skype Technologies S.A.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Diskeeper 2009 Professional (HKLM\...\{76C038B6-95BF-47CE-85C8-2EE5915D145C}) (Version: 13.0.835.32 - Diskeeper Corporation)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Hallmark Card Studio 2013 Deluxe (HKLM\...\{A6E08FBC-FC99-4CEE-B645-83A42107BE89}) (Version: 14.0.1.1 - Creative Home)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: - )
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Menu Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2008 Standard Edition - ENU (HKLM\...\Microsoft Visual Studio 2008 Standard Edition - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{05EC21B8-4593-3037-A781-A6B5AFFCB19D}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{64c5b887-b5ee-42b8-8596-78905a6b5f1f}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (HKLM\...\{B268E9A1-04A9-40D0-9866-846BE2B74BA7}) (Version: 6.1.5288.17011 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Movie Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 (HKLM\...\{bb0d5197-d91a-468a-9db1-81a26079efb3}) (Version: - Nero AG)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PhotoshopdotcomInspirationBrowser (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0 - Dell)
Quicken 2008 (HKLM\...\{3B0F52AC-EF5C-4831-B221-06C782E41280}) (Version: 17.1.7.5 - Intuit)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
SoundTrax (Version: 4.4.37.1 - Nero AG) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.0.1.3 - Synaptics)
Unchecky v0.3.4 (HKLM\...\Unchecky) (Version: 0.3.4 - RaMMicHaeL)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC Runtimes MSI (Version: 9.0.21022 - Microsoft) Hidden
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
13-12-2014 18:07:53 Scheduled Checkpoint
14-12-2014 11:19:50 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:04 - 2014-12-14 06:26 - 00001196 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
There are 5 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {251E0412-86EB-42B7-94A0-29DE0DCD0BDB} - System32\Tasks\{99F1D448-A035-4D4F-B08F-9C298D14B85F} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {38DE698E-135F-4EED-8F3B-A2EF9C1B39FF} - System32\Tasks\{79264564-4269-4F7C-9782-8BF89C64B272} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {40338CA4-7958-4930-82BF-10DF2B107DB6} - System32\Tasks\{D7439C65-FF1E-41AA-BB9F-75C89A7549AC} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {40B7D9F5-4481-4EA5-9662-A63CC8B3ECC1} - System32\Tasks\{83E63673-3C17-4770-BEBB-C50A06012874} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {411AD518-21A1-49A9-82D0-12FC8917F531} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {48142775-11AB-4946-9210-B627B68295B7} - System32\Tasks\{6FB82D0E-1363-417B-8F9C-A78ACCFE2080} => C:\Afterguard\bin\Debug\Afterguard.exe
Task: {4C81F37B-FE0A-4E33-9775-1A3EA6596E01} - System32\Tasks\{6067FE0F-DDAC-40AE-A6A1-BC4E26B1BB72} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {4D1DCB40-B06D-438D-892D-4EFB1D50BCA0} - System32\Tasks\{ED214480-C912-40DF-829B-8CA52DA87986} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {62056E0A-81D1-48B9-BD24-C484100DACC8} - System32\Tasks\{1B439A72-430A-486F-B961-F88DF8C70E21} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {6C2AC357-C59D-47B3-9CDF-C5607457A104} - System32\Tasks\{406B4CEE-0D01-4045-A0CE-20A7F974F844} => Chrome.exe
Task: {7D1B07E5-B607-4F8F-992C-200674D05A59} - System32\Tasks\{9DCDDC15-D6DB-4AA8-B2B7-B625D0FAAB98} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {7EB4BD7D-9DE6-4741-B1F8-8A3CF08AF1B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-11] (Adobe Systems Incorporated)
Task: {80693FBD-4D93-4DC9-8927-5CF96870D9B3} - System32\Tasks\{E04C7935-726F-4382-8430-75237BAB080B} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {879D4134-A08C-446E-8273-CA7AE0B7D82E} - System32\Tasks\{096EFC5C-9509-4C04-8491-D75D661D7A98} => pcalua.exe -a C:\Windows\system32\wuwuninst.exe
Task: {994EA4B5-55B0-4BDC-807E-7925400F3FCE} - System32\Tasks\{A73CB635-FBA9-44F2-A2B3-C1040CA7CADA} => C:\Program Files\Afterguard\Afterguard.exe
Task: {9F48D35D-82E0-448E-A34F-018C30E7B6BA} - System32\Tasks\{B987A92A-922A-419A-9261-D744266AEBAB} => pcalua.exe -a E:\vipre-premium-setup.exe -d E:\
Task: {AA36AF76-442A-455E-B12E-3CF5DF7FD67E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-24] (Google Inc.)
Task: {B059A988-388E-474F-8681-E7A775D2F5D4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-24] (Google Inc.)
Task: {C178D654-6519-428D-A010-7FB0C03A4298} - System32\Tasks\{E257D6F2-B178-4A17-BADF-354AE9A944D9} => C:\Program Files\Afterguard\Afterguard.exe
Task: {C3509BEC-A3E7-42A1-972F-EF06C3491AEC} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)
Task: {CB9C61F9-38E2-4654-B4E6-BC7B16178DC4} - System32\Tasks\{EB860F96-35B3-4C95-AEEF-EB8C3D25B74F} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {D792FD41-A978-448A-98A7-F5290796060C} - System32\Tasks\{3DD3FD94-1E5A-4562-BB3D-9C3251B95397} => C:\Program Files\Amazon\Kindle\Kindle.exe [2011-12-14] (Amazon.com)
Task: {F5A94878-E9B4-406A-BC49-47743E556941} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FE772D3B-1926-48EC-B1A1-911F1FE6A731} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-14 06:26 - 2014-12-14 06:26 - 00098816 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32api.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 00110080 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\pywintypes27.dll
2014-12-14 06:26 - 2014-12-14 06:26 - 00364544 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\pythoncom27.dll
2014-12-14 06:26 - 2014-12-14 06:26 - 00045568 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\_socket.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 01160704 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\_ssl.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00320512 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32com.shell.shell.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 00713216 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\_hashlib.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 01175040 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\wx._core_.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 00805888 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\wx._gdi_.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 00811008 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\wx._windows_.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 01062400 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\wx._controls_.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00735232 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\wx._misc_.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00128512 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\_elementtree.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00127488 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\pyexpat.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00557056 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\pysqlite2._sqlite.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00087552 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\_ctypes.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00119808 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32file.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00108544 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32security.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 00007168 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\hashobjs_ext.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00167936 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32gui.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00018432 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32event.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00038912 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32inet.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00011264 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32crypt.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 00070656 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\wx._html2.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 00027136 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\_multiprocessing.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00035840 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32process.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00686080 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\unicodedata.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00122368 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\wx._wizard.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 00024064 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32pipe.pyd
2014-12-14 06:27 - 2014-12-14 06:27 - 00025600 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32pdh.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00525640 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\windows._lib_cacheinvalidation.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00010240 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\select.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00017408 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32profile.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00022528 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\win32ts.pyd
2014-12-14 06:26 - 2014-12-14 06:26 - 00078336 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI38762\wx._animate.pyd
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\27913364.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\27913364.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-307368558-4187912120-227459302-500 - Administrator - Disabled)
Gary (S-1-5-21-307368558-4187912120-227459302-1004 - Administrator - Enabled) => C:\Users\Gary
Guest (S-1-5-21-307368558-4187912120-227459302-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-307368558-4187912120-227459302-1002 - Limited - Enabled)
Jan (S-1-5-21-307368558-4187912120-227459302-1000 - Administrator - Enabled) => C:\Users\Jan
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: MpKslf1af6dfc
Description: MpKslf1af6dfc
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKslf1af6dfc
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/14/2014 06:29:07 AM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: Publishing the Key Management Service (KMS) to DNS in the '' domain failed.
Info:
0x80070057
Error: (12/13/2014 00:40:46 PM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: Publishing the Key Management Service (KMS) to DNS in the '' domain failed.
Info:
0x80070057
Error: (12/13/2014 00:23:52 PM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: Publishing the Key Management Service (KMS) to DNS in the '' domain failed.
Info:
0x80070057
Error: (12/13/2014 06:33:50 AM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: Publishing the Key Management Service (KMS) to DNS in the '' domain failed.
Info:
0x80070057
Error: (12/12/2014 11:54:23 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.
Error: (12/12/2014 11:52:09 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Error: (12/12/2014 11:51:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (12/12/2014 04:42:47 PM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: Publishing the Key Management Service (KMS) to DNS in the '' domain failed.
Info:
0x80070057
Error: (12/12/2014 01:00:36 PM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: Publishing the Key Management Service (KMS) to DNS in the '' domain failed.
Info:
0x80070057
Error: (12/12/2014 07:27:06 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.
System errors:
=============
Error: (12/14/2014 06:23:42 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.189.1965.0
Update Source: %NT AUTHORITY59
Update Stage: 3.0.8402.00
Source Path: 3.0.8402.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (12/13/2014 10:52:52 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Error: (12/13/2014 06:31:15 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
Feature: %%835
Error Code: 0x80004005
Error description: Unspecified error
Reason: %%842
Error: (12/12/2014 11:31:17 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Error: (12/12/2014 04:40:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SQL Server (SQLEXPRESS) service failed to start due to the following error:
%%1053
Error: (12/12/2014 04:40:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.
Error: (12/12/2014 11:48:48 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Error: (12/12/2014 11:14:39 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (12/12/2014 11:08:49 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (12/12/2014 11:04:22 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Microsoft Office Sessions:
=========================
Error: (12/14/2014 06:29:07 AM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: 0x80070057
Error: (12/13/2014 00:40:46 PM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: 0x80070057
Error: (12/13/2014 00:23:52 PM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: 0x80070057
Error: (12/13/2014 06:33:50 AM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: 0x80070057
Error: (12/12/2014 11:54:23 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10
Error: (12/12/2014 11:52:09 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files\spybot - search & destroy\DelZip179.dllc:\program files\spybot - search & destroy\DelZip179.dll8
Error: (12/12/2014 11:51:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Canon\mp navigator ex 5.1\mpnmlif64.exe
Error: (12/12/2014 04:42:47 PM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: 0x80070057
Error: (12/12/2014 01:00:36 PM) (Source: Software Protection Platform Service) (EventID: 12293) (User: )
Description: 0x80070057
Error: (12/12/2014 07:27:06 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10
==================== Memory info ===========================
Processor: AMD Processor model unknown
Percentage of memory in use: 38%
Total physical RAM: 1918.05 MB
Available physical RAM: 1174.05 MB
Total Pagefile: 3836.09 MB
Available Pagefile: 2721.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.63 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:38.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 08037D17)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
LiquidTension
2014-12-14, 21:09
Hi Gary,
Please do the following.
STEP 1
http://i.imgur.com/fuv55DC.png Creating System Restore Point (W7/Vista)
Click the Windows Start Button http://i.imgur.com/29Fou9c.jpg. Right-click Computer and click Properties.
Click System protection in the panel on the left.
Click the System Protection tab, followed by Create.
In the System Protection dialog box, type a description, and click Create.
Upon completion, close the window.
STEP 2
http://i.imgur.com/MgeHyNE.png CHKDSK
Note: If you have a Solid State Drive (SSD), do not run CHKDSK. Skip STEP 2, and proceed with STEP 3.
Click Start and type CMD in the Search Bar. Right-Click CMD.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator.
In the command window type the following and press Enter on your keyboard.
chkdsk c: /x /r
If you are prompted to schedule CHKDSK to run the next time the computer restarts, type y and press Enter on your keyboard.
Type Exit and press Enter on your keyboard.
Restart your computer. CHKDSK will automatically run.
Note: This process can take up to an hour.
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type eventvwr.msc and click OK.
Click Windows Logs.
Right-click Application and click Find.
If CHKDSK ran within Windows (you didn't have to restart the computer), type Chkdsk into the text field and click Find Next. The log should appear. Highlight the text, Copy and paste in your next reply.
If CHKDSK ran after a restart, type Winlogon (XP) / Wininit (Vista/7) / Chkdsk (8) into the text field and click Find Next. The log should appear. Highlight the text, Copy and paste in your next reply.
For instructions accompanied by screenshots, please refer to the following article (http://www.sevenforums.com/tutorials/96938-check-disk-chkdsk-read-event-viewer-log.html).
STEP 3
http://i.imgur.com/MgeHyNE.png System File Checker (SFC)
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
Copy the entire contents of the codebox below and paste into the Notepad document.
sfc /scannow
findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcresults.txt"
notepad %userprofile%\Desktop\sfcresults.txt
del %0
Click Format. Ensure Wordwrap is unchecked.
Click File, Save As and name the file querysfc.bat.
Select All Files as the Save as type.
Save the file to your Desktop.
Locate querysfc.bat http://i.imgur.com/lmRDSkT.png on your Desktop. Right-click the icon and click http://i.imgur.com/AVOiBNU.jpg Run as administrator.
Upon completion, a log (sfcresults.txt) will open on your Desktop. Copy the contents of the log and paste in your next reply.
captngaryr
2014-12-15, 14:03
Hi Adam,
I'm sorry for the delay, but we hosted a big Christmas party yesterday and didn't get back to the laptop until late last night. At that time I couldn't get chkdsk to run. It's running this morning, but after 1 hour it's only at 19%. Obviously, it's going to take a while. I will post as soon as it is finished.
Best regards,
Gary
captngaryr
2014-12-15, 14:39
In Step 2, after right-clicking "Application", the "Find" choice is grayed out. Any ideas?
Gary
captngaryr
2014-12-15, 17:04
Hi Adam,
Here are the System File Checker results:
2014-12-15 09:47:23, Info CSI 00000009 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:47:23, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2014-12-15 09:47:31, Info CSI 0000000c [SR] Verify complete
2014-12-15 09:47:31, Info CSI 0000000d [SR] Verifying 100 (0x00000064) components
2014-12-15 09:47:31, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2014-12-15 09:47:38, Info CSI 00000010 [SR] Verify complete
2014-12-15 09:47:38, Info CSI 00000011 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:47:38, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2014-12-15 09:47:45, Info CSI 00000014 [SR] Verify complete
2014-12-15 09:47:45, Info CSI 00000015 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:47:45, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2014-12-15 09:47:50, Info CSI 00000018 [SR] Verify complete
2014-12-15 09:47:50, Info CSI 00000019 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:47:50, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2014-12-15 09:47:53, Info CSI 0000001c [SR] Verify complete
2014-12-15 09:47:53, Info CSI 0000001d [SR] Verifying 100 (0x00000064) components
2014-12-15 09:47:53, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2014-12-15 09:47:56, Info CSI 00000020 [SR] Verify complete
2014-12-15 09:47:56, Info CSI 00000021 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:47:56, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2014-12-15 09:47:59, Info CSI 00000024 [SR] Verify complete
2014-12-15 09:47:59, Info CSI 00000025 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:47:59, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:02, Info CSI 00000028 [SR] Verify complete
2014-12-15 09:48:02, Info CSI 00000029 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:02, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:05, Info CSI 0000002c [SR] Verify complete
2014-12-15 09:48:05, Info CSI 0000002d [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:05, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:07, Info CSI 00000030 [SR] Verify complete
2014-12-15 09:48:08, Info CSI 00000031 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:08, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:10, Info CSI 00000034 [SR] Verify complete
2014-12-15 09:48:11, Info CSI 00000035 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:11, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:13, Info CSI 00000038 [SR] Verify complete
2014-12-15 09:48:13, Info CSI 00000039 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:13, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:18, Info CSI 0000003c [SR] Verify complete
2014-12-15 09:48:18, Info CSI 0000003d [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:18, Info CSI 0000003e [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:22, Info CSI 00000040 [SR] Verify complete
2014-12-15 09:48:22, Info CSI 00000041 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:22, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:25, Info CSI 00000044 [SR] Verify complete
2014-12-15 09:48:26, Info CSI 00000045 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:26, Info CSI 00000046 [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:29, Info CSI 00000048 [SR] Verify complete
2014-12-15 09:48:29, Info CSI 00000049 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:29, Info CSI 0000004a [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:33, Info CSI 0000004c [SR] Verify complete
2014-12-15 09:48:33, Info CSI 0000004d [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:33, Info CSI 0000004e [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:36, Info CSI 00000050 [SR] Verify complete
2014-12-15 09:48:37, Info CSI 00000051 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:37, Info CSI 00000052 [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:42, Info CSI 00000054 [SR] Verify complete
2014-12-15 09:48:42, Info CSI 00000055 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:42, Info CSI 00000056 [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:48, Info CSI 00000058 [SR] Verify complete
2014-12-15 09:48:48, Info CSI 00000059 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:48, Info CSI 0000005a [SR] Beginning Verify and Repair transaction
2014-12-15 09:48:53, Info CSI 0000005c [SR] Verify complete
2014-12-15 09:48:53, Info CSI 0000005d [SR] Verifying 100 (0x00000064) components
2014-12-15 09:48:53, Info CSI 0000005e [SR] Beginning Verify and Repair transaction
2014-12-15 09:49:03, Info CSI 00000060 [SR] Verify complete
2014-12-15 09:49:03, Info CSI 00000061 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:49:03, Info CSI 00000062 [SR] Beginning Verify and Repair transaction
2014-12-15 09:49:14, Info CSI 00000064 [SR] Verify complete
2014-12-15 09:49:14, Info CSI 00000065 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:49:14, Info CSI 00000066 [SR] Beginning Verify and Repair transaction
2014-12-15 09:49:23, Info CSI 0000006b [SR] Verify complete
2014-12-15 09:49:23, Info CSI 0000006c [SR] Verifying 100 (0x00000064) components
2014-12-15 09:49:23, Info CSI 0000006d [SR] Beginning Verify and Repair transaction
2014-12-15 09:49:30, Info CSI 00000070 [SR] Verify complete
2014-12-15 09:49:30, Info CSI 00000071 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:49:30, Info CSI 00000072 [SR] Beginning Verify and Repair transaction
2014-12-15 09:49:37, Info CSI 00000074 [SR] Verify complete
2014-12-15 09:49:37, Info CSI 00000075 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:49:37, Info CSI 00000076 [SR] Beginning Verify and Repair transaction
2014-12-15 09:49:47, Info CSI 0000007a [SR] Verify complete
2014-12-15 09:49:47, Info CSI 0000007b [SR] Verifying 100 (0x00000064) components
2014-12-15 09:49:47, Info CSI 0000007c [SR] Beginning Verify and Repair transaction
2014-12-15 09:50:00, Info CSI 00000086 [SR] Verify complete
2014-12-15 09:50:00, Info CSI 00000087 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:50:00, Info CSI 00000088 [SR] Beginning Verify and Repair transaction
2014-12-15 09:50:09, Info CSI 0000008a [SR] Verify complete
2014-12-15 09:50:10, Info CSI 0000008b [SR] Verifying 100 (0x00000064) components
2014-12-15 09:50:10, Info CSI 0000008c [SR] Beginning Verify and Repair transaction
2014-12-15 09:50:18, Info CSI 0000008e [SR] Verify complete
2014-12-15 09:50:18, Info CSI 0000008f [SR] Verifying 100 (0x00000064) components
2014-12-15 09:50:18, Info CSI 00000090 [SR] Beginning Verify and Repair transaction
2014-12-15 09:50:25, Info CSI 00000092 [SR] Verify complete
2014-12-15 09:50:25, Info CSI 00000093 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:50:25, Info CSI 00000094 [SR] Beginning Verify and Repair transaction
2014-12-15 09:50:36, Info CSI 00000096 [SR] Verify complete
2014-12-15 09:50:36, Info CSI 00000097 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:50:36, Info CSI 00000098 [SR] Beginning Verify and Repair transaction
2014-12-15 09:50:44, Info CSI 0000009a [SR] Verify complete
2014-12-15 09:50:44, Info CSI 0000009b [SR] Verifying 100 (0x00000064) components
2014-12-15 09:50:44, Info CSI 0000009c [SR] Beginning Verify and Repair transaction
2014-12-15 09:50:54, Info CSI 0000009e [SR] Verify complete
2014-12-15 09:50:55, Info CSI 0000009f [SR] Verifying 100 (0x00000064) components
2014-12-15 09:50:55, Info CSI 000000a0 [SR] Beginning Verify and Repair transaction
2014-12-15 09:51:12, Info CSI 000000a4 [SR] Verify complete
2014-12-15 09:51:13, Info CSI 000000a5 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:51:13, Info CSI 000000a6 [SR] Beginning Verify and Repair transaction
2014-12-15 09:51:25, Info CSI 000000a8 [SR] Verify complete
2014-12-15 09:51:25, Info CSI 000000a9 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:51:25, Info CSI 000000aa [SR] Beginning Verify and Repair transaction
2014-12-15 09:51:43, Info CSI 000000ac [SR] Verify complete
2014-12-15 09:51:43, Info CSI 000000ad [SR] Verifying 100 (0x00000064) components
2014-12-15 09:51:43, Info CSI 000000ae [SR] Beginning Verify and Repair transaction
2014-12-15 09:51:57, Info CSI 000000b0 [SR] Verify complete
2014-12-15 09:51:57, Info CSI 000000b1 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:51:57, Info CSI 000000b2 [SR] Beginning Verify and Repair transaction
2014-12-15 09:52:02, Info CSI 000000b4 [SR] Verify complete
2014-12-15 09:52:03, Info CSI 000000b5 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:52:03, Info CSI 000000b6 [SR] Beginning Verify and Repair transaction
2014-12-15 09:52:06, Info CSI 000000b8 [SR] Verify complete
2014-12-15 09:52:06, Info CSI 000000b9 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:52:06, Info CSI 000000ba [SR] Beginning Verify and Repair transaction
2014-12-15 09:52:11, Info CSI 000000bc [SR] Verify complete
2014-12-15 09:52:12, Info CSI 000000bd [SR] Verifying 100 (0x00000064) components
2014-12-15 09:52:12, Info CSI 000000be [SR] Beginning Verify and Repair transaction
2014-12-15 09:52:28, Info CSI 000000dc [SR] Verify complete
2014-12-15 09:52:28, Info CSI 000000dd [SR] Verifying 100 (0x00000064) components
2014-12-15 09:52:28, Info CSI 000000de [SR] Beginning Verify and Repair transaction
2014-12-15 09:52:34, Info CSI 000000e0 [SR] Verify complete
2014-12-15 09:52:34, Info CSI 000000e1 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:52:34, Info CSI 000000e2 [SR] Beginning Verify and Repair transaction
2014-12-15 09:52:40, Info CSI 000000e4 [SR] Verify complete
2014-12-15 09:52:40, Info CSI 000000e5 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:52:40, Info CSI 000000e6 [SR] Beginning Verify and Repair transaction
2014-12-15 09:52:47, Info CSI 000000e8 [SR] Verify complete
2014-12-15 09:52:47, Info CSI 000000e9 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:52:47, Info CSI 000000ea [SR] Beginning Verify and Repair transaction
2014-12-15 09:52:56, Info CSI 000000ec [SR] Verify complete
2014-12-15 09:52:56, Info CSI 000000ed [SR] Verifying 100 (0x00000064) components
2014-12-15 09:52:56, Info CSI 000000ee [SR] Beginning Verify and Repair transaction
2014-12-15 09:53:13, Info CSI 000000f1 [SR] Verify complete
2014-12-15 09:53:13, Info CSI 000000f2 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:53:13, Info CSI 000000f3 [SR] Beginning Verify and Repair transaction
2014-12-15 09:53:20, Info CSI 000000f5 [SR] Verify complete
2014-12-15 09:53:20, Info CSI 000000f6 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:53:20, Info CSI 000000f7 [SR] Beginning Verify and Repair transaction
2014-12-15 09:53:25, Info CSI 000000f9 [SR] Verify complete
2014-12-15 09:53:26, Info CSI 000000fa [SR] Verifying 100 (0x00000064) components
2014-12-15 09:53:26, Info CSI 000000fb [SR] Beginning Verify and Repair transaction
2014-12-15 09:53:39, Info CSI 000000fd [SR] Verify complete
2014-12-15 09:53:39, Info CSI 000000fe [SR] Verifying 100 (0x00000064) components
2014-12-15 09:53:39, Info CSI 000000ff [SR] Beginning Verify and Repair transaction
2014-12-15 09:53:49, Info CSI 00000101 [SR] Verify complete
2014-12-15 09:53:49, Info CSI 00000102 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:53:49, Info CSI 00000103 [SR] Beginning Verify and Repair transaction
2014-12-15 09:53:58, Info CSI 00000105 [SR] Verify complete
2014-12-15 09:53:58, Info CSI 00000106 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:53:58, Info CSI 00000107 [SR] Beginning Verify and Repair transaction
2014-12-15 09:54:12, Info CSI 0000010a [SR] Verify complete
2014-12-15 09:54:12, Info CSI 0000010b [SR] Verifying 100 (0x00000064) components
2014-12-15 09:54:12, Info CSI 0000010c [SR] Beginning Verify and Repair transaction
2014-12-15 09:54:28, Info CSI 00000131 [SR] Verify complete
2014-12-15 09:54:29, Info CSI 00000132 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:54:29, Info CSI 00000133 [SR] Beginning Verify and Repair transaction
2014-12-15 09:54:40, Info CSI 00000135 [SR] Verify complete
2014-12-15 09:54:41, Info CSI 00000136 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:54:41, Info CSI 00000137 [SR] Beginning Verify and Repair transaction
2014-12-15 09:55:05, Info CSI 00000139 [SR] Verify complete
2014-12-15 09:55:05, Info CSI 0000013a [SR] Verifying 100 (0x00000064) components
2014-12-15 09:55:05, Info CSI 0000013b [SR] Beginning Verify and Repair transaction
2014-12-15 09:55:20, Info CSI 0000013e [SR] Verify complete
2014-12-15 09:55:21, Info CSI 0000013f [SR] Verifying 100 (0x00000064) components
2014-12-15 09:55:21, Info CSI 00000140 [SR] Beginning Verify and Repair transaction
2014-12-15 09:55:38, Info CSI 00000142 [SR] Verify complete
2014-12-15 09:55:38, Info CSI 00000143 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:55:38, Info CSI 00000144 [SR] Beginning Verify and Repair transaction
2014-12-15 09:55:51, Info CSI 00000146 [SR] Verify complete
2014-12-15 09:55:51, Info CSI 00000147 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:55:51, Info CSI 00000148 [SR] Beginning Verify and Repair transaction
2014-12-15 09:56:00, Info CSI 0000014a [SR] Verify complete
2014-12-15 09:56:01, Info CSI 0000014b [SR] Verifying 100 (0x00000064) components
2014-12-15 09:56:01, Info CSI 0000014c [SR] Beginning Verify and Repair transaction
2014-12-15 09:56:10, Info CSI 0000014e [SR] Verify complete
2014-12-15 09:56:10, Info CSI 0000014f [SR] Verifying 100 (0x00000064) components
2014-12-15 09:56:10, Info CSI 00000150 [SR] Beginning Verify and Repair transaction
2014-12-15 09:56:19, Info CSI 00000153 [SR] Verify complete
2014-12-15 09:56:19, Info CSI 00000154 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:56:19, Info CSI 00000155 [SR] Beginning Verify and Repair transaction
2014-12-15 09:56:28, Info CSI 00000157 [SR] Verify complete
2014-12-15 09:56:28, Info CSI 00000158 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:56:28, Info CSI 00000159 [SR] Beginning Verify and Repair transaction
2014-12-15 09:56:48, Info CSI 0000015b [SR] Verify complete
2014-12-15 09:56:49, Info CSI 0000015c [SR] Verifying 100 (0x00000064) components
2014-12-15 09:56:49, Info CSI 0000015d [SR] Beginning Verify and Repair transaction
2014-12-15 09:56:58, Info CSI 00000160 [SR] Verify complete
2014-12-15 09:56:59, Info CSI 00000161 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:56:59, Info CSI 00000162 [SR] Beginning Verify and Repair transaction
2014-12-15 09:57:07, Info CSI 00000164 [SR] Verify complete
2014-12-15 09:57:08, Info CSI 00000165 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:57:08, Info CSI 00000166 [SR] Beginning Verify and Repair transaction
2014-12-15 09:57:19, Info CSI 00000168 [SR] Verify complete
2014-12-15 09:57:19, Info CSI 00000169 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:57:19, Info CSI 0000016a [SR] Beginning Verify and Repair transaction
2014-12-15 09:57:35, Info CSI 0000016d [SR] Verify complete
2014-12-15 09:57:35, Info CSI 0000016e [SR] Verifying 100 (0x00000064) components
2014-12-15 09:57:35, Info CSI 0000016f [SR] Beginning Verify and Repair transaction
2014-12-15 09:57:44, Info CSI 00000171 [SR] Verify complete
2014-12-15 09:57:45, Info CSI 00000172 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:57:45, Info CSI 00000173 [SR] Beginning Verify and Repair transaction
2014-12-15 09:57:54, Info CSI 00000175 [SR] Verify complete
2014-12-15 09:57:54, Info CSI 00000176 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:57:54, Info CSI 00000177 [SR] Beginning Verify and Repair transaction
2014-12-15 09:58:04, Info CSI 00000179 [SR] Verify complete
2014-12-15 09:58:04, Info CSI 0000017a [SR] Verifying 100 (0x00000064) components
2014-12-15 09:58:04, Info CSI 0000017b [SR] Beginning Verify and Repair transaction
2014-12-15 09:58:14, Info CSI 0000017e [SR] Verify complete
2014-12-15 09:58:14, Info CSI 0000017f [SR] Verifying 100 (0x00000064) components
2014-12-15 09:58:14, Info CSI 00000180 [SR] Beginning Verify and Repair transaction
2014-12-15 09:58:25, Info CSI 00000182 [SR] Verify complete
2014-12-15 09:58:26, Info CSI 00000183 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:58:26, Info CSI 00000184 [SR] Beginning Verify and Repair transaction
2014-12-15 09:58:31, Info CSI 00000186 [SR] Verify complete
2014-12-15 09:58:31, Info CSI 00000187 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:58:31, Info CSI 00000188 [SR] Beginning Verify and Repair transaction
2014-12-15 09:58:41, Info CSI 0000018a [SR] Verify complete
2014-12-15 09:58:41, Info CSI 0000018b [SR] Verifying 100 (0x00000064) components
2014-12-15 09:58:41, Info CSI 0000018c [SR] Beginning Verify and Repair transaction
2014-12-15 09:58:49, Info CSI 0000018e [SR] Verify complete
2014-12-15 09:58:50, Info CSI 0000018f [SR] Verifying 100 (0x00000064) components
2014-12-15 09:58:50, Info CSI 00000190 [SR] Beginning Verify and Repair transaction
2014-12-15 09:58:55, Info CSI 00000192 [SR] Verify complete
2014-12-15 09:58:55, Info CSI 00000193 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:58:55, Info CSI 00000194 [SR] Beginning Verify and Repair transaction
2014-12-15 09:59:04, Info CSI 00000196 [SR] Verify complete
2014-12-15 09:59:04, Info CSI 00000197 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:59:04, Info CSI 00000198 [SR] Beginning Verify and Repair transaction
2014-12-15 09:59:14, Info CSI 0000019b [SR] Verify complete
2014-12-15 09:59:15, Info CSI 0000019c [SR] Verifying 100 (0x00000064) components
2014-12-15 09:59:15, Info CSI 0000019d [SR] Beginning Verify and Repair transaction
2014-12-15 09:59:24, Info CSI 0000019f [SR] Verify complete
2014-12-15 09:59:25, Info CSI 000001a0 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:59:25, Info CSI 000001a1 [SR] Beginning Verify and Repair transaction
2014-12-15 09:59:35, Info CSI 000001a3 [SR] Verify complete
2014-12-15 09:59:35, Info CSI 000001a4 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:59:35, Info CSI 000001a5 [SR] Beginning Verify and Repair transaction
2014-12-15 09:59:47, Info CSI 000001a7 [SR] Verify complete
2014-12-15 09:59:47, Info CSI 000001a8 [SR] Verifying 100 (0x00000064) components
2014-12-15 09:59:47, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction
2014-12-15 09:59:59, Info CSI 000001ab [SR] Verify complete
2014-12-15 09:59:59, Info CSI 000001ac [SR] Verifying 100 (0x00000064) components
2014-12-15 09:59:59, Info CSI 000001ad [SR] Beginning Verify and Repair transaction
2014-12-15 10:00:04, Info CSI 000001af [SR] Verify complete
2014-12-15 10:00:04, Info CSI 000001b0 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:00:04, Info CSI 000001b1 [SR] Beginning Verify and Repair transaction
2014-12-15 10:00:12, Info CSI 000001b3 [SR] Verify complete
2014-12-15 10:00:12, Info CSI 000001b4 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:00:12, Info CSI 000001b5 [SR] Beginning Verify and Repair transaction
2014-12-15 10:00:21, Info CSI 000001b7 [SR] Verify complete
2014-12-15 10:00:21, Info CSI 000001b8 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:00:21, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2014-12-15 10:00:30, Info CSI 000001bb [SR] Verify complete
2014-12-15 10:00:31, Info CSI 000001bc [SR] Verifying 100 (0x00000064) components
2014-12-15 10:00:31, Info CSI 000001bd [SR] Beginning Verify and Repair transaction
2014-12-15 10:00:39, Info CSI 000001bf [SR] Verify complete
2014-12-15 10:00:39, Info CSI 000001c0 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:00:39, Info CSI 000001c1 [SR] Beginning Verify and Repair transaction
2014-12-15 10:00:45, Info CSI 000001c3 [SR] Verify complete
2014-12-15 10:00:46, Info CSI 000001c4 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:00:46, Info CSI 000001c5 [SR] Beginning Verify and Repair transaction
2014-12-15 10:01:01, Info CSI 000001c7 [SR] Verify complete
2014-12-15 10:01:02, Info CSI 000001c8 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:01:02, Info CSI 000001c9 [SR] Beginning Verify and Repair transaction
2014-12-15 10:01:43, Info CSI 000001cb [SR] Verify complete
2014-12-15 10:01:44, Info CSI 000001cc [SR] Verifying 100 (0x00000064) components
2014-12-15 10:01:44, Info CSI 000001cd [SR] Beginning Verify and Repair transaction
2014-12-15 10:01:57, Info CSI 000001cf [SR] Verify complete
2014-12-15 10:01:57, Info CSI 000001d0 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:01:57, Info CSI 000001d1 [SR] Beginning Verify and Repair transaction
2014-12-15 10:02:13, Info CSI 000001d3 [SR] Verify complete
2014-12-15 10:02:13, Info CSI 000001d4 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:02:13, Info CSI 000001d5 [SR] Beginning Verify and Repair transaction
2014-12-15 10:02:18, Info CSI 000001d7 [SR] Verify complete
2014-12-15 10:02:18, Info CSI 000001d8 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:02:18, Info CSI 000001d9 [SR] Beginning Verify and Repair transaction
2014-12-15 10:02:26, Info CSI 000001db [SR] Verify complete
2014-12-15 10:02:26, Info CSI 000001dc [SR] Verifying 100 (0x00000064) components
2014-12-15 10:02:26, Info CSI 000001dd [SR] Beginning Verify and Repair transaction
2014-12-15 10:02:32, Info CSI 000001df [SR] Verify complete
2014-12-15 10:02:32, Info CSI 000001e0 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:02:32, Info CSI 000001e1 [SR] Beginning Verify and Repair transaction
2014-12-15 10:02:39, Info CSI 000001e3 [SR] Verify complete
2014-12-15 10:02:39, Info CSI 000001e4 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:02:39, Info CSI 000001e5 [SR] Beginning Verify and Repair transaction
2014-12-15 10:02:48, Info CSI 000001e7 [SR] Verify complete
2014-12-15 10:02:48, Info CSI 000001e8 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:02:48, Info CSI 000001e9 [SR] Beginning Verify and Repair transaction
2014-12-15 10:02:50, Info CSI 000001eb [SR] Verify complete
2014-12-15 10:02:50, Info CSI 000001ec [SR] Verifying 100 (0x00000064) components
2014-12-15 10:02:50, Info CSI 000001ed [SR] Beginning Verify and Repair transaction
2014-12-15 10:02:54, Info CSI 000001ef [SR] Verify complete
2014-12-15 10:02:54, Info CSI 000001f0 [SR] Verifying 100 (0x00000064) components
2014-12-15 10:02:54, Info CSI 000001f1 [SR] Beginning Verify and Repair transaction
2014-12-15 10:03:03, Info CSI 000001f3 [SR] Verify complete
2014-12-15 10:03:03, Info CSI 000001f4 [SR] Verifying 47 (0x0000002f) components
2014-12-15 10:03:03, Info CSI 000001f5 [SR] Beginning Verify and Repair transaction
2014-12-15 10:03:07, Info CSI 000001f7 [SR] Verify complete
2014-12-15 10:03:07, Info CSI 000001f8 [SR] Repairing 0 components
2014-12-15 10:03:07, Info CSI 000001f9 [SR] Beginning Verify and Repair transaction
2014-12-15 10:03:07, Info CSI 000001fb [SR] Repair complete
captngaryr
2014-12-15, 17:07
Hi Adam,
When the Chkdsk ran it flashed the result that the files were "clean" or something like that. It was only up for less than a second, so I didn't get the chance to see it clearly, but could that have been the reason that there was nothing to "Find"?
Best regards,
Gary
LiquidTension
2014-12-16, 05:48
Hi Gary,
The following programme should obtain the CHKDSK log for us.
Please download ListChkDskResult (https://dl.dropboxusercontent.com/u/12354842/My%20Tools/ListChkdskResult.exe) and save the file to your Desktop.
Right-Click ListChkdskResult.exe and select https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg Run as Administrator to run the programme.
Click OK if prompted.
Upon completion, a log (ListChkDskResult.txt) will open on your Desktop.
Copy the contents of the log and paste in your next reply.
captngaryr
2014-12-16, 14:25
Here ya go:
ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
------< Log generate on 12/16/2014 7:23:50 AM >------
Category: 0
Computer Name: JRussell-PC
Event Code: 1001
Record Number: 138423
Source Name: Microsoft-Windows-Wininit
Time Written: 12-15-2014 @ 14:19:23
Event Type: Information
User:
Message:
Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
CHKDSK is verifying files (stage 1 of 5)...
205824 file records processed.
File verification completed.
702 large file records processed.
0 bad file records processed.
2 EA records processed.
77 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5)...
264706 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 5)...
205824 file SDs/SIDs processed.
Cleaning up 8 unused index entries from index $SII of file 0x9.
Cleaning up 8 unused index entries from index $SDH of file 0x9.
Cleaning up 8 unused security descriptors.
Security descriptor verification completed.
29442 data files processed.
CHKDSK is verifying Usn Journal...
36540848 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
205808 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
10219222 free clusters processed.
Free space verification is complete.
Windows has checked the file system and found no problems.
117218240 KB total disk space.
75933304 KB in 165405 files.
94680 KB in 29443 indexes.
0 KB in bad sectors.
313368 KB in use by the system.
65536 KB occupied by the log file.
40876888 KB available on disk.
4096 bytes in each allocation unit.
29304560 total allocation units on disk.
10219222 allocation units available on disk.
Internal Info:
00 24 03 00 2b f9 02 00 78 5f 05 00 00 00 00 00 .$..+...x_......
1c 13 00 00 4d 00 00 00 00 00 00 00 00 00 00 00 ....M...........
18 8d 1e 00 50 01 1d 00 28 1b 1d 00 00 00 1d 00 ....P...(.......
Windows has finished checking your disk.
Please wait while your computer restarts.
-----------------------------------------------------------------------
Category: 0
Computer Name: JRussell-PC
Event Code: 1001
Record Number: 138358
Source Name: Microsoft-Windows-Wininit
Time Written: 12-15-2014 @ 12:30:48
Event Type: Information
User:
Message:
Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
CHKDSK is verifying files (stage 1 of 5)...
205824 file records processed.
File verification completed.
702 large file records processed.
0 bad file records processed.
2 EA records processed.
77 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5)...
264688 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 5)...
205824 file SDs/SIDs processed.
Cleaning up 851 unused index entries from index $SII of file 0x9.
Cleaning up 851 unused index entries from index $SDH of file 0x9.
Cleaning up 851 unused security descriptors.
Security descriptor verification completed.
29433 data files processed.
CHKDSK is verifying Usn Journal...
36142872 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
205808 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
10227654 free clusters processed.
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.
117218240 KB total disk space.
75899600 KB in 165352 files.
94660 KB in 29434 indexes.
0 KB in bad sectors.
313364 KB in use by the system.
65536 KB occupied by the log file.
40910616 KB available on disk.
4096 bytes in each allocation unit.
29304560 total allocation units on disk.
10227654 allocation units available on disk.
Internal Info:
00 24 03 00 ed f8 02 00 08 5f 05 00 00 00 00 00 .$......._......
1c 13 00 00 4d 00 00 00 00 00 00 00 00 00 00 00 ....M...........
18 8d 04 00 50 01 03 00 28 1b 03 00 00 00 03 00 ....P...(.......
Windows has finished checking your disk.
Please wait while your computer restarts.
-----------------------------------------------------------------------
LiquidTension
2014-12-17, 01:55
Hi Gary,
That log looks OK.
--------
I don't believe any remaining issues can be attributed to malware. Slowness, poor performance, etc can be the result of many different issues, and not necessarily malware.
Please read the following article:
http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/
Refer to, and carry out the following points in the article linked:
When was the last time you cleaned the inside of your computer?
#1
#2
#6
#7
#8
#10
Please create a System Restore Point before starting.
Let me know how your computer is performing afterwards.
captngaryr
2014-12-17, 02:39
I'm on it. This may take a while. I'll get back to you tomorrow.
Best regards,
Gary
LiquidTension
2014-12-17, 06:25
With so many possible causes, I'm afraid so Gary.
Also bear in mind that the age of the machine may be a significant factor.
Let me know if any issues arise during the process.
captngaryr
2014-12-17, 18:43
Hi Adam,
I have run through your suggestions, and the perforamance is marginally better. I believe I am the victim of bloatware on an old machine. The new operating systems and software just are making too many demands on an old slow computer that was fast enough back in the day, but unable to keep up now. You have been tenacious in trying to solve this problem and I am very appreciative for all your help. I think it is time to close this thread as we are reaching a point of diminishing returms.
Many thanks,
Gary
LiquidTension
2014-12-17, 20:17
Hi Gary,
The new operating systems and software just are making too many demands on an old slow computer that was fast enough back in the day, but unable to keep up now.
That may well be the cause.
I'm sorry we couldn't reach a more positive outcome. However, any malware issues should be resolved.
-------------
STEP 1
http://i.imgur.com/9SN2ePL.png ComboFix Uninstall
Press the Windows Key + r on your keyboard at the same time. Type the following text into the Run box:
ComboFix /Uninstall
Click OK.
Note: It may appear as if Combofix is installing. This is not the case; the programme is uninstalling. Please do not interrupt the process.
STEP 2
http://i.imgur.com/AFZxnZc.jpg DelFix
Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Create registry backup
Purge system restore
Reset system settings
Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.
======================================================
Below I have compiled a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.
Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP
The following programmes come highly recommended in the security community.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from writing to your HDD unless you approve the file.
http://i.imgur.com/DgW1XL2.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for additional software in programme installers, helping you avoid adware and PUPs.
http://i.imgur.com/JEP5iWI.png Web of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website.
-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
======================================================
Thank you for using Safer Networking.
Safe Surfing.
Adam
captngaryr
2014-12-17, 21:17
Thank you, Adam,
Actually, I made a donation last week.
Gary
LiquidTension
2014-12-18, 04:34
Ah yes, I remember you mentioning earlier, Gary.
That must have been to Safer Networking. Thank you.
--------
I will mark this topic as solved.
All the best,
Adam