Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC went crazy this morning


  • Please log in to reply
6 replies to this topic

#1 Vanessa77

Vanessa77

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 28 April 2014 - 10:26 PM

Hi there.

This morning my PC started playing up - there was no programs open but the curser kept blinking and then showing the 'processing circle'
I checked the Task Manager and there was dozens of SDONAccess.exe processes running.
I restarted my machine but now it is not working very well - really slow and cant delete temp files - apparently im not authorised?
Yesterday I discovered I had the AVG Secure Search Toolbar bug, and BabylonToolbar bug so deleted it (or so I thought) using Adware Removal Tool and ADWCleaner. I then tried to clean up using Revo Uninstaller.

Can you please urgently help me?
This is my work computer and tomorrow is end of month and I desperately need it fixed!

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Vanessa77

Vanessa77
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 29 April 2014 - 10:28 PM

I have had BSOD a couple of times now since yesterday.

It is not a S&D issue - it is a virus of some sort that is propagating in the background - I have new hosts file, tmp files I cant delete, and I cant use the Google search bar - instead Im forced to use the address bar. It changed my bookmarks bar and has all kinds of new files and changes to files appearing in the backend.

 

Can someone please help guide me through the cleaning process for this?

My antivirus isnt showing anything.

Im pretty sure is some kind of redirect virus.



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 PM

Posted 03 May 2014 - 10:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/532622 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Vanessa77

Vanessa77
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 04 May 2014 - 03:55 PM

HI there.

 

Last week something downloaded into my computer and I have run various anti virus checks to no avail - my PC has slowed down dramatically and is something is adding weird log files and updating windows folders in the backend

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.51.2
Run by cityzone at 8:33:35 on 2014-05-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.64.1033.18.4095.2162 [GMT 12:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Spybot - Search and Destroy *Enabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Windows\system32\DXPServer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\cityzone\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Citrix\ICA Client\PNAMAIN.EXE
C:\Users\cityzone\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\cityzone\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Users\cityzone\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cityzone\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cityzone\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Receiver.lnk - C:\Windows\Installer\{7093E21A-5E1F-4EB0-B867-F11D1FC0E9AD}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{3DE6DAEE-5DCF-410A-AC66-C696A5F94245} : DHCPNameServer = 192.168.2.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-3-27 192792]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-3-27 324376]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-3-31 130840]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-3-27 32536]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-3-27 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-4-18 237336]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-3-27 236824]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-3-31 274200]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-4-25 50464]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-12-5 98888]
R1 SDHookDriver;Hook Test Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2014-4-1 63904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-17 203776]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-4-18 3645456]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-3-27 291912]
R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2013-4-4 181760]
R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2013-4-4 55296]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-11-20 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-4-1 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-4-1 171416]
R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2013-4-4 291352]
R3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2013-5-22 95344]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSib.sys [2013-5-22 21872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 vToolbarUpdater18.1.0;vToolbarUpdater18.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [?]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-8 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-16 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-12 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-4-28 31800]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-12 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-4 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-05-03 22:01:21 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-03 22:01:21 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-02 06:00:30 -------- d-----w- C:\Users\cityzone\AppData\Local\{31082D93-EA55-482D-976B-3D848B7E4648}
2014-05-01 01:25:03 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-01 01:24:02 465408 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-01 01:24:02 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-04-28 20:48:50 -------- d-----w- C:\Users\cityzone\AppData\Roaming\VS Revo Group
2014-04-28 20:33:07 -------- d-----w- C:\Windows\SysWow64\%LOCALAPPDATA%
2014-04-28 20:18:47 -------- d-----w- C:\ProgramData\HitmanPro
2014-04-28 10:14:35 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-04-28 10:13:56 -------- d-----w- C:\AdwCleaner
2014-04-28 09:19:11 -------- d-sh--w- C:\Users\cityzone\AppData\Local\EmieUserList
2014-04-28 09:19:11 -------- d-sh--w- C:\Users\cityzone\AppData\Local\EmieSiteList
2014-04-28 09:00:38 290304 ----a-w- C:\Windows\SysWow64\subinacl.exe
2014-04-28 09:00:36 -------- d-----w- C:\Program Files\Common Files\Microsoft
2014-04-28 09:00:36 -------- d-----w- C:\Program Files\Adware-Removal-Tool
2014-04-28 07:01:10 -------- d-----w- C:\Users\cityzone\AppData\Local\VS Revo Group
2014-04-28 07:00:41 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2014-04-28 07:00:41 -------- d-----w- C:\ProgramData\VS Revo Group
2014-04-28 07:00:40 -------- d-----w- C:\Program Files\VS Revo Group
2014-04-28 03:03:36 -------- d-----w- C:\ProgramData\AVG Secure Search
2014-04-24 23:25:38 -------- d-----w- C:\Users\cityzone\AppData\Local\{5A36DC8F-A62D-4C78-BA1D-60A920CF37BC}
2014-04-24 23:18:19 -------- d-----w- C:\ProgramData\AVG Security Toolbar
2014-04-24 23:17:51 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-04-23 00:56:03 -------- d-----w- C:\Users\cityzone\AppData\Roaming\SolidDocuments
2014-04-21 20:43:12 -------- d-----w- C:\Users\cityzone\AppData\Roaming\AVG2014
2014-04-21 20:38:13 -------- d--h--w- C:\$AVG
2014-04-18 03:01:56 237336 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-04-15 22:02:05 359936 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-04-15 22:02:05 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-04-09 21:31:53 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-04-08 05:59:40 -------- d-----w- C:\Users\cityzone\AppData\Roaming\FreeContactSmsTransfer
2014-04-08 05:59:40 -------- d-----w- C:\Users\cityzone\AppData\Roaming\Contact Sms Transfer
2014-04-08 05:59:13 -------- d-----w- C:\Program Files (x86)\Cucusoft
2014-04-08 05:23:45 -------- d-----w- C:\Program Files\iPod
2014-04-08 05:23:44 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-08 05:23:44 -------- d-----w- C:\Program Files\iTunes
2014-04-08 05:23:44 -------- d-----w- C:\Program Files (x86)\iTunes
2014-04-08 05:21:31 -------- d-----w- C:\Program Files\Bonjour
2014-04-08 05:21:31 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M  ====================
.
2014-03-31 04:20:54 274200 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-03-31 04:06:26 130840 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-03-27 10:14:26 192792 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-03-27 10:14:24 153368 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-03-27 10:07:10 236824 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-03-27 10:05:02 324376 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-03-27 10:03:16 32536 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2014-03-17 01:24:24 350160 ----a-w- C:\Windows\System32\drivers\trufos.sys
2014-03-17 01:24:18 632064 ----a-w- C:\Windows\SysWow64\msvcr80.dll
2014-03-17 01:24:17 554240 ----a-w- C:\Windows\SysWow64\msvcp80.dll
2014-03-17 01:24:16 572928 ----a-w- C:\Windows\SysWow64\msvcp90.dll
2014-03-17 01:24:15 655872 ----a-w- C:\Windows\SysWow64\msvcr90.dll
2014-03-17 01:24:14 34048 ----a-w- C:\Windows\SysWow64\eEmpty.exe
2014-03-11 19:50:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 19:50:22 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-03-03 23:32:52 113224 ----a-w- C:\Users\cityzone\g2ax_customer_downloadhelper_win32_x86.exe
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:35:56 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:35 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:28:36 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-02-04 02:00:39 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
.
============= FINISH:  8:44:19.90 ===============
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 4/02/2011 11:11:58 a.m.
System Uptime: 5/05/2014 7:24:09 a.m. (1 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | Narra6
Processor: AMD Athlon™ II X2 215 Processor | CPU 1 | 783/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 391.364 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.451 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP437: 28/04/2014 7:05:46 p.m. - Revo Uninstaller Pro's restore point - HitmanPro 3.7
RP439: 28/04/2014 7:08:17 p.m. - Revo Uninstaller Pro's restore point - HP Games
RP441: 28/04/2014 10:35:26 p.m. - Revo Uninstaller Pro's restore point - Visual Studio 2008 x64 Redistributables
RP443: 28/04/2014 10:45:44 p.m. - Revo Uninstaller Pro's restore point - Update Installer for WildTangent Games App
RP445: 28/04/2014 10:46:42 p.m. - Revo Uninstaller Pro's restore point - WildTangent Games App (HP Games)
RP447: 29/04/2014 10:16:49 a.m. - Revo Uninstaller Pro's restore point - AVG SafeGuard toolbar
RP449: 29/04/2014 12:33:45 p.m. - Revo Uninstaller Pro's restore point - tmp00006871
RP451: 29/04/2014 9:20:21 p.m. - Revo Uninstaller Pro's restore point - Dropbox
RP452: 1/05/2014 1:24:13 p.m. - Windows Update
RP453: 4/05/2014 10:00:33 a.m. - Windows Update
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat XI Pro
Adobe AIR
Adobe Creative Cloud
Adobe Download Assistant
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aspect Property Manager
ATI Catalyst Install Manager
AVG 2014
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center
Bonjour
Brother MFL-Pro Suite
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Citrix Receiver (Enterprise)
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(PNA)
Citrix Receiver(SSON)
Citrix Receiver(USB)
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
D3DX10
DirectX for Managed Code Update (Summer 2004)
Google Chrome
Google Update Helper
Hardware Diagnostic Tools
Hewlett-Packard ACLM.NET v1.2.2.3
HP Advisor
HP Customer Experience Enhancements
HP Odometer
HP Product Detection
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HydraVision
iCloud
iPhone Contacts + SMS Backup 1.2.7.0
iTunes
Java 7 Update 51
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
LabelPrint
LightScribe System Software
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
Online Plug-in
Outlook Express Backup 6.5
PaperPort Image Printer 64-bit
PlayReady PC Runtime amd64
Power2Go
PowerDirector
Realtek High Definition Audio Driver
Recovery Manager
Revo Uninstaller Pro 3.0.8
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Spybot - Search & Destroy
Tweaking.com - Windows Repair (All in One)
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
5/05/2014 8:12:50 a.m., Error: Microsoft-Windows-DNS-Client [1012]  - There was an error while attempting to read the local hosts file.
4/05/2014 10:20:16 a.m., Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
4/05/2014 10:20:02 a.m., Error: Service Control Manager [7000]  - The vToolbarUpdater18.1.0 service failed to start due to the following error:  The system cannot find the file specified.
29/04/2014 8:39:47 a.m., Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
29/04/2014 7:19:58 p.m., Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa80036dd660, 0xfffff800040ce740). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042914-29889-01.
28/04/2014 9:45:42 p.m., Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
28/04/2014 5:57:16 p.m., Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume COMPAQ.
28/04/2014 5:27:16 p.m., Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
28/04/2014 10:24:07 p.m., Error: Service Control Manager [7034]  - The AVGIDSAgent service terminated unexpectedly.  It has done this 1 time(s).
1/05/2014 12:58:05 p.m., Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
1/05/2014 1:14:32 p.m., Error: Microsoft-Windows-WHEA-Logger [20]  - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: Sync Error Processor ID: 0 The details view of this entry contains further information.
1/05/2014 1:14:26 p.m., Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================
 


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:01 PM

Posted 05 May 2014 - 08:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Nothing suspicious was found on your DDS log.

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#6 Vanessa77

Vanessa77
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 05 May 2014 - 04:52 PM

HI there.

 

Thank you for your help.

Please find below the logs as requested - please not on the FSRT there is an odd entry G:/mediamanager.exe - I DONT HAVE a G drive - im pretty sure I have a rootkit.

Mbam found trojan.agent which it quarantined but I'd say there is more in the backend.

 

MBAM

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/05/2014
Scan Time: 9:23:46 a.m.
Logfile: Mbam log.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.05.05.11
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: cityzone
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 288141
Time Elapsed: 48 min, 27 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Trojan.Agent, C:\Windows\hosts, Quarantined, [e0205da3cc3430d0b273ae42f50d3fc1], 
 
Physical Sectors: 0
(No malicious items detected)
 
 

 

(end)
 
ADWCLEANER Log
 
# AdwCleaner v3.207 - Report created 06/05/2014 at 09:27:24
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : cityzone - CITYZONE-PC
# Running from : C:\Users\cityzone\DOWNLOADS\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v
 
[ File : C:\Users\cityzone\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4969 octets] - [28/04/2014 22:14:06]
AdwCleaner[R1].txt - [1057 octets] - [06/05/2014 09:26:16]
AdwCleaner[S0].txt - [4964 octets] - [28/04/2014 22:22:57]
AdwCleaner[S1].txt - [986 octets] - [06/05/2014 09:27:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1045 octets] ##########
 
FSRT Log
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2014 02
Ran by cityzone (administrator) on CITYZONE-PC on 06-05-2014 09:36:16
Running from C:\Users\cityzone\DOWNLOADS
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Windows\System32\Dxpserver.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Windows\ehome\ehrec.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\pnamain.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Google Inc.) C:\Users\cityzone\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\cityzone\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\cityzone\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [745472 2009-02-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [77824 2007-10-30] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [2015136 2011-05-27] (Affinegy, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-206089245-3203119414-1995549564-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-206089245-3203119414-1995549564-1001\...\MountPoints2: {b1a66088-a1a4-11e1-8e6e-7071bc3ac260} - G:\MediaManager.exe
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Receiver.lnk
ShortcutTarget: Receiver.lnk -> C:\Windows\Installer\{7093E21A-5E1F-4EB0-B867-F11D1FC0E9AD}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://msn.co.nz/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-NZ
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x805A84801E63CF01
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll No File
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\cityzone\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\cityzone\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\cityzone\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-20]
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://www.google.co.nz/"
CHR DefaultSearchKeyword: google.co.nz
CHR Extension: (Google Docs) - C:\Users\cityzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-28]
CHR Extension: (Google Drive) - C:\Users\cityzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-28]
CHR Extension: (YouTube) - C:\Users\cityzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Google Search) - C:\Users\cityzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\cityzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-02-20]
CHR Extension: (Google Wallet) - C:\Users\cityzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\cityzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]
CHR StartMenuInternet: Google Chrome - C:\Users\cityzone\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [562592 2011-05-27] (Affinegy, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2011-04-19] ()
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 vToolbarUpdater18.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-28] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [63904 2013-10-10] ()
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2014-03-17] (BitDefender S.R.L.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
U2 TMAgent; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-06 09:36 - 2014-05-06 09:36 - 00024331 _____ () C:\Users\cityzone\Downloads\FRST.txt
2014-05-06 09:35 - 2014-05-06 09:36 - 00000000 ____D () C:\FRST
2014-05-06 09:34 - 2014-05-06 09:35 - 02063872 _____ (Farbar) C:\Users\cityzone\Downloads\FRST64.exe
2014-05-06 09:25 - 2014-05-06 09:25 - 01316991 _____ () C:\Users\cityzone\Downloads\adwcleaner.exe
2014-05-06 08:33 - 2014-05-06 09:31 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 08:33 - 2014-05-06 08:33 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-06 08:33 - 2014-05-06 08:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-06 08:33 - 2014-05-06 08:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-06 08:33 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-06 08:33 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-06 08:33 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-06 08:31 - 2014-05-06 08:32 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\cityzone\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-05 09:58 - 2014-05-05 09:58 - 00014266 _____ () C:\Users\cityzone\Downloads\hijackthis2.log
2014-05-05 08:45 - 2014-05-05 08:45 - 00009363 _____ () C:\Users\cityzone\Desktop\attach.txt
2014-05-05 08:45 - 2014-05-05 08:44 - 00026129 _____ () C:\Users\cityzone\Desktop\dds.txt
2014-05-05 08:33 - 2014-05-05 08:34 - 00000000 ____D () C:\Users\cityzone\Desktop\New folder (2)
2014-05-04 10:01 - 2014-04-30 02:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-04 10:01 - 2014-04-30 01:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-04 10:01 - 2014-04-30 00:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-04 10:01 - 2014-04-30 00:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 18:00 - 2014-05-02 18:00 - 00000000 ____D () C:\Users\cityzone\AppData\Local\{31082D93-EA55-482D-976B-3D848B7E4648}
2014-05-02 17:59 - 2014-05-02 18:00 - 00479708 _____ () C:\Users\cityzone\Downloads\noname.eml
2014-05-02 10:51 - 2014-05-02 10:51 - 00028160 _____ () C:\Users\cityzone\Desktop\Works orders May 2014.xls
2014-05-01 13:25 - 2014-05-01 13:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-01 13:24 - 2014-04-14 14:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-01 13:24 - 2014-04-14 14:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-01 13:15 - 2014-05-01 13:15 - 00069120 ___SH () C:\Users\cityzone\Desktop\Thumbs.db
2014-05-01 13:13 - 2014-05-06 09:29 - 00004952 _____ () C:\Windows\PFRO.log
2014-05-01 13:13 - 2014-05-06 09:29 - 00000168 _____ () C:\Windows\setupact.log
2014-04-29 14:25 - 2014-04-29 14:25 - 00000000 ____D () C:\Users\cityzone\Downloads\gmer
2014-04-29 13:58 - 2014-05-05 09:58 - 00014266 _____ () C:\Users\cityzone\Downloads\hijackthis.log
2014-04-29 13:56 - 2014-04-29 13:56 - 00370943 _____ () C:\Users\cityzone\Downloads\gmer.zip
2014-04-29 13:55 - 2014-04-29 13:55 - 00688992 ____R (Swearware) C:\Users\cityzone\Downloads\dds.scr
2014-04-29 13:55 - 2014-04-29 13:55 - 00388608 _____ (Trend Micro Inc.) C:\Users\cityzone\Downloads\HijackThis.exe
2014-04-29 10:15 - 2014-04-29 10:18 - 00010752 ___SH () C:\Users\cityzone\AppData\Local\Thumbs.db
2014-04-29 08:48 - 2014-04-29 08:48 - 00007625 _____ () C:\Users\cityzone\AppData\Local\Resmon.ResmonCfg
2014-04-29 08:48 - 2014-04-29 08:48 - 00000000 ____D () C:\Users\cityzone\AppData\Roaming\VS Revo Group
2014-04-29 08:33 - 2014-04-29 08:33 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA%
2014-04-29 08:18 - 2014-04-29 08:33 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-28 22:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-04-28 22:13 - 2014-05-06 09:27 - 00000000 ____D () C:\AdwCleaner
2014-04-28 21:19 - 2014-04-28 21:19 - 00000000 __SHD () C:\Users\cityzone\AppData\Local\EmieUserList
2014-04-28 21:19 - 2014-04-28 21:19 - 00000000 __SHD () C:\Users\cityzone\AppData\Local\EmieSiteList
2014-04-28 21:00 - 2014-04-28 21:05 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-04-28 21:00 - 2014-04-28 21:00 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-04-28 19:01 - 2014-04-28 19:01 - 00000000 ____D () C:\Users\cityzone\AppData\Local\VS Revo Group
2014-04-28 19:00 - 2014-04-30 15:16 - 00001083 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-04-28 19:00 - 2014-04-30 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-04-28 19:00 - 2014-04-28 19:00 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-04-28 19:00 - 2014-04-28 19:00 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-28 19:00 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-04-28 18:16 - 2014-04-28 18:16 - 00003536 ____N () C:\bootsqm.dat
2014-04-25 11:25 - 2014-04-25 11:25 - 00000000 ____D () C:\Users\cityzone\AppData\Local\{5A36DC8F-A62D-4C78-BA1D-60A920CF37BC}
2014-04-25 11:17 - 2014-04-28 15:02 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-04-23 11:53 - 2014-04-23 11:53 - 00001138 _____ () C:\Users\cityzone\Desktop\athart.lnk
2014-04-23 11:50 - 2014-04-23 11:50 - 00001275 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-04-23 08:11 - 2014-02-20 15:25 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts.20140423-081155.backup
2014-04-22 08:43 - 2014-04-22 08:43 - 00000000 ____D () C:\Users\cityzone\AppData\Roaming\AVG2014
2014-04-22 08:41 - 2014-04-26 11:02 - 00000931 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-22 08:41 - 2014-04-26 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-22 08:38 - 2014-04-22 08:38 - 00000000 ___HD () C:\$AVG
2014-04-22 08:21 - 2014-04-22 08:23 - 00000000 ____D () C:\Users\cityzone\Documents\New folder
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-16 10:02 - 2014-03-06 20:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-16 10:02 - 2014-03-06 19:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-16 10:01 - 2014-03-06 21:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-16 10:01 - 2014-03-06 20:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-16 10:01 - 2014-03-06 20:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-16 10:01 - 2014-03-06 20:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-16 10:01 - 2014-03-06 20:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-16 10:01 - 2014-03-06 20:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-16 10:01 - 2014-03-06 20:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-16 10:01 - 2014-03-06 20:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-16 10:01 - 2014-03-06 20:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-16 10:01 - 2014-03-06 20:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-16 10:01 - 2014-03-06 20:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-16 10:01 - 2014-03-06 20:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-16 10:01 - 2014-03-06 20:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-16 10:01 - 2014-03-06 20:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-16 10:01 - 2014-03-06 20:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-16 10:01 - 2014-03-06 20:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-16 10:01 - 2014-03-06 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-16 10:01 - 2014-03-06 19:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-16 10:01 - 2014-03-06 19:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-16 10:01 - 2014-03-06 19:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-16 10:01 - 2014-03-06 19:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-16 10:01 - 2014-03-06 19:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-16 10:01 - 2014-03-06 19:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-16 10:01 - 2014-03-06 19:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-16 10:01 - 2014-03-06 19:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-16 10:01 - 2014-03-06 19:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-16 10:01 - 2014-03-06 19:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-16 10:01 - 2014-03-06 19:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-16 10:01 - 2014-03-06 19:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-16 10:01 - 2014-03-06 19:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-16 10:01 - 2014-03-06 19:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-16 10:01 - 2014-03-06 19:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-16 10:01 - 2014-03-06 18:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-16 10:01 - 2014-03-06 18:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-16 10:01 - 2014-03-06 18:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-16 10:01 - 2014-03-06 18:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-16 10:01 - 2014-03-06 18:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-16 10:01 - 2014-03-06 17:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-16 10:01 - 2014-03-06 17:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-16 10:01 - 2014-03-06 17:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-16 10:01 - 2014-03-06 17:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-16 10:01 - 2014-03-06 17:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-16 04:14 - 2014-02-20 15:25 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts.20140416-041432.backup
2014-04-11 16:53 - 2014-04-11 16:54 - 00000000 ____D () C:\Users\cityzone\Documents\Misc items
2014-04-10 09:44 - 2014-04-10 09:44 - 00000624 _____ () C:\Users\cityzone\Desktop\Aspect Property Manager.lnk
2014-04-10 09:44 - 2014-04-10 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aspect Property Manager
2014-04-10 09:31 - 2014-03-04 21:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 09:31 - 2014-03-04 21:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 09:31 - 2014-03-04 21:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 09:31 - 2014-03-04 21:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 09:31 - 2014-03-04 21:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 09:31 - 2014-03-04 21:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 09:31 - 2014-03-04 21:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 09:31 - 2014-03-04 21:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 09:31 - 2014-03-04 21:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 09:31 - 2014-03-04 20:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 09:31 - 2014-03-04 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 09:31 - 2014-02-04 14:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 09:31 - 2014-02-04 14:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 09:31 - 2014-02-04 14:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 09:31 - 2014-02-04 14:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 09:31 - 2014-02-04 14:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 09:31 - 2014-01-24 14:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 08:31 - 2014-02-20 15:25 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts.20140409-083130.backup
2014-04-08 21:36 - 2014-04-22 08:22 - 00000000 ____D () C:\Users\cityzone\Documents\Contact Sms Transfer
2014-04-08 17:59 - 2014-04-22 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cucusoft iPhone Contact SMS
2014-04-08 17:59 - 2014-04-08 21:37 - 00000000 ____D () C:\Users\cityzone\AppData\Roaming\Contact Sms Transfer
2014-04-08 17:59 - 2014-04-08 21:36 - 00000000 ____D () C:\Users\cityzone\AppData\Roaming\FreeContactSmsTransfer
2014-04-08 17:59 - 2014-04-08 17:59 - 00000000 ____D () C:\Program Files (x86)\Cucusoft
2014-04-08 17:41 - 2014-04-08 17:41 - 00197800 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-04-08 17:24 - 2014-04-08 17:24 - 00001749 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-08 17:24 - 2014-04-08 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-08 17:23 - 2014-04-08 17:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-08 17:23 - 2014-04-08 17:24 - 00000000 ____D () C:\Program Files\iTunes
2014-04-08 17:23 - 2014-04-08 17:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-08 17:23 - 2014-04-08 17:23 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-04-08 17:23 - 2014-04-08 17:23 - 00000000 ____D () C:\Program Files\iPod
2014-04-08 17:22 - 2014-04-08 17:22 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-04-08 17:22 - 2014-04-08 17:22 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-04-08 17:21 - 2014-04-08 17:21 - 00000000 ____D () C:\Program Files\Bonjour
2014-04-08 17:21 - 2014-04-08 17:21 - 00000000 ____D () C:\Program Files (x86)\Bonjour
 
==================== One Month Modified Files and Folders =======
 
2014-05-06 09:36 - 2014-05-06 09:36 - 00024331 _____ () C:\Users\cityzone\Downloads\FRST.txt
2014-05-06 09:36 - 2014-05-06 09:35 - 00000000 ____D () C:\FRST
2014-05-06 09:35 - 2014-05-06 09:34 - 02063872 _____ (Farbar) C:\Users\cityzone\Downloads\FRST64.exe
2014-05-06 09:34 - 2014-01-31 09:55 - 01589933 _____ () C:\Windows\WindowsUpdate.log
2014-05-06 09:34 - 2009-07-14 17:13 - 00786598 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-06 09:33 - 2013-11-11 17:36 - 00000000 ____D () C:\Users\cityzone\Desktop\New folder
2014-05-06 09:31 - 2014-05-06 08:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 09:31 - 2011-02-09 14:31 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-206089245-3203119414-1995549564-1001UA.job
2014-05-06 09:31 - 2011-02-05 09:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-06 09:31 - 2010-03-17 00:14 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2014-05-06 09:29 - 2014-05-01 13:13 - 00004952 _____ () C:\Windows\PFRO.log
2014-05-06 09:29 - 2014-05-01 13:13 - 00000168 _____ () C:\Windows\setupact.log
2014-05-06 09:29 - 2011-02-09 14:31 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-206089245-3203119414-1995549564-1001Core.job
2014-05-06 09:29 - 2009-07-14 17:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-06 09:27 - 2014-04-28 22:13 - 00000000 ____D () C:\AdwCleaner
2014-05-06 09:25 - 2014-05-06 09:25 - 01316991 _____ () C:\Users\cityzone\Downloads\adwcleaner.exe
2014-05-06 09:08 - 2011-02-05 09:28 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-06 08:38 - 2011-04-06 10:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-06 08:33 - 2014-05-06 08:33 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-06 08:33 - 2014-05-06 08:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-06 08:33 - 2014-05-06 08:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-06 08:33 - 2014-04-01 15:14 - 00396288 _____ () C:\Users\cityzone\Desktop\banking eftpos 2014.xls
2014-05-06 08:33 - 2013-11-11 16:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 08:32 - 2014-05-06 08:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\cityzone\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-06 08:28 - 2011-02-04 08:36 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DCA1B192-9661-412F-BB55-306BCD99FE01}
2014-05-05 09:58 - 2014-05-05 09:58 - 00014266 _____ () C:\Users\cityzone\Downloads\hijackthis2.log
2014-05-05 09:58 - 2014-04-29 13:58 - 00014266 _____ () C:\Users\cityzone\Downloads\hijackthis.log
2014-05-05 08:45 - 2014-05-05 08:45 - 00009363 _____ () C:\Users\cityzone\Desktop\attach.txt
2014-05-05 08:44 - 2014-05-05 08:45 - 00026129 _____ () C:\Users\cityzone\Desktop\dds.txt
2014-05-05 08:34 - 2014-05-05 08:33 - 00000000 ____D () C:\Users\cityzone\Desktop\New folder (2)
2014-05-04 10:27 - 2009-07-14 16:45 - 00015792 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-04 10:27 - 2009-07-14 16:45 - 00015792 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-03 12:43 - 2014-02-08 06:45 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForcityzone
2014-05-03 12:43 - 2014-02-08 06:45 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForcityzone.job
2014-05-02 18:00 - 2014-05-02 18:00 - 00000000 ____D () C:\Users\cityzone\AppData\Local\{31082D93-EA55-482D-976B-3D848B7E4648}
2014-05-02 18:00 - 2014-05-02 17:59 - 00479708 _____ () C:\Users\cityzone\Downloads\noname.eml
2014-05-02 10:51 - 2014-05-02 10:51 - 00028160 _____ () C:\Users\cityzone\Desktop\Works orders May 2014.xls
2014-05-02 09:59 - 2013-11-15 09:31 - 00000000 ____D () C:\Users\cityzone\Desktop\ASPECT BACKUPS
2014-05-02 08:13 - 2011-02-07 08:58 - 00000000 ____D () C:\PropMan
2014-05-01 13:25 - 2014-05-01 13:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-01 13:15 - 2014-05-01 13:15 - 00069120 ___SH () C:\Users\cityzone\Desktop\Thumbs.db
2014-05-01 13:15 - 2014-03-04 11:19 - 00000000 ____D () C:\Users\cityzone\Desktop\Pics
2014-05-01 13:15 - 2013-06-28 13:59 - 00000000 ____D () C:\Users\cityzone\Desktop\Body Corp Rules
2014-05-01 13:15 - 2013-06-28 13:56 - 00000000 ____D () C:\Users\cityzone\Desktop\Rules & Washer
2014-05-01 11:33 - 2011-03-07 07:09 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-01 11:31 - 2011-11-21 07:15 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-01 09:15 - 2013-10-14 15:33 - 00000000 ____D () C:\Users\cityzone\Desktop\Vanessa
2014-04-30 15:16 - 2014-04-28 19:00 - 00001083 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-04-30 15:16 - 2014-04-28 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-04-30 15:07 - 2013-11-21 07:05 - 00003672 _____ () C:\Windows\wininit.ini
2014-04-30 14:32 - 2011-02-04 08:28 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-04-30 14:15 - 2011-04-17 14:22 - 00000000 ____D () C:\Windows\Minidump
2014-04-30 13:56 - 2011-02-04 10:12 - 00000000 ____D () C:\Users\cityzone
2014-04-30 02:01 - 2014-05-04 10:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-30 01:40 - 2014-05-04 10:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-30 00:48 - 2014-05-04 10:01 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-30 00:34 - 2014-05-04 10:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-29 21:24 - 2009-07-14 17:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-29 14:25 - 2014-04-29 14:25 - 00000000 ____D () C:\Users\cityzone\Downloads\gmer
2014-04-29 13:56 - 2014-04-29 13:56 - 00370943 _____ () C:\Users\cityzone\Downloads\gmer.zip
2014-04-29 13:55 - 2014-04-29 13:55 - 00688992 ____R (Swearware) C:\Users\cityzone\Downloads\dds.scr
2014-04-29 13:55 - 2014-04-29 13:55 - 00388608 _____ (Trend Micro Inc.) C:\Users\cityzone\Downloads\HijackThis.exe
2014-04-29 13:05 - 2013-04-01 09:46 - 00000000 ____D () C:\Users\cityzone_2
2014-04-29 13:05 - 2009-07-14 15:20 - 00000000 ___RD () C:\Users\Default
2014-04-29 10:18 - 2014-04-29 10:15 - 00010752 ___SH () C:\Users\cityzone\AppData\Local\Thumbs.db
2014-04-29 10:14 - 2012-06-22 16:53 - 00000000 ___SD () C:\Users\cityzone\Documents\My Data Sources
2014-04-29 08:48 - 2014-04-29 08:48 - 00007625 _____ () C:\Users\cityzone\AppData\Local\Resmon.ResmonCfg
2014-04-29 08:48 - 2014-04-29 08:48 - 00000000 ____D () C:\Users\cityzone\AppData\Roaming\VS Revo Group
2014-04-29 08:48 - 2011-02-04 08:21 - 00000000 ___RD () C:\Users\cityzone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-29 08:33 - 2014-04-29 08:33 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA%
2014-04-29 08:33 - 2014-04-29 08:18 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-28 21:19 - 2014-04-28 21:19 - 00000000 __SHD () C:\Users\cityzone\AppData\Local\EmieUserList
2014-04-28 21:19 - 2014-04-28 21:19 - 00000000 __SHD () C:\Users\cityzone\AppData\Local\EmieSiteList
2014-04-28 21:05 - 2014-04-28 21:00 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-04-28 21:00 - 2014-04-28 21:00 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-04-28 19:21 - 2014-01-18 11:10 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-28 19:21 - 2011-02-24 09:21 - 00000000 ____D () C:\Users\cityzone\AppData\Local\CrashDumps
2014-04-28 19:21 - 2011-02-07 13:46 - 00000000 ____D () C:\Users\cityzone\Desktop\CITYZONE FORMS
2014-04-28 19:09 - 2009-07-14 17:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-04-28 19:01 - 2014-04-28 19:01 - 00000000 ____D () C:\Users\cityzone\AppData\Local\VS Revo Group
2014-04-28 19:00 - 2014-04-28 19:00 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-04-28 19:00 - 2014-04-28 19:00 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-28 18:39 - 2013-10-24 07:32 - 00000000 ____D () C:\Users\cityzone\AppData\Local\Apple
2014-04-28 18:16 - 2014-04-28 18:16 - 00003536 ____N () C:\bootsqm.dat
2014-04-28 15:02 - 2014-04-25 11:17 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-04-28 11:51 - 2013-10-24 07:35 - 00000000 ____D () C:\Users\cityzone\AppData\Roaming\Apple Computer
2014-04-26 11:02 - 2014-04-22 08:41 - 00000931 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-26 11:02 - 2014-04-22 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-26 10:54 - 2011-02-05 09:28 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-26 10:54 - 2011-02-04 08:36 - 00000000 ____D () C:\Users\cityzone\AppData\Roaming\Adobe
2014-04-25 11:25 - 2014-04-25 11:25 - 00000000 ____D () C:\Users\cityzone\AppData\Local\{5A36DC8F-A62D-4C78-BA1D-60A920CF37BC}
2014-04-25 03:06 - 2009-07-14 17:08 - 00010112 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-23 12:00 - 2014-02-20 09:29 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-04-23 11:53 - 2014-04-23 11:53 - 00001138 _____ () C:\Users\cityzone\Desktop\athart.lnk
2014-04-23 11:50 - 2014-04-23 11:50 - 00001275 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-04-23 11:49 - 2013-11-15 16:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-23 11:45 - 2011-02-05 09:28 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-23 08:11 - 2009-07-14 14:34 - 00450734 _____ () C:\Windows\system32\Drivers\etc\hosts.old
2014-04-22 09:00 - 2014-02-18 07:20 - 00000000 ____D () C:\Users\cityzone\AppData\Local\Avg2014
2014-04-22 08:54 - 2014-04-08 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cucusoft iPhone Contact SMS
2014-04-22 08:43 - 2014-04-22 08:43 - 00000000 ____D () C:\Users\cityzone\AppData\Roaming\AVG2014
2014-04-22 08:42 - 2014-02-18 07:26 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-22 08:38 - 2014-04-22 08:38 - 00000000 ___HD () C:\$AVG
2014-04-22 08:36 - 2011-04-06 10:11 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-22 08:23 - 2014-04-22 08:21 - 00000000 ____D () C:\Users\cityzone\Documents\New folder
2014-04-22 08:22 - 2014-04-08 21:36 - 00000000 ____D () C:\Users\cityzone\Documents\Contact Sms Transfer
2014-04-22 08:18 - 2014-03-19 08:12 - 00000000 ____D () C:\Program Files\DrWeb
2014-04-22 08:18 - 2014-01-17 17:46 - 00000000 ____D () C:\ProgramData\Doctor Web
2014-04-22 08:14 - 2014-03-19 08:20 - 00000000 ____D () C:\Windows\System32\Tasks\Doctor Web
2014-04-20 13:18 - 2009-07-14 15:20 - 00000000 ____D () C:\Windows\rescache
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-16 10:58 - 2009-07-14 15:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-14 14:24 - 2014-05-01 13:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 14:19 - 2014-05-01 13:24 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-11 16:54 - 2014-04-11 16:53 - 00000000 ____D () C:\Users\cityzone\Documents\Misc items
2014-04-11 09:02 - 2014-02-18 07:42 - 00000000 ____D () C:\Users\cityzone\Documents\Docs2
2014-04-10 10:24 - 2013-11-15 13:23 - 00783452 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-10 10:07 - 2009-07-14 14:34 - 00000912 _____ () C:\Windows\win.ini
2014-04-10 10:04 - 2013-08-14 10:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 10:01 - 2011-02-07 07:59 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 09:44 - 2014-04-10 09:44 - 00000624 _____ () C:\Users\cityzone\Desktop\Aspect Property Manager.lnk
2014-04-10 09:44 - 2014-04-10 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aspect Property Manager
2014-04-09 11:27 - 2013-10-24 07:35 - 00000000 ____D () C:\Users\cityzone\AppData\Local\Apple Computer
2014-04-08 21:37 - 2014-04-08 17:59 - 00000000 ____D () C:\Users\cityzone\AppData\Roaming\Contact Sms Transfer
2014-04-08 21:36 - 2014-04-08 17:59 - 00000000 ____D () C:\Users\cityzone\AppData\Roaming\FreeContactSmsTransfer
2014-04-08 17:59 - 2014-04-08 17:59 - 00000000 ____D () C:\Program Files (x86)\Cucusoft
2014-04-08 17:41 - 2014-04-08 17:41 - 00197800 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-04-08 17:24 - 2014-04-08 17:24 - 00001749 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-08 17:24 - 2014-04-08 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-08 17:24 - 2014-04-08 17:23 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-08 17:24 - 2014-04-08 17:23 - 00000000 ____D () C:\Program Files\iTunes
2014-04-08 17:24 - 2014-04-08 17:23 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-08 17:23 - 2014-04-08 17:23 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-04-08 17:23 - 2014-04-08 17:23 - 00000000 ____D () C:\Program Files\iPod
2014-04-08 17:22 - 2014-04-08 17:22 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-04-08 17:22 - 2014-04-08 17:22 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-04-08 17:21 - 2014-04-08 17:21 - 00000000 ____D () C:\Program Files\Bonjour
2014-04-08 17:21 - 2014-04-08 17:21 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-04-08 17:21 - 2013-10-24 07:32 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-04-08 17:21 - 2013-10-24 07:31 - 00000000 ____D () C:\ProgramData\Apple
2014-04-08 17:16 - 2011-04-09 15:04 - 00000000 ____D () C:\ProgramData\Skype
2014-04-08 17:12 - 2014-02-27 15:07 - 00000000 ____D () C:\Program Files (x86)\QuickTime
 
Files to move or delete:
====================
C:\Users\cityzone\g2ax_customer_downloadhelper_win32_x86.exe
 
 
Some content of TEMP:
====================
C:\Users\cityzone\AppData\Local\Temp\Quarantine.exe
C:\Users\cityzone\AppData\Local\Temp\VSUSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-20 13:03
 
==================== End Of Log ============================
 
FSRT ADDITION Log
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-05-2014 02
Ran by cityzone at 2014-05-06 09:37:42
Running from C:\Users\cityzone\DOWNLOADS
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.06 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.1.369 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aspect Property Manager (HKLM-x32\...\Aspect Property Manager_is1) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{5A569CBA-9BE4-EAB0-9B43-468CEA2323B7}) (Version: 3.0.741.0 - ATI Technologies, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4570 - AVG Technologies)
AVG 2014 (Version: 14.0.3931 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4570 - AVG Technologies) Hidden
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.1.4 - Belkin International, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.00 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0908.2225.38429 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0908.2225.38429 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0908.2225.38429 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0908.2225.38429 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0908.2225.38429 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0908.2225.38429 - ATI) Hidden
Catalyst Control Center HydraVision Full (x32 Version: 2009.0908.2225.38429 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0908.2225.38429 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0908.2225.38429 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help English (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help French (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help German (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0908.2225.38429 - ATI) Hidden
ccc-utility64 (Version: 2009.0908.2225.38429 - ATI) Hidden
Citrix Receiver (Enterprise) (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 13.4.0.25 - Citrix Systems, Inc.)
Citrix Receiver (HDX Flash Redirection) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver Inside (x32 Version: 3.4.0.29585 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver(PNA) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver(SSON) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.12.0 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.116.0 - ATI Technologies Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iPhone Contacts + SMS Backup 1.2.7.0 (HKLM-x32\...\Cucusoft iPhone Contacts + SMS Backup_is1) (Version:  - Cucusoft, Inc.)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}) (Version: 1.18.9.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007F-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5001 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.6 - NVIDIA Corporation)
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Outlook Express Backup 6.5 (HKLM-x32\...\Outlook Express Backup) (Version: 6.5 - Genie-Soft)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.0.1 - Tweaking.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
28-04-2014 07:05:46 Revo Uninstaller Pro's restore point - HitmanPro 3.7
28-04-2014 07:08:17 Revo Uninstaller Pro's restore point - HP Games
28-04-2014 10:35:26 Revo Uninstaller Pro's restore point - Visual Studio 2008 x64 Redistributables
28-04-2014 10:45:44 Revo Uninstaller Pro's restore point - Update Installer for WildTangent Games App
28-04-2014 10:46:42 Revo Uninstaller Pro's restore point - WildTangent Games App (HP Games)
28-04-2014 22:16:49 Revo Uninstaller Pro's restore point - AVG SafeGuard toolbar
29-04-2014 00:33:45 Revo Uninstaller Pro's restore point - tmp00006871
29-04-2014 09:20:21 Revo Uninstaller Pro's restore point - Dropbox
01-05-2014 01:24:13 Windows Update
03-05-2014 22:00:33 Windows Update
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0BE77522-C460-4D4F-B44A-08FB5014C4AE} - \GoogleUpdateTaskUserS-1-5-21-206089245-3203119414-1995549564-1001UA No Task File <==== ATTENTION
Task: {0FB3AB1C-5639-4030-BCAA-88506393DC0B} - \FileCure Startup No Task File <==== ATTENTION
Task: {11FA479A-FEF3-433C-B350-F2A53DBAA01F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {132E9620-FA71-4976-9B9F-D365CCC04C00} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {1361E19F-CE7A-480E-A95F-292A301DF40F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {20A45D91-E9BC-4832-86C3-F9BCE16AB84E} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {2F67E793-5DDB-452D-BC83-5DFAB4F3F4DA} - \GoogleUpdateTaskUserS-1-5-21-206089245-3203119414-1995549564-1001Core No Task File <==== ATTENTION
Task: {39DFA996-8B74-4FCF-AD9D-BA97159687EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-05] (Google Inc.)
Task: {3B15C882-F8CF-4675-96C6-2503FF7A60D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {49BAC67E-F7E1-4D03-B0BC-AB84369FC028} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {4FB92DE9-97DA-44BC-AB6D-0A69B27C662A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {5AF9422D-E11C-4531-8846-F39612D6F2A0} - \ParetoLogic Registration3 No Task File <==== ATTENTION
Task: {6774FF12-D7AF-410B-A2D4-E82196130E54} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {6A471D5D-572F-4504-B808-34989BC9E0DD} - System32\Tasks\HPCeeScheduleForcityzone => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {70B6974E-998D-4E77-9C7C-65E677FF6A8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-05] (Google Inc.)
Task: {72E6C947-B12F-4EF0-A5AA-6ACB1D05FF2E} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {9C6C84E8-83FE-446F-B46D-7E6B74367DF6} - \{FBEA1D3B-6778-4357-8E37-543E2D01151A} No Task File <==== ATTENTION
Task: {A3E4E92A-FFA4-4197-9FC6-7F248AC7E2C9} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {AE9EA47B-BF62-44F2-9C3F-408F52BDAE1A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C1742D40-296D-4A8B-9DC2-2F5BE08E0F6D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C1E2B30D-F20E-4A24-8745-FE7F7832ED5B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {C2C678A5-07E0-448C-8F43-CD2582873C26} - \avast! Emergency Update No Task File <==== ATTENTION
Task: {EFDC0B17-57E6-4E50-A126-4D6E8E5895A0} - \ParetoLogic Update Version3 No Task File <==== ATTENTION
Task: {F7DACE82-A963-404F-B8C2-9C4AF028978C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-206089245-3203119414-1995549564-1001Core.job => C:\Users\cityzone\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-206089245-3203119414-1995549564-1001UA.job => C:\Users\cityzone\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForcityzone.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-04-04 15:13 - 2011-04-19 15:31 - 00181760 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
2013-04-04 15:13 - 2010-02-09 14:55 - 00055296 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2014-03-20 11:24 - 2014-03-20 11:24 - 00667808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2013-04-04 15:13 - 2011-04-19 15:31 - 00150016 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2009-06-26 12:25 - 2009-06-26 12:25 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-03-17 00:18 - 2010-03-17 00:18 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-04-04 15:12 - 2011-05-27 14:57 - 00022944 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-20 18:09 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-11-20 18:09 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-11-20 18:09 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-11-20 18:09 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-11-20 18:09 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-12-21 18:04 - 2013-12-21 18:04 - 03989888 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll
2013-04-04 15:12 - 2010-08-22 20:01 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2013-04-04 15:12 - 2010-08-22 20:01 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2013-04-04 15:12 - 2010-08-22 20:01 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2013-04-04 15:12 - 2010-08-22 20:01 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2013-04-04 15:12 - 2010-08-22 19:32 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2013-04-04 15:12 - 2011-05-27 14:08 - 00660480 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2014-03-17 07:36 - 2014-03-15 12:50 - 00051016 _____ () C:\Users\cityzone\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-17 07:36 - 2014-03-15 12:50 - 00716616 _____ () C:\Users\cityzone\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-17 07:36 - 2014-03-15 12:50 - 00100168 _____ () C:\Users\cityzone\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-17 07:36 - 2014-03-15 12:50 - 04061000 _____ () C:\Users\cityzone\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-17 07:36 - 2014-03-15 12:50 - 00394568 _____ () C:\Users\cityzone\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-17 07:36 - 2014-03-15 12:50 - 01647432 _____ () C:\Users\cityzone\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\cityzone\Downloads\noname.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\cityzone\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/05/2014 07:06:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6021
 
Error: (05/05/2014 07:06:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6021
 
Error: (05/05/2014 07:06:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/05/2014 07:06:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5023
 
Error: (05/05/2014 07:06:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5023
 
Error: (05/05/2014 07:06:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/05/2014 07:06:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4025
 
Error: (05/05/2014 07:06:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4025
 
Error: (05/05/2014 07:06:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/05/2014 07:06:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3026
 
 
System errors:
=============
Error: (05/06/2014 09:30:51 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/06/2014 09:30:46 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/06/2014 09:30:42 AM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (05/06/2014 09:30:08 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/06/2014 09:30:02 AM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater18.1.0 service failed to start due to the following error: 
%%2
 
Error: (05/06/2014 09:28:49 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/06/2014 09:28:48 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/06/2014 09:28:48 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (05/06/2014 09:28:12 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (05/06/2014 08:25:39 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
 
Microsoft Office Sessions:
=========================
Error: (05/05/2014 07:06:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6021
 
Error: (05/05/2014 07:06:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6021
 
Error: (05/05/2014 07:06:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/05/2014 07:06:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5023
 
Error: (05/05/2014 07:06:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5023
 
Error: (05/05/2014 07:06:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/05/2014 07:06:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4025
 
Error: (05/05/2014 07:06:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4025
 
Error: (05/05/2014 07:06:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/05/2014 07:06:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3026
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-06 09:28:00.783
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-06 09:22:08.064
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-06 09:08:16.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-06 08:51:45.343
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-06 08:30:03.905
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-05 18:44:51.885
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-05 15:45:43.908
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-05 10:11:39.857
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-05 10:05:03.863
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-05 09:56:51.904
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 54%
Total physical RAM: 4095.3 MB
Available physical RAM: 1856.4 MB
Total Pagefile: 8188.79 MB
Available Pagefile: 5606.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (COMPAQ) (Fixed) (Total:455.69 GB) (Free:390.84 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.97 GB) (Free:1.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:01 PM

Posted 06 May 2014 - 09:28 AM


I checked the Task Manager and there was dozens of SDONAccess.exe processes running.

It's related to Spybot - Search and Destroy.

You will find information here. Not conclusif.
http://forums.spybot.info/showthread.php?70093-What-Forum-should-I-ask-about-SDONACCESS-exe-Why-so-many-are-running-concurrently

These are the task you run
Task: {49BAC67E-F7E1-4D03-B0BC-AB84369FC028} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {4FB92DE9-97DA-44BC-AB6D-0A69B27C662A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {C1E2B30D-F20E-4A24-8745-FE7F7832ED5B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe


You can check further with their Forum or remove it using the Add/Remove program.
Restart the computer normally and check if all is OK.

You may decide to re-install and running it as an Administrator.
===


Hosts: Hosts file not detected in the default directory

Reset it to the default.
How To:
http://support.microsoft.com/kb/972034

Use the Fix it button on the page.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
HKU\S-1-5-21-206089245-3203119414-1995549564-1001\...\MountPoints2: {b1a66088-a1a4-11e1-8e6e-7071bc3ac260} - G:\MediaManager.exe
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll No File
S2 vToolbarUpdater18.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [X]
C:\Users\cityzone\AppData\Local\Temp\VSUSetup.exe
Task: {0BE77522-C460-4D4F-B44A-08FB5014C4AE} - \GoogleUpdateTaskUserS-1-5-21-206089245-3203119414-1995549564-1001UA No Task File <==== ATTENTION
Task: {0FB3AB1C-5639-4030-BCAA-88506393DC0B} - \FileCure Startup No Task File <==== ATTENTION
Task: {2F67E793-5DDB-452D-BC83-5DFAB4F3F4DA} - \GoogleUpdateTaskUserS-1-5-21-206089245-3203119414-1995549564-1001Core No Task File <==== ATTENTION
Task: {5AF9422D-E11C-4531-8846-F39612D6F2A0} - \ParetoLogic Registration3 No Task File <==== ATTENTION
Task: {9C6C84E8-83FE-446F-B46D-7E6B74367DF6} - \{FBEA1D3B-6778-4357-8E37-543E2D01151A} No Task File <==== ATTENTION
Task: {C2C678A5-07E0-448C-8F43-CD2582873C26} - \avast! Emergency Update No Task File <==== ATTENTION
Task: {EFDC0B17-57E6-4E50-A126-4D6E8E5895A0} - \ParetoLogic Update Version3 No Task File <==== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users