Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Files encrypted - don't know which virus did it!


  • This topic is locked This topic is locked
52 replies to this topic

#1 adamtodd

adamtodd

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 19 April 2014 - 05:36 PM

Hi all,

 

Most of my data files have suddenly become unreadable, including :

 

  • pdf's
  • excel
  • word
  • jpgs (interestingly, if we've renamed them from the camera default (e.g. "going out.jpg) they're OK, but if they've been left as the camera saved them (e.g. IMG32453) then they're not accessible.
  • m4v

This has happened on files across two separate drives in my PC (which annoyingly means I've lost the backup as well, as I backed up one drive to the other).

 

I think they've been encrypted, because I don't think corruption would be so specific about what it corrupts, nor would it corrupt the same file types across separate discs. I ran Malwarebytes Anti-Malware in Safe Mode, and it detected a load of things running, including some files it marked as Trojan.Ransom and Trojan.Ransom.Gend. Have got rid of all of them, but I still can't access my files, which include all my photos from the last 10 years.

 

Reading up on it, it looks as though I probably won't get access to them, but it does look as though there might be some hope, depending on what virus it was. However - there haven't been any messages/pop ups asking for cash, and no .txt files asking for cash that I can see either, so I don't know what it was. 

 

I looked in the registry, and couldn't see any CryptoLocker references, and I also ran ListCrilock, and it didn;t find any encrypted files. I also ran the  Emsisoft Decryptor for CryptoDefense - it did find a private key, but when I run it, it says it can't find any encrypted files.

 

Shadow Versions don't help me - there's only one from the 8th April, and everything in there is inaccessible as well.

 

I had a look at one of the encrypted jpg files in Notepad (I know it wouldn;t make much sense anyway!) and it's a load of chinese characters - a non-corrupted jpg doesn;t look like that at all.

 

I still can't run ESET online scanner - if I try to, I get an "unexpected error" while it's initialising. If I try and run MBAM whilst not in Safe Mode, I get a message saying that "The program is blocked by Group Policy", and Windows Defender fails to launch with the message "Application failed to initialise : 0x80070006. The handle is invalid".

 

Can anyone help me identify what it was, see if there is any way to get my files back, and help me make sure it's gone for good?

 

Thanks,

 

Adam


Edited by boopme, 23 April 2014 - 01:12 PM.
Moved to MRL


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 24 April 2014 - 05:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/531694 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 adamtodd

adamtodd
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 25 April 2014 - 11:33 AM

Hi,

 

As requested, below is a DDS log. The problem is still as described above, and my main focus is trying (if possible) to recover the picture files.

 

I should say that I may have been assuming things to say that the files are "encrypted" - for all I know, they have just been corrupted, it might not be as clever as encryption.

 

Interestingly the "date modified" of the inaccessible files hasn't changed to something recent - it's still as it used to be.

 

Thanks,

 

Adam

 

Hi,

 

As requested, below is a DDS log. The problem is still as described above, and my main focus is trying (if possible) to recover the picture files.

 

I should say that I may have been assuming things to say that the files are "encrypted" - for all I know, they have just been corrupted, it might not be as clever as encryption.

 

Interestingly the "date modified" of the inaccessible files hasn't changed to something recent - it's still as it used to be.

 

Thanks,

 

Adam



#4 adamtodd

adamtodd
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 27 April 2014 - 02:20 PM

Sorry, realised I pasted the wrong thing above! DDS.txt follows :

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19088
Run by Adam at 17:28:34 on 2014-04-25
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.44.1033.18.2046.801 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BT Cloud\fshoster32.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\ProjectsWithLove\ServeToMe\ServeToMe-Service.exe
C:\Program Files\ShadowExplorer\sesvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\nvraidservice.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BT Cloud\fshoster32.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Jo\Desktop\Data\SpotifyWebHelper.exe
C:\Program Files\ProjectsWithLove\ServeToMe\ServeToMe.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BT Cloud\apps\ContentAnywhere\fs_sync_ui_hoster.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Windows Media Player\WMPEnc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BT Cloud\fshoster32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE
C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ProjectsWithLove\ServeToMe\ServeToMe.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\BT Cloud\apps\ContentAnywhere\fs_sync_ui_hoster.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.search.yahoo.com?type=994519&fr=spigot-yhp-ie
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Epson Stylus SX510W(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifie.exe /fu "c:\users\adam\appdata\local\temp\E_S4B71.tmp" /EF "HKCU"
uRun: [Google Update] "c:\users\adam\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [koomrde] rundll32 "c:\users\adam\appdata\local\koomrde.dll",koomrde
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [AsusStartupHelp] c:\program files\asus\aasp\1.00.16\AsRunHelp.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [F-Secure Hoster (47188)] "c:\program files\bt cloud\fshoster32.exe" -app -hosterid:1
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\servet~1.lnk - c:\windows\installer\{24e59eec-26d2-48c2-b007-cff5c29a7a23}\_2ACA636AB0DFD263825A24.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} - hxxp://static.photobox.co.uk/sg/common/ImageUploader4.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090309080349
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://eic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.co.uk/SnapfishUKActivia.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader4.cab?20080806095533
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E55B74AB-0B51-4BAE-A5B5-2531AB5EA4D9} - hxxp://assets.photobox.com/assets/v/Dp8wGnXTjsIAQtd7V5T0lFcde-o.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6042/mcfscan.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: Interfaces\{1C01ACDA-5EF5-423E-BC7A-29D98729C26C} : NameServer = 192.168.1.254
TCP: Interfaces\{FE11240D-0C93-41F0-A747-58FF4E14A5D5} : DHCPNameServer = 192.168.1.254 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: koomrde - c:\users\adam\appdata\local\koomrde.dll
AppInit_DLLs= {DLL_Str}
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2014-3-17 807800]
R2 fshoster;F-Secure Dll Hoster;c:\program files\bt cloud\fshoster32.exe [2013-4-2 191424]
R2 ServeToMe-Service;ServeToMe-Service;c:\program files\projectswithlove\servetome\ServeToMe-Service.exe [2012-9-25 5120]
R2 sesvc;ShadowExplorer Service;c:\program files\shadowexplorer\sesvc.exe [2014-4-19 9216]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2011-8-22 171096]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2011-8-22 1324120]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2011-8-22 72792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2012-1-2 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2011-8-22 171096]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2011-8-22 1324120]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2011-8-22 72792]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2012-5-29 227328]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-9-30 23096]
S3 STSService;STSService;"c:\program files\soundtaxi media suite\stsservice.exe" --> c:\program files\soundtaxi media suite\STSService.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-9-30 16640]
S3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2008-10-22 16896]
.
=============== Created Last 30 ================
.
2014-04-21 10:17:17 -------- d-----w- c:\program files\Stellar Phoenix JPEG Repair
2014-04-20 11:14:55 -------- d-----w- C:\iCloud Photos
2014-04-19 18:39:48 -------- d-----w- c:\users\adam\appdata\roaming\www.shadowexplorer.com
2014-04-19 18:39:23 -------- d-----w- c:\program files\ShadowExplorer
2014-04-19 18:37:08 -------- d-----w- c:\users\adam\appdata\local\SearchProtect
2014-04-19 18:36:34 -------- d-----w- c:\program files\sweetpacks bundle uninstaller
2014-04-19 15:37:56 -------- d-----w- c:\users\adam\appdata\roaming\XulTest
2014-04-19 15:37:56 -------- d-----w- c:\users\adam\appdata\local\XulTest
2014-04-09 01:11:04 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ba17a782-1d5a-4722-ad19-adf6b1269af5}\offreg.dll
2014-04-08 07:59:13 7969936 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ba17a782-1d5a-4722-ad19-adf6b1269af5}\mpengine.dll
2014-04-04 17:29:07 -------- d-----w- c:\program files\Vuze Remote Toolbar
2014-04-04 17:29:07 -------- d-----w- c:\program files\Application Updater
2014-04-01 18:53:56 56832 ----a-w- c:\windows\system32\drivers\1b36535375971e1b.sys
2014-04-01 18:53:16 53760 ----a-w- c:\programdata\microsoft\windows\drm\wow.dll
2014-04-01 18:52:47 16384 ----a-w- c:\users\adam\appdata\local\koomrde.dll
.
==================== Find3M  ====================
.
2014-04-21 12:21:17 3712 --sha-w- c:\windows\system32\KGyGaAvL.sys
2014-03-13 11:12:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-13 11:12:54 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 17:30:36.01 ===============
 



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,777 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 PM

Posted 27 April 2014 - 09:40 PM

Greetings Adam and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I am not very hopeful your files can be recovered but we will see what we can do.

While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Attached System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 adamtodd

adamtodd
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 28 April 2014 - 05:34 AM

Hi Gary,

 

Thanks so much for your help, I really appreciate it - any attempts to recover my photos are really welcome! Completely understand the ground rules, and I will follow them.

 

FRST.txt and Addition.txt are pasted below, and Summary.zip is attached.

 

Thanks,

 

Adam

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2014
Ran by Adam (administrator) on ADAM-AND-JO on 28-04-2014 10:59:10
Running from C:\Users\Adam\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Spigot, Inc.) C:\Program Files\Application Updater\ApplicationUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(F-Secure Corporation) C:\Program Files\BT Cloud\fshoster32.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
() C:\Windows\system32\PnkBstrA.exe
() C:\Windows\system32\PSIService.exe
(ProjectsWithLove) C:\Program Files\ProjectsWithLove\ServeToMe\ServeToMe-Service.exe
(www.shadowexplorer.com) C:\Program Files\ShadowExplorer\sesvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Windows\System32\nvraidservice.exe
() C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Creative Technology Ltd) C:\Windows\System32\Ctxfihlp.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(F-Secure Corporation) C:\Program Files\BT Cloud\fshoster32.exe
(Spigot, Inc.) C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE
(ProjectsWithLove) C:\Program Files\ProjectsWithLove\ServeToMe\ServeToMe.exe
(Creative Technology Ltd) C:\Windows\SYSTEM32\CTXFISPI.EXE
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
(F-Secure Corporation) C:\Program Files\BT Cloud\apps\ContentAnywhere\fs_sync_ui_hoster.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [NVRaidService] => C:\Windows\system32\nvraidservice.exe [178176 2006-12-22] (NVIDIA Corporation)
HKLM\...\Run: [AsusStartupHelp] => C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe [363008 2006-11-14] ()
HKLM\...\Run: [LogitechCommunicationsManager] => C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [565008 2008-08-14] ()
HKLM\...\Run: [Logitech Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Office Communicator\communicator.exe [5720072 2007-12-07] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [CTxfiHlp] => C:\Windows\system32\CTXFIHLP.EXE [25600 2011-08-22] (Creative Technology Ltd)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [F-Secure Hoster (47188)] => C:\Program Files\BT Cloud\fshoster32.exe [191424 2013-04-02] (F-Secure Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SearchSettings] => C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [1401152 2014-03-28] (Spigot, Inc.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\f-secure <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
Winlogon\Notify\koomrde: C:\Users\Adam\AppData\Local\koomrde.dll ()
HKU\S-1-5-21-3586448861-3661376309-3045200300-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3586448861-3661376309-3045200300-1000\...\Run: [Epson Stylus SX510W(Network)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE [199680 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3586448861-3661376309-3045200300-1000\...\Run: [Google Update] => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-06-05] (Google Inc.)
HKU\S-1-5-21-3586448861-3661376309-3045200300-1000\...\Run: [koomrde] => rundll32 "C:\Users\Adam\AppData\Local\koomrde.dll",koomrde <===== ATTENTION
HKU\S-1-5-21-3586448861-3661376309-3045200300-1000\...\Run: [Slick Savings] => C:\Users\Adam\AppData\Roaming\Slick Savings\CouponsHelper.exe [832320 2014-02-13] (Spigot, Inc.)
HKU\S-1-5-21-3586448861-3661376309-3045200300-1000\...\MountPoints2: {0225a3e8-4e1a-11e0-a904-001a92ce3aab} - F:\AUTORUN.EXE
HKU\S-1-5-21-3586448861-3661376309-3045200300-1000\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?
AppInit_DLLs: {DLL_Str} => {DLL_Str} File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ServeToMe.lnk
ShortcutTarget: ServeToMe.lnk -> C:\Windows\Installer\{24E59EEC-26D2-48C2-B007-CFF5C29A7A23}\_2ACA636AB0DFD263825A24.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com?type=994519&fr=spigot-yhp-ie
URLSearchHook: HKCU - Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\9.0\vuzeToolbarIE.dll (Spigot, Inc.)
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
SearchScopes: HKCU - DefaultScope {0F091310-8C90-4792-BD3E-F5B328A3B5E7} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {0F091310-8C90-4792-BD3E-F5B328A3B5E7} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {74CBEB32-9D25-4CB7-B4E3-D3A4A918C444} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKCU - {9FD102CB-A45D-4A4C-9FA6-4B1FE43EC98E} URL = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
BHO: Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\9.0\vuzeToolbarIE.dll (Spigot, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Adam\AppData\Roaming\Slick Savings\Coupons.dll (Spigot, Inc.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\9.0\vuzeToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} http://static.photobox.co.uk/sg/common/ImageUploader4.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090309080349
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://eic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.co.uk/SnapfishUKActivia.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} http://assets.photobox.com/assets/aurigma/ImageUploader4.cab?20080806095533
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E55B74AB-0B51-4BAE-A5B5-2531AB5EA4D9} http://assets.photobox.com/assets/v/Dp8wGnXTjsIAQtd7V5T0lFcde-o.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6042/mcfscan.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\..\Interfaces\{1C01ACDA-5EF5-423E-BC7A-29D98729C26C}: [NameServer]192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Adam\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR HomePage: hxxp://uk.search.yahoo.com?type=994519&fr=spigot-yhp-ch
CHR StartupUrls: "hxxp://uk.search.yahoo.com?type=994519&fr=spigot-yhp-ch", "hxxp://www.google.com/", [ "hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=48"
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=994519&p={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (DivX® Content Upload Plugin) - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (DivX® Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (YouTube) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-14]
CHR Extension: (Google Search) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-14]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2013-09-23]
CHR Extension: (Google Wallet) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23]
CHR Extension: (Evernote Web Clipper) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2011-08-04]
CHR Extension: (Gmail) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-14]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Adam\AppData\Local\Slick Savings\coupons.crx [2013-12-27]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
CHR StartMenuInternet: Google Chrome - C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

Locked "1b36535375971e1b" service could not be unlocked. <===== ATTENTION

R2 Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [807800 2014-03-28] (Spigot, Inc.)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 fshoster; C:\Program Files\BT Cloud\fshoster32.exe [191424 2013-04-02] (F-Secure Corporation)
S3 KService; C:\Program Files\Kontiki\KService.exe [3072184 2008-02-27] (Kontiki Inc.)
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2008-01-22] ()
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] ()
R2 ServeToMe-Service; C:\Program Files\ProjectsWithLove\ServeToMe\ServeToMe-Service.exe [5120 2012-09-25] (ProjectsWithLove)
R2 sesvc; C:\Program Files\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com)
S3 STSService; "C:\Program Files\SoundTaxi Media Suite\STSService.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12664 2006-10-18] ()
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347144 2011-08-22] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [134680 2007-09-21] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [100888 2007-09-21] (Creative Technology Ltd)
R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25824 2010-05-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 MRV6X32P; C:\Windows\System32\DRIVERS\MRVW13B.sys [256000 2007-05-03] (Marvell Semiconductor, Inc)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
S3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [227328 2007-04-23] (NETGEAR Inc.                           )
S4 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [71784 2006-11-02] ()
R1 Smb; C:\Windows\System32\DRIVERS\smb.sys [66560 2008-01-19] ()
S3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [23096 2009-09-17] ()
R0 spldr; C:\Windows\system32\Drivers\spldr.sys [21048 2008-01-19] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [304640 2011-02-18] ()
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [146432 2011-04-29] ()
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [102400 2011-04-29] ()
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [15288 2008-01-19] ()
S4 Symc8xx; C:\Windows\system32\drivers\symc8xx.sys [35944 2006-11-02] ()
S4 Sym_hi; C:\Windows\system32\drivers\sym_hi.sys [31848 2006-11-02] ()
S4 Sym_u3; C:\Windows\system32\drivers\sym_u3.sys [34920 2006-11-02] ()
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [898952 2010-06-16] ()
S3 Tcpip6; C:\Windows\System32\DRIVERS\tcpip.sys [898952 2010-06-16] ()
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [30208 2008-01-19] ()
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [17920 2008-01-19] ()
R3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [29184 2008-01-19] ()
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [71680 2008-01-19] ()
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [54328 2008-01-19] ()
R3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [23552 2008-01-19] ()
R3 tunmp; C:\Windows\System32\DRIVERS\tunmp.sys [15360 2008-01-19] ()
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [25088 2010-02-18] ()
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [56936 2006-11-02] ()
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [226816 2008-01-19] ()
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [58472 2006-11-02] ()
S4 uliahci; C:\Windows\system32\drivers\uliahci.sys [235112 2006-11-02] ()
S4 UlSata; C:\Windows\system32\drivers\ulsata.sys [98408 2006-11-02] ()
S4 ulsata2; C:\Windows\system32\drivers\ulsata2.sys [115816 2006-11-02] ()
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [34816 2008-01-19] ()
S3 UMPass; C:\Windows\System32\DRIVERS\umpass.sys [7680 2008-01-19] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44544 2012-09-28] ()
R3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [73088 2008-01-19] ()
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [73216 2008-01-19] ()
S4 usbcir; C:\Windows\system32\drivers\usbcir.sys [68608 2006-11-02] ()
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [39424 2008-01-19] ()
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [194560 2008-01-19] ()
R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [19456 2008-01-19] ()
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [18944 2008-01-19] ()
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [35328 2008-01-19] ()
R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [55296 2008-01-19] ()
S4 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [22528 2006-11-02] ()
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2006-11-02] ()
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2008-01-19] ()
S3 viaagp; C:\Windows\system32\drivers\viaagp.sys [54376 2006-11-02] ()
S4 ViaC7; C:\Windows\system32\drivers\viac7.sys [39424 2006-11-02] ()
S4 viaide; C:\Windows\system32\drivers\viaide.sys [17512 2006-11-02] ()
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [52792 2008-01-19] ()
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [294456 2008-01-19] ()
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [227896 2008-01-19] ()
S4 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [112232 2006-11-02] ()
S4 WacomPen; C:\Windows\system32\drivers\wacompen.sys [20608 2006-11-02] ()
S3 Wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [62464 2008-01-19] ()
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [62464 2008-01-19] ()
S4 Wd; C:\Windows\system32\drivers\wd.sys [19560 2006-11-02] ()
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [503864 2008-01-19] ()
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19352 2007-09-13] ()
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [29976 2007-09-13] ()
S4 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2006-11-02] ()
S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14744 2007-09-13] ()
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [51608 2007-09-13] ()
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [15872 2008-01-19] ()
S3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [16640 2009-09-03] ()
S3 wsvad_driver; C:\Windows\System32\drivers\VirtualAudio.sys [16896 2008-10-17] ()
R3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [83328 2008-01-19] ()
U5 1b36535375971e1b; C:\Windows\System32\Drivers\1b36535375971e1b.sys [56832 2014-04-01] () <===== ATTENTION Necurs Rootkit?
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
S3 CT20XUT.DLL; system32\CT20XUT.DLL [X]
S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
S3 CTEAPSFX.DLL; system32\CTEAPSFX.DLL [X]
S3 CTEDSPFX.DLL; system32\CTEDSPFX.DLL [X]
S3 CTEDSPSY.DLL; system32\CTEDSPSY.DLL [X]
S3 CTEXFIFX.DLL; system32\CTEXFIFX.DLL [X]
S3 CTHWIUT.DLL; system32\CTHWIUT.DLL [X]
S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]
S3 GPUTool; \??\C:\Users\Adam\AppData\Local\Temp\GPUTool.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RTL8187; system32\DRIVERS\wg111v2.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2008-05-02] () <===== ATTENTION Necurs Rootkit?

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-28 10:59 - 2014-04-28 10:59 - 00032754 _____ () C:\Users\Adam\Desktop\FRST.txt
2014-04-28 10:59 - 2014-04-28 10:59 - 00000000 ____D () C:\FRST
2014-04-27 20:21 - 2014-04-27 20:21 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Slick Savings
2014-04-27 20:21 - 2014-04-27 20:21 - 00000000 ____D () C:\Program Files\Vuze Remote Toolbar
2014-04-27 20:21 - 2014-04-27 20:21 - 00000000 ____D () C:\Program Files\Application Updater
2014-04-25 17:30 - 2014-04-25 17:30 - 00018566 _____ () C:\Users\Adam\Desktop\attach.txt
2014-04-25 17:30 - 2014-04-25 17:30 - 00017037 _____ () C:\Users\Adam\Desktop\dds.txt
2014-04-25 17:28 - 2014-04-25 17:28 - 00688992 ____R (Swearware) C:\Users\Adam\Desktop\dds.com
2014-04-21 23:25 - 2014-04-21 23:25 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Adam\Desktop\mbar-1.07.0.1009.exe
2014-04-21 23:12 - 2014-04-28 10:58 - 01049600 _____ (Farbar) C:\Users\Adam\Desktop\FRST.exe
2014-04-21 11:17 - 2014-04-21 11:17 - 00000913 _____ () C:\Users\Adam\Desktop\Stellar Phoenix JPEG Repair.lnk
2014-04-21 11:17 - 2014-04-21 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix JPEG Repair
2014-04-21 11:17 - 2014-04-21 11:17 - 00000000 ____D () C:\Program Files\Stellar Phoenix JPEG Repair
2014-04-21 11:12 - 2014-04-21 11:12 - 00000018 _____ () C:\Users\Adam\Desktop\egg.txt
2014-04-20 12:14 - 2014-04-20 12:14 - 00000000 ____D () C:\iCloud Photos
2014-04-19 20:53 - 2014-04-19 20:54 - 00751688 _____ (Emsisoft GmbH) C:\Users\Adam\Desktop\decrypt_harasom.exe
2014-04-19 20:35 - 2014-04-19 20:35 - 00614661 _____ () C:\decrypt_cryptodefense.zip
2014-04-19 20:27 - 2014-04-19 20:30 - 00000000 ____D () C:\Users\Adam\Desktop\Test
2014-04-19 20:24 - 2014-04-19 20:24 - 10868379 _____ () C:\Users\Adam\Desktop\Anti-CryptorBitV2.zip
2014-04-19 19:39 - 2014-04-19 19:39 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Adam\Desktop\ShadowExplorer-0.9-setup.exe
2014-04-19 19:39 - 2014-04-19 19:39 - 00001682 _____ () C:\Users\Adam\Desktop\ShadowExplorer.lnk
2014-04-19 19:39 - 2014-04-19 19:39 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\www.shadowexplorer.com
2014-04-19 19:39 - 2014-04-19 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2014-04-19 19:39 - 2014-04-19 19:39 - 00000000 ____D () C:\Program Files\ShadowExplorer
2014-04-19 19:37 - 2014-04-19 19:37 - 00000000 ____D () C:\Users\Adam\AppData\Local\SearchProtect
2014-04-19 19:18 - 2014-04-19 21:05 - 00001056 _____ () C:\Users\Adam\Desktop\ListCrilock.txt
2014-04-19 19:18 - 2014-04-19 19:18 - 00390392 _____ (Bleeping Computer, LLC) C:\Users\Adam\Desktop\ListCrilock.exe
2014-04-19 16:37 - 2014-04-19 16:37 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\XulTest
2014-04-19 16:37 - 2014-04-19 16:37 - 00000000 ____D () C:\Users\Adam\AppData\Local\XulTest
2014-04-19 14:56 - 2014-04-19 14:56 - 00000000 ____D () C:\Users\Jo\AppData\Roaming\NVIDIA
2014-04-10 16:25 - 2014-04-19 16:29 - 00077312 _____ () C:\Users\Jo\Documents\Eleanors poetry book.pub
2014-04-09 16:00 - 2014-04-10 16:12 - 00000000 ____D () C:\Users\Jo\Documents\Eleanors Poems
2014-04-01 19:53 - 2014-04-01 19:53 - 00056832 _____ () C:\Windows\system32\Drivers\1b36535375971e1b.sys
2014-04-01 19:52 - 2014-04-01 19:52 - 00016384 _____ () C:\Users\Adam\AppData\Local\koomrde.dll

==================== One Month Modified Files and Folders =======

2014-04-28 10:59 - 2014-04-28 10:59 - 00032754 _____ () C:\Users\Adam\Desktop\FRST.txt
2014-04-28 10:59 - 2014-04-28 10:59 - 00000000 ____D () C:\FRST
2014-04-28 10:58 - 2014-04-21 23:12 - 01049600 _____ (Farbar) C:\Users\Adam\Desktop\FRST.exe
2014-04-28 10:58 - 2011-09-16 23:09 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{EDD4161F-8791-4102-8D76-CBFB6A9BBF62}.job
2014-04-28 10:55 - 2011-03-02 22:02 - 00000000 ____D () C:\Windows\system32\logishrd
2014-04-28 10:55 - 2009-12-24 11:11 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-28 10:55 - 2007-07-09 19:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-28 10:55 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-28 10:55 - 2006-11-02 13:47 - 00003792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-28 10:55 - 2006-11-02 13:47 - 00003792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-27 20:32 - 2006-11-02 14:01 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-27 20:26 - 2011-08-04 19:52 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3586448861-3661376309-3045200300-1000UA.job
2014-04-27 20:21 - 2014-04-27 20:21 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Slick Savings
2014-04-27 20:21 - 2014-04-27 20:21 - 00000000 ____D () C:\Program Files\Vuze Remote Toolbar
2014-04-27 20:21 - 2014-04-27 20:21 - 00000000 ____D () C:\Program Files\Application Updater
2014-04-27 20:21 - 2013-09-12 15:39 - 00000000 ____D () C:\Program Files\Common Files\Spigot
2014-04-27 20:20 - 2006-11-02 11:33 - 00707392 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-25 17:30 - 2014-04-25 17:30 - 00018566 _____ () C:\Users\Adam\Desktop\attach.txt
2014-04-25 17:30 - 2014-04-25 17:30 - 00017037 _____ () C:\Users\Adam\Desktop\dds.txt
2014-04-25 17:28 - 2014-04-25 17:28 - 00688992 ____R (Swearware) C:\Users\Adam\Desktop\dds.com
2014-04-25 17:12 - 2012-12-15 13:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-25 17:08 - 2009-12-24 11:11 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-25 16:59 - 2008-09-16 12:16 - 00000000 ____D () C:\Users\Jo\Tracing
2014-04-25 15:00 - 2010-11-10 16:00 - 00000238 _____ () C:\Windows\Tasks\Epson Printer Software Downloader.job
2014-04-21 23:25 - 2014-04-21 23:25 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Adam\Desktop\mbar-1.07.0.1009.exe
2014-04-21 13:21 - 2007-09-06 20:11 - 00000000 ____D () C:\Users\Adam\Documents\My PSP Files
2014-04-21 13:21 - 2007-09-06 20:11 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Corel
2014-04-21 13:21 - 2007-09-06 20:07 - 00003712 ___SH () C:\Windows\system32\KGyGaAvL.sys
2014-04-21 11:40 - 2007-07-09 21:52 - 00137216 _____ () C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-21 11:26 - 2011-08-04 19:52 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3586448861-3661376309-3045200300-1000Core.job
2014-04-21 11:17 - 2014-04-21 11:17 - 00000913 _____ () C:\Users\Adam\Desktop\Stellar Phoenix JPEG Repair.lnk
2014-04-21 11:17 - 2014-04-21 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix JPEG Repair
2014-04-21 11:17 - 2014-04-21 11:17 - 00000000 ____D () C:\Program Files\Stellar Phoenix JPEG Repair
2014-04-21 11:12 - 2014-04-21 11:12 - 00000018 _____ () C:\Users\Adam\Desktop\egg.txt
2014-04-20 12:14 - 2014-04-20 12:14 - 00000000 ____D () C:\iCloud Photos
2014-04-19 21:05 - 2014-04-19 19:18 - 00001056 _____ () C:\Users\Adam\Desktop\ListCrilock.txt
2014-04-19 20:54 - 2014-04-19 20:53 - 00751688 _____ (Emsisoft GmbH) C:\Users\Adam\Desktop\decrypt_harasom.exe
2014-04-19 20:35 - 2014-04-19 20:35 - 00614661 _____ () C:\decrypt_cryptodefense.zip
2014-04-19 20:30 - 2014-04-19 20:27 - 00000000 ____D () C:\Users\Adam\Desktop\Test
2014-04-19 20:24 - 2014-04-19 20:24 - 10868379 _____ () C:\Users\Adam\Desktop\Anti-CryptorBitV2.zip
2014-04-19 20:15 - 2007-07-09 19:34 - 00269810 _____ () C:\Windows\PFRO.log
2014-04-19 20:15 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Provisioning
2014-04-19 20:09 - 2012-11-18 15:32 - 00000000 ____D () C:\Users\Adam\AppData\Local\Conduit
2014-04-19 19:39 - 2014-04-19 19:39 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Adam\Desktop\ShadowExplorer-0.9-setup.exe
2014-04-19 19:39 - 2014-04-19 19:39 - 00001682 _____ () C:\Users\Adam\Desktop\ShadowExplorer.lnk
2014-04-19 19:39 - 2014-04-19 19:39 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\www.shadowexplorer.com
2014-04-19 19:39 - 2014-04-19 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2014-04-19 19:39 - 2014-04-19 19:39 - 00000000 ____D () C:\Program Files\ShadowExplorer
2014-04-19 19:37 - 2014-04-19 19:37 - 00000000 ____D () C:\Users\Adam\AppData\Local\SearchProtect
2014-04-19 19:22 - 2012-11-18 15:32 - 00000000 ____D () C:\Users\Adam\AppData\Local\CRE
2014-04-19 19:22 - 2007-07-06 18:30 - 00000000 ____D () C:\Users\Adam
2014-04-19 19:18 - 2014-04-19 19:18 - 00390392 _____ (Bleeping Computer, LLC) C:\Users\Adam\Desktop\ListCrilock.exe
2014-04-19 18:05 - 2006-11-02 13:52 - 01548437 _____ () C:\Windows\WindowsUpdate.log
2014-04-19 17:58 - 2007-11-28 20:26 - 00002085 ____S () C:\Users\Adam\Desktop\feb2b8d974e5ec6466603c5c17a80d27_10273f13-33f3-460e-bba1-f05b6e8f8cb7
2014-04-19 17:48 - 2007-08-01 08:21 - 00002627 _____ () C:\Users\Jo\Desktop\Microsoft Office Word 2007.lnk
2014-04-19 17:38 - 2006-11-02 13:52 - 00056099 _____ () C:\Windows\setupact.log
2014-04-19 17:12 - 2006-11-02 13:48 - 00064042 _____ () C:\Windows\DtcInstall.log
2014-04-19 16:37 - 2014-04-19 16:37 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\XulTest
2014-04-19 16:37 - 2014-04-19 16:37 - 00000000 ____D () C:\Users\Adam\AppData\Local\XulTest
2014-04-19 16:29 - 2014-04-10 16:25 - 00077312 _____ () C:\Users\Jo\Documents\Eleanors poetry book.pub
2014-04-19 15:36 - 2007-07-11 19:30 - 00113664 _____ () C:\Users\Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-19 14:56 - 2014-04-19 14:56 - 00000000 ____D () C:\Users\Jo\AppData\Roaming\NVIDIA
2014-04-10 16:12 - 2014-04-09 16:00 - 00000000 ____D () C:\Users\Jo\Documents\Eleanors Poems
2014-04-05 02:18 - 2009-01-20 19:57 - 00000000 ____D () C:\Users\Jo\Documents\Play activities
2014-04-05 02:18 - 2008-10-01 09:23 - 00000000 ____D () C:\Users\Jo\Documents\Targets
2014-04-05 02:18 - 2008-10-01 09:23 - 00000000 ____D () C:\Users\Jo\Documents\Summer Term 2007
2014-04-05 02:18 - 2008-10-01 09:23 - 00000000 ____D () C:\Users\Jo\Documents\scanned photos
2014-04-05 02:18 - 2008-10-01 09:23 - 00000000 ____D () C:\Users\Jo\Documents\PSHE
2014-04-05 02:18 - 2007-07-10 17:22 - 00000000 ____D () C:\Users\Jo
2014-04-05 02:17 - 2013-06-27 10:42 - 00000000 ____D () C:\Users\Jo\Desktop\teaparty
2014-04-05 02:17 - 2008-10-01 09:23 - 00000000 ____D () C:\Users\Jo\Documents\Geldard family
2014-04-05 02:17 - 2008-10-01 09:23 - 00000000 ____D () C:\Users\Jo\Documents\Dundas family
2014-04-05 02:17 - 2008-10-01 09:23 - 00000000 ____D () C:\Users\Jo\Documents\Ash Class
2014-04-05 02:17 - 2008-01-15 19:30 - 00000000 ____D () C:\Users\Jo\Desktop\Scotland
2014-04-05 02:17 - 2007-12-17 13:56 - 00000000 ___SD () C:\Users\Jo\Documents\My Data Sources
2014-04-05 02:17 - 2007-09-07 09:21 - 00000000 ____D () C:\Users\Jo\Desktop\Plans
2014-04-05 02:13 - 2014-03-21 17:38 - 00000000 ____D () C:\Users\Jo\Desktop\picsad
2014-04-05 02:12 - 2010-04-23 10:11 - 00000000 ____D () C:\Users\Jo\Desktop\Non-Sample School Drawings
2014-04-05 02:12 - 2009-09-23 12:17 - 00000000 ____D () C:\Users\Jo\Desktop\Photos
2014-04-05 02:11 - 2014-01-01 13:59 - 00000000 ____D () C:\Users\Jo\Desktop\AGPICS
2014-04-05 02:11 - 2007-11-04 21:40 - 00000000 ____D () C:\Users\Jo\Desktop\Christmas cards
2014-04-05 02:09 - 2011-12-11 18:44 - 00000000 ____D () C:\Users\Adam\Documents\Preschool
2014-04-05 02:07 - 2011-12-11 19:55 - 00000000 ___SD () C:\Users\Adam\Documents\My Data Sources
2014-04-05 02:04 - 2011-03-22 23:48 - 00000000 ____D () C:\Users\Adam\Desktop\New Folder
2014-04-04 18:23 - 2012-08-15 21:27 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2014-04-03 21:07 - 2007-07-28 15:38 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Azureus
2014-04-02 19:04 - 2007-07-28 15:38 - 00000000 ____D () C:\Program Files\Azureus
2014-04-01 19:53 - 2014-04-01 19:53 - 00056832 _____ () C:\Windows\system32\Drivers\1b36535375971e1b.sys
2014-04-01 19:52 - 2014-04-01 19:52 - 00016384 _____ () C:\Users\Adam\AppData\Local\koomrde.dll

Alureon:
C:\Users\Adam\AppData\Local\temp\scayvin\sxbrpbq\wow.dll

Files to move or delete:
====================
C:\Users\Jo\Spotify Installer.exe

Some content of TEMP:
====================
C:\Users\Adam\AppData\Local\temp\DivXSetup.exe
C:\Users\Adam\AppData\Local\temp\eject.exe
C:\Users\Adam\AppData\Local\temp\install.exe
C:\Users\Adam\AppData\Local\temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Adam\AppData\Local\temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Adam\AppData\Local\temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Adam\AppData\Local\temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Adam\AppData\Local\temp\setpointenu.exe
C:\Users\Adam\AppData\Local\temp\SonosUpgrader.exe
C:\Users\Adam\AppData\Local\temp\vzf-663022491158031682.dll
C:\Users\Adam\AppData\Local\temp\vzf-9008331810072893651.dll
C:\Users\Adam\AppData\Local\temp\winzipdusetup.exe
C:\Users\Adam\AppData\Local\temp\winziprosetup.exe
C:\Users\Adam\AppData\Local\temp\xuninst.exe
C:\Users\Adam\AppData\Local\temp\_is9ADE.exe
C:\Users\Adam\AppData\Local\temp\_isAEDB.exe
C:\Users\Adam\AppData\Local\temp\_isB607.exe
C:\Users\Adam\AppData\Local\temp\_isF23.exe
C:\Users\Jo\AppData\Local\temp\i4jdel0.exe
C:\Users\Jo\AppData\Local\temp\i4jdel1.exe
C:\Users\Jo\AppData\Local\temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Jo\AppData\Local\temp\SkypeSetup.exe
C:\Users\Jo\AppData\Local\temp\SpotifyUpgrader.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys
[2008-06-14 09:28] - [2008-01-19 08:42] - 0227896 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\system32\Drivers\volsnap.sys No Company Name <===== ATTENTION!

 

LastRegBack: 2014-04-27 20:22

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-04-2014
Ran by Adam at 2014-04-28 10:59:42
Running from C:\Users\Adam\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.5.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11 (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUSUpdate (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Auto Gordian Knot 2.55 (HKLM\...\AutoGK) (Version: 2.55 - len0x)
AVI/MPEG/RM/WMV Joiner 4.82 (HKLM\...\AVI MPEG RM WMV Joiner_is1) (Version:  - Boilsoft, Inc.)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Battlefield 2™ (HKLM\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )
BBC iPlayer Download Manager (HKLM\...\BBC iPlayer Download Manager) (Version: 1.7.2449 - BBC)
BBC iPlayer Download Manager (Version: 1.7.2449 - BBC.) Hidden
BeebEm (HKLM\...\BeebEm) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BT Cloud (HKLM\...\F-Secure ServiceEnabler 47188) (Version: 1.83.310.0 - F-Secure Corporation)
BT Cloud (Version: 1.83.310.0 - F-Secure Corporation) Hidden
Call of Duty® 4 - Modern Warfare™ (HKLM\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.4 - Activision)
Call of Duty® 4 - Modern Warfare™ (Version: 1.00.0000 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.4 Patch (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.4 Patch (Version: 1.4 - Activision) Hidden
CameraHelperMsi (Version: 13.10.1217.0 - Logitech) Hidden
CCF Authentication 1.00.211.0 (release) (Version: 1.00.211.0 - F-Secure Corporation) Hidden
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
ConvertXtoDVD 3.1.0.26 (HKLM\...\{76C24F39-B161-498F-BD8B-C64789812D13}_is1) (Version: 3.1.0.26 - )
Corel Paint Shop Pro Photo XI (HKLM\...\{93A1B09E-BAFA-4628-A5B6-921CB026955A}) (Version: 11.20.0000 - Corel Corporation)
CoreVorbis Audio Decoder (remove only) (HKLM\...\CoreVorbis Audio Decoder) (Version:  - )
Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM\...\WaveStudio 7) (Version:  - )
DH Driver Cleaner Professional Edition (HKLM\...\Driver Cleaner Pro) (Version: Version 1.5 - Ruud Ketelaars)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.0.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.0.0 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.4.1.4 - DivX, LLC)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.0 - DivX,Inc.)
Doctor Who: The Adventure Games (HKLM\...\{9F73FDEF-DDC1-4307-9D96-13AB3254641A}_is1) (Version:  - British Broadcasting Corp.)
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Epson Easy Photo Print 2 (HKLM\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson Printer Software Downloader (HKLM\...\Epson Printer Software Downloader) (Version:  - )
Epson Printer Software Downloader (Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
Epson Stylus SX510W_TX550W Manual (HKLM\...\Epson Stylus SX510W_TX550W User’s Guide) (Version:  - )
EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FileParade bundle uninstaller (HKLM\...\FileParade bundle uninstaller) (Version: 2.0.0.5 - FileParade) <==== ATTENTION
FileZilla Client 3.1.6 (HKLM\...\FileZilla Client) (Version: 3.1.6 - )
Free Download Manager 2.5 (HKLM\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
GameBase v1.1 (HKLM\...\GameBase_is1) (Version:  - BU22)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Half-Life 2 (HKCU\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM\...\Steam App 340) (Version:  - Valve)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Huffyuv AVI lossless video codec (Remove Only) (HKLM\...\HUFFYUV) (Version:  - )
IL-2 Sturmovik 1946 (HKLM\...\InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}) (Version: 1.00.0000 - Ubisoft)
IL-2 Sturmovik 1946 (Version: 1.00.0000 - Ubisoft) Hidden
Image Grabber II (HKLM\...\Image Grabber II) (Version:  - )
Indeo® Software (HKLM\...\Indeo® Software) (Version:  - )
iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)
Jalbum 8.1 (HKLM\...\Jalbum_1) (Version:  - )
Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LizardTech DjVu Control (autoinstall) (HKLM\...\DjVu) (Version:  - )
Logitech Communications Manager (Version: 10.45.1121 - Logitech, Inc.) Hidden
Logitech Legacy USB Camera Driver Package (HKLM\...\legacyqcam_11.00) (Version:  - )
Logitech QuickCam Driver Package (HKLM\...\lvdrivers_11.80) (Version:  - )
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Logitech Updater (HKLM\...\{53735ECE-E461-4FD0-B742-23A352436D3A}) (Version: 1.70 - Logitech, Inc.)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LucasArts' TIE Fighter (HKLM\...\LucasArts' TIE Fighter) (Version:  - )
LWS Facebook (Version: 13.10.1216.0 - Logitech) Hidden
LWS Gallery (Version: 13.10.1216.0 - Logitech) Hidden
LWS Help_main (Version: 13.10.1224.0 - Logitech) Hidden
LWS Launcher (Version: 13.10.1224.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.10.1218.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.10.1218.0 - Logitech) Hidden
LWS Twitter (Version: 13.00.1216.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.10.1216.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.00.1774.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.00.1774.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.10.1222.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.10.1216.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft AutoRoute 2005 (HKLM\...\{67E4EE98-59F4-4220-89A6-A20AF5BEC689}) (Version: 12.00.07.1200 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Communicator 2007 (HKLM\...\{E5BA0430-919F-46DD-B656-0796F8A5ADFF}) (Version: 2.0.6362.36 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM\...\{7DB92914-0A00-48C6-8DBB-F8E9D02B78B1}) (Version: 8.0.6362.41 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
MPEG TO AVI version 3.1.1 (HKLM\...\MPEG TO AVI_is1) (Version:  - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
myFairTunes v.7.0.2c (HKLM\...\myFairTunes_is1) (Version:  - Team-Assembly)
NETGEAR WG111v3 wireless USB 2.0 adapter (HKLM\...\InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) (Version: 1.00.0000 - NETGEAR)
NETGEAR WG111v3 wireless USB 2.0 adapter (Version: 1.00.0000 - NETGEAR) Hidden
NTFS Undelete v0.93 (HKLM\...\NTFS Undelete_is1) (Version: 0.93 - Atola Technology)
NVIDIA 3D Vision Controller Driver 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 285.62 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.11.0621 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
PC Inspector File Recovery (HKLM\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.07 - )
Pdf995 (HKLM\...\Pdf995) (Version:  - )
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)
PowerISO (HKLM\...\PowerISO) (Version:  - )
Qtpfsgui 1.9.2 (HKLM\...\Qtpfsgui_is1) (Version:  - Qtpfsgui Dev Team)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
Recover My Files (HKLM\...\Recover My Files_is1) (Version: 3.9.8.6081 - GetData Pty Ltd)
SCRABBLE® Interactive 2007 EDITION Uninstall (HKLM\...\SCRABBLE® 2007 EDITION) (Version:  - )
ServeToMe (HKLM\...\{24E59EEC-26D2-48C2-B007-CFF5C29A7A23}) (Version: 3.7.4286 - ProjectsWithLove)
ShadowExplorer 0.9 (HKLM\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
Skype Toolbars (HKLM\...\{A29549FD-65F3-440C-A552-6B8114CF319D}) (Version: 5.2.4170 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slick Savings (HKLM\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 1.3 - Spigot, Inc.) <==== ATTENTION
Sonos Controller (HKLM\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 22.0.64240 - Sonos, Inc.)
Spotify (HKLM\...\Spotify) (Version: 0.3.18 - )
Squeezebox Server 7.6.0 (HKLM\...\Squeezebox Server_is1) (Version: 7.6.0 - Logitech)
STARS V3 (HKLM\...\{99F278C3-4853-4946-88AD-8E96A6650058}) (Version:  - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
Stellar Phoenix JPEG Repair (HKLM\...\Stellar Phoenix JPEG Repair_is1) (Version: 2.0.0.0 - Stellar Information Systems Ltd)
Sync Client 1.40.633.0 (release) (Version: 1.40.633.0 - F-Secure Corporation) Hidden
SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
TomTom HOME (HKLM\...\{CE325D55-FCAF-4273-BB79-069BB8747270}) (Version: 1.5.106 - TomTom)
Trillian (HKLM\...\Trillian) (Version:  - )
Unlocker 1.8.7 (HKLM\...\Unlocker) (Version: 1.8.7 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Vaillant Technical Download Service (HKLM\...\{B92EDDD9-101B-4459-9365-C63C78CBA9D6}) (Version: 1.0.0 - Vaillant)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
VideoLAN VLC media player 0.8.6i (HKLM\...\VLC media player) (Version: 0.8.6i - VideoLAN Team)
VirtualLab Client 5.6.4 (HKLM\...\VirtualLab 5 Client_is1) (Version:  - BinaryBiz)
VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version:  - )
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.1.0.0 - Azureus Software, Inc.)
Vuze Remote Toolbar v9.0 (HKLM\...\{4BC73BD4-8BA3-437E-860A-07B1BEAF46D3}) (Version: 9.0 - Spigot, Inc.) <==== ATTENTION
WD Diagnostics (HKLM\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
Winamp (HKLM\...\Winamp) (Version: 5.541  - Nullsoft, Inc)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Messenger (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip Driver Updater (HKLM\...\{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1) (Version: 1.0.648.11339 - WinZip Computing, S.L. (WinZip Computing))
XviD MPEG4 Video Codec (remove only) (HKLM\...\XviD MPEG4 Video Codec) (Version:  - )
X-Wing & TIE Fighter 95 Compatibility Fix (HKLM\...\{d57cf80f-9230-4a5d-a8ea-38510a12d220}.sdb) (Version:  - )
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Restore Points  =========================

==================== Hosts content: ==========================

2006-11-02 11:23 - 2010-07-25 20:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {10367932-2F34-437F-BCF8-4F7F2667BBFC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2BD96863-9E4E-48C2-9F4A-5CF4099CD16C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-24] (Google Inc.)
Task: {5CA47329-4DFC-4786-A67D-0EEEF25B08FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-24] (Google Inc.)
Task: {6AF29EA4-0C3E-406C-BA0B-E84A456D781F} - System32\Tasks\Synctoy => C:\Program Files\SyncToy 2.1\SyncToyCmd.exe [2009-10-19] (Microsoft Corporation)
Task: {72DADF6A-DB74-4E2D-A958-E2BCDC2B9260} - System32\Tasks\{4A4C1F08-8856-4D19-B6A5-B86C8BEDAA5A} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {80532F1F-C3E2-4935-9C9E-FC71185D6427} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3586448861-3661376309-3045200300-1000Core => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-05] (Google Inc.)
Task: {8687C51F-D631-4B7F-B1A4-757B6039F465} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3586448861-3661376309-3045200300-1000UA => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-05] (Google Inc.)
Task: {A815CF4B-C93F-48B7-B854-C25F02ACEF2F} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION)
Task: {C87012B5-EB1E-4C6E-A781-636F6E063195} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {D201680E-1FBA-4B66-8E91-B2E666455468} - System32\Tasks\WinZipDriverUpdaterRunAtStartup => C:\Program Files\WinZip Driver Updater\winzipdu.exe [2011-11-10] (WinZip Computing, S.L. (WinZip Computing))
Task: {E166E99E-63A4-442D-9D53-096B07CCB2B3} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Jo => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-19] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => C:\Program Files\EPSON\EPAPDL\E_SAPDL2.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3586448861-3661376309-3045200300-1000Core.job => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3586448861-3661376309-3045200300-1000UA.job => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{7E294441-A618-406E-B965-EBB3320C0436}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{EDD4161F-8791-4102-8D76-CBFB6A9BBF62}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2007-09-12 19:52 - 2007-09-12 19:52 - 00051716 _____ () C:\Windows\System32\pdf995mon.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-01-22 18:16 - 2008-01-22 18:34 - 00066872 _____ () C:\Windows\system32\PnkBstrA.exe
2006-11-02 20:40 - 2006-11-02 20:40 - 00174656 _____ () C:\Windows\system32\PSIService.exe
2012-09-25 22:43 - 2012-09-25 22:43 - 00023552 _____ () C:\Program Files\ProjectsWithLove\ServeToMe\CE.iPhone.PList.dll
2008-12-02 19:25 - 2008-12-02 19:25 - 00094720 _____ () C:\Program Files\FileZilla Client\fzshellext.dll
2012-03-26 20:47 - 2012-03-26 20:47 - 00016832 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\viewerps.dll
2008-08-14 18:11 - 2008-08-14 18:11 - 00565008 _____ () C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
2010-05-07 19:35 - 2010-05-07 19:35 - 02143576 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 19:35 - 2010-05-07 19:35 - 07954776 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 19:36 - 2010-05-07 19:36 - 00340824 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 19:36 - 2010-05-07 19:36 - 00921944 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
2010-05-07 19:37 - 2010-05-07 19:37 - 00027480 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 19:37 - 2010-05-07 19:37 - 00126808 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2011-08-22 13:57 - 2011-08-22 13:57 - 00002560 _____ () C:\Windows\CTXFIRES.DLL
2013-08-30 06:43 - 2013-08-30 06:43 - 00593464 _____ () C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll
2014-04-01 19:52 - 2014-04-01 19:52 - 00016384 _____ () C:\Users\Adam\AppData\Local\koomrde.dll
2012-01-02 19:46 - 2009-03-26 15:46 - 00148480 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2010-05-07 19:34 - 2010-05-07 19:34 - 00168792 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2010-11-12 10:23 - 2010-11-12 10:23 - 00330584 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2010-05-07 19:43 - 2010-05-07 19:43 - 00651096 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0CE7F3C9
AlternateDataStreams: C:\ProgramData\TEMP:4B7BEAFF
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE

==================== Faulty Device Manager Devices =============

Name: Logitech QuickCam Pro 9000
Description: Logitech QuickCam Pro 9000
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Logitech
Service: LVUVC
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/28/2014 10:59:58 AM) (Source: Bonjour Service) (User: )
Description: handleLNTGetExternalAddressResponse: Router returned bad address

Error: (04/28/2014 10:59:44 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{4201139c-2be5-11dc-9036-806e6f6e6963},0x80000000,0x00000003,...).  hr = 0x80070005.

Operation:
   Removing auto-release shadow copies
   Loading provider

Context:
   Execution Context: System Provider

Error: (04/28/2014 10:59:44 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{4201139c-2be5-11dc-9036-806e6f6e6963},0x80000000,0x00000003,...).  hr = 0x80070005.

Operation:
   Removing auto-release shadow copies
   Loading provider

Context:
   Execution Context: System Provider

Error: (04/28/2014 10:59:44 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{4201139c-2be5-11dc-9036-806e6f6e6963},0x80000000,0x00000003,...).  hr = 0x80070005.

Operation:
   Removing auto-release shadow copies
   Loading provider

Context:
   Execution Context: System Provider

Error: (04/28/2014 10:59:44 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{4201139c-2be5-11dc-9036-806e6f6e6963},0x80000000,0x00000003,...).  hr = 0x80070005.

Operation:
   Removing auto-release shadow copies
   Loading provider

Context:
   Execution Context: System Provider

Error: (04/28/2014 10:58:54 AM) (Source: Bonjour Service) (User: )
Description: handleLNTGetExternalAddressResponse: Router returned bad address

Error: (04/28/2014 10:58:22 AM) (Source: Bonjour Service) (User: )
Description: handleLNTGetExternalAddressResponse: Router returned bad address

Error: (04/28/2014 10:57:30 AM) (Source: Bonjour Service) (User: )
Description: handleLNTGetExternalAddressResponse: Router returned bad address

Error: (04/28/2014 10:57:22 AM) (Source: Bonjour Service) (User: )
Description: handleLNTGetExternalAddressResponse: Router returned bad address

Error: (04/28/2014 10:56:27 AM) (Source: Bonjour Service) (User: )
Description: handleLNTGetExternalAddressResponse: Router returned bad address

System errors:
=============
Error: (04/28/2014 10:57:31 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (04/28/2014 10:57:31 AM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (04/28/2014 10:56:07 AM) (Source: DCOM) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (04/28/2014 10:55:39 AM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (04/28/2014 10:55:39 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (04/28/2014 10:55:11 AM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
Description: 2147942402

Error: (04/28/2014 10:55:10 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (04/27/2014 08:19:13 PM) (Source: DCOM) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (04/27/2014 08:19:10 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (04/27/2014 08:19:10 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Microsoft Office Sessions:
=========================
Error: (03/08/2012 06:27:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11333 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (12/19/2011 06:55:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/19/2011 06:55:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 112 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (11/20/2011 11:49:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11758 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (11/01/2011 11:42:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31061 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (03/23/2011 03:02:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/12/2010 01:18:31 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25051 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (05/28/2010 06:31:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15038 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (02/06/2009 01:08:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7670 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (09/30/2008 06:23:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 16 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-04-28 10:55:30.275
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-28 10:55:30.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-28 10:55:29.963
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-28 10:55:29.791
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-27 20:16:01.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-27 20:16:01.374
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-27 20:16:01.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-27 20:16:01.062
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-25 14:39:45.080
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-25 14:39:44.674
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 2045.81 MB
Available physical RAM: 1019.48 MB
Total Pagefile: 4336.62 MB
Available Pagefile: 3119.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1923.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:79.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Fixed) (Total:298.09 GB) (Free:57.62 GB) NTFS
Drive i: (Storage) (Fixed) (Total:186.31 GB) (Free:4.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 620B7ACA)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 17A7454E)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 186 GB) (Disk ID: 8BCB7463)
Partition 1: (Not Active) - (Size=186 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,777 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 PM

Posted 28 April 2014 - 01:52 PM

Hi Adam,

I am afraid your computer is severly infected. Please allow me some time to determine how best to address it. You have the extra complication of inaccessible files so I want to be especially cautious.

In the meantime please consider and do this for me.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

Farbar's Recovery Scan Tool Search

--------------------
  • Launch FRST
  • Copy/paste the following in the Search Field
volsnap.sys;tcpip.sys
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Search resutls

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 adamtodd

adamtodd
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 28 April 2014 - 04:29 PM

Hi Gary,

 

Thanks for the advice, and I may well end up re-formatting as you suggest, particularly if the infection is that bad. I haven't yet noticed any financial irregularities, as it's been some time since the PC was used for online banking, but I have changed passwords just to be on the safe side.

 

For now, I would like to continue trying to clean the PC, particularly as I'd like to recover my files if at all possible. Search.txt is pasted below.

 

Thanks,

 

Adam

 

Farbar Recovery Scan Tool (x86) Version: 27-04-2014
Ran by Adam at 2014-04-28 22:25:17
Running from C:\Users\Adam\Desktop
Boot Mode: Normal

================== Search: "volsnap.sys;tcpip.sys" ===================

C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys
[2008-06-14 09:28] - [2008-01-19 08:42] - 0227896 ____A (Microsoft Corporation) D8B4A53DD2769F226B3EB374374987C9

C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys
[2008-01-10 00:19] - [2008-01-10 00:19] - 0211000 ____A (Microsoft Corporation) 327639D2EC931B057F3826A51ADC73E9

C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys
[2008-01-10 00:19] - [2008-01-10 00:19] - 0211000 ____A (Microsoft Corporation) 80DC0C9BCB579ED9815001A4D37CBFD5

C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010-04-15 07:01] - [2010-02-18 12:51] - 0818688 ____A (Microsoft Corporation) 2C1F7005AA3B62721BFDB307BD5F5010

C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2010-02-11 18:13] - [2009-12-08 18:45] - 0816640 ____A (Microsoft Corporation) CA3A5756672013A66BB9D547A5A62DCA

C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009-09-09 11:43] - [2009-08-15 22:30] - 0816640 ____A (Microsoft Corporation) 2512B4D1353370D6688B1AF1F5AFA1CF

C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2008-02-14 01:30] - [2008-02-14 01:30] - 0806400 ____A (Microsoft Corporation) 52A8BD6294F7D1443C6184C67AE13AF4

C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\tcpip.sys
[2008-01-10 00:20] - [2008-01-10 00:20] - 0804352 ____A (Microsoft Corporation) 43EAE40B50FE3E60D194DD9C97EBB1FD

C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2010-04-15 07:01] - [2010-02-18 13:05] - 0815104 ____A (Microsoft Corporation) 4A82FA8F0DF67AA354580C3FAAF8BDE3

C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2010-02-11 18:13] - [2009-12-08 18:58] - 0813568 ____A (Microsoft Corporation) 8734BD051FFDCBF8425CF222141C3741

C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2009-09-09 11:43] - [2009-08-14 15:24] - 0813568 ____A (Microsoft Corporation) 300208927321066EA53761FDC98747C6

C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2008-02-14 01:30] - [2008-02-14 01:30] - 0803328 ____A (Microsoft Corporation) 5DF77458AA92FDB36FCE79C60F74AB5D

C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\tcpip.sys
[2008-01-10 00:20] - [2008-01-10 00:20] - 0802816 ____A (Microsoft Corporation) 028061C7F6D2D03068C72E2A27E4228A

C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2006-11-02 09:58] - [2006-11-02 09:58] - 0802816 ____A (Microsoft Corporation) D944522B048A5FEB7700B5170D3D9423

C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010-08-11 15:30] - [2010-06-16 17:39] - 0912776 ____A (Microsoft Corporation) 6A10AFCE0B38371064BE41C1FBFD3C6B

C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2010-04-15 07:01] - [2010-02-18 15:22] - 0910216 ____A (Microsoft Corporation) D9F5DD5BBC8348E8F8220CCBF14C022E

C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010-02-11 18:13] - [2009-12-08 21:15] - 0907832 ____A (Microsoft Corporation) 46E6685F3E92AEC743773ADD4CD54F57

C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
[2009-09-09 11:43] - [2009-08-14 17:33] - 0905784 ____A (Microsoft Corporation) FF71856BD4CD6D4367F9FD84BE79A874

C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2010-08-11 15:30] - [2010-06-16 17:04] - 0905088 ____A (Microsoft Corporation) A474879AFA4A596B3A531F3E69730DBF

C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010-04-15 07:01] - [2010-02-18 15:07] - 0904576 ____A (Microsoft Corporation) 48CBE6D53632D0067C2D6B20F90D84CA

C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2010-02-11 18:13] - [2009-12-08 21:01] - 0904776 ____A (Microsoft Corporation) DA467E7619AE5F4588E6262C13C8940A

C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2009-09-09 11:43] - [2009-08-14 17:27] - 0904776 ____A (Microsoft Corporation) 65877AA1B6A7CB797488E831698973E9

C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2010-08-11 15:30] - [2010-06-16 16:55] - 0902032 ____A (Microsoft Corporation) 6216A954ED7045B62880A92D6C9B9FC7

C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010-04-15 07:01] - [2010-02-18 18:36] - 0902024 ____A (Microsoft Corporation) 93A5655CD9CD2F080EF1CB71A3666215

C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2010-02-11 18:13] - [2009-12-08 21:37] - 0900696 ____A (Microsoft Corporation) 5653230D480A9C54D169E1B080B72CF5

C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2009-09-09 11:43] - [2009-08-14 18:01] - 0900168 ____A (Microsoft Corporation) 2608E71AAD54564647D4BB984E1925AA

C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2008-07-09 09:29] - [2008-04-26 09:08] - 0891448 ____A (Microsoft Corporation) 01EC1E92595F839BEE70D439C46796E3

C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2010-08-11 15:30] - [2010-06-16 16:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2010-04-15 07:01] - [2010-02-18 15:49] - 0898952 ____A (Microsoft Corporation) 2EAE4500984C2F8DACFB977060300A15

C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2010-02-11 18:13] - [2009-12-08 21:52] - 0897624 ____A (Microsoft Corporation) 1ACBB7A47E78F4CC82D2EFFB72901528

C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2009-09-09 11:43] - [2009-08-14 18:07] - 0897608 ____A (Microsoft Corporation) 8A7AD2A214233F684242F289ED83EBC3

C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2008-07-09 09:29] - [2008-04-26 09:26] - 0891448 ____A (Microsoft Corporation) 82E266BEE5F0167E41C6ECFDD2A79C02

C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2008-06-14 09:29] - [2008-01-19 08:43] - 0891448 ____A (Microsoft Corporation) FC6E2835D667774D409C7C7021EAF9C4

C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008-06-14 09:28] - [2008-01-19 08:42] - 0227896 ____A (Microsoft Corporation) D8B4A53DD2769F226B3EB374374987C9

C:\Windows\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys
[2008-01-10 00:19] - [2008-01-10 00:19] - 0211000 ____A (Microsoft Corporation) 80DC0C9BCB579ED9815001A4D37CBFD5

C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2006-11-02 11:25] - [2006-11-02 10:51] - 0208488 ____A (Microsoft Corporation) 11EF6C1CAEF76B685233450A126125D6

C:\Windows\System32\drivers\tcpip.sys
[2010-08-11 15:30] - [2010-06-16 16:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\System32\drivers\volsnap.sys
[2008-06-14 09:28] - [2008-01-19 08:42] - 0227896 ____A (Microsoft Corporation) D8B4A53DD2769F226B3EB374374987C9

C:\Windows\ERDNT\cache\tcpip.sys
[2010-07-25 19:06] - [2010-02-18 15:49] - 0898952 ____A (Microsoft Corporation) 2EAE4500984C2F8DACFB977060300A15

=== End Of Search ===



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,777 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 PM

Posted 28 April 2014 - 08:49 PM

Hi Adam,

Thanks for your patience. You are correct, we should clean this computer even if you plan on reformatting and reinstalling. We don't want any infected files reintroduced into a fresh install.
 

marked as Trojan.Ransom and Trojan.Ransom.Gend. Have got rid of all of them

Have they been deleted or are they quarantined, if you know.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\f-secure <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
Winlogon\Notify\koomrde: C:\Users\Adam\AppData\Local\koomrde.dll ()
HKU\S-1-5-21-3586448861-3661376309-3045200300-1000\...\Run: [koomrde] => rundll32 "C:\Users\Adam\AppData\Local\koomrde.dll",koomrde <===== ATTENTION
HKU\S-1-5-21-3586448861-3661376309-3045200300-1000\...\MountPoints2: {0225a3e8-4e1a-11e0-a904-001a92ce3aab} - F:\AUTORUN.EXE
HKU\S-1-5-21-3586448861-3661376309-3045200300-1000\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?
AppInit_DLLs: {DLL_Str} => {DLL_Str} File Not Found
ShortcutTarget: ServeToMe.lnk -> C:\Windows\Installer\{24E59EEC-26D2-48C2-B007-CFF5C29A7A23}\_2ACA636AB0DFD263825A24.exe ()
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
U5 1b36535375971e1b; C:\Windows\System32\Drivers\1b36535375971e1b.sys [56832 2014-04-01] () <===== ATTENTION Necurs Rootkit?
2014-04-01 19:53 - 2014-04-01 19:53 - 00056832 _____ () C:\Windows\system32\Drivers\1b36535375971e1b.sys
2014-04-01 19:52 - 2014-04-01 19:52 - 00016384 _____ () C:\Users\Adam\AppData\Local\koomrde.dll
C:\Users\Adam\AppData\Local\temp\scayvin\sxbrpbq\wow.dll
C:\Users\Jo\Spotify Installer.exe
C:\Users\Adam\AppData\Local\temp\DivXSetup.exe
C:\Users\Adam\AppData\Local\temp\eject.exe
C:\Users\Adam\AppData\Local\temp\install.exe
C:\Users\Adam\AppData\Local\temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Adam\AppData\Local\temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Adam\AppData\Local\temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Adam\AppData\Local\temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Adam\AppData\Local\temp\setpointenu.exe
C:\Users\Adam\AppData\Local\temp\SonosUpgrader.exe
C:\Users\Adam\AppData\Local\temp\vzf-663022491158031682.dll
C:\Users\Adam\AppData\Local\temp\vzf-9008331810072893651.dll
C:\Users\Adam\AppData\Local\temp\winzipdusetup.exe
C:\Users\Adam\AppData\Local\temp\winziprosetup.exe
C:\Users\Adam\AppData\Local\temp\xuninst.exe
C:\Users\Adam\AppData\Local\temp\_is9ADE.exe
C:\Users\Adam\AppData\Local\temp\_isAEDB.exe
C:\Users\Adam\AppData\Local\temp\_isB607.exe
C:\Users\Adam\AppData\Local\temp\_isF23.exe
C:\Users\Jo\AppData\Local\temp\i4jdel0.exe
C:\Users\Jo\AppData\Local\temp\i4jdel1.exe
C:\Users\Jo\AppData\Local\temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Jo\AppData\Local\temp\SkypeSetup.exe
C:\Users\Jo\AppData\Local\temp\SpotifyUpgrader.exe
AlternateDataStreams: C:\ProgramData\TEMP:0CE7F3C9
AlternateDataStreams: C:\ProgramData\TEMP:4B7BEAFF
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
ListPermissions: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\1b36535375971e1b
File: C:\Program Files\Unlocker\UnlockerDriver5.sys
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Files deleted or quarantined?
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 adamtodd

adamtodd
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 29 April 2014 - 02:47 AM

Hi Gary,

 

Fixlog.txt is pasted below. I think the files were quarantined, not deleted.

 

Thanks,

 

Adam

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-04-2014
Ran by Adam at 2014-04-29 08:40:42 Run:1
Running from C:\Users\Adam\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\f-secure <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
Winlogon\Notify\koomrde: C:\Users\Adam\AppData\Local\koomrde.dll ()
HKU\S-1-5-21-3586448861-3661376309-3045200300-1000\...\Run: [koomrde] => rundll32 "C:\Users\Adam\AppData\Local\koomrde.dll",koomrde <===== ATTENTION
HKU\S-1-5-21-3586448861-3661376309-3045200300-1000\...\MountPoints2: {0225a3e8-4e1a-11e0-a904-001a92ce3aab} - F:\AUTORUN.EXE
HKU\S-1-5-21-3586448861-3661376309-3045200300-1000\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?
AppInit_DLLs: {DLL_Str} => {DLL_Str} File Not Found
ShortcutTarget: ServeToMe.lnk -> C:\Windows\Installer\{24E59EEC-26D2-48C2-B007-CFF5C29A7A23}\_2ACA636AB0DFD263825A24.exe ()
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
U5 1b36535375971e1b; C:\Windows\System32\Drivers\1b36535375971e1b.sys [56832 2014-04-01] () <===== ATTENTION Necurs Rootkit?
2014-04-01 19:53 - 2014-04-01 19:53 - 00056832 _____ () C:\Windows\system32\Drivers\1b36535375971e1b.sys
2014-04-01 19:52 - 2014-04-01 19:52 - 00016384 _____ () C:\Users\Adam\AppData\Local\koomrde.dll
C:\Users\Adam\AppData\Local\temp\scayvin\sxbrpbq\wow.dll
C:\Users\Jo\Spotify Installer.exe
C:\Users\Adam\AppData\Local\temp\DivXSetup.exe
C:\Users\Adam\AppData\Local\temp\eject.exe
C:\Users\Adam\AppData\Local\temp\install.exe
C:\Users\Adam\AppData\Local\temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Adam\AppData\Local\temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Adam\AppData\Local\temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Adam\AppData\Local\temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Adam\AppData\Local\temp\setpointenu.exe
C:\Users\Adam\AppData\Local\temp\SonosUpgrader.exe
C:\Users\Adam\AppData\Local\temp\vzf-663022491158031682.dll
C:\Users\Adam\AppData\Local\temp\vzf-9008331810072893651.dll
C:\Users\Adam\AppData\Local\temp\winzipdusetup.exe
C:\Users\Adam\AppData\Local\temp\winziprosetup.exe
C:\Users\Adam\AppData\Local\temp\xuninst.exe
C:\Users\Adam\AppData\Local\temp\_is9ADE.exe
C:\Users\Adam\AppData\Local\temp\_isAEDB.exe
C:\Users\Adam\AppData\Local\temp\_isB607.exe
C:\Users\Adam\AppData\Local\temp\_isF23.exe
C:\Users\Jo\AppData\Local\temp\i4jdel0.exe
C:\Users\Jo\AppData\Local\temp\i4jdel1.exe
C:\Users\Jo\AppData\Local\temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Jo\AppData\Local\temp\SkypeSetup.exe
C:\Users\Jo\AppData\Local\temp\SpotifyUpgrader.exe
AlternateDataStreams: C:\ProgramData\TEMP:0CE7F3C9
AlternateDataStreams: C:\ProgramData\TEMP:4B7BEAFF
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
ListPermissions: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\1b36535375971e1b
File: C:\Program Files\Unlocker\UnlockerDriver5.sys
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\koomrde => Key deleted successfully.
HKU\S-1-5-21-3586448861-3661376309-3045200300-1000\Software\Microsoft\Windows\CurrentVersion\Run\\koomrde => Value deleted successfully.
HKU\S-1-5-21-3586448861-3661376309-3045200300-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0225a3e8-4e1a-11e0-a904-001a92ce3aab} => Key deleted successfully.
HKCR\CLSID\{0225a3e8-4e1a-11e0-a904-001a92ce3aab} => Key not found.
HKU\S-1-5-21-3586448861-3661376309-3045200300-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
"{DLL_Str}" => Value Data removed successfully.
C:\Windows\Installer\{24E59EEC-26D2-48C2-B007-CFF5C29A7A23}\_2ACA636AB0DFD263825A24.exe => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Value deleted successfully.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Key not found.
1b36535375971e1b => Error deleting Service
Could not move "C:\Windows\system32\Drivers\1b36535375971e1b.sys" => Scheduled to move on reboot.
C:\Users\Adam\AppData\Local\koomrde.dll => Moved successfully.
C:\Users\Adam\AppData\Local\temp\scayvin\sxbrpbq\wow.dll => Moved successfully.
C:\Users\Jo\Spotify Installer.exe => Moved successfully.
C:\Users\Adam\AppData\Local\temp\DivXSetup.exe => Moved successfully.
C:\Users\Adam\AppData\Local\temp\eject.exe => Moved successfully.
C:\Users\Adam\AppData\Local\temp\install.exe => Moved successfully.
C:\Users\Adam\AppData\Local\temp\jre-6u22-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Adam\AppData\Local\temp\jre-6u24-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Adam\AppData\Local\temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Adam\AppData\Local\temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Adam\AppData\Local\temp\setpointenu.exe => Moved successfully.
C:\Users\Adam\AppData\Local\temp\SonosUpgrader.exe => Moved successfully.
C:\Users\Adam\AppData\Local\temp\vzf-663022491158031682.dll => Moved successfully.
C:\Users\Adam\AppData\Local\temp\vzf-9008331810072893651.dll => Moved successfully.
C:\Users\Adam\AppData\Local\temp\winzipdusetup.exe => Moved successfully.
C:\Users\Adam\AppData\Local\temp\winziprosetup.exe => Moved successfully.
C:\Users\Adam\AppData\Local\temp\xuninst.exe => Moved successfully.
C:\Users\Adam\AppData\Local\temp\_is9ADE.exe => Moved successfully.
C:\Users\Adam\AppData\Local\temp\_isAEDB.exe => Moved successfully.
C:\Users\Adam\AppData\Local\temp\_isB607.exe => Moved successfully.
C:\Users\Adam\AppData\Local\temp\_isF23.exe => Moved successfully.
C:\Users\Jo\AppData\Local\temp\i4jdel0.exe => Moved successfully.
C:\Users\Jo\AppData\Local\temp\i4jdel1.exe => Moved successfully.
C:\Users\Jo\AppData\Local\temp\jre-6u33-windows-i586-iftw.exe => Moved successfully.
C:\Users\Jo\AppData\Local\temp\SkypeSetup.exe => Moved successfully.
C:\Users\Jo\AppData\Local\temp\SpotifyUpgrader.exe => Moved successfully.
C:\ProgramData\TEMP => ":0CE7F3C9" ADS removed successfully.
C:\ProgramData\TEMP => ":4B7BEAFF" ADS removed successfully.
C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.

"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\1b36535375971e1b"

Listing permissions failed. Access Denied.

========================= File: C:\Program Files\Unlocker\UnlockerDriver5.sys ========================

MD5: 4847639D852763EE39415C929470F672
Creation and modification date: 2008-05-02 05:15 - 2008-05-02 05:15
Size: 0004096
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:

====== End Of File: ======

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-29 08:42:47)<=

"C:\Windows\system32\Drivers\1b36535375971e1b.sys" => File could not move.

==== End of Fixlog ====



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,777 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 PM

Posted 29 April 2014 - 08:31 AM

Greetings Adam,

Please run this.

===================================================

ESET Necurs Cleaner

--------------------
  • Download ESET Necurs Cleaner and save it to your desktop
  • Double click the icon and run the program
  • If you receive the message Threat not found press any key to close the program
  • If you receive the message Win32/Necurs has been found on your system, press Y to remove the infection
  • Once completed type Y and press Enter to reboot your computer
  • Copy and paste the contents of the ESETNecursCleaner.exe**date and random numbers**.log document located on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET Necurs report

Edited by Oh My, 29 April 2014 - 02:21 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 adamtodd

adamtodd
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 29 April 2014 - 02:46 PM

Hi Gary,

 

ESET Necurs report pasted below.

 

Thanks,

 

Adam

 

[2014.04.29 20:40:47.218] -
[2014.04.29 20:40:47.219] -     ....................................
[2014.04.29 20:40:47.219] -   ..::::::::::::::::::....................
[2014.04.29 20:40:47.220] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Necurs
[2014.04.29 20:40:47.222] -  .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 2.1.0.2
[2014.04.29 20:40:47.223] -  .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Apr 28 2014
[2014.04.29 20:40:47.224] -  .::EE:::::::::::::SS:.EE..........TT......
[2014.04.29 20:40:47.225] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2014.04.29 20:40:47.226] -   ..::::::::::::::::::....................    1992-2013. All rights reserved.
[2014.04.29 20:40:47.226] -     ....................................
[2014.04.29 20:40:47.226] -
[2014.04.29 20:40:47.226] - --------------------------------------------------------------------------------
[2014.04.29 20:40:47.227] -
[2014.04.29 20:40:47.227] - INFO: OS: 6.0.6001 SP1
[2014.04.29 20:40:47.227] - INFO: Product Type: Workstation
[2014.04.29 20:40:47.228] - INFO: WoW64: False
[2014.04.29 20:40:47.228] - INFO: Machine guid: 10273F13-33F3-460E-BBA1-F05B6E8F8CB7
[2014.04.29 20:40:47.228] -
[2014.04.29 20:40:47.232] - INFO: Scanning for system infection...
[2014.04.29 20:40:47.232] - --------------------------------------------------------------------------------
[2014.04.29 20:40:47.232] -
[2014.04.29 20:40:47.233] - INFO: Found suspicious service - 1b36535375971e1b
[2014.04.29 20:40:47.434] - INFO: INF_NCIWD02...
[2014.04.29 20:40:47.434] - INFO: INF_NCINS04...
[2014.04.29 20:40:47.434] - INFO: INF_NCD01...
[2014.04.29 20:40:47.434] - INFO: Suspicious modifications found
[2014.04.29 20:41:06.365] - INFO: INF_NCCRK06 - 1...
[2014.04.29 20:41:06.367] - INFO: INF_NCCRK03 - 1 - 2...
[2014.04.29 20:41:06.369] - INFO: INF_NCCRK04 - 5 - KHALMNPR.EXE...
[2014.04.29 20:41:06.369] - INFO: INF_NCCRK04 - 7 - KHALMNPR.EXE...
[2014.04.29 20:41:06.370] - INFO: INF_NCCRK04 - 11 - CTXFIHLP.EXE ...
[2014.04.29 20:41:06.372] - INFO: INF_NCCRK04 - 19 - ...
[2014.04.29 20:41:10.782] - INFO: Cleaning status: 2
[2014.04.29 20:41:16.368] -
[2014.04.29 20:41:16.368] - --------------------------------------------------------------------------------
[2014.04.29 20:41:16.368] - INFO: System is rebooting...
[2014.04.29 20:41:16.391] - --------------------------------------------------------------------------------
[2014.04.29 20:41:16.391] - INFO: Logging finished successfully...
[2014.04.29 20:41:16.391] - --------------------------------------------------------------------------------
 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,777 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 PM

Posted 29 April 2014 - 02:50 PM

Please rerun a fresh Farbar Recovery Scan Tool report and make sure to place a check mark next to Addition.txt.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 adamtodd

adamtodd
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 29 April 2014 - 03:26 PM

New FRST.txt and Addition.txt pasted below :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2014
Ran by Adam (administrator) on ADAM-AND-JO on 29-04-2014 21:19:53
Running from C:\Users\Adam\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Spigot, Inc.) C:\Program Files\Application Updater\ApplicationUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(F-Secure Corporation) C:\Program Files\BT Cloud\fshoster32.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
() C:\Windows\system32\PnkBstrA.exe
() C:\Windows\system32\PSIService.exe
(ProjectsWithLove) C:\Program Files\ProjectsWithLove\ServeToMe\ServeToMe-Service.exe
(www.shadowexplorer.com) C:\Program Files\ShadowExplorer\sesvc.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Windows\System32\nvraidservice.exe
() C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Creative Technology Ltd) C:\Windows\System32\Ctxfihlp.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(F-Secure Corporation) C:\Program Files\BT Cloud\fshoster32.exe
(Spigot, Inc.) C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Creative Technology Ltd) C:\Windows\SYSTEM32\CTXFISPI.EXE
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Windows\system32\WerCon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
() C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
(F-Secure Corporation) C:\Program Files\BT Cloud\apps\ContentAnywhere\fs_sync_ui_hoster.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [NVRaidService] => C:\Windows\system32\nvraidservice.exe [178176 2006-12-22] (NVIDIA Corporation)
HKLM\...\Run: [AsusStartupHelp] => C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe [363008 2006-11-14] ()
HKLM\...\Run: [LogitechCommunicationsManager] => C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [565008 2008-08-14] ()
HKLM\...\Run: [Logitech Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Office Communicator\communicator.exe [5720072 2007-12-07] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [CTxfiHlp] => C:\Windows\system32\CTXFIHLP.EXE [25600 2011-08-22] (Creative Technology Ltd)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [F-Secure Hoster (47188)] => C:\Program Files\BT Cloud\fshoster32.exe [191424 2013-04-02] (F-Secure Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SearchSettings] => C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [1401152 2014-03-28] (Spigot, Inc.)
HKU\S-1-5-21-3586448861-3661376309-3045200300-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3586448861-3661376309-3045200300-1000\...\Run: [Epson Stylus SX510W(Network)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE [199680 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3586448861-3661376309-3045200300-1000\...\Run: [Google Update] => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-06-05] (Google Inc.)
HKU\S-1-5-21-3586448861-3661376309-3045200300-1000\...\Run: [Slick Savings] => C:\Users\Adam\AppData\Roaming\Slick Savings\CouponsHelper.exe [832320 2014-02-13] (Spigot, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ServeToMe.lnk

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com?type=994519&fr=spigot-yhp-ie
URLSearchHook: HKCU - Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\9.0\vuzeToolbarIE.dll (Spigot, Inc.)
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
SearchScopes: HKCU - DefaultScope {0F091310-8C90-4792-BD3E-F5B328A3B5E7} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {0F091310-8C90-4792-BD3E-F5B328A3B5E7} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {74CBEB32-9D25-4CB7-B4E3-D3A4A918C444} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKCU - {9FD102CB-A45D-4A4C-9FA6-4B1FE43EC98E} URL = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
BHO: Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\9.0\vuzeToolbarIE.dll (Spigot, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Adam\AppData\Roaming\Slick Savings\Coupons.dll (Spigot, Inc.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\9.0\vuzeToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} http://static.photobox.co.uk/sg/common/ImageUploader4.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090309080349
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://eic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.co.uk/SnapfishUKActivia.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} http://assets.photobox.com/assets/aurigma/ImageUploader4.cab?20080806095533
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E55B74AB-0B51-4BAE-A5B5-2531AB5EA4D9} http://assets.photobox.com/assets/v/Dp8wGnXTjsIAQtd7V5T0lFcde-o.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6042/mcfscan.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\..\Interfaces\{1C01ACDA-5EF5-423E-BC7A-29D98729C26C}: [NameServer]192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Adam\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR HomePage: hxxp://uk.search.yahoo.com?type=994519&fr=spigot-yhp-ch
CHR StartupUrls: "hxxp://uk.search.yahoo.com?type=994519&fr=spigot-yhp-ch", "hxxp://www.google.com/", [ "hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=48"
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=994519&p={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (DivX® Content Upload Plugin) - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (DivX® Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (YouTube) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-14]
CHR Extension: (Google Search) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-14]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2013-09-23]
CHR Extension: (Google Wallet) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23]
CHR Extension: (Evernote Web Clipper) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2011-08-04]
CHR Extension: (Gmail) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-14]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Adam\AppData\Local\Slick Savings\coupons.crx [2013-12-27]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
CHR StartMenuInternet: Google Chrome - C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

Locked "1b36535375971e1b" service could not be unlocked. <===== ATTENTION

R2 Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [807800 2014-03-28] (Spigot, Inc.)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 fshoster; C:\Program Files\BT Cloud\fshoster32.exe [191424 2013-04-02] (F-Secure Corporation)
S3 KService; C:\Program Files\Kontiki\KService.exe [3072184 2008-02-27] (Kontiki Inc.)
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2008-01-22] ()
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] ()
R2 ServeToMe-Service; C:\Program Files\ProjectsWithLove\ServeToMe\ServeToMe-Service.exe [5120 2012-09-25] (ProjectsWithLove)
R2 sesvc; C:\Program Files\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com)
S3 STSService; "C:\Program Files\SoundTaxi Media Suite\STSService.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12664 2006-10-18] ()
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347144 2011-08-22] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [134680 2007-09-21] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [100888 2007-09-21] (Creative Technology Ltd)
R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25824 2010-05-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 MRV6X32P; C:\Windows\System32\DRIVERS\MRVW13B.sys [256000 2007-05-03] (Marvell Semiconductor, Inc)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
S4 Processor; C:\Windows\system32\drivers\processr.sys [38400 2006-11-02] ()
R1 PSched; C:\Windows\System32\DRIVERS\pacer.sys [72192 2008-04-05] ()
S4 ql2300; C:\Windows\system32\drivers\ql2300.sys [900712 2006-11-02] ()
S4 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [106088 2006-11-02] ()
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31232 2008-01-19] ()
R1 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2008-01-19] ()
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [76288 2008-01-19] ()
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [41472 2008-01-19] ()
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [69120 2008-01-19] ()
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [224768 2008-01-19] ()
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6144 2008-01-19] ()
S4 rdpdr; C:\Windows\system32\drivers\rdpdr.sys [242688 2006-11-02] ()
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6144 2008-01-19] ()
R3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [181248 2008-01-19] ()
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60416 2008-01-19] ()
S3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [227328 2007-04-23] ()
S4 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [76392 2006-11-02] ()
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [56572 2008-11-02] ()
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2006-11-02] ()
S3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl.sys [77824 2009-01-14] ()
S3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [17920 2006-11-02] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [83456 2006-11-02] ()
S4 sermouse; C:\Windows\system32\drivers\sermouse.sys [19968 2008-01-19] ()
S4 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [13312 2006-11-02] ()
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12800 2006-11-02] ()
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2006-11-02] ()
S3 sfloppy; C:\Windows\System32\DRIVERS\sfloppy.sys [13312 2008-01-19] ()
S3 sisagp; C:\Windows\system32\drivers\sisagp.sys [53352 2006-11-02] ()
S4 SiSRaid2; C:\Windows\system32\drivers\sisraid2.sys [38504 2006-11-02] ()
S4 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [71784 2006-11-02] ()
R1 Smb; C:\Windows\System32\DRIVERS\smb.sys [66560 2008-01-19] ()
S3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [23096 2009-09-17] ()
R0 spldr; C:\Windows\system32\Drivers\spldr.sys [21048 2008-01-19] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [304640 2011-02-18] ()
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [146432 2011-04-29] ()
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [102400 2011-04-29] ()
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [15288 2008-01-19] ()
S4 Symc8xx; C:\Windows\system32\drivers\symc8xx.sys [35944 2006-11-02] ()
S4 Sym_hi; C:\Windows\system32\drivers\sym_hi.sys [31848 2006-11-02] ()
S4 Sym_u3; C:\Windows\system32\drivers\sym_u3.sys [34920 2006-11-02] ()
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [898952 2010-06-16] ()
S3 Tcpip6; C:\Windows\System32\DRIVERS\tcpip.sys [898952 2010-06-16] ()
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [30208 2008-01-19] ()
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [17920 2008-01-19] ()
R3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [29184 2008-01-19] ()
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [71680 2008-01-19] ()
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [54328 2008-01-19] ()
R3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [23552 2008-01-19] ()
R3 tunmp; C:\Windows\System32\DRIVERS\tunmp.sys [15360 2008-01-19] ()
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [25088 2010-02-18] ()
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [56936 2006-11-02] ()
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [226816 2008-01-19] ()
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [58472 2006-11-02] ()
S4 uliahci; C:\Windows\system32\drivers\uliahci.sys [235112 2006-11-02] ()
S4 UlSata; C:\Windows\system32\drivers\ulsata.sys [98408 2006-11-02] ()
S4 ulsata2; C:\Windows\system32\drivers\ulsata2.sys [115816 2006-11-02] ()
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [34816 2008-01-19] ()
S3 UMPass; C:\Windows\System32\DRIVERS\umpass.sys [7680 2008-01-19] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44544 2012-09-28] ()
R3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [73088 2008-01-19] ()
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [73216 2008-01-19] ()
S4 usbcir; C:\Windows\system32\drivers\usbcir.sys [68608 2006-11-02] ()
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [39424 2008-01-19] ()
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [194560 2008-01-19] ()
R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [19456 2008-01-19] ()
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [18944 2008-01-19] ()
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [35328 2008-01-19] ()
R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [55296 2008-01-19] ()
S4 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [22528 2006-11-02] ()
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2006-11-02] ()
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2008-01-19] ()
S3 viaagp; C:\Windows\system32\drivers\viaagp.sys [54376 2006-11-02] ()
S4 ViaC7; C:\Windows\system32\drivers\viac7.sys [39424 2006-11-02] ()
S4 viaide; C:\Windows\system32\drivers\viaide.sys [17512 2006-11-02] ()
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [52792 2008-01-19] ()
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [294456 2008-01-19] ()
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [227896 2008-01-19] ()
S4 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [112232 2006-11-02] ()
S4 WacomPen; C:\Windows\system32\drivers\wacompen.sys [20608 2006-11-02] ()
S3 Wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [62464 2008-01-19] ()
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [62464 2008-01-19] ()
S4 Wd; C:\Windows\system32\drivers\wd.sys [19560 2006-11-02] ()
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [503864 2008-01-19] ()
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19352 2007-09-13] ()
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [29976 2007-09-13] ()
S4 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2006-11-02] ()
S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14744 2007-09-13] ()
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [51608 2007-09-13] ()
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [15872 2008-01-19] ()
S3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [16640 2009-09-03] ()
S3 wsvad_driver; C:\Windows\System32\drivers\VirtualAudio.sys [16896 2008-10-17] ()
R3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [83328 2008-01-19] ()
U5 1b36535375971e1b; C:\Windows\System32\Drivers\1b36535375971e1b.sys [56832 2014-04-01] () <===== ATTENTION Necurs Rootkit?
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
S3 CT20XUT.DLL; system32\CT20XUT.DLL [X]
S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
S3 CTEAPSFX.DLL; system32\CTEAPSFX.DLL [X]
S3 CTEDSPFX.DLL; system32\CTEDSPFX.DLL [X]
S3 CTEDSPSY.DLL; system32\CTEDSPSY.DLL [X]
S3 CTEXFIFX.DLL; system32\CTEXFIFX.DLL [X]
S3 CTHWIUT.DLL; system32\CTHWIUT.DLL [X]
S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]
S3 GPUTool; \??\C:\Users\Adam\AppData\Local\Temp\GPUTool.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RTL8187; system32\DRIVERS\wg111v2.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2008-05-02] () <===== ATTENTION Necurs Rootkit?

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-29 20:40 - 2014-04-29 20:41 - 00020983 _____ () C:\Users\Adam\Desktop\ESETNecursCleaner.exe_20140429.204047.3152.zip
2014-04-29 20:40 - 2014-04-29 20:41 - 00005346 _____ () C:\Users\Adam\Desktop\ESETNecursCleaner.exe_20140429.204047.3152.log
2014-04-29 20:40 - 2014-04-29 20:40 - 00020003 _____ () C:\Users\Adam\Desktop\ESETNecursCleaner.exe_20140429.204001.3452.zip
2014-04-29 20:40 - 2014-04-29 20:40 - 00003602 _____ () C:\Users\Adam\Desktop\ESETNecursCleaner.exe_20140429.204001.3452.log
2014-04-29 20:40 - 2014-04-29 20:40 - 00000000 _____ () C:\Users\Adam\Desktop\ESET_cleaner_CrashDump.dmp
2014-04-29 20:39 - 2014-04-29 20:39 - 00253632 _____ (ESET) C:\Users\Adam\Desktop\ESETNecursCleaner.exe
2014-04-28 22:25 - 2014-04-28 22:28 - 00008920 _____ () C:\Users\Adam\Desktop\Search.txt
2014-04-28 11:27 - 2014-04-28 11:27 - 00105144 _____ () C:\Users\Adam\Desktop\Summary.zip
2014-04-28 11:05 - 2014-04-28 11:05 - 02514898 _____ () C:\Users\Adam\Desktop\Summary.nfo
2014-04-28 10:59 - 2014-04-29 21:20 - 00033324 _____ () C:\Users\Adam\Desktop\FRST.txt
2014-04-28 10:59 - 2014-04-29 21:19 - 00000000 ____D () C:\FRST
2014-04-27 20:21 - 2014-04-27 20:21 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Slick Savings
2014-04-27 20:21 - 2014-04-27 20:21 - 00000000 ____D () C:\Program Files\Vuze Remote Toolbar
2014-04-27 20:21 - 2014-04-27 20:21 - 00000000 ____D () C:\Program Files\Application Updater
2014-04-25 17:30 - 2014-04-25 17:30 - 00018566 _____ () C:\Users\Adam\Desktop\attach.txt
2014-04-25 17:30 - 2014-04-25 17:30 - 00017037 _____ () C:\Users\Adam\Desktop\dds.txt
2014-04-25 17:28 - 2014-04-25 17:28 - 00688992 ____R (Swearware) C:\Users\Adam\Desktop\dds.com
2014-04-21 23:25 - 2014-04-21 23:25 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Adam\Desktop\mbar-1.07.0.1009.exe
2014-04-21 23:12 - 2014-04-28 10:58 - 01049600 _____ (Farbar) C:\Users\Adam\Desktop\FRST.exe
2014-04-21 11:17 - 2014-04-21 11:17 - 00000913 _____ () C:\Users\Adam\Desktop\Stellar Phoenix JPEG Repair.lnk
2014-04-21 11:17 - 2014-04-21 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix JPEG Repair
2014-04-21 11:17 - 2014-04-21 11:17 - 00000000 ____D () C:\Program Files\Stellar Phoenix JPEG Repair
2014-04-21 11:12 - 2014-04-21 11:12 - 00000018 _____ () C:\Users\Adam\Desktop\egg.txt
2014-04-20 12:14 - 2014-04-20 12:14 - 00000000 ____D () C:\iCloud Photos
2014-04-19 20:53 - 2014-04-19 20:54 - 00751688 _____ (Emsisoft GmbH) C:\Users\Adam\Desktop\decrypt_harasom.exe
2014-04-19 20:35 - 2014-04-19 20:35 - 00614661 _____ () C:\decrypt_cryptodefense.zip
2014-04-19 20:27 - 2014-04-19 20:30 - 00000000 ____D () C:\Users\Adam\Desktop\Test
2014-04-19 20:24 - 2014-04-19 20:24 - 10868379 _____ () C:\Users\Adam\Desktop\Anti-CryptorBitV2.zip
2014-04-19 19:39 - 2014-04-19 19:39 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Adam\Desktop\ShadowExplorer-0.9-setup.exe
2014-04-19 19:39 - 2014-04-19 19:39 - 00001682 _____ () C:\Users\Adam\Desktop\ShadowExplorer.lnk
2014-04-19 19:39 - 2014-04-19 19:39 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\www.shadowexplorer.com
2014-04-19 19:39 - 2014-04-19 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2014-04-19 19:39 - 2014-04-19 19:39 - 00000000 ____D () C:\Program Files\ShadowExplorer
2014-04-19 19:37 - 2014-04-19 19:37 - 00000000 ____D () C:\Users\Adam\AppData\Local\SearchProtect
2014-04-19 19:18 - 2014-04-19 21:05 - 00001056 _____ () C:\Users\Adam\Desktop\ListCrilock.txt
2014-04-19 19:18 - 2014-04-19 19:18 - 00390392 _____ (Bleeping Computer, LLC) C:\Users\Adam\Desktop\ListCrilock.exe
2014-04-19 16:37 - 2014-04-19 16:37 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\XulTest
2014-04-19 16:37 - 2014-04-19 16:37 - 00000000 ____D () C:\Users\Adam\AppData\Local\XulTest
2014-04-19 14:56 - 2014-04-19 14:56 - 00000000 ____D () C:\Users\Jo\AppData\Roaming\NVIDIA
2014-04-10 16:25 - 2014-04-19 16:29 - 00077312 _____ () C:\Users\Jo\Documents\Eleanors poetry book.pub
2014-04-09 16:00 - 2014-04-10 16:12 - 00000000 ____D () C:\Users\Jo\Documents\Eleanors Poems
2014-04-01 19:53 - 2014-04-01 19:53 - 00056832 _____ () C:\Windows\system32\Drivers\1b36535375971e1b.sys

==================== One Month Modified Files and Folders =======

2014-04-29 21:20 - 2014-04-28 10:59 - 00033324 _____ () C:\Users\Adam\Desktop\FRST.txt
2014-04-29 21:19 - 2014-04-28 10:59 - 00000000 ____D () C:\FRST
2014-04-29 21:19 - 2011-03-02 22:02 - 00000000 ____D () C:\Windows\system32\logishrd
2014-04-29 21:19 - 2009-12-24 11:11 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-29 21:18 - 2007-07-09 19:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-29 21:18 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-29 21:18 - 2006-11-02 13:47 - 00003792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-29 21:18 - 2006-11-02 13:47 - 00003792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-29 20:46 - 2006-11-02 14:01 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-29 20:43 - 2011-09-16 23:09 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{EDD4161F-8791-4102-8D76-CBFB6A9BBF62}.job
2014-04-29 20:41 - 2014-04-29 20:40 - 00020983 _____ () C:\Users\Adam\Desktop\ESETNecursCleaner.exe_20140429.204047.3152.zip
2014-04-29 20:41 - 2014-04-29 20:40 - 00005346 _____ () C:\Users\Adam\Desktop\ESETNecursCleaner.exe_20140429.204047.3152.log
2014-04-29 20:40 - 2014-04-29 20:40 - 00020003 _____ () C:\Users\Adam\Desktop\ESETNecursCleaner.exe_20140429.204001.3452.zip
2014-04-29 20:40 - 2014-04-29 20:40 - 00003602 _____ () C:\Users\Adam\Desktop\ESETNecursCleaner.exe_20140429.204001.3452.log
2014-04-29 20:40 - 2014-04-29 20:40 - 00000000 _____ () C:\Users\Adam\Desktop\ESET_cleaner_CrashDump.dmp
2014-04-29 20:39 - 2014-04-29 20:39 - 00253632 _____ (ESET) C:\Users\Adam\Desktop\ESETNecursCleaner.exe
2014-04-29 08:47 - 2006-11-02 11:33 - 00707392 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-29 08:40 - 2007-07-10 17:22 - 00000000 ____D () C:\Users\Jo
2014-04-28 22:28 - 2014-04-28 22:25 - 00008920 _____ () C:\Users\Adam\Desktop\Search.txt
2014-04-28 22:27 - 2011-08-04 19:52 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3586448861-3661376309-3045200300-1000UA.job
2014-04-28 22:12 - 2012-12-15 13:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-28 11:27 - 2014-04-28 11:27 - 00105144 _____ () C:\Users\Adam\Desktop\Summary.zip
2014-04-28 11:26 - 2011-08-04 19:52 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3586448861-3661376309-3045200300-1000Core.job
2014-04-28 11:08 - 2009-12-24 11:11 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-28 11:05 - 2014-04-28 11:05 - 02514898 _____ () C:\Users\Adam\Desktop\Summary.nfo
2014-04-28 11:02 - 2006-11-02 13:52 - 01549188 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 10:58 - 2014-04-21 23:12 - 01049600 _____ (Farbar) C:\Users\Adam\Desktop\FRST.exe
2014-04-27 20:21 - 2014-04-27 20:21 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Slick Savings
2014-04-27 20:21 - 2014-04-27 20:21 - 00000000 ____D () C:\Program Files\Vuze Remote Toolbar
2014-04-27 20:21 - 2014-04-27 20:21 - 00000000 ____D () C:\Program Files\Application Updater
2014-04-27 20:21 - 2013-09-12 15:39 - 00000000 ____D () C:\Program Files\Common Files\Spigot
2014-04-25 17:30 - 2014-04-25 17:30 - 00018566 _____ () C:\Users\Adam\Desktop\attach.txt
2014-04-25 17:30 - 2014-04-25 17:30 - 00017037 _____ () C:\Users\Adam\Desktop\dds.txt
2014-04-25 17:28 - 2014-04-25 17:28 - 00688992 ____R (Swearware) C:\Users\Adam\Desktop\dds.com
2014-04-25 16:59 - 2008-09-16 12:16 - 00000000 ____D () C:\Users\Jo\Tracing
2014-04-25 15:00 - 2010-11-10 16:00 - 00000238 _____ () C:\Windows\Tasks\Epson Printer Software Downloader.job
2014-04-21 23:25 - 2014-04-21 23:25 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Adam\Desktop\mbar-1.07.0.1009.exe
2014-04-21 13:21 - 2007-09-06 20:11 - 00000000 ____D () C:\Users\Adam\Documents\My PSP Files
2014-04-21 13:21 - 2007-09-06 20:11 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Corel
2014-04-21 13:21 - 2007-09-06 20:07 - 00003712 ___SH () C:\Windows\system32\KGyGaAvL.sys
2014-04-21 11:40 - 2007-07-09 21:52 - 00137216 _____ () C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-21 11:17 - 2014-04-21 11:17 - 00000913 _____ () C:\Users\Adam\Desktop\Stellar Phoenix JPEG Repair.lnk
2014-04-21 11:17 - 2014-04-21 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix JPEG Repair
2014-04-21 11:17 - 2014-04-21 11:17 - 00000000 ____D () C:\Program Files\Stellar Phoenix JPEG Repair
2014-04-21 11:12 - 2014-04-21 11:12 - 00000018 _____ () C:\Users\Adam\Desktop\egg.txt
2014-04-20 12:14 - 2014-04-20 12:14 - 00000000 ____D () C:\iCloud Photos
2014-04-19 21:05 - 2014-04-19 19:18 - 00001056 _____ () C:\Users\Adam\Desktop\ListCrilock.txt
2014-04-19 20:54 - 2014-04-19 20:53 - 00751688 _____ (Emsisoft GmbH) C:\Users\Adam\Desktop\decrypt_harasom.exe
2014-04-19 20:35 - 2014-04-19 20:35 - 00614661 _____ () C:\decrypt_cryptodefense.zip
2014-04-19 20:30 - 2014-04-19 20:27 - 00000000 ____D () C:\Users\Adam\Desktop\Test
2014-04-19 20:24 - 2014-04-19 20:24 - 10868379 _____ () C:\Users\Adam\Desktop\Anti-CryptorBitV2.zip
2014-04-19 20:15 - 2007-07-09 19:34 - 00269810 _____ () C:\Windows\PFRO.log
2014-04-19 20:15 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Provisioning
2014-04-19 20:09 - 2012-11-18 15:32 - 00000000 ____D () C:\Users\Adam\AppData\Local\Conduit
2014-04-19 19:39 - 2014-04-19 19:39 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Adam\Desktop\ShadowExplorer-0.9-setup.exe
2014-04-19 19:39 - 2014-04-19 19:39 - 00001682 _____ () C:\Users\Adam\Desktop\ShadowExplorer.lnk
2014-04-19 19:39 - 2014-04-19 19:39 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\www.shadowexplorer.com
2014-04-19 19:39 - 2014-04-19 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2014-04-19 19:39 - 2014-04-19 19:39 - 00000000 ____D () C:\Program Files\ShadowExplorer
2014-04-19 19:37 - 2014-04-19 19:37 - 00000000 ____D () C:\Users\Adam\AppData\Local\SearchProtect
2014-04-19 19:22 - 2012-11-18 15:32 - 00000000 ____D () C:\Users\Adam\AppData\Local\CRE
2014-04-19 19:22 - 2007-07-06 18:30 - 00000000 ____D () C:\Users\Adam
2014-04-19 19:18 - 2014-04-19 19:18 - 00390392 _____ (Bleeping Computer, LLC) C:\Users\Adam\Desktop\ListCrilock.exe
2014-04-19 17:58 - 2007-11-28 20:26 - 00002085 ____S () C:\Users\Adam\Desktop\feb2b8d974e5ec6466603c5c17a80d27_10273f13-33f3-460e-bba1-f05b6e8f8cb7
2014-04-19 17:48 - 2007-08-01 08:21 - 00002627 _____ () C:\Users\Jo\Desktop\Microsoft Office Word 2007.lnk
2014-04-19 17:38 - 2006-11-02 13:52 - 00056099 _____ () C:\Windows\setupact.log
2014-04-19 17:12 - 2006-11-02 13:48 - 00064042 _____ () C:\Windows\DtcInstall.log
2014-04-19 16:37 - 2014-04-19 16:37 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\XulTest
2014-04-19 16:37 - 2014-04-19 16:37 - 00000000 ____D () C:\Users\Adam\AppData\Local\XulTest
2014-04-19 16:29 - 2014-04-10 16:25 - 00077312 _____ () C:\Users\Jo\Documents\Eleanors poetry book.pub
2014-04-19 15:36 - 2007-07-11 19:30 - 00113664 _____ () C:\Users\Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-19 14:56 - 2014-04-19 14:56 - 00000000 ____D () C:\Users\Jo\AppData\Roaming\NVIDIA
2014-04-10 16:12 - 2014-04-09 16:00 - 00000000 ____D () C:\Users\Jo\Documents\Eleanors Poems
2014-04-05 02:18 - 2009-01-20 19:57 - 00000000 ____D () C:\Users\Jo\Documents\Play activities
2014-04-05 02:18 - 2008-10-01 09:23 - 00000000 ____D () C:\Users\Jo\Documents\Targets
2014-04-05 02:18 - 2008-10-01 09:23 - 00000000 ____D () C:\Users\Jo\Documents\Summer Term 2007
2014-04-05 02:18 - 2008-10-01 09:23 - 00000000 ____D () C:\Users\Jo\Documents\scanned photos
2014-04-05 02:18 - 2008-10-01 09:23 - 00000000 ____D () C:\Users\Jo\Documents\PSHE
2014-04-05 02:17 - 2013-06-27 10:42 - 00000000 ____D () C:\Users\Jo\Desktop\teaparty
2014-04-05 02:17 - 2008-10-01 09:23 - 00000000 ____D () C:\Users\Jo\Documents\Geldard family
2014-04-05 02:17 - 2008-10-01 09:23 - 00000000 ____D () C:\Users\Jo\Documents\Dundas family
2014-04-05 02:17 - 2008-10-01 09:23 - 00000000 ____D () C:\Users\Jo\Documents\Ash Class
2014-04-05 02:17 - 2008-01-15 19:30 - 00000000 ____D () C:\Users\Jo\Desktop\Scotland
2014-04-05 02:17 - 2007-12-17 13:56 - 00000000 ___SD () C:\Users\Jo\Documents\My Data Sources
2014-04-05 02:17 - 2007-09-07 09:21 - 00000000 ____D () C:\Users\Jo\Desktop\Plans
2014-04-05 02:13 - 2014-03-21 17:38 - 00000000 ____D () C:\Users\Jo\Desktop\picsad
2014-04-05 02:12 - 2010-04-23 10:11 - 00000000 ____D () C:\Users\Jo\Desktop\Non-Sample School Drawings
2014-04-05 02:12 - 2009-09-23 12:17 - 00000000 ____D () C:\Users\Jo\Desktop\Photos
2014-04-05 02:11 - 2014-01-01 13:59 - 00000000 ____D () C:\Users\Jo\Desktop\AGPICS
2014-04-05 02:11 - 2007-11-04 21:40 - 00000000 ____D () C:\Users\Jo\Desktop\Christmas cards
2014-04-05 02:09 - 2011-12-11 18:44 - 00000000 ____D () C:\Users\Adam\Documents\Preschool
2014-04-05 02:07 - 2011-12-11 19:55 - 00000000 ___SD () C:\Users\Adam\Documents\My Data Sources
2014-04-05 02:04 - 2011-03-22 23:48 - 00000000 ____D () C:\Users\Adam\Desktop\New Folder
2014-04-04 18:23 - 2012-08-15 21:27 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2014-04-03 21:07 - 2007-07-28 15:38 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Azureus
2014-04-02 19:04 - 2007-07-28 15:38 - 00000000 ____D () C:\Program Files\Azureus
2014-04-01 19:53 - 2014-04-01 19:53 - 00056832 _____ () C:\Windows\system32\Drivers\1b36535375971e1b.sys

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-29 08:40

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-04-2014
Ran by Adam at 2014-04-29 21:21:09
Running from C:\Users\Adam\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.5.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11 (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUSUpdate (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Auto Gordian Knot 2.55 (HKLM\...\AutoGK) (Version: 2.55 - len0x)
AVI/MPEG/RM/WMV Joiner 4.82 (HKLM\...\AVI MPEG RM WMV Joiner_is1) (Version:  - Boilsoft, Inc.)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Battlefield 2™ (HKLM\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )
BBC iPlayer Download Manager (HKLM\...\BBC iPlayer Download Manager) (Version: 1.7.2449 - BBC)
BBC iPlayer Download Manager (Version: 1.7.2449 - BBC.) Hidden
BeebEm (HKLM\...\BeebEm) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BT Cloud (HKLM\...\F-Secure ServiceEnabler 47188) (Version: 1.83.310.0 - F-Secure Corporation)
BT Cloud (Version: 1.83.310.0 - F-Secure Corporation) Hidden
Call of Duty® 4 - Modern Warfare™ (HKLM\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.4 - Activision)
Call of Duty® 4 - Modern Warfare™ (Version: 1.00.0000 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.4 Patch (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.4 Patch (Version: 1.4 - Activision) Hidden
CameraHelperMsi (Version: 13.10.1217.0 - Logitech) Hidden
CCF Authentication 1.00.211.0 (release) (Version: 1.00.211.0 - F-Secure Corporation) Hidden
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
ConvertXtoDVD 3.1.0.26 (HKLM\...\{76C24F39-B161-498F-BD8B-C64789812D13}_is1) (Version: 3.1.0.26 - )
Corel Paint Shop Pro Photo XI (HKLM\...\{93A1B09E-BAFA-4628-A5B6-921CB026955A}) (Version: 11.20.0000 - Corel Corporation)
CoreVorbis Audio Decoder (remove only) (HKLM\...\CoreVorbis Audio Decoder) (Version:  - )
Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM\...\WaveStudio 7) (Version:  - )
DH Driver Cleaner Professional Edition (HKLM\...\Driver Cleaner Pro) (Version: Version 1.5 - Ruud Ketelaars)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.0.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.0.0 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.4.1.4 - DivX, LLC)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.0 - DivX,Inc.)
Doctor Who: The Adventure Games (HKLM\...\{9F73FDEF-DDC1-4307-9D96-13AB3254641A}_is1) (Version:  - British Broadcasting Corp.)
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Epson Easy Photo Print 2 (HKLM\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson Printer Software Downloader (HKLM\...\Epson Printer Software Downloader) (Version:  - )
Epson Printer Software Downloader (Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
Epson Stylus SX510W_TX550W Manual (HKLM\...\Epson Stylus SX510W_TX550W User’s Guide) (Version:  - )
EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FileParade bundle uninstaller (HKLM\...\FileParade bundle uninstaller) (Version: 2.0.0.5 - FileParade) <==== ATTENTION
FileZilla Client 3.1.6 (HKLM\...\FileZilla Client) (Version: 3.1.6 - )
Free Download Manager 2.5 (HKLM\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
GameBase v1.1 (HKLM\...\GameBase_is1) (Version:  - BU22)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Half-Life 2 (HKCU\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM\...\Steam App 340) (Version:  - Valve)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Huffyuv AVI lossless video codec (Remove Only) (HKLM\...\HUFFYUV) (Version:  - )
IL-2 Sturmovik 1946 (HKLM\...\InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}) (Version: 1.00.0000 - Ubisoft)
IL-2 Sturmovik 1946 (Version: 1.00.0000 - Ubisoft) Hidden
Image Grabber II (HKLM\...\Image Grabber II) (Version:  - )
Indeo® Software (HKLM\...\Indeo® Software) (Version:  - )
iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)
Jalbum 8.1 (HKLM\...\Jalbum_1) (Version:  - )
Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LizardTech DjVu Control (autoinstall) (HKLM\...\DjVu) (Version:  - )
Logitech Communications Manager (Version: 10.45.1121 - Logitech, Inc.) Hidden
Logitech Legacy USB Camera Driver Package (HKLM\...\legacyqcam_11.00) (Version:  - )
Logitech QuickCam Driver Package (HKLM\...\lvdrivers_11.80) (Version:  - )
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Logitech Updater (HKLM\...\{53735ECE-E461-4FD0-B742-23A352436D3A}) (Version: 1.70 - Logitech, Inc.)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LucasArts' TIE Fighter (HKLM\...\LucasArts' TIE Fighter) (Version:  - )
LWS Facebook (Version: 13.10.1216.0 - Logitech) Hidden
LWS Gallery (Version: 13.10.1216.0 - Logitech) Hidden
LWS Help_main (Version: 13.10.1224.0 - Logitech) Hidden
LWS Launcher (Version: 13.10.1224.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.10.1218.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.10.1218.0 - Logitech) Hidden
LWS Twitter (Version: 13.00.1216.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.10.1216.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.00.1774.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.00.1774.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.10.1222.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.10.1216.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft AutoRoute 2005 (HKLM\...\{67E4EE98-59F4-4220-89A6-A20AF5BEC689}) (Version: 12.00.07.1200 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Communicator 2007 (HKLM\...\{E5BA0430-919F-46DD-B656-0796F8A5ADFF}) (Version: 2.0.6362.36 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM\...\{7DB92914-0A00-48C6-8DBB-F8E9D02B78B1}) (Version: 8.0.6362.41 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
MPEG TO AVI version 3.1.1 (HKLM\...\MPEG TO AVI_is1) (Version:  - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
myFairTunes v.7.0.2c (HKLM\...\myFairTunes_is1) (Version:  - Team-Assembly)
NETGEAR WG111v3 wireless USB 2.0 adapter (HKLM\...\InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) (Version: 1.00.0000 - NETGEAR)
NETGEAR WG111v3 wireless USB 2.0 adapter (Version: 1.00.0000 - NETGEAR) Hidden
NTFS Undelete v0.93 (HKLM\...\NTFS Undelete_is1) (Version: 0.93 - Atola Technology)
NVIDIA 3D Vision Controller Driver 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 285.62 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.11.0621 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
PC Inspector File Recovery (HKLM\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.07 - )
Pdf995 (HKLM\...\Pdf995) (Version:  - )
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)
PowerISO (HKLM\...\PowerISO) (Version:  - )
Qtpfsgui 1.9.2 (HKLM\...\Qtpfsgui_is1) (Version:  - Qtpfsgui Dev Team)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
Recover My Files (HKLM\...\Recover My Files_is1) (Version: 3.9.8.6081 - GetData Pty Ltd)
SCRABBLE® Interactive 2007 EDITION Uninstall (HKLM\...\SCRABBLE® 2007 EDITION) (Version:  - )
ServeToMe (HKLM\...\{24E59EEC-26D2-48C2-B007-CFF5C29A7A23}) (Version: 3.7.4286 - ProjectsWithLove)
ShadowExplorer 0.9 (HKLM\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
Skype Toolbars (HKLM\...\{A29549FD-65F3-440C-A552-6B8114CF319D}) (Version: 5.2.4170 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slick Savings (HKLM\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 1.3 - Spigot, Inc.) <==== ATTENTION
Sonos Controller (HKLM\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 22.0.64240 - Sonos, Inc.)
Spotify (HKLM\...\Spotify) (Version: 0.3.18 - )
Squeezebox Server 7.6.0 (HKLM\...\Squeezebox Server_is1) (Version: 7.6.0 - Logitech)
STARS V3 (HKLM\...\{99F278C3-4853-4946-88AD-8E96A6650058}) (Version:  - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
Stellar Phoenix JPEG Repair (HKLM\...\Stellar Phoenix JPEG Repair_is1) (Version: 2.0.0.0 - Stellar Information Systems Ltd)
Sync Client 1.40.633.0 (release) (Version: 1.40.633.0 - F-Secure Corporation) Hidden
SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
TomTom HOME (HKLM\...\{CE325D55-FCAF-4273-BB79-069BB8747270}) (Version: 1.5.106 - TomTom)
Trillian (HKLM\...\Trillian) (Version:  - )
Unlocker 1.8.7 (HKLM\...\Unlocker) (Version: 1.8.7 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Vaillant Technical Download Service (HKLM\...\{B92EDDD9-101B-4459-9365-C63C78CBA9D6}) (Version: 1.0.0 - Vaillant)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
VideoLAN VLC media player 0.8.6i (HKLM\...\VLC media player) (Version: 0.8.6i - VideoLAN Team)
VirtualLab Client 5.6.4 (HKLM\...\VirtualLab 5 Client_is1) (Version:  - BinaryBiz)
VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version:  - )
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.1.0.0 - Azureus Software, Inc.)
Vuze Remote Toolbar v9.0 (HKLM\...\{4BC73BD4-8BA3-437E-860A-07B1BEAF46D3}) (Version: 9.0 - Spigot, Inc.) <==== ATTENTION
WD Diagnostics (HKLM\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
Winamp (HKLM\...\Winamp) (Version: 5.541  - Nullsoft, Inc)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Messenger (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip Driver Updater (HKLM\...\{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1) (Version: 1.0.648.11339 - WinZip Computing, S.L. (WinZip Computing))
XviD MPEG4 Video Codec (remove only) (HKLM\...\XviD MPEG4 Video Codec) (Version:  - )
X-Wing & TIE Fighter 95 Compatibility Fix (HKLM\...\{d57cf80f-9230-4a5d-a8ea-38510a12d220}.sdb) (Version:  - )
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Restore Points  =========================

==================== Hosts content: ==========================

2006-11-02 11:23 - 2010-07-25 20:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {10367932-2F34-437F-BCF8-4F7F2667BBFC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2BD96863-9E4E-48C2-9F4A-5CF4099CD16C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-24] (Google Inc.)
Task: {5CA47329-4DFC-4786-A67D-0EEEF25B08FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-24] (Google Inc.)
Task: {6AF29EA4-0C3E-406C-BA0B-E84A456D781F} - System32\Tasks\Synctoy => C:\Program Files\SyncToy 2.1\SyncToyCmd.exe [2009-10-19] (Microsoft Corporation)
Task: {72DADF6A-DB74-4E2D-A958-E2BCDC2B9260} - System32\Tasks\{4A4C1F08-8856-4D19-B6A5-B86C8BEDAA5A} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {80532F1F-C3E2-4935-9C9E-FC71185D6427} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3586448861-3661376309-3045200300-1000Core => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-05] (Google Inc.)
Task: {8687C51F-D631-4B7F-B1A4-757B6039F465} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3586448861-3661376309-3045200300-1000UA => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-05] (Google Inc.)
Task: {A815CF4B-C93F-48B7-B854-C25F02ACEF2F} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION)
Task: {C87012B5-EB1E-4C6E-A781-636F6E063195} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {D201680E-1FBA-4B66-8E91-B2E666455468} - System32\Tasks\WinZipDriverUpdaterRunAtStartup => C:\Program Files\WinZip Driver Updater\winzipdu.exe [2011-11-10] (WinZip Computing, S.L. (WinZip Computing))
Task: {E166E99E-63A4-442D-9D53-096B07CCB2B3} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Jo => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-19] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => C:\Program Files\EPSON\EPAPDL\E_SAPDL2.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3586448861-3661376309-3045200300-1000Core.job => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3586448861-3661376309-3045200300-1000UA.job => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{7E294441-A618-406E-B965-EBB3320C0436}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{EDD4161F-8791-4102-8D76-CBFB6A9BBF62}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2011-07-16 21:36 - 2011-04-20 15:44 - 00049152 _____ () C:\Windows\system32\CSRSRV.dll
2007-09-12 19:52 - 2007-09-12 19:52 - 00051716 _____ () C:\Windows\System32\pdf995mon.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-01-22 18:16 - 2008-01-22 18:34 - 00066872 _____ () C:\Windows\system32\PnkBstrA.exe
2006-11-02 20:40 - 2006-11-02 20:40 - 00174656 _____ () C:\Windows\system32\PSIService.exe
2012-09-25 22:43 - 2012-09-25 22:43 - 00023552 _____ () C:\Program Files\ProjectsWithLove\ServeToMe\CE.iPhone.PList.dll
2008-12-02 19:25 - 2008-12-02 19:25 - 00094720 _____ () C:\Program Files\FileZilla Client\fzshellext.dll
2008-05-02 05:15 - 2008-05-02 05:15 - 00010240 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2008-06-21 17:52 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2008-08-14 18:11 - 2008-08-14 18:11 - 00565008 _____ () C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
2010-05-07 19:35 - 2010-05-07 19:35 - 02143576 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 19:35 - 2010-05-07 19:35 - 07954776 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 19:36 - 2010-05-07 19:36 - 00340824 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 19:36 - 2010-05-07 19:36 - 00921944 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
2010-05-07 19:37 - 2010-05-07 19:37 - 00027480 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 19:37 - 2010-05-07 19:37 - 00126808 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2011-08-22 13:57 - 2011-08-22 13:57 - 00002560 _____ () C:\Windows\CTXFIRES.DLL
2013-08-30 06:43 - 2013-08-30 06:43 - 00593464 _____ () C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll
2012-01-02 19:46 - 2009-03-26 15:46 - 00148480 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2010-05-07 19:34 - 2010-05-07 19:34 - 00168792 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2010-11-12 10:23 - 2010-11-12 10:23 - 00330584 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2010-05-07 19:43 - 2010-05-07 19:43 - 00651096 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE

==================== Faulty Device Manager Devices =============

Name: Logitech QuickCam Pro 9000
Description: Logitech QuickCam Pro 9000
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Logitech
Service: LVUVC
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2014 09:21:33 PM) (Source: Bonjour Service) (User: )
Description: handleLNTGetExternalAddressResponse: Router returned bad address

Error: (04/29/2014 09:21:12 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{4201139c-2be5-11dc-9036-806e6f6e6963},0x80000000,0x00000003,...).  hr = 0x80070005.

Operation:
   Removing auto-release shadow copies
   Loading provider

Context:
   Execution Context: System Provider

Error: (04/29/2014 09:21:12 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{4201139c-2be5-11dc-9036-806e6f6e6963},0x80000000,0x00000003,...).  hr = 0x80070005.

Operation:
   Removing auto-release shadow copies
   Loading provider

Context:
   Execution Context: System Provider

Error: (04/29/2014 09:21:12 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{4201139c-2be5-11dc-9036-806e6f6e6963},0x80000000,0x00000003,...).  hr = 0x80070005.

Operation:
   Removing auto-release shadow copies
   Loading provider

Context:
   Execution Context: System Provider

Error: (04/29/2014 09:21:12 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{4201139c-2be5-11dc-9036-806e6f6e6963},0x80000000,0x00000003,...).  hr = 0x80070005.

Operation:
   Removing auto-release shadow copies
   Loading provider

Context:
   Execution Context: System Provider

Error: (04/29/2014 09:20:29 PM) (Source: Bonjour Service) (User: )
Description: handleLNTGetExternalAddressResponse: Router returned bad address

Error: (04/29/2014 09:19:57 PM) (Source: Bonjour Service) (User: )
Description: handleLNTGetExternalAddressResponse: Router returned bad address

Error: (04/29/2014 09:19:41 PM) (Source: Bonjour Service) (User: )
Description: handleLNTGetExternalAddressResponse: Router returned bad address

Error: (04/29/2014 09:19:33 PM) (Source: Bonjour Service) (User: )
Description: handleLNTGetExternalAddressResponse: Router returned bad address

Error: (04/29/2014 09:19:29 PM) (Source: Bonjour Service) (User: )
Description: handleLNTGetExternalAddressResponse: Router returned bad address

System errors:
=============
Error: (04/29/2014 09:21:29 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (04/29/2014 09:21:29 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (04/29/2014 09:19:19 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (04/29/2014 09:19:15 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (04/29/2014 09:18:52 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
Description: 2147942402

Error: (04/29/2014 09:18:52 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (04/29/2014 08:45:33 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (04/29/2014 08:45:33 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (04/29/2014 08:44:04 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (04/29/2014 08:44:04 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Microsoft Office Sessions:
=========================
Error: (03/08/2012 06:27:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11333 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (12/19/2011 06:55:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/19/2011 06:55:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 112 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (11/20/2011 11:49:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11758 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (11/01/2011 11:42:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31061 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (03/23/2011 03:02:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/12/2010 01:18:31 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25051 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (05/28/2010 06:31:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15038 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (02/06/2009 01:08:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7670 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (09/30/2008 06:23:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 16 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-04-29 21:19:19.497
  Description: N/A

  Date: 2014-04-29 21:19:19.263
  Description: N/A

  Date: 2014-04-29 21:19:19.060
  Description: N/A

  Date: 2014-04-29 21:19:18.530
  Description: N/A

  Date: 2014-04-29 20:43:30.847
  Description: N/A

  Date: 2014-04-29 20:43:30.660
  Description: N/A

  Date: 2014-04-29 20:43:30.488
  Description: N/A

  Date: 2014-04-29 20:43:30.270
  Description: N/A

  Date: 2014-04-29 20:37:09.917
  Description: N/A

  Date: 2014-04-29 20:37:09.776
  Description: N/A

==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 2045.81 MB
Available physical RAM: 1125.69 MB
Total Pagefile: 4330.52 MB
Available Pagefile: 3402.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:79.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Fixed) (Total:298.09 GB) (Free:57.62 GB) NTFS
Drive i: (Storage) (Fixed) (Total:186.31 GB) (Free:4.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 620B7ACA)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 17A7454E)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 186 GB) (Disk ID: 8BCB7463)
Partition 1: (Not Active) - (Size=186 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,777 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 PM

Posted 29 April 2014 - 03:43 PM

Hi Adam,

We need to run an additional program. Please do this.

===================================================

Running TDSSKiller with Changed Parameters

--------------------
  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now

2012081514h0118.png

  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue

tds6.jpg

  • Click Reboot computer
  • Please zip and attach in your reply the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Zipped TDSSKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users