Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

error 0x6D9 window firewall wont work please help


  • Please log in to reply
17 replies to this topic

#1 johngurling101

johngurling101

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 25 November 2013 - 06:54 PM

hi ive seen a lot of people on here with the same issue and im really stuggling to fix it. when ever I try to open my firewall it comes up with this error and it is stopping me from downloading anything which means I cant get my course work done :/ so any help would be great.

please help

 

heres my FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-11-2013 01
Ran by john (administrator) on JOHN-VAIO on 25-11-2013 23:31:03
Running from C:\Users\john\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Inuvo Inc.) C:\Users\john\AppData\LocalLow\alotservice\alotservice.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgemc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgtray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-07-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-11-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$9361a325dcbb1b727c5984f974071cc3\n. ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKCU\...\Run: [UniblueRegistryBooster] - "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-25] (Google Inc.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [975800 2012-07-16] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-07-16] ()
HKCU\...\Run: [openance] - rundll32 "C:\Users\john\AppData\Local\Temp\compnger.dll",CreateProcessNotify <===== ATTENTION
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Runonce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe -update activex
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\john\AppData\Local\{9361a325-dcbb-1b72-7c59-84f974071cc3}\n. ATTENTION! ====> ZeroAccess?
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3469122011-3684683726-2445957611-1000\$9361a325dcbb1b727c5984f974071cc3\n. ATTENTION! ====> ZeroAccess?
MountPoints2: G - G:\AutoRun.exe
MountPoints2: {7cfc9df4-4648-11df-9c71-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {90fe9056-5d13-11df-890e-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {9e6aa59e-5254-11df-819b-806e6f6e6963} - G:\AutoRun.exe
MountPoints2: {9e6aa5ea-5254-11df-819b-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {b907e2eb-5b6e-11df-9fbf-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {bfed5c11-4019-11df-8980-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {ec69935d-7ef7-11df-bd0a-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {efbfb7f2-14b4-11df-a01a-0024beb012f7} - I:\Startme.exe
MountPoints2: {f1f4286a-0d8d-11df-9cbb-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {f440afb7-5252-11df-968a-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {f44ec610-0d3f-11df-989d-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {f44ec61b-0d3f-11df-989d-0024beb012f7} - G:\AutoRun.exe
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317288 2009-05-26] (Sony Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [538472 2009-06-18] (Symantec Corporation)
HKLM-x32\...\Run: [MarketingTools] - C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe [26624 2009-11-25] (Sony Corporation)
HKLM-x32\...\Run: [AVG9_TRAY] - C:\Program Files (x86)\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-12-13] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\btfon\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-25] (Google Inc.)
AppInit_DLLs: C:\Windows\System32\avgrssta.dll [13048 2010-07-17] (AVG Technologies CZ, s.r.o.)
Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=OIE9HP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&AF=109217&babsrc=SP_ss&mntrId=8e01f3840000000000002a8158eac23c
SearchScopes: HKCU - {043C5167-00BB-4324-AF7E-62013FAEDACF} URL = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&AF=109217&babsrc=SP_ss&mntrId=8e01f3840000000000002a8158eac23c
SearchScopes: HKCU - {42354CF8-4236-4E66-ABC5-6F50D0703036} URL = http://rover.ebay.com/rover/1/710-42480-16445-5/4?satitle={searchTerms}
SearchScopes: HKCU - {61E99DA0-F021-42E4-849E-42A586AA7304} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {8B0B75A7-7454-4D4A-8386-A4F08F6F4206} URL = http://services.zinio.com/search?s={selection}&rf=sonyslices
SearchScopes: HKCU - {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.com/web?q={searchTerms}
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.10.dll (BitComet)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ALOT Appbar Helper - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Inuvo, Inc)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKLM-x32 - ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\alothelper.dll (Inuvo, Inc)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {043C5167-00BB-4324-AF7E-62013FAEDACF} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{11B60BCB-359E-4110-A044-71CD41C9636E}: [NameServer]192.168.1.254

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
R2 AlotService; C:\Users\john\AppData\LocalLow\alotservice\alotservice.exe [255880 2012-11-27] (Inuvo Inc.)
R2 avg9emc; C:\Program Files (x86)\AVG\AVG9\avgemc.exe [921952 2010-07-20] (AVG Technologies CZ, s.r.o.)
R2 avg9wd; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [308136 2010-07-17] (AVG Technologies CZ, s.r.o.)
S2 libusbd; C:\Windows\SysWow64\libusbd-nt.exe [18944 2005-03-09] (http://libusb-win32.sourceforge.net)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-24] (Realtek Semiconductor)
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-28] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-28] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642920 2009-07-22] (Sony Corporation)
R3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R1 AvgLdx64; C:\Windows\System32\Drivers\avgldx64.sys [282976 2013-01-15] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx64; C:\Windows\System32\Drivers\avgmfx64.sys [35664 2011-09-13] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiA; C:\Windows\System32\Drivers\avgtdia.sys [317520 2011-05-06] (AVG Technologies CZ, s.r.o.)
R0 dskenman; C:\Windows\System32\DRIVERS\dskenman.sys [61480 2009-07-14] ()
S3 libusb0; C:\Windows\SysWow64\drivers\libusb0.sys [33792 2005-03-09] ()
R2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [x]
U2 SBKUPNT;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-25 23:31 - 2013-11-25 23:32 - 00020317 _____ C:\Users\john\Desktop\FRST.txt
2013-11-25 23:30 - 2013-11-25 23:30 - 00000000 ____D C:\FRST
2013-11-25 23:27 - 2013-11-25 23:27 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-11-25 23:26 - 2013-11-25 23:14 - 04009167 ____N C:\Users\john\Desktop\ServicesRepair.exe
2013-11-25 23:26 - 2013-11-25 23:10 - 01958474 ____N (Farbar) C:\Users\john\Desktop\FRST64.exe
2013-11-24 22:06 - 2013-11-24 22:31 - 00000000 ____D C:\Users\john\Desktop\Bangerz (Deluxe Version)
2013-11-24 21:51 - 2013-11-24 23:09 - 00000000 ____D C:\Users\john\Desktop\Jessie J - Alive (Deluxe Edition) 2013 320kbps CBR MP3 [VX] [P2PDL]
2013-11-24 21:09 - 2013-11-24 21:48 - 00000000 ____D C:\Users\john\Desktop\Katy Perry - Prism [Deluxe Version] (2013)
2013-11-23 20:59 - 2013-11-23 20:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-23 20:59 - 2013-11-23 20:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-23 20:59 - 2013-11-23 20:59 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-23 20:59 - 2013-11-23 20:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\ProgramData\Oracle
2013-11-23 19:46 - 2013-11-23 19:46 - 00000000 ____D C:\Windows\PCHEALTH
2013-11-23 19:46 - 2013-11-23 19:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-11-23 19:41 - 2013-11-23 19:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-11-23 19:39 - 2013-11-23 19:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-11-23 19:37 - 2013-11-23 19:37 - 00000000 __RHD C:\MSOCache
2013-11-23 19:29 - 2013-11-20 23:04 - 688580185 ____R C:\Users\john\Desktop\Microsoft Office 2010 Professional Plus.zip
2013-11-23 18:29 - 2013-11-23 18:29 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-11-23 18:20 - 2013-11-23 18:23 - 00000000 ____D C:\Users\john\Desktop\Office 2010
2013-11-17 21:14 - 2013-11-17 21:16 - 1465186304 _____ C:\Users\john\Desktop\Heat.avi
2013-11-17 20:57 - 2013-08-29 16:42 - 2115785258 _____ C:\Users\john\Desktop\We're the Millers 2013 720p WEB-DL x264-HML [2Tu].mkv
2013-11-16 18:32 - 2013-11-16 18:38 - 00000000 ____D C:\Users\john\AppData\Local\Microsoft Games
2013-11-14 03:03 - 2013-11-14 03:09 - 00000000 ____D C:\bdf2b3a58a1a44618c03fb066204
2013-11-13 23:24 - 2013-10-12 02:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 23:24 - 2013-10-12 02:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 23:24 - 2013-10-12 02:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 23:24 - 2013-10-12 02:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 23:24 - 2013-10-12 02:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 23:24 - 2013-10-05 20:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 23:24 - 2013-10-05 19:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 23:24 - 2013-10-04 02:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 23:24 - 2013-10-04 02:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 23:24 - 2013-10-04 02:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 23:24 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 23:24 - 2013-10-04 01:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 23:24 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 23:24 - 2013-10-03 02:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 23:24 - 2013-10-03 02:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 23:24 - 2013-09-28 01:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 23:24 - 2013-09-25 02:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 23:24 - 2013-09-25 02:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 23:24 - 2013-09-25 02:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 23:24 - 2013-09-25 02:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 23:24 - 2013-09-25 02:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 23:24 - 2013-09-25 02:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 23:24 - 2013-09-25 02:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 23:24 - 2013-09-25 02:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 23:24 - 2013-09-25 01:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 23:24 - 2013-09-25 01:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 23:24 - 2013-09-25 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 23:24 - 2013-09-25 01:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 23:24 - 2013-09-25 01:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 23:24 - 2013-07-04 12:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-12 22:14 - 2013-11-12 22:23 - 00000000 ____D C:\ProgramData\SparkTrust
2013-11-12 22:14 - 2013-11-12 22:14 - 00000000 ____D C:\Users\john\AppData\Roaming\SparkTrust
2013-11-12 22:14 - 2013-11-12 22:14 - 00000000 ____D C:\Users\john\AppData\Roaming\DriverCure
2013-11-12 16:50 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-12 16:47 - 2013-11-12 16:47 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 16:47 - 2013-11-12 16:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-12 16:47 - 2013-11-12 16:47 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-12 16:47 - 2013-11-12 16:47 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-12 16:47 - 2013-11-12 16:47 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-12 16:47 - 2013-11-12 16:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-12 16:47 - 2013-11-12 16:47 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-12 16:47 - 2013-11-12 16:47 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-12 16:47 - 2013-11-12 16:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-12 16:47 - 2013-11-12 16:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-12 16:47 - 2013-11-12 16:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-12 16:45 - 2013-11-12 16:50 - 00007785 _____ C:\Windows\IE11_main.log
2013-11-03 18:05 - 2013-11-03 18:05 - 00014336 _____ C:\Users\john\Desktop\bentleys cv.wps

==================== One Month Modified Files and Folders =======

2013-11-25 23:32 - 2013-11-25 23:31 - 00020317 _____ C:\Users\john\Desktop\FRST.txt
2013-11-25 23:30 - 2013-11-25 23:30 - 00000000 ____D C:\FRST
2013-11-25 23:30 - 2010-01-29 17:41 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8B47CE67-7066-41BA-850B-D935B8BB297E}
2013-11-25 23:29 - 2012-12-12 23:38 - 04853757 _____ C:\alotserviceruntime.log
2013-11-25 23:29 - 2009-11-25 20:10 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-25 23:28 - 2011-10-06 17:28 - 00022567 _____ C:\Windows\setupact.log
2013-11-25 23:28 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-25 23:28 - 2009-07-14 04:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-25 23:28 - 2009-07-14 04:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-25 23:27 - 2013-11-25 23:27 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-11-25 23:27 - 2010-01-29 17:39 - 01262091 _____ C:\Windows\WindowsUpdate.log
2013-11-25 23:25 - 2009-11-25 20:10 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-25 23:24 - 2010-11-01 21:08 - 00000234 ____H C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
2013-11-25 23:16 - 2010-02-10 02:55 - 00000000 ____D C:\Users\john\AppData\Roaming\BitComet
2013-11-25 23:14 - 2013-11-25 23:26 - 04009167 ____N C:\Users\john\Desktop\ServicesRepair.exe
2013-11-25 23:12 - 2012-04-26 16:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-25 23:10 - 2013-11-25 23:26 - 01958474 ____N (Farbar) C:\Users\john\Desktop\FRST64.exe
2013-11-25 19:32 - 2010-04-01 10:49 - 00000000 ____D C:\Windows\system32\Drivers\Avg
2013-11-25 08:20 - 2009-11-25 20:10 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-25 08:20 - 2009-11-25 20:10 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-24 23:09 - 2013-11-24 21:51 - 00000000 ____D C:\Users\john\Desktop\Jessie J - Alive (Deluxe Edition) 2013 320kbps CBR MP3 [VX] [P2PDL]
2013-11-24 22:31 - 2013-11-24 22:06 - 00000000 ____D C:\Users\john\Desktop\Bangerz (Deluxe Version)
2013-11-24 21:48 - 2013-11-24 21:09 - 00000000 ____D C:\Users\john\Desktop\Katy Perry - Prism [Deluxe Version] (2013)
2013-11-24 20:43 - 2009-11-25 20:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-24 11:31 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\tracing
2013-11-23 20:59 - 2013-11-23 20:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-23 20:59 - 2013-11-23 20:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-23 20:59 - 2013-11-23 20:59 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-23 20:59 - 2013-11-23 20:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\ProgramData\Oracle
2013-11-23 20:52 - 2010-01-29 17:40 - 00118200 _____ C:\Users\john\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-23 20:50 - 2009-11-25 20:34 - 00819280 _____ C:\Windows\PFRO.log
2013-11-23 20:50 - 2009-07-14 04:45 - 05006712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-23 20:48 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-23 20:46 - 2011-08-06 10:02 - 00000000 ____D C:\Users\john\AppData\Local\CrashDumps
2013-11-23 20:43 - 2009-11-18 21:37 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-23 20:39 - 2010-11-01 06:31 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2013-11-23 20:39 - 2010-11-01 06:19 - 00000000 ____D C:\AeriaGames
2013-11-23 20:25 - 2010-08-23 17:46 - 00000000 ____D C:\Users\john\Documents\DVDVideoSoft
2013-11-23 20:25 - 2010-02-01 18:34 - 00000000 ____D C:\Users\john\Documents\My Received Files
2013-11-23 19:49 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-11-23 19:47 - 2009-07-14 07:45 - 00000000 ____D C:\Windows\ShellNew
2013-11-23 19:46 - 2013-11-23 19:46 - 00000000 ____D C:\Windows\PCHEALTH
2013-11-23 19:46 - 2013-11-23 19:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-11-23 19:46 - 2009-11-25 20:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-11-23 19:42 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-23 19:41 - 2013-11-23 19:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-11-23 19:40 - 2009-11-25 20:15 - 00000000 ____D C:\Program Files\Microsoft Office
2013-11-23 19:40 - 2009-07-14 02:34 - 00000510 _____ C:\Windows\win.ini
2013-11-23 19:39 - 2013-11-23 19:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-11-23 19:37 - 2013-11-23 19:37 - 00000000 __RHD C:\MSOCache
2013-11-23 18:29 - 2013-11-23 18:29 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-11-23 18:24 - 2009-07-14 05:13 - 00741730 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-23 18:23 - 2013-11-23 18:20 - 00000000 ____D C:\Users\john\Desktop\Office 2010
2013-11-20 23:04 - 2013-11-23 19:29 - 688580185 ____R C:\Users\john\Desktop\Microsoft Office 2010 Professional Plus.zip
2013-11-20 11:21 - 2012-02-29 02:45 - 00000000 ____D C:\Users\john\Desktop\crap
2013-11-20 11:21 - 2010-04-18 22:16 - 00001282 _____ C:\Users\john\AppData\Roaming\wklnhst.dat
2013-11-20 10:50 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-17 21:16 - 2013-11-17 21:14 - 1465186304 _____ C:\Users\john\Desktop\Heat.avi
2013-11-17 21:16 - 2010-08-18 14:19 - 00067072 ___SH C:\Users\john\Desktop\Thumbs.db
2013-11-16 18:38 - 2013-11-16 18:32 - 00000000 ____D C:\Users\john\AppData\Local\Microsoft Games
2013-11-14 04:05 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-11-14 03:09 - 2013-11-14 03:03 - 00000000 ____D C:\bdf2b3a58a1a44618c03fb066204
2013-11-14 03:09 - 2013-08-15 00:59 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 03:03 - 2010-01-30 15:47 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-12 22:23 - 2013-11-12 22:14 - 00000000 ____D C:\ProgramData\SparkTrust
2013-11-12 22:14 - 2013-11-12 22:14 - 00000000 ____D C:\Users\john\AppData\Roaming\SparkTrust
2013-11-12 22:14 - 2013-11-12 22:14 - 00000000 ____D C:\Users\john\AppData\Roaming\DriverCure
2013-11-12 19:26 - 2010-01-29 17:40 - 00001417 _____ C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-12 16:52 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-12 16:50 - 2013-11-12 16:45 - 00007785 _____ C:\Windows\IE11_main.log
2013-11-12 16:47 - 2013-11-12 16:47 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 16:47 - 2013-11-12 16:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-12 16:47 - 2013-11-12 16:47 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-12 16:47 - 2013-11-12 16:47 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-12 16:47 - 2013-11-12 16:47 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-12 16:47 - 2013-11-12 16:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-12 16:47 - 2013-11-12 16:47 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-12 16:47 - 2013-11-12 16:47 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-12 16:47 - 2013-11-12 16:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-12 16:47 - 2013-11-12 16:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-12 16:47 - 2013-11-12 16:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-03 18:05 - 2013-11-03 18:05 - 00014336 _____ C:\Users\john\Desktop\bentleys cv.wps

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3469122011-3684683726-2445957611-1000\$9361a325dcbb1b727c5984f974071cc3

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$9361a325dcbb1b727c5984f974071cc3

ZeroAccess:
C:\Users\john\AppData\Local\{9361a325-dcbb-1b72-7c59-84f974071cc3}
C:\Users\john\AppData\Local\{9361a325-dcbb-1b72-7c59-84f974071cc3}\@

Files to move or delete:
====================
C:\Users\john\jagex_cl_runescape_LIVE.dat
C:\Users\john\jagex_runescape_preferences.dat
C:\Users\john\jagex_runescape_preferences2.dat
C:\Users\john\jagex__preferences3.dat
C:\Users\john\random.dat
C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

Some content of TEMP:
====================
C:\Users\john\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\john\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\john\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2013-11-20 10:16

==================== End Of Log ============================

 

 

and my addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-11-2013 01
Ran by john at 2013-11-25 23:33:13
Running from C:\Users\john\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG Anti-Virus Free (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

1ClickDownload (x32 Version: 2.1 Build 26473)
3D World Studio 5.52 (x32)
AC3D 6.4.30 (x32)
Adobe After Effects CS5.5 (x32 Version: 10.5.1)
Adobe AIR (x32 Version: 2.7.0.19480)
Adobe Community Help (x32 Version: 3.4.980)
Adobe Download Assistant (x32 Version: 1.0.2)
Adobe Flash Player 10 Plugin (x32 Version: 10.0.12.36)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Reader 9.5.0 (x32 Version: 9.5.0)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620)
Adobe Story (x32 Version: 1.0.571)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
ALOT Appbar (x32)
Alps Pointing-device for VAIO
Apple Application Support (x32 Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (x32 Version: 2.1.3.127)
ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.1.85)
ArcSoft WebCam Companion 3 (x32 Version: 3.0.21.278)
AVG Free 9.0 (x32)
Babylon toolbar on IE (x32)
Battle of the Immortals (x32)
BitComet 1.18 (x32 Version: 1.18)
Bonjour (Version: 3.0.0.10)
Click to Disc (x32 Version: 1.2.70.06160)
Click to Disc Editor (x32 Version: 2.0.02)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Google Chrome (x32 Version: 2.0.172.37)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.22.3)
iLivid (x32 Version: 4.0.0.2624) <==== ATTENTION
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 10.1.1.4)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java™ 6 Update 14 (64-bit) (Version: 6.0.140)
Kies Air Discovery Service (HKCU)
K-Lite Codec Pack 7.9.0 (Basic) (x32 Version: 7.9.0)
LibUSB-Win32-0.1.10.1 (x32 Version: 0.1.10.1)
Magic FLAC to MP3 Converter 3.72 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Puzzle Collection Trial (x32)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server Compact 3.5 SP1 English (x32 Version: 3.5.5692.0)
Microsoft SQL Server Compact 3.5 SP1 x64 English (Version: 3.5.5692.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Works (x32 Version: 9.7.0621)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
MotioninJoy DS3 driver version 0.6.0005 (Version: 0.6.0005)
MSVCRT (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Music Transfer (x32 Version: 1.3.01.13160)
MusicStation (x32 Version: 1.2.2.180)
Norton Online Backup (x32 Version: 1.2.20.0)
NVIDIA PhysX (x32 Version: 9.09.0203)
PCSX2 - Playstation 2 Emulator (x32)
Pcsx2 0.9.6 (x32 Version: 1.0.0)
Pod to PC 4.004 (x32)
Primo (x32 Version: 1.00.0000)
Project64 1.6 (x32 Version: 1.6)
QuickTime (x32 Version: 7.69.80.9)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5886)
Roxio Central Audio (x32 Version: 3.8.0)
Roxio Central Copy (x32 Version: 3.8.0)
Roxio Central Core (x32 Version: 3.8.0)
Roxio Central Data (x32 Version: 3.8.0)
Roxio Central Tools (x32 Version: 3.8.0)
Roxio Easy Media Creator 10 LJ (x32 Version: 10.3)
Roxio Easy Media Creator Home (x32 Version: 10.3.121)
Runtime (x32 Version: 1.00.0000)
Samsung Kies (x32 Version: 2.3.2.12064_10)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.6.0)
Section 8 (x32 Version: 1.00.0000)
Setting Utility Series (x32 Version: 5.0.0.07300)
Sky Go Desktop (HKCU)
Sony Home Network Library (x32 Version: 2.0.0.07280)
Sony Picture Utility (x32 Version: 4.2.12.16210)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Switch Sound File Converter (x32)
Unified Remote (x32 Version: 2.3.0.0)
Uninstall 1.0.0.1 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.5.0.06261)
VAIO Content Metadata Intelligent Network Service Manager (x32 Version: 3.5.0.06260)
VAIO Content Metadata Manager Settings (x32 Version: 3.5.0.06260)
VAIO Content Metadata XML Interface Library (x32 Version: 3.5.0.06180)
VAIO Content Monitoring Settings (x32 Version: 2.4.0.06120)
VAIO Control Center (x32 Version: 4.0.0.06120)
VAIO Data Restore Tool (x32 Version: 1.1.01.06290)
VAIO DVD Menu Data Basic (x32 Version: 1.0.00.08130)
VAIO Entertainment Platform (x32 Version: 3.5.0.07230)
VAIO Event Service (x32 Version: 5.0.0.07010)
VAIO Gate (x32 Version: 1.0.0.08050)
VAIO Marketing Tools (x32)
VAIO Media plus (x32 Version: 2.0.0.07280)
VAIO Media plus Opening Movie (x32 Version: 1.2.0.09100)
VAIO Movie Story (x32 Version: 1.5.00.06191)
VAIO Movie Story Template Data (x32 Version: 1.5.00.06010)
VAIO NW screensaver (x32 Version: 1.0.0.0)
VAIO Original Function Settings (x32 Version: 2.0.0.07010)
VAIO Power Management (x32 Version: 4.0.0.07160)
VAIO Premium Partners 1.00 (x32)
VAIO Presentation Support (x32 Version: 2.0.0.05270)
VAIO Quick Web Access (x32 Version: 1.1.2.4)
VAIO Smart Network (x32 Version: 3.0.0.08120)
VAIO Transfer Support (x32 Version: 1.0.0.07290)
VAIO Update 4 (x32 Version: 4.2.0.07300)
VAIO Wallpaper Contents (x32 Version: 2.0.0.06010)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623)
VLC media player 1.0.5 (x32 Version: 1.0.5)
vShare Plugin (x32)
WebcamMax (x32 Version: 7.1.2.6.MultiLanguage)
WIDCOMM Bluetooth Software (Version: 6.2.0.9600)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
WinRAR archiver (x32)

==================== Restore Points  =========================

14-11-2013 03:01:03 Windows Update
18-11-2013 21:20:25 Avg Update
23-11-2013 18:25:25 Installed Microsoft Office Professional Plus 2010
23-11-2013 19:10:55 Removed Microsoft Office Professional Plus 2010
23-11-2013 19:35:57 Installed Microsoft Office Professional Plus 2010
23-11-2013 20:40:31 Removed Dark Basic Professional
23-11-2013 20:43:10 Removed Safari
23-11-2013 20:46:53 Removed BlueStacks
23-11-2013 20:58:16 Removed Java™ 6 Update 31
23-11-2013 20:58:58 Installed Java 7 Update 45
23-11-2013 21:00:35 Windows Update
24-11-2013 20:40:09 Windows Update

==================== Hosts content: ==========================

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {04F6491D-0807-4D8D-ABEF-D4B8A7D8541B} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2009-07-31] (Sony Corporation)
Task: {12976770-7805-4C62-80A3-34DF43D2D772} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {190D4049-012D-4A35-B00A-905DBC7A00E5} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2009-08-06] (Sony Corporation)
Task: {34D5F338-4CF6-40B5-8503-56E38D55EC6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25] (Google Inc.)
Task: {3B02BEE7-149D-4103-8277-5FFF9C0636C3} - System32\Tasks\AdobeAAMUpdater-1.0-john-VAIO-john => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {3BD36605-E9D3-469D-AF76-8728D33BA3F8} - System32\Tasks\{978A4D09-7583-4C3F-BB13-771AD70C279C} => C:\Users\john\Desktop\RapeLay-en\RapeLay-en.exe
Task: {4E196D84-7792-479C-ADEC-58913CBF1BD9} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {721AE469-82C1-43EE-AE02-DCE10F2B7634} - System32\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A} => C:\Users\john\AppData\Local\Temp\Jnh.exe
Task: {7D6E6EF5-8E31-429C-B12A-05834CAAA152} - System32\Tasks\{1044E5C6-6460-45AF-A039-EFA9E1EF87EF} => C:\Users\john\Desktop\RapeLay-en\RapeLay-en.exe
Task: {87234DA9-7A55-4181-8106-0082448F037F} - System32\Tasks\{A7957B24-A7D0-4764-AA5D-F8E995C19D3E} => C:\Users\john\Desktop\RapeLay-en\RapeLay-en.exe
Task: {B789150E-007D-43BE-BC33-E83D4382790A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CD441AC6-EE02-47AC-A92F-60F44743E012} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-11] (Adobe Systems Incorporated)
Task: {D948DE2F-E833-450D-A937-DD3C72E25D41} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job => C:\Users\john\AppData\Local\Temp\Jnh.exe

==================== Loaded Modules (whitelisted) =============

2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-11-25 20:25 - 2009-07-01 19:49 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2009-11-25 20:25 - 2009-07-01 19:49 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2013-11-13 08:24 - 2013-11-13 08:24 - 00115137 _____ () C:\Users\john\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
2009-11-03 15:51 - 2009-11-03 15:51 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:64217CD0
AlternateDataStreams: C:\Users\john\Desktop\Heat.avi:TOC.WMV

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/25/2013 11:29:16 PM) (Source: VzCdbSvc) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (11/25/2013 11:25:03 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 11:25:03 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 11:25:03 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 11:25:03 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 11:24:33 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 11:24:33 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 11:24:33 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 11:24:33 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 11:24:02 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

System errors:
=============
Error: (11/25/2013 11:31:54 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 6 time(s).

Error: (11/25/2013 11:31:54 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2

Error: (11/25/2013 11:30:26 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 5 time(s).

Error: (11/25/2013 11:30:26 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2

Error: (11/25/2013 11:30:25 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 4 time(s).

Error: (11/25/2013 11:30:25 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2

Error: (11/25/2013 11:30:22 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 3 time(s).

Error: (11/25/2013 11:30:22 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2

Error: (11/25/2013 11:29:51 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/25/2013 11:29:51 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (11/25/2013 11:29:16 PM) (Source: VzCdbSvc)(User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019

Error: (11/25/2013 11:25:03 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 11:25:03 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 11:25:03 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 11:25:03 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
Search.TripoliIndexer

Error: (11/25/2013 11:24:33 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 11:24:33 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 11:24:33 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/25/2013 11:24:33 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
Search.TripoliIndexer

Error: (11/25/2013 11:24:02 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

CodeIntegrity Errors:
===================================
  Date: 2013-03-19 11:40:46.659
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vgarebot.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-19 11:40:32.517
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vgarebot.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-19 11:38:00.100
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vgarebot.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-19 11:36:26.127
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vgarebot.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-01 20:32:46.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vgarebot.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-01 20:32:26.954
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vgarebot.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-05-09 15:39:56.962
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vgarebot.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-05-09 15:39:34.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vgarebot.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-01-29 02:15:59.872
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-01-29 02:15:59.856
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 2939.02 MB
Available physical RAM: 1561.81 MB
Total Pagefile: 5876.22 MB
Available Pagefile: 4170.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.56 GB) (Free:92.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 98D889AC)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=289 GB) - (Type=07 NTFS)

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 PM

Posted 30 November 2013 - 06:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/515396 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 johngurling101

johngurling101
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 01 December 2013 - 05:56 AM

when ever I try to download anything my computer says the file has a virus and has been deleted even from downloads I know are safe when I go into firewall it comes up with the error I mention in my first post and doesn't allow me to change any settings.

 

here is a updated version of my logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by john (administrator) on JOHN-VAIO on 01-12-2013 10:42:47
Running from C:\Users\john\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Inuvo Inc.) C:\Users\john\AppData\LocalLow\alotservice\alotservice.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgemc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgtray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-07-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-11-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$9361a325dcbb1b727c5984f974071cc3\n. ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKCU\...\Run: [UniblueRegistryBooster] - "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-25] (Google Inc.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [975800 2012-07-16] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-07-16] ()
HKCU\...\Run: [openance] - rundll32 "C:\Users\john\AppData\Local\Temp\compnger.dll",CreateProcessNotify <===== ATTENTION
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Runonce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe -update activex
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\john\AppData\Local\{9361a325-dcbb-1b72-7c59-84f974071cc3}\n. ATTENTION! ====> ZeroAccess?
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3469122011-3684683726-2445957611-1000\$9361a325dcbb1b727c5984f974071cc3\n. ATTENTION! ====> ZeroAccess?
MountPoints2: G - G:\AutoRun.exe
MountPoints2: {7cfc9df4-4648-11df-9c71-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {90fe9056-5d13-11df-890e-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {9e6aa59e-5254-11df-819b-806e6f6e6963} - G:\AutoRun.exe
MountPoints2: {9e6aa5ea-5254-11df-819b-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {b907e2eb-5b6e-11df-9fbf-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {bfed5c11-4019-11df-8980-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {ec69935d-7ef7-11df-bd0a-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {efbfb7f2-14b4-11df-a01a-0024beb012f7} - I:\Startme.exe
MountPoints2: {f1f4286a-0d8d-11df-9cbb-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {f440afb7-5252-11df-968a-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {f44ec610-0d3f-11df-989d-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {f44ec61b-0d3f-11df-989d-0024beb012f7} - G:\AutoRun.exe
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317288 2009-05-26] (Sony Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [538472 2009-06-18] (Symantec Corporation)
HKLM-x32\...\Run: [MarketingTools] - C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe [26624 2009-11-25] (Sony Corporation)
HKLM-x32\...\Run: [AVG9_TRAY] - C:\Program Files (x86)\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-12-13] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\btfon\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-25] (Google Inc.)
AppInit_DLLs: C:\Windows\System32\avgrssta.dll [13048 2010-07-17] (AVG Technologies CZ, s.r.o.)
Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=OIE9HP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&AF=109217&babsrc=SP_ss&mntrId=8e01f3840000000000002a8158eac23c
SearchScopes: HKCU - {043C5167-00BB-4324-AF7E-62013FAEDACF} URL = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&AF=109217&babsrc=SP_ss&mntrId=8e01f3840000000000002a8158eac23c
SearchScopes: HKCU - {42354CF8-4236-4E66-ABC5-6F50D0703036} URL = http://rover.ebay.com/rover/1/710-42480-16445-5/4?satitle={searchTerms}
SearchScopes: HKCU - {61E99DA0-F021-42E4-849E-42A586AA7304} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {8B0B75A7-7454-4D4A-8386-A4F08F6F4206} URL = http://services.zinio.com/search?s={selection}&rf=sonyslices
SearchScopes: HKCU - {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.com/web?q={searchTerms}
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.10.dll (BitComet)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ALOT Appbar Helper - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Inuvo, Inc)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
Toolbar: HKLM-x32 - ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\alothelper.dll (Inuvo, Inc)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {043C5167-00BB-4324-AF7E-62013FAEDACF} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{11B60BCB-359E-4110-A044-71CD41C9636E}: [NameServer]192.168.1.254

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
R2 AlotService; C:\Users\john\AppData\LocalLow\alotservice\alotservice.exe [255880 2012-11-27] (Inuvo Inc.)
R2 avg9emc; C:\Program Files (x86)\AVG\AVG9\avgemc.exe [921952 2010-07-20] (AVG Technologies CZ, s.r.o.)
R2 avg9wd; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [308136 2010-07-17] (AVG Technologies CZ, s.r.o.)
S2 libusbd; C:\Windows\SysWow64\libusbd-nt.exe [18944 2005-03-09] (http://libusb-win32.sourceforge.net)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-24] (Realtek Semiconductor)
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-28] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-28] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642920 2009-07-22] (Sony Corporation)
R3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R1 AvgLdx64; C:\Windows\System32\Drivers\avgldx64.sys [282976 2013-01-15] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx64; C:\Windows\System32\Drivers\avgmfx64.sys [35664 2011-09-13] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiA; C:\Windows\System32\Drivers\avgtdia.sys [317520 2011-05-06] (AVG Technologies CZ, s.r.o.)
R0 dskenman; C:\Windows\System32\DRIVERS\dskenman.sys [61480 2009-07-14] ()
S3 libusb0; C:\Windows\SysWow64\drivers\libusb0.sys [33792 2005-03-09] ()
R2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [x]
U2 SBKUPNT;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-01 10:40 - 2013-12-01 10:42 - 00020188 _____ C:\Users\john\Desktop\FRST.txt
2013-12-01 10:39 - 2013-12-01 10:16 - 01959184 ____N (Farbar) C:\Users\john\Desktop\FRST64.exe
2013-11-25 23:30 - 2013-11-25 23:30 - 00000000 ____D C:\FRST
2013-11-25 23:27 - 2013-11-25 23:27 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-11-25 23:26 - 2013-11-25 23:14 - 04009167 ____N C:\Users\john\Desktop\ServicesRepair.exe
2013-11-24 22:06 - 2013-11-24 22:31 - 00000000 ____D C:\Users\john\Desktop\Bangerz (Deluxe Version)
2013-11-24 21:51 - 2013-11-24 23:09 - 00000000 ____D C:\Users\john\Desktop\Jessie J - Alive (Deluxe Edition) 2013 320kbps CBR MP3 [VX] [P2PDL]
2013-11-24 21:09 - 2013-11-24 21:48 - 00000000 ____D C:\Users\john\Desktop\Katy Perry - Prism [Deluxe Version] (2013)
2013-11-23 20:59 - 2013-11-23 20:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-23 20:59 - 2013-11-23 20:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-23 20:59 - 2013-11-23 20:59 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-23 20:59 - 2013-11-23 20:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\ProgramData\Oracle
2013-11-23 19:46 - 2013-11-23 19:46 - 00000000 ____D C:\Windows\PCHEALTH
2013-11-23 19:46 - 2013-11-23 19:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-11-23 19:41 - 2013-11-23 19:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-11-23 19:39 - 2013-11-23 19:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-11-23 19:37 - 2013-11-23 19:37 - 00000000 __RHD C:\MSOCache
2013-11-23 19:29 - 2013-11-20 23:04 - 688580185 ____R C:\Users\john\Desktop\Microsoft Office 2010 Professional Plus.zip
2013-11-23 18:29 - 2013-11-23 18:29 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-11-23 18:20 - 2013-11-23 18:23 - 00000000 ____D C:\Users\john\Desktop\Office 2010
2013-11-17 21:14 - 2013-11-17 21:16 - 1465186304 _____ C:\Users\john\Desktop\Heat.avi
2013-11-17 20:57 - 2013-08-29 16:42 - 2115785258 _____ C:\Users\john\Desktop\We're the Millers 2013 720p WEB-DL x264-HML [2Tu].mkv
2013-11-16 18:32 - 2013-11-16 18:38 - 00000000 ____D C:\Users\john\AppData\Local\Microsoft Games
2013-11-14 03:03 - 2013-11-14 03:09 - 00000000 ____D C:\bdf2b3a58a1a44618c03fb066204
2013-11-13 23:24 - 2013-10-12 02:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 23:24 - 2013-10-12 02:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 23:24 - 2013-10-12 02:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 23:24 - 2013-10-12 02:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 23:24 - 2013-10-12 02:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 23:24 - 2013-10-05 20:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 23:24 - 2013-10-05 19:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 23:24 - 2013-10-04 02:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 23:24 - 2013-10-04 02:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 23:24 - 2013-10-04 02:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 23:24 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 23:24 - 2013-10-04 01:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 23:24 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 23:24 - 2013-10-03 02:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 23:24 - 2013-10-03 02:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 23:24 - 2013-09-28 01:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 23:24 - 2013-09-25 02:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 23:24 - 2013-09-25 02:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 23:24 - 2013-09-25 02:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 23:24 - 2013-09-25 02:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 23:24 - 2013-09-25 02:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 23:24 - 2013-09-25 02:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 23:24 - 2013-09-25 02:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 23:24 - 2013-09-25 02:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 23:24 - 2013-09-25 01:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 23:24 - 2013-09-25 01:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 23:24 - 2013-09-25 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 23:24 - 2013-09-25 01:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 23:24 - 2013-09-25 01:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 23:24 - 2013-07-04 12:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-12 22:14 - 2013-11-12 22:23 - 00000000 ____D C:\ProgramData\SparkTrust
2013-11-12 22:14 - 2013-11-12 22:14 - 00000000 ____D C:\Users\john\AppData\Roaming\SparkTrust
2013-11-12 22:14 - 2013-11-12 22:14 - 00000000 ____D C:\Users\john\AppData\Roaming\DriverCure
2013-11-12 16:50 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-12 16:47 - 2013-11-12 16:47 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 16:47 - 2013-11-12 16:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-12 16:47 - 2013-11-12 16:47 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-12 16:47 - 2013-11-12 16:47 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-12 16:47 - 2013-11-12 16:47 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-12 16:47 - 2013-11-12 16:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-12 16:47 - 2013-11-12 16:47 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-12 16:47 - 2013-11-12 16:47 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-12 16:47 - 2013-11-12 16:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-12 16:47 - 2013-11-12 16:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-12 16:47 - 2013-11-12 16:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-12 16:45 - 2013-11-12 16:50 - 00007785 _____ C:\Windows\IE11_main.log
2013-11-03 18:05 - 2013-11-03 18:05 - 00014336 _____ C:\Users\john\Desktop\bentleys cv.wps

==================== One Month Modified Files and Folders =======

2013-12-01 10:42 - 2013-12-01 10:40 - 00020188 _____ C:\Users\john\Desktop\FRST.txt
2013-12-01 10:25 - 2010-01-29 17:39 - 01441024 _____ C:\Windows\WindowsUpdate.log
2013-12-01 10:25 - 2009-11-25 20:10 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-01 10:24 - 2010-11-01 21:08 - 00000234 ____H C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
2013-12-01 10:16 - 2013-12-01 10:39 - 01959184 ____N (Farbar) C:\Users\john\Desktop\FRST64.exe
2013-12-01 10:12 - 2012-04-26 16:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-01 09:19 - 2009-11-25 20:10 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-01 09:12 - 2010-04-01 10:49 - 00000000 ____D C:\Windows\system32\Drivers\Avg
2013-12-01 09:09 - 2012-12-12 23:38 - 04905651 _____ C:\alotserviceruntime.log
2013-12-01 09:09 - 2010-01-29 17:41 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8B47CE67-7066-41BA-850B-D935B8BB297E}
2013-11-29 08:37 - 2009-07-14 04:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-29 08:37 - 2009-07-14 04:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-28 23:56 - 2010-01-29 17:40 - 00000000 ____D C:\Users\john
2013-11-28 23:55 - 2011-10-06 17:28 - 00022847 _____ C:\Windows\setupact.log
2013-11-28 23:55 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-28 23:54 - 2012-04-09 17:06 - 00000000 ____D C:\Users\btfon
2013-11-28 23:54 - 2012-04-09 17:02 - 00000000 ____D C:\Users\Guest
2013-11-28 23:53 - 2010-08-22 17:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-28 23:53 - 2010-01-29 17:41 - 00000000 ____D C:\Users\john\AppData\Local\Sony_Corporation
2013-11-28 23:53 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2013-11-28 23:52 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-27 20:30 - 2010-02-10 02:55 - 00000000 ____D C:\Users\john\AppData\Roaming\BitComet
2013-11-25 23:30 - 2013-11-25 23:30 - 00000000 ____D C:\FRST
2013-11-25 23:27 - 2013-11-25 23:27 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-11-25 23:14 - 2013-11-25 23:26 - 04009167 ____N C:\Users\john\Desktop\ServicesRepair.exe
2013-11-25 08:20 - 2009-11-25 20:10 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-25 08:20 - 2009-11-25 20:10 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-24 23:09 - 2013-11-24 21:51 - 00000000 ____D C:\Users\john\Desktop\Jessie J - Alive (Deluxe Edition) 2013 320kbps CBR MP3 [VX] [P2PDL]
2013-11-24 22:31 - 2013-11-24 22:06 - 00000000 ____D C:\Users\john\Desktop\Bangerz (Deluxe Version)
2013-11-24 21:48 - 2013-11-24 21:09 - 00000000 ____D C:\Users\john\Desktop\Katy Perry - Prism [Deluxe Version] (2013)
2013-11-24 20:43 - 2009-11-25 20:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-24 11:31 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\tracing
2013-11-23 20:59 - 2013-11-23 20:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-23 20:59 - 2013-11-23 20:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-23 20:59 - 2013-11-23 20:59 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-23 20:59 - 2013-11-23 20:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-23 20:59 - 2013-11-23 20:59 - 00000000 ____D C:\ProgramData\Oracle
2013-11-23 20:52 - 2010-01-29 17:40 - 00118200 _____ C:\Users\john\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-23 20:50 - 2009-11-25 20:34 - 00819280 _____ C:\Windows\PFRO.log
2013-11-23 20:50 - 2009-07-14 04:45 - 05006712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-23 20:48 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-23 20:46 - 2011-08-06 10:02 - 00000000 ____D C:\Users\john\AppData\Local\CrashDumps
2013-11-23 20:43 - 2009-11-18 21:37 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-23 20:39 - 2010-11-01 06:31 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2013-11-23 20:39 - 2010-11-01 06:19 - 00000000 ____D C:\AeriaGames
2013-11-23 20:25 - 2010-08-23 17:46 - 00000000 ____D C:\Users\john\Documents\DVDVideoSoft
2013-11-23 20:25 - 2010-02-01 18:34 - 00000000 ____D C:\Users\john\Documents\My Received Files
2013-11-23 19:49 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-11-23 19:47 - 2009-07-14 07:45 - 00000000 ____D C:\Windows\ShellNew
2013-11-23 19:46 - 2013-11-23 19:46 - 00000000 ____D C:\Windows\PCHEALTH
2013-11-23 19:46 - 2013-11-23 19:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-11-23 19:46 - 2009-11-25 20:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-11-23 19:42 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-23 19:41 - 2013-11-23 19:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-11-23 19:40 - 2009-11-25 20:15 - 00000000 ____D C:\Program Files\Microsoft Office
2013-11-23 19:40 - 2009-07-14 02:34 - 00000510 _____ C:\Windows\win.ini
2013-11-23 19:39 - 2013-11-23 19:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-11-23 19:37 - 2013-11-23 19:37 - 00000000 __RHD C:\MSOCache
2013-11-23 18:29 - 2013-11-23 18:29 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-11-23 18:24 - 2009-07-14 05:13 - 00741730 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-23 18:23 - 2013-11-23 18:20 - 00000000 ____D C:\Users\john\Desktop\Office 2010
2013-11-20 23:04 - 2013-11-23 19:29 - 688580185 ____R C:\Users\john\Desktop\Microsoft Office 2010 Professional Plus.zip
2013-11-20 11:21 - 2012-02-29 02:45 - 00000000 ____D C:\Users\john\Desktop\crap
2013-11-20 11:21 - 2010-04-18 22:16 - 00001282 _____ C:\Users\john\AppData\Roaming\wklnhst.dat
2013-11-20 10:50 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-17 21:16 - 2013-11-17 21:14 - 1465186304 _____ C:\Users\john\Desktop\Heat.avi
2013-11-17 21:16 - 2010-08-18 14:19 - 00067072 ___SH C:\Users\john\Desktop\Thumbs.db
2013-11-16 18:38 - 2013-11-16 18:32 - 00000000 ____D C:\Users\john\AppData\Local\Microsoft Games
2013-11-14 04:05 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-11-14 03:09 - 2013-11-14 03:03 - 00000000 ____D C:\bdf2b3a58a1a44618c03fb066204
2013-11-14 03:09 - 2013-08-15 00:59 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 03:03 - 2010-01-30 15:47 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-12 22:23 - 2013-11-12 22:14 - 00000000 ____D C:\ProgramData\SparkTrust
2013-11-12 22:14 - 2013-11-12 22:14 - 00000000 ____D C:\Users\john\AppData\Roaming\SparkTrust
2013-11-12 22:14 - 2013-11-12 22:14 - 00000000 ____D C:\Users\john\AppData\Roaming\DriverCure
2013-11-12 19:26 - 2010-01-29 17:40 - 00001417 _____ C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-12 16:50 - 2013-11-12 16:45 - 00007785 _____ C:\Windows\IE11_main.log
2013-11-12 16:47 - 2013-11-12 16:47 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 16:47 - 2013-11-12 16:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-12 16:47 - 2013-11-12 16:47 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-12 16:47 - 2013-11-12 16:47 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-12 16:47 - 2013-11-12 16:47 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-12 16:47 - 2013-11-12 16:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-12 16:47 - 2013-11-12 16:47 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-12 16:47 - 2013-11-12 16:47 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-12 16:47 - 2013-11-12 16:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-12 16:47 - 2013-11-12 16:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-12 16:47 - 2013-11-12 16:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-12 16:47 - 2013-11-12 16:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-12 16:47 - 2013-11-12 16:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-03 18:05 - 2013-11-03 18:05 - 00014336 _____ C:\Users\john\Desktop\bentleys cv.wps

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3469122011-3684683726-2445957611-1000\$9361a325dcbb1b727c5984f974071cc3

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$9361a325dcbb1b727c5984f974071cc3

ZeroAccess:
C:\Users\john\AppData\Local\{9361a325-dcbb-1b72-7c59-84f974071cc3}
C:\Users\john\AppData\Local\{9361a325-dcbb-1b72-7c59-84f974071cc3}\@

Files to move or delete:
====================
C:\Users\john\jagex_cl_runescape_LIVE.dat
C:\Users\john\jagex_runescape_preferences.dat
C:\Users\john\jagex_runescape_preferences2.dat
C:\Users\john\jagex__preferences3.dat
C:\Users\john\random.dat
C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

Some content of TEMP:
====================
C:\Users\john\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\john\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\john\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2013-11-20 10:16

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2013
Ran by john at 2013-12-01 10:43:37
Running from C:\Users\john\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG Anti-Virus Free (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

1ClickDownload (x32 Version: 2.1 Build 26473)
3D World Studio 5.52 (x32)
AC3D 6.4.30 (x32)
Adobe After Effects CS5.5 (x32 Version: 10.5.1)
Adobe AIR (x32 Version: 2.7.0.19480)
Adobe Community Help (x32 Version: 3.4.980)
Adobe Download Assistant (x32 Version: 1.0.2)
Adobe Flash Player 10 Plugin (x32 Version: 10.0.12.36)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Reader 9.5.0 (x32 Version: 9.5.0)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620)
Adobe Story (x32 Version: 1.0.571)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
ALOT Appbar (x32)
Alps Pointing-device for VAIO
Apple Application Support (x32 Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (x32 Version: 2.1.3.127)
ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.1.85)
ArcSoft WebCam Companion 3 (x32 Version: 3.0.21.278)
AVG Free 9.0 (x32)
BitComet 1.18 (x32 Version: 1.18)
Bonjour (Version: 3.0.0.10)
Click to Disc (x32 Version: 1.2.70.06160)
Click to Disc Editor (x32 Version: 2.0.02)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Google Chrome (x32 Version: 2.0.172.37)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.22.3)
iLivid (x32 Version: 4.0.0.2624) <==== ATTENTION
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 10.1.1.4)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java™ 6 Update 14 (64-bit) (Version: 6.0.140)
Kies Air Discovery Service (HKCU)
K-Lite Codec Pack 7.9.0 (Basic) (x32 Version: 7.9.0)
LibUSB-Win32-0.1.10.1 (x32 Version: 0.1.10.1)
Magic FLAC to MP3 Converter 3.72 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Puzzle Collection Trial (x32)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server Compact 3.5 SP1 English (x32 Version: 3.5.5692.0)
Microsoft SQL Server Compact 3.5 SP1 x64 English (Version: 3.5.5692.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Works (x32 Version: 9.7.0621)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
MotioninJoy DS3 driver version 0.6.0005 (Version: 0.6.0005)
MSVCRT (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Music Transfer (x32 Version: 1.3.01.13160)
MusicStation (x32 Version: 1.2.2.180)
Norton Online Backup (x32 Version: 1.2.20.0)
NVIDIA PhysX (x32 Version: 9.09.0203)
PCSX2 - Playstation 2 Emulator (x32)
Pcsx2 0.9.6 (x32 Version: 1.0.0)
Pod to PC 4.004 (x32)
Primo (x32 Version: 1.00.0000)
Project64 1.6 (x32 Version: 1.6)
QuickTime (x32 Version: 7.69.80.9)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5886)
Roxio Central Audio (x32 Version: 3.8.0)
Roxio Central Copy (x32 Version: 3.8.0)
Roxio Central Core (x32 Version: 3.8.0)
Roxio Central Data (x32 Version: 3.8.0)
Roxio Central Tools (x32 Version: 3.8.0)
Roxio Easy Media Creator 10 LJ (x32 Version: 10.3)
Roxio Easy Media Creator Home (x32 Version: 10.3.121)
Runtime (x32 Version: 1.00.0000)
Samsung Kies (x32 Version: 2.3.2.12064_10)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.6.0)
Section 8 (x32 Version: 1.00.0000)
Setting Utility Series (x32 Version: 5.0.0.07300)
Sky Go Desktop (HKCU)
Sony Home Network Library (x32 Version: 2.0.0.07280)
Sony Picture Utility (x32 Version: 4.2.12.16210)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Switch Sound File Converter (x32)
Unified Remote (x32 Version: 2.3.0.0)
Uninstall 1.0.0.1 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.5.0.06261)
VAIO Content Metadata Intelligent Network Service Manager (x32 Version: 3.5.0.06260)
VAIO Content Metadata Manager Settings (x32 Version: 3.5.0.06260)
VAIO Content Metadata XML Interface Library (x32 Version: 3.5.0.06180)
VAIO Content Monitoring Settings (x32 Version: 2.4.0.06120)
VAIO Control Center (x32 Version: 4.0.0.06120)
VAIO Data Restore Tool (x32 Version: 1.1.01.06290)
VAIO DVD Menu Data Basic (x32 Version: 1.0.00.08130)
VAIO Entertainment Platform (x32 Version: 3.5.0.07230)
VAIO Event Service (x32 Version: 5.0.0.07010)
VAIO Gate (x32 Version: 1.0.0.08050)
VAIO Marketing Tools (x32)
VAIO Media plus (x32 Version: 2.0.0.07280)
VAIO Media plus Opening Movie (x32 Version: 1.2.0.09100)
VAIO Movie Story (x32 Version: 1.5.00.06191)
VAIO Movie Story Template Data (x32 Version: 1.5.00.06010)
VAIO NW screensaver (x32 Version: 1.0.0.0)
VAIO Original Function Settings (x32 Version: 2.0.0.07010)
VAIO Power Management (x32 Version: 4.0.0.07160)
VAIO Premium Partners 1.00 (x32)
VAIO Presentation Support (x32 Version: 2.0.0.05270)
VAIO Quick Web Access (x32 Version: 1.1.2.4)
VAIO Smart Network (x32 Version: 3.0.0.08120)
VAIO Transfer Support (x32 Version: 1.0.0.07290)
VAIO Update 4 (x32 Version: 4.2.0.07300)
VAIO Wallpaper Contents (x32 Version: 2.0.0.06010)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623)
VLC media player 1.0.5 (x32 Version: 1.0.5)
vShare Plugin (x32)
WebcamMax (x32 Version: 7.1.2.6.MultiLanguage)
WIDCOMM Bluetooth Software (Version: 6.2.0.9600)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
WinRAR archiver (x32)

==================== Restore Points  =========================

23-11-2013 19:35:57 Installed Microsoft Office Professional Plus 2010
23-11-2013 20:40:31 Removed Dark Basic Professional
23-11-2013 20:43:10 Removed Safari
23-11-2013 20:46:53 Removed BlueStacks
23-11-2013 20:58:16 Removed Java™ 6 Update 31
23-11-2013 20:58:58 Installed Java 7 Update 45
23-11-2013 21:00:35 Windows Update
24-11-2013 20:40:09 Windows Update
27-11-2013 22:17:09 Windows Update
28-11-2013 23:15:09 Windows Update

==================== Hosts content: ==========================

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {04F6491D-0807-4D8D-ABEF-D4B8A7D8541B} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2009-07-31] (Sony Corporation)
Task: {12976770-7805-4C62-80A3-34DF43D2D772} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {190D4049-012D-4A35-B00A-905DBC7A00E5} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2009-08-06] (Sony Corporation)
Task: {34D5F338-4CF6-40B5-8503-56E38D55EC6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25] (Google Inc.)
Task: {3B02BEE7-149D-4103-8277-5FFF9C0636C3} - System32\Tasks\AdobeAAMUpdater-1.0-john-VAIO-john => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {3BD36605-E9D3-469D-AF76-8728D33BA3F8} - System32\Tasks\{978A4D09-7583-4C3F-BB13-771AD70C279C} => C:\Users\john\Desktop\RapeLay-en\RapeLay-en.exe
Task: {721AE469-82C1-43EE-AE02-DCE10F2B7634} - System32\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A} => C:\Users\john\AppData\Local\Temp\Jnh.exe <==== ATTENTION
Task: {7D6E6EF5-8E31-429C-B12A-05834CAAA152} - System32\Tasks\{1044E5C6-6460-45AF-A039-EFA9E1EF87EF} => C:\Users\john\Desktop\RapeLay-en\RapeLay-en.exe
Task: {87234DA9-7A55-4181-8106-0082448F037F} - System32\Tasks\{A7957B24-A7D0-4764-AA5D-F8E995C19D3E} => C:\Users\john\Desktop\RapeLay-en\RapeLay-en.exe
Task: {CD441AC6-EE02-47AC-A92F-60F44743E012} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-11] (Adobe Systems Incorporated)
Task: {D948DE2F-E833-450D-A937-DD3C72E25D41} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job => C:\Users\john\AppData\Local\Temp\Jnh.exe

==================== Loaded Modules (whitelisted) =============

2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-05-11 20:22 - 2010-03-15 10:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2009-11-25 20:25 - 2009-07-01 19:49 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2009-11-25 20:25 - 2009-07-01 19:49 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2009-11-03 15:51 - 2009-11-03 15:51 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:64217CD0
AlternateDataStreams: C:\Users\john\Desktop\Heat.avi:TOC.WMV

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/01/2013 10:13:54 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/01/2013 10:13:54 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/01/2013 10:13:54 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/01/2013 10:13:54 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/01/2013 10:13:23 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/01/2013 10:13:23 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/01/2013 10:13:23 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/01/2013 10:13:23 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/01/2013 10:12:53 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/01/2013 10:12:53 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

System errors:
=============
Error: (12/01/2013 10:13:54 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 43 time(s).

Error: (12/01/2013 10:13:54 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2

Error: (12/01/2013 10:13:23 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 42 time(s).

Error: (12/01/2013 10:13:23 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2

Error: (12/01/2013 10:12:53 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 41 time(s).

Error: (12/01/2013 10:12:53 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2

Error: (12/01/2013 09:10:00 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 40 time(s).

Error: (12/01/2013 09:10:00 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2

Error: (12/01/2013 09:09:56 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (12/01/2013 09:09:56 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Microsoft Office Sessions:
=========================
Error: (12/01/2013 10:13:54 AM) (Source: Windows Search Service)(User: )
Description:
Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/01/2013 10:13:54 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/01/2013 10:13:54 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/01/2013 10:13:54 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
Search.TripoliIndexer

Error: (12/01/2013 10:13:23 AM) (Source: Windows Search Service)(User: )
Description:
Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/01/2013 10:13:23 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/01/2013 10:13:23 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/01/2013 10:13:23 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
Search.TripoliIndexer

Error: (12/01/2013 10:12:53 AM) (Source: Windows Search Service)(User: )
Description:
Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/01/2013 10:12:53 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
 The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

CodeIntegrity Errors:
===================================
  Date: 2013-03-19 11:40:46.659
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vgarebot.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-19 11:40:32.517
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vgarebot.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-19 11:38:00.100
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vgarebot.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-19 11:36:26.127
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vgarebot.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-01 20:32:46.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vgarebot.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-01 20:32:26.954
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vgarebot.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-05-09 15:39:56.962
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vgarebot.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-05-09 15:39:34.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vgarebot.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-01-29 02:15:59.872
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-01-29 02:15:59.856
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 2939.02 MB
Available physical RAM: 1638.63 MB
Total Pagefile: 5876.22 MB
Available Pagefile: 3831.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.56 GB) (Free:113.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 98D889AC)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=289 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

thanks for the help



#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:16 PM

Posted 04 December 2013 - 03:03 PM

:welcome: to BC forums, johngurling101!

Will take a look at the FRST report posted, and get back to you. In the meantime, please download Farbar Service Scanner
Save to the Desktop, and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press: Scan
  • The tool creates a log (FSS.txt) on the Desktop.
  • Please provide the FSS.txt in your your reply.

Old duck...


#5 johngurling101

johngurling101
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 04 December 2013 - 05:45 PM

hi thanks for the help here is my log you asked for:

Farbar Service Scanner Version: 23-11-2013
Ran by john (administrator) on 04-12-2013 at 22:41:25
Running from "C:\Users\john\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of bfe. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of bfe. The value does not exist.
Unable to retrieve ServiceDll of bfe. The value does not exist.

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll Reparse point on file detected.

C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****



#6 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:16 PM

Posted 04 December 2013 - 10:07 PM

Let's press on with FRST...

 

:step1:  Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt

start
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$9361a325dcbb1b727c5984f974071cc3\n.
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [openance] - rundll32 "C:\Users\john\AppData\Local\Temp\compnger.dll",CreateProcessNotify
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\john\AppData\Local\{9361a325-dcbb-1b72-7c59-84f974071cc3}\n.
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3469122011-3684683726-2445957611-1000\$9361a325dcbb1b727c5984f974071cc3\n.
MountPoints2: G - G:\AutoRun.exe
MountPoints2: {7cfc9df4-4648-11df-9c71-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {90fe9056-5d13-11df-890e-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {9e6aa59e-5254-11df-819b-806e6f6e6963} - G:\AutoRun.exe
MountPoints2: {9e6aa5ea-5254-11df-819b-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {b907e2eb-5b6e-11df-9fbf-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {bfed5c11-4019-11df-8980-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {ec69935d-7ef7-11df-bd0a-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {efbfb7f2-14b4-11df-a01a-0024beb012f7} - I:\Startme.exe
MountPoints2: {f1f4286a-0d8d-11df-9cbb-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {f440afb7-5252-11df-968a-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {f44ec610-0d3f-11df-989d-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {f44ec61b-0d3f-11df-989d-0024beb012f7} - G:\AutoRun.exe
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"C:\Users\john\AppData\Local\Temp\compnger.dll
C:\$Recycle.Bin\S-1-5-21-3469122011-3684683726-2445957611-1000\$9361a325dcbb1b727c5984f974071cc3
C:\$Recycle.Bin\S-1-5-18\$9361a325dcbb1b727c5984f974071cc3
C:\Users\john\AppData\Local\{9361a325-dcbb-1b72-7c59-84f974071cc3}
C:\Users\john\AppData\Local\{9361a325-dcbb-1b72-7c59-84f974071cc3}\@
C:\Users\john\jagex_cl_runescape_LIVE.dat
C:\Users\john\jagex_runescape_preferences.dat
C:\Users\john\jagex_runescape_preferences2.dat
C:\Users\john\jagex__preferences3.dat
C:\Users\john\random.dat
C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
C:\Users\john\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\john\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\john\AppData\Local\Temp\ose00000.exe
end

NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.
 
Now, run FRST once again, and press the Fix button, just once, and wait.
 
When done, the tool creates a report on the Desktop called: Fixlog.txt

>>  Please post the Fixlog.txt in your reply.
 

:step2:  Also, do the following:\

 

Download CKScanner:
http://downloads.malwareremoval.com/CKScanner.exe
Important: - Save it to the Desktop.

Right-click CKScanner.exe and select : Run as Administrator

Click: Search For Files
When the running circle disappears, click: Save List To File
A message box verifies the file saved.

>> Double-click the CKFiles.txt icon on your Desktop, and copy/paste the contents in your next reply.


Old duck...


#7 johngurling101

johngurling101
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 05 December 2013 - 02:35 PM

fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2013
Ran by john at 2013-12-05 19:33:25 Run:1
Running from C:\Users\john\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$9361a325dcbb1b727c5984f974071cc3\n.
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [openance] - rundll32 "C:\Users\john\AppData\Local\Temp\compnger.dll",CreateProcessNotify
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\john\AppData\Local\{9361a325-dcbb-1b72-7c59-84f974071cc3}\n.
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3469122011-3684683726-2445957611-1000\$9361a325dcbb1b727c5984f974071cc3\n.
MountPoints2: G - G:\AutoRun.exe
MountPoints2: {7cfc9df4-4648-11df-9c71-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {90fe9056-5d13-11df-890e-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {9e6aa59e-5254-11df-819b-806e6f6e6963} - G:\AutoRun.exe
MountPoints2: {9e6aa5ea-5254-11df-819b-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {b907e2eb-5b6e-11df-9fbf-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {bfed5c11-4019-11df-8980-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {ec69935d-7ef7-11df-bd0a-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {efbfb7f2-14b4-11df-a01a-0024beb012f7} - I:\Startme.exe
MountPoints2: {f1f4286a-0d8d-11df-9cbb-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {f440afb7-5252-11df-968a-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {f44ec610-0d3f-11df-989d-0024beb012f7} - G:\AutoRun.exe
MountPoints2: {f44ec61b-0d3f-11df-989d-0024beb012f7} - G:\AutoRun.exe
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"C:\Users\john\AppData\Local\Temp\compnger.dll
C:\$Recycle.Bin\S-1-5-21-3469122011-3684683726-2445957611-1000\$9361a325dcbb1b727c5984f974071cc3
C:\$Recycle.Bin\S-1-5-18\$9361a325dcbb1b727c5984f974071cc3
C:\Users\john\AppData\Local\{9361a325-dcbb-1b72-7c59-84f974071cc3}
C:\Users\john\AppData\Local\{9361a325-dcbb-1b72-7c59-84f974071cc3}\@
C:\Users\john\jagex_cl_runescape_LIVE.dat
C:\Users\john\jagex_runescape_preferences.dat
C:\Users\john\jagex_runescape_preferences2.dat
C:\Users\john\jagex__preferences3.dat
C:\Users\john\random.dat
C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
C:\Users\john\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\john\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\john\AppData\Local\Temp\ose00000.exe
end
*****************

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\openance => Value deleted successfully.
HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7cfc9df4-4648-11df-9c71-0024beb012f7} => Key deleted successfully.
HKCR\CLSID\{7cfc9df4-4648-11df-9c71-0024beb012f7} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90fe9056-5d13-11df-890e-0024beb012f7} => Key deleted successfully.
HKCR\CLSID\{90fe9056-5d13-11df-890e-0024beb012f7} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e6aa59e-5254-11df-819b-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{9e6aa59e-5254-11df-819b-806e6f6e6963} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e6aa5ea-5254-11df-819b-0024beb012f7} => Key deleted successfully.
HKCR\CLSID\{9e6aa5ea-5254-11df-819b-0024beb012f7} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b907e2eb-5b6e-11df-9fbf-0024beb012f7} => Key deleted successfully.
HKCR\CLSID\{b907e2eb-5b6e-11df-9fbf-0024beb012f7} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bfed5c11-4019-11df-8980-0024beb012f7} => Key deleted successfully.
HKCR\CLSID\{bfed5c11-4019-11df-8980-0024beb012f7} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec69935d-7ef7-11df-bd0a-0024beb012f7} => Key deleted successfully.
HKCR\CLSID\{ec69935d-7ef7-11df-bd0a-0024beb012f7} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efbfb7f2-14b4-11df-a01a-0024beb012f7} => Key deleted successfully.
HKCR\CLSID\{efbfb7f2-14b4-11df-a01a-0024beb012f7} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1f4286a-0d8d-11df-9cbb-0024beb012f7} => Key deleted successfully.
HKCR\CLSID\{f1f4286a-0d8d-11df-9cbb-0024beb012f7} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f440afb7-5252-11df-968a-0024beb012f7} => Key deleted successfully.
HKCR\CLSID\{f440afb7-5252-11df-968a-0024beb012f7} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f44ec610-0d3f-11df-989d-0024beb012f7} => Key deleted successfully.
HKCR\CLSID\{f44ec610-0d3f-11df-989d-0024beb012f7} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f44ec61b-0d3f-11df-989d-0024beb012f7} => Key deleted successfully.
HKCR\CLSID\{f44ec61b-0d3f-11df-989d-0024beb012f7} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000008\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000008\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
C:\$Recycle.Bin\S-1-5-21-3469122011-3684683726-2445957611-1000\$9361a325dcbb1b727c5984f974071cc3 => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$9361a325dcbb1b727c5984f974071cc3 => Moved successfully.
C:\Users\john\AppData\Local\{9361a325-dcbb-1b72-7c59-84f974071cc3} => Moved successfully.
"C:\Users\john\AppData\Local\{9361a325-dcbb-1b72-7c59-84f974071cc3}\@" => File/Directory not found.
C:\Users\john\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\john\jagex_runescape_preferences.dat => Moved successfully.
C:\Users\john\jagex_runescape_preferences2.dat => Moved successfully.
C:\Users\john\jagex__preferences3.dat => Moved successfully.
C:\Users\john\random.dat => Moved successfully.
C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job => Moved successfully.
C:\Users\john\AppData\Local\Temp\DataCard_Setup64.exe => Moved successfully.
C:\Users\john\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\john\AppData\Local\Temp\ose00000.exe => Moved successfully.

==== End of Fixlog ====



#8 johngurling101

johngurling101
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 05 December 2013 - 02:43 PM

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\perfect world entertainment\battle of the immortals\data\sceneobjs\juqing_yewai_284\light\juqing_fuben_284_crack_01.m4f.cfs
c:\perfect world entertainment\battle of the immortals\data\sceneobjs\juqing_yewai_284\light\juqing_fuben_284_crack_02.m4f.cfs
scanner sequence 3.AA.11.IUAPS0
 ----- EOF -----
 



#9 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:16 PM

Posted 05 December 2013 - 10:31 PM

C:\perfect world entertainment\battle of the immortals\data\sceneobjs\juqing_yewai_284\light\juqing_fuben_284_crack_01.m4f.cfs
C:\perfect world entertainment\battle of the immortals\data\sceneobjs\juqing_yewai_284\light\juqing_fuben_284_crack_02.m4f.cfs

This forum, as well as other reputable malware removal forums, do not support the use of illegal software, otherwise construed as aiding and abetting theft.

If the entries above are illegal, and you wish to continue receiving help, you must remove all cracked software from the computer.

Old duck...


#10 johngurling101

johngurling101
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 06 December 2013 - 03:50 AM

of course im not sure they are illegal but I did delete this game a while ago through control panel then programs im not sure where or how I would delete these files shown in log but I will look for them now



#11 johngurling101

johngurling101
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 06 December 2013 - 04:05 AM

ok I deleted the files here is a updated log:

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.SIAATA
 ----- EOF -----
 



#12 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:16 PM

Posted 07 December 2013 - 01:02 AM

Let's press on with repairs to the services shown in the FSS report...

:step1: Since the following involves editing the Registry, please create new restore point before proceeding.
http://www.sevenforums.com/tutorials/697-system-restore-point-create.html
Select: Option Two


:step2: Now, download ESET's ServiceRepair:
http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe
Save to the Desktop.
Double click to run the downloaded file.

A prompt appears asking if you want to proceed.
Click: Yes

When the Services Routine is completed, you are asked to Reboot.
Click Yes to allow the reboot.

When done, the tool creates a folder named CC Support on the Desktop.
Please open the folder, and provide the CC Support\Logs\SvcRepair.txt in your reply.


:step3: Last, run the Farbar Service Scanner once again.
Select all the options.
Press: Scan
Please provide the new FSS.txt in your reply.

Edited by Aaflac, 07 December 2013 - 01:08 AM.

Old duck...


#13 johngurling101

johngurling101
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 08 December 2013 - 07:42 AM

first log:

Log Opened: 2013-11-25 @ 23:27:42
23:27:42 - -----------------
23:27:42 - | Begin Logging |
23:27:42 - -----------------
23:27:42 - Fix started on a WIN_7 X64 computer
23:27:42 - Prep in progress.  Please Wait.
23:27:43 - Prep complete
23:27:43 - Repairing Services Now.  Please wait...
23:27:43 - Services Repair Complete.
23:27:48 - Reboot Initiated
Log Opened: 2013-11-25 @ 23:30:24
23:30:24 - -----------------
23:30:24 - | Begin Logging |
23:30:24 - -----------------
23:30:24 - Fix started on a WIN_7 X64 computer
23:30:24 - Prep in progress.  Please Wait.
23:30:26 - Prep complete
23:30:26 - Repairing Services Now.  Please wait...
23:30:26 - Services Repair Complete.
23:30:28 - Reboot Skipped
Log Opened: 2013-11-26 @ 00:00:40
00:00:40 - -----------------
00:00:40 - | Begin Logging |
00:00:40 - -----------------
00:00:40 - Fix started on a WIN_7 X64 computer
00:00:40 - Prep in progress.  Please Wait.
00:00:41 - Prep complete
00:00:41 - Repairing Services Now.  Please wait...
00:00:41 - Services Repair Complete.
00:00:41 - Reboot Initiated
Log Opened: 2013-11-27 @ 20:38:05
20:38:05 - -----------------
20:38:05 - | Begin Logging |
20:38:05 - -----------------
20:38:05 - Fix started on a WIN_7 X64 computer
20:38:05 - Prep in progress.  Please Wait.
20:38:06 - Prep complete
20:38:06 - Repairing Services Now.  Please wait...
20:38:06 - Services Repair Complete.
20:38:07 - Reboot Initiated
Log Opened: 2013-12-08 @ 12:37:24
12:37:24 - -----------------
12:37:24 - | Begin Logging |
12:37:24 - -----------------
12:37:25 - Fix started on a WIN_7 X64 computer
12:37:25 - Prep in progress.  Please Wait.
12:37:25 - Prep complete
12:37:25 - Repairing Services Now.  Please wait...
12:37:25 - Services Repair Complete.
12:37:35 - Reboot Initiated
 



#14 johngurling101

johngurling101
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 08 December 2013 - 07:47 AM

Farbar Service Scanner Version: 23-11-2013
Ran by john (administrator) on 08-12-2013 at 12:46:52
Running from "C:\Users\john\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of bfe. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of bfe. The value does not exist.
Unable to retrieve ServiceDll of bfe. The value does not exist.

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll Reparse point on file detected.

C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****



#15 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:16 PM

Posted 08 December 2013 - 06:23 PM

 

The ESET program did not do well, so, we need to manually repair services.

 

Please do the following...

:step1: Open Notepad (Start > All Programs > Accessories > Notepad)
Copy/paste all the contents of the quote box below to Notepad (do not copy the word 'Code').
Save it on the Desktop as: fixlist.txt

start
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
End

WARNING: This script is written specifically for use on this particular computer.
Running the script on another computer may cause damage to the Operating System!!

Run FRST again, but this time press the Fix button just once, and wait.

>> Please post the Fixlog.txt in your reply.

 

 

:step2: Next, download the following files to the Desktop, right-click on each file, and select: Merge

Allow the Registry merge for each one.

MpsSvc:

http://download.bleepingcomputer.com/win-services/7/MpsSvc.reg

BFE:

http://download.bleepingcomputer.com/win-services/7/BFE.reg

WSCSvc:

http://download.bleepingcomputer.com/win-services/7/wscsvc.reg

WinDefend:

http://download.bleepingcomputer.com/win-services/7/WinDefend.reg

SharedAccess:

http://download.bleepingcomputer.com/win-services/7/SharedAccess.reg

iphlpsvc

http://download.bleepingcomputer.com/win-services/7/iphlpsvc.reg

 

 

 

:step3: Now, let's merge some keys into the Registry:

Please open Notepad by pressing the Windows key and the R key at the same time.

In the Open area, type: notepad

Copy and paste all the text in the box below to Notepad:











 
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"="1"
"DisableNotifications"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
"AutoStart"=""

In Notepad, go to File > Save As

Save the file to: Desktop

Save the file as: fixrk.reg

Save type as to: All files

On the Desktop, double-click: fixrk.reg

Confirm the prompt to merge to your Registry.

Click: OK

 

Back on the Desktop, right-click fixrk.reg, and select: Delete

Do the same for all the other .reg files downloaded to the Desktop.

> Also empty the Recycle Bin.

 

 

:step4: Now, once again, press the Windows key and R at the same time.

In the Run box, type: notepad

Press: OK

 

Highlight the entire contents inside the following quote box, and copy/paste the text to Notepad (Do not copy the word ;Quote.)

 

 

 

@Echo off

sc config wscsvc start= delayed-auto

sc config MpsSvc start= auto

sc config BFE start= auto

sc config SharedAccess start= disabled

sc config iphlpsvc start= auto

sc config windefend start= manual

sc start wscsvc

sc start MpsSvc

sc start BFE

sc start SharedAccess

sc start iphlpsvc

shutdown -r -t 1

del %0

 

In Notepad, select File > Save as...

Press the Desktop entry on the left side.

In the File name box, type in: fixsvcs.bat

Press: Save

Close: Notepad

 

Right-click fixsvcs.bat on the Desktop, and select: Run As Administrator

Press Yes if prompted by the User Account Control.

When the batch commands are applied, Windows restarts.

 

 

:step5: Once again, please run the Farbar Service Scanner .

Select all the options.

Press: Scan

 

>> Please provide the new FSS.txt in your reply.
 


Edited by Aaflac, 08 December 2013 - 06:31 PM.

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users