Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Connection Problem


  • This topic is locked This topic is locked
27 replies to this topic

#1 sharkwithlazer

sharkwithlazer

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 23 July 2014 - 07:45 PM

I've been having problems connecting to the net using my laptop, after a while, pages stop loading and the browser starts to hang, other programs that connect to the net also hang. After checking the network activity, I was shocked at the amount, around 10 million or so sent and 100 million received. This after just around an hour of browsing with no streaming or large downloads. I tried using the network diagnostic tool and the error found was "Wireless Network configuration does not have a valid IP configuration". Other devices connected to the network have no problem.

 

DDS log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by ... at 21:06:35 on 2014-07-23
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.6007.4297 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Windows\runservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\SmartSVN 6.6\bin\statuscached.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\OSCARK3G\OscarEditor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\explorer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.bing.com
uSearch Bar = www.bing.com
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = www.google.com
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
mWinlogon: Shell = explorer
mWinlogon: Userinit = userinit.exe,
BHO: HelperObject Class: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [OscarEditor] "C:\Program Files (x86)\OSCARK3G\OscarEditor.exe" Minimum
uRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
uRun: [googletalk] C:\Users\...\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [{a1909659-0a08-4554-8af1-2175904903a1}] "C:\ProgramData\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe" /burn.log.append "C:\Users\...\AppData\Local\Temp\dd_vcredist_amd64_20140630213438.log" /quiet /norestart ignored /burn.runonce
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
StartupFolder: C:\Users\...\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MALWAR~1.LNK - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
StartupFolder: C:\Users\...\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MALWAR~2.LNK - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
StartupFolder: C:\Users\...\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YAHOO!~1.LNK - C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MALWAR~2.LNK - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MALWAR~1.LNK - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableStartupSound = dword:1
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001060-0002-0060-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5B7E906C-3427-4688-A2F9-EDE01229E27F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5B7E906C-3427-4688-A2F9-EDE01229E27F}\35970234C6169747F677E6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{5B7E906C-3427-4688-A2F9-EDE01229E27F}\4497E61637479713 : DHCPNameServer = 124.106.6.134 124.106.5.2 192.168.1.1
TCP: Interfaces\{5B7E906C-3427-4688-A2F9-EDE01229E27F}\4556E64616F5036323549383 : DHCPNameServer = 124.106.4.2 124.106.5.2
TCP: Interfaces\{5B7E906C-3427-4688-A2F9-EDE01229E27F}\4656661657C647 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{5B7E906C-3427-4688-A2F9-EDE01229E27F}\F4244455C4941435F584F44554C4 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{A7A92170-435B-4301-98A6-B8B2BF43F052} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B7659E0B-411D-497D-995F-EF0F399240E0} : DHCPNameServer = 121.1.3.172 121.1.3.89
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Agent Ransack Keyboard Hook: {B23EDAE2-2A36-4c87-AEFD-B6801B6C6584} - C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001060-0002-0060-ABCDEFFEDCBC} - <orphaned>
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-STS: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\5xqltad9.default-1405410688087\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Users\...\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-20 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-20 224896]
R0 LHDmgr;LHDmgr;C:\Windows\System32\drivers\LhdX64.sys [2011-3-21 39008]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-2-25 28504]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2011-3-24 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2011-3-21 427360]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-3-22 254528]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-7-15 62392]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-3 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-3-21 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-29 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2014-7-9 50344]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-21 13336]
R2 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2013-9-8 2560]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-7-15 360592]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-12-6 1229528]
R2 statuscached;SmartSVN Status Cache;C:\Program Files (x86)\SmartSVN 6.6\bin\statuscached.exe [2011-12-20 216576]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-21 2320920]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2014-4-9 92176]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\System32\drivers\AcpiVpc.sys [2011-3-21 28176]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-3-21 162304]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-16 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-12-6 18456]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-21 347680]
R3 vm331avs;Digital Camera 1;C:\Windows\System32\drivers\vm331avs.sys [2011-3-21 207232]
S2 BestSyncSvc;BestSync Service;C:\Program Files\RiseFly\BestSync\BestSyncSvc.exe [2013-12-23 4444888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-12-6 662232]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-3-21 52264]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-3-21 35104]
S3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2012-1-21 21480]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-7-15 91352]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-8-2 22528]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-3-21 242720]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-6-21 42184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-07-23 12:31:11    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-23 12:31:11    --------    d-----w-    C:\Program Files\iTunes
2014-07-23 12:31:11    --------    d-----w-    C:\Program Files (x86)\iTunes
2014-07-23 11:46:15    --------    d-----w-    C:\Program Files\iPod
2014-07-22 12:37:37    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2014-07-22 12:37:14    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2014-07-22 12:36:57    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2014-07-22 12:36:57    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2014-07-20 01:18:35    111016    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-07-19 11:14:13    --------    d-----w-    C:\FRST
2014-07-18 22:33:29    --------    d-----w-    C:\Users\...\AppData\Local\Secunia PSI
2014-07-18 22:33:15    --------    d-----w-    C:\Program Files (x86)\Secunia
2014-07-17 11:26:48    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-07-17 11:25:39    --------    d-----w-    C:\AdwCleaner
2014-07-15 08:18:45    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-15 08:17:17    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-15 08:16:49    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-15 08:16:49    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-07-15 08:16:49    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-07-15 08:16:49    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-07-15 08:16:49    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-15 08:16:11    --------    d-----w-    C:\Program Files (x86)\FileASSASSIN
2014-07-15 08:15:29    --------    d-----w-    C:\ProgramData\Malwarebytes Anti-Exploit
2014-07-15 08:15:27    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-07-09 11:27:53    43152    ----a-w-    C:\Windows\avastSS.scr
2014-07-05 23:44:15    --------    d-sh--w-    C:\Jumpshot
2014-07-05 11:55:09    --------    d-----w-    C:\Windows\jumpshot.com
2014-07-02 13:40:49    --------    d-----w-    C:\Program Files (x86)\Check Point Software Technologies LTD
2014-07-02 13:40:41    --------    d-----w-    C:\Users\...\AppData\Roaming\Check Point Software Technologies LTD
2014-06-30 11:36:37    --------    d-----w-    C:\Users\...\AppData\Roaming\IDM
2014-06-29 13:59:22    --------    d-----w-    C:\Program Files (x86)\McAfee Security Scan
2014-06-29 13:47:02    290304    ----a-w-    C:\Windows\System32\subinacl.exe
2014-06-29 03:55:29    --------    d-----w-    C:\Users\...\AppData\Roaming\TheBannerSaga
.
==================== Find3M  ====================
.
2014-07-23 13:00:28    1497    --sha-w-    C:\Windows\SysWow64\mmf.sys
2014-07-20 01:55:30    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-20 01:55:29    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 11:27:58    92008    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-07-09 11:27:58    224896    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-07-09 11:27:58    1041168    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2014-07-09 11:27:57    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-07-09 11:27:57    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-07-09 11:27:57    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-07-09 11:27:57    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-04-24 15:03:34    450968    ----a-w-    C:\Windows\System32\drivers\vsdatant.sys
.
============= FINISH: 21:10:05.37 ===============
 

 

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/21/2011 6:53:32 PM
System Uptime: 7/23/2014 8:59:24 PM (1 hours ago)
.
Motherboard: LENOVO |  | Base Board Product Name
Processor: Intel® Core™ i5 CPU       M 480  @ 2.67GHz | CPU | 2667/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 596 GiB total, 7.805 GiB free.
D: is CDROM ()
G: is FIXED (FAT32) - 7 GiB total, 2.514 GiB free.
V: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP538: 7/22/2014 8:36:36 PM - Windows Update
.
==== Installed Programs ======================
.

.sol Editor 1.1.0.1
7-Zip 9.20
8-in-Right
Able2Extract Professional 8.0
ACDSee 5.0 Standard
Adobe AIR
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Shockwave Player 12.1
Agarest: Generations of War
Agent Ransack 2010 (64-bit)
AIDA64 Business Edition v2.60
Angry Birds
Angry Birds Rio
Angry Birds Seasons
Anomaly Warzone Earth
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASAP Utilities
avast! Free Antivirus
Baking Success
Bastion
BestSync
Bonjour
BOSS
BrainSpeeder 3.4.102
BrowseToSave
calibre 64bit
CBH
CCleaner
CDisplay 1.8
CDisplayEx 1.8
Cheat Engine 6.1
Cheat Engine 6.3
Chikka Messenger
ComicRack v0.9.143
CopyTrans Suite Remove Only
Cossacks Anthology
Course Vector .minerva
CPUID CPU-Z 1.58
CyberLink YouCam
DAEMON Tools Lite
DC++ 0.828
Deadly Sin
Defraggler
Diner Dash 5 - BOOM
Divine Wind version 5.1
DivX Codec
Dungeon of the Endless
Dungeons of Dredmor
Duplicate Cleaner Free 3.2.3
Energy Management
ETDWare PS/2-x64 7.0.4.17_WHQL
Explorer Suite III
f.lux
Facebook Video Calling 2.0.0.447
Fallout Mod Manager 0.13.21
FanFictionDownloader version 0.8.9
Farm Up
Fate/stay night English v3.2
FE Mod Manager
Feudalism 2
FileASSASSIN
Foxit Reader
FTL: Faster Than Light
GhostMouse
GIMP 2.8.0
GMATPrep
Google Talk (remove only)
Gratuitous Tank Battles
Grim Dawn
HP Deskjet Ink Adv 2060 K110 Basic Device Software
HP Deskjet Ink Adv 2060 K110 Help
HP Deskjet Ink Adv 2060 K110 Product Improvement Study
HP FWUpdateEDO2
HP Photo Creations
HP Update
HPDiagnosticAlert
I Miss the Sunrise
Intel® Control Center
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Driver
Intrusion 2 version 1
iTunes
Java 7 Update 65 (64-bit)
JavaFX 2.1.1
Kudos 2
KVIrc
Lenovo Bluetooth with Enhanced Data Rate Software
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo_Wireless_Driver
Little Inferno
Malwarebytes Anti-Exploit version 1.03.1.1220
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 1.0
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Windows Application Compatibility Database
Microsoft Windows Media Video 9 VCM
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
MKVToolNix 6.1.0
Mobipocket Reader 6.2
MozBackup 1.5.1
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.7.0
MSXML4 Parser
neroxml
Notepad++
NVIDIA 3D Vision Driver 306.23
NVIDIA Control Panel 306.23
NVIDIA Graphics Driver 306.23
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
Onekey Theater
Opaline - 2 Fates 1 Love
OpenAL
PC Wizard 2010.1.96
PDF-Viewer
PDF-XChange Editor
PDF-XChange Lite 2012
Picasa 3
Puzzle Quest 2
Python 2.7.5 (64-bit)
QuickTime
Rainlendar2 (remove only)
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Recettear
Recuva
RegRun Reanimator
Republic at War 1.1
RGF HotSpot version 0.6b
RGSS-RTP Standard
Rise of Nations
RPG MAKER VX Ace RTP
RPG Maker VX RTP
RPGXP
SchweserPro Level 1 2014
Secunia PSI (3.0.0.9016)
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 Complete
Sigil 0.5.3
Sine Mora
SISTERS ~??????~
SmartSVN 6.6
SnagIt 8
Solar Wars v1.40
Speccy
SpeedFan (remove only)
Star Wars Empire at War
Star Wars Empire at War Forces of Corruption
Star Wars® Knights of the Old Republic® II: The Sith Lords™
Stardock ObjectDock
Steam
Sudoku Up 2012 v6.0
SWF Opener
swMSM
Sword of the Stars: The Pit
Tales of Maj'Eyal
The Banner Saga
The Sparkle 2 - Evo
TorchED
Torchlight 2
TortoiseSVN 1.7.8.23174 (64 bit)
Total Commander (Remove or Repair)
Transistor
Underlord 1.5
USB Game Controller
VC 9.0 Runtime
VeriFace
VitalSource Bookshelf
VLC media player 2.1.2
Winamp
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1)
Windows Resource Kit Tools - SubInAcl.exe
WinRAR 4.00
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yahoo! Widgets
Zigfrak
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm Security
ZoneAlarm Security Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/23/2014 9:03:01 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/23/2014 9:03:01 PM, Error: Service Control Manager [7023]  - The HP Network Devices Support service terminated with the following error:  The specified module could not be found.
7/23/2014 9:03:01 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
7/23/2014 9:00:23 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the BestSync Service service to connect.
7/23/2014 9:00:12 PM, Error: Service Control Manager [7000]  - The atksgt service failed to start due to the following error:  This driver has been blocked from loading
7/23/2014 9:00:12 PM, Error: Application Popup [875]  - Driver atksgt.sys has been blocked from loading.
7/21/2014 9:12:16 PM, Error: Service Control Manager [7038]  - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/21/2014 9:12:16 PM, Error: Service Control Manager [7000]  - The UPnP Device Host service failed to start due to the following error:  The service did not start due to a logon failure.
7/21/2014 9:12:16 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
7/20/2014 7:26:50 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
7/19/2014 7:11:38 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the ZoneAlarm Privacy Service service to connect.
7/19/2014 7:11:38 PM, Error: Service Control Manager [7000]  - The ZoneAlarm Privacy Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/19/2014 6:51:26 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Globe Tattoo Broadband. OUC service to connect.
7/19/2014 6:51:26 AM, Error: Service Control Manager [7000]  - The Globe Tattoo Broadband. OUC service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/19/2014 6:42:49 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
7/19/2014 6:14:01 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
7/19/2014 6:14:01 AM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/19/2014 1:49:04 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the btwdins service.
7/16/2014 6:19:02 AM, Error: Service Control Manager [7038]  - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/16/2014 6:19:02 AM, Error: Service Control Manager [7038]  - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/16/2014 6:19:02 AM, Error: Service Control Manager [7000]  - The Diagnostic Service Host service failed to start due to the following error:  The service did not start due to a logon failure.
7/16/2014 6:18:57 AM, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================
 

 

Any help would be greatly appreciated.



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:11 PM

Posted 28 July 2014 - 02:18 PM

Greetings sharkwithlazer and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Result log
  • FSS.txt
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 sharkwithlazer

sharkwithlazer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 29 July 2014 - 09:30 PM

Hi Gary,

 

I'll try to post the logs tomorrow, Avast keeps blocking my download of Farbar's Minitoolbox. Sorry for the delay. I tried running an Avast bootscan yesterday since I noticed that the number of packets received and sent started increasing very fast as soon as I finished logging in but the scan found nothing.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:11 PM

Posted 29 July 2014 - 09:33 PM

OK thanks for the update.  It is not uncommon to see increased activity when it appears your computer is idle.  There can be a lot of legitimate stuff going on under the radar.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 sharkwithlazer

sharkwithlazer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 30 July 2014 - 08:23 PM

Hi Gary, here are the logs. I can't attach the system summary log as it exceeds the file size limit.

 

FRST Log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by … (administrator) on ___ on 30-07-2014 20:04:34
Running from C:\Users\...\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
() C:\Windows\Runservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
() C:\Program Files (x86)\SmartSVN 6.6\bin\statuscached.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
() C:\Program Files (x86)\OSCARK3G\OscarEditor.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Farbar) C:\Users\...\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [2598280 2010-03-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462528 2010-03-30] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056800 2010-03-18] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122528 2011-04-03] (Lenovo)
HKLM-x32\...\Run: [avast] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [4086432 2014-07-09] (AVAST Software)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-04-25] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\RunOnce: [{a1909659-0a08-4554-8af1-2175904903a1}] => C:\ProgramData\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe [454112 2014-06-30] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer [ ] () <=== ATTENTION
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\Run: [OscarEditor] => C:\Program Files (x86)\OSCARK3G\OscarEditor.exe [4523008 2009-09-22] ()
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [4373600 2013-03-12] ()
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\Run: [googletalk] => C:\Users\...\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-02] (Google)
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6276408 2011-06-16] (Yahoo! Inc.)
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {143abdf3-5425-11e0-8903-806e6f6e6963} - D:\AutoLauncher.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {1645df72-8155-11e0-9033-1c750857ca41} - E:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {a8c4342e-65ef-11e1-9f2c-18f46afd19c2} - E:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {e96c3423-a445-11e0-a159-1c750857ca41} - E:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {f1047732-c991-11e1-af6c-1c750857ca41} - E:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {f41da28f-c816-11e1-afc1-1c750857ca41} - E:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {f41da29d-c816-11e1-afc1-1c750857ca41} - E:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {f41da2a8-c816-11e1-afc1-1c750857ca41} - E:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {f60f652e-c87e-11e1-b795-1c750857ca41} - F:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {f60f6545-c87e-11e1-b795-1c750857ca41} - H:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Exploit.lnk
ShortcutTarget: Malwarebytes Anti-Exploit.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Malwarebytes Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Malware.lnk
ShortcutTarget: Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Exploit.lnk
ShortcutTarget: Malwarebytes Anti-Exploit.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Malwarebytes Corporation)
Startup: C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Malware.lnk
ShortcutTarget: Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Startup: C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()
ShellIconOverlayIdentifiers-x32: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: SmartSVN1 -> {CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366} => C:\Program Files (x86)\SmartSVN 6.6\lib\shellext32.dll ()
ShellIconOverlayIdentifiers-x32: SmartSVN2 -> {CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366} => C:\Program Files (x86)\SmartSVN 6.6\lib\shellext32.dll ()
ShellIconOverlayIdentifiers-x32: SmartSVN3 -> {CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366} => C:\Program Files (x86)\SmartSVN 6.6\lib\shellext32.dll ()
ShellIconOverlayIdentifiers-x32: SmartSVN4 -> {CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366} => C:\Program Files (x86)\SmartSVN 6.6\lib\shellext32.dll ()
ShellIconOverlayIdentifiers-x32: SmartSVN5 -> {CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366} => C:\Program Files (x86)\SmartSVN 6.6\lib\shellext32.dll ()
ShellIconOverlayIdentifiers-x32: SmartSVN6 -> {CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366} => C:\Program Files (x86)\SmartSVN 6.6\lib\shellext32.dll ()
ShellIconOverlayIdentifiers-x32: SmartSVN7 -> {CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366} => C:\Program Files (x86)\SmartSVN 6.6\lib\shellext32.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEBBBACF1CFF5CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {BB4AE144-E5BE-468C-95B9-10459FCD13CD} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10583
SearchScopes: HKCU - {DFD10918-9675-473A-959D-88AEEBF52878} URL = http://search.us.com/serp?guid={B5E073A7-73A2-4C13-9C5F-FA2E6D11B4FD}&action=default_search&serpv=5&k={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Agent Ransack Keyboard Hook -> {B23EDAE2-2A36-4c87-AEFD-B6801B6C6584} -> C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll (Mythicsoft Ltd)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HelperObject Class -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\5xqltad9.default-1405410688087
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\...\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\5xqltad9.default-1405410688087\Extensions\adblockpopups@jessehakanen.net.xpi [2014-07-15]
FF Extension: Self-Destructing Cookies - C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\5xqltad9.default-1405410688087\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2014-07-15]
FF Extension: Adblock Plus - C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\5xqltad9.default-1405410688087\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-24]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\...\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR HomePage:
CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\...\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-09-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-07-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-09] (AVAST Software)
S2 BestSyncSvc; C:\Program Files\RiseFly\BestSync\BestSyncSvc.exe [4444888 2013-12-23] (RiseFly Software)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-03-30] () [File not signed]
R2 LicCtrlService; C:\Windows\runservice.exe [2560 2013-09-08] () [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 statuscached; C:\Program Files (x86)\SmartSVN 6.6\bin\statuscached.exe [216576 2011-12-20] () [File not signed]
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-04-25] (Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [92176 2014-04-09] (Check Point Software Technologies, Ltd.)
S2 HPSLPSVC; C:\Users\...\AppData\Local\Temp\7zS6054\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-09] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [28504 2012-02-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-09] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2012-05-06] ()
S3 cpuz134; C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [21480 2010-07-09] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-03-22] (DT Soft Ltd)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62392 2014-06-04] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2012-05-05] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-07-15] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 RegGuard; C:\Windows\SysWOW64\Drivers\regguard.sys [24416 2011-06-24] (Greatis Software)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [207232 2009-11-09] (Vimicro Corporation)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450968 2014-04-24] (Check Point Software Technologies Ltd.)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 Iviaspi; system32\drivers\iviaspi.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 ____D () C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-07-30 19:23 - 2014-07-30 19:24 - 02093568 _____ (Farbar) C:\Users\...\Downloads\FRST64(1).exe
2014-07-30 19:23 - 2014-07-30 19:23 - 00401920 _____ (Farbar) C:\Users\...\Downloads\MiniToolBox.exe
2014-07-29 14:19 - 2014-07-29 14:19 - 00010972 _____ () C:\Users\...\Documents\laundry.xlsx
2014-07-29 08:10 - 2014-07-29 08:10 - 01214696 _____ () C:\Users\...\Documents\summary.nfo
2014-07-29 07:53 - 2014-07-29 07:53 - 00415232 _____ (Farbar) C:\Users\...\Downloads\FSS.exe
2014-07-28 21:25 - 2014-07-28 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-28 21:25 - 2014-07-28 21:25 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-28 19:54 - 2014-07-28 19:54 - 00001026 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-28 19:35 - 2014-07-28 19:35 - 00001662 _____ () C:\Users\Public\Desktop\MPC-HC x64.lnk
2014-07-28 19:35 - 2014-07-28 19:35 - 00000000 ____D () C:\Users\...\AppData\Roaming\MPC-HC
2014-07-28 19:35 - 2014-07-28 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2014-07-28 19:35 - 2014-07-28 19:35 - 00000000 ____D () C:\Program Files\MPC-HC
2014-07-28 18:17 - 2014-07-28 18:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-26 08:32 - 2014-07-26 08:32 - 00000000 _____ () C:\Users\...\Desktop\YourGame.exe
2014-07-23 20:32 - 2014-07-23 20:32 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-23 20:32 - 2014-07-23 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-23 20:31 - 2014-07-23 20:32 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-23 20:31 - 2014-07-23 20:32 - 00000000 ____D () C:\Program Files\iTunes
2014-07-23 20:31 - 2014-07-23 20:32 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-23 19:46 - 2014-07-23 20:31 - 00000000 ____D () C:\Program Files\iPod
2014-07-23 19:43 - 2014-07-23 19:43 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Apple Computer
2014-07-23 19:43 - 2014-07-23 19:43 - 00000000 ____D () C:\Users\Default\AppData\Local\Apple Computer
2014-07-23 19:43 - 2014-07-23 19:43 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Apple Computer
2014-07-23 19:43 - 2014-07-23 19:43 - 00000000 ____D () C:\Users\Default User\AppData\Local\Apple Computer
2014-07-22 20:37 - 2012-06-03 06:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-22 20:37 - 2012-06-03 06:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-22 20:37 - 2012-06-03 06:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-22 20:37 - 2012-06-03 06:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-22 20:37 - 2012-06-03 06:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-22 20:37 - 2012-06-03 06:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-22 20:37 - 2012-06-03 06:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-22 20:36 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-22 20:36 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-21 21:07 - 2014-07-30 19:55 - 00001960 _____ () C:\Windows\setupact.log
2014-07-21 21:07 - 2014-07-21 21:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-20 09:28 - 2014-07-20 09:28 - 00001223 _____ () C:\Users\Public\Desktop\MPC-HC.lnk
2014-07-20 09:18 - 2014-07-20 09:17 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-20 09:18 - 2014-07-20 09:16 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-20 09:18 - 2014-07-20 09:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-20 09:18 - 2014-07-20 09:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-20 09:16 - 2014-07-20 09:16 - 00000000 ____D () C:\Program Files\Java
2014-07-20 09:05 - 2014-07-21 20:49 - 00000468 _____ () C:\Users\...\Downloads\defogger_disable.log
2014-07-20 09:05 - 2014-07-20 09:05 - 00000000 _____ () C:\Users\...\defogger_reenable
2014-07-20 09:04 - 2014-07-20 09:04 - 00001029 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-07-20 09:02 - 2014-07-20 09:03 - 05329480 _____ (Secunia) C:\Users\...\Downloads\PSISetup.exe
2014-07-20 08:49 - 2014-07-20 08:49 - 00003288 ____N () C:\bootsqm.dat
2014-07-20 07:48 - 2014-07-20 07:49 - 00000000 ____D () C:\Users\...\Downloads\getservice
2014-07-20 07:33 - 2014-07-20 07:34 - 00130337 _____ () C:\Users\...\Downloads\getservices.zip
2014-07-20 07:21 - 2014-07-20 07:21 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\...\Downloads\ADSSpy.exe
2014-07-19 19:18 - 2014-07-19 19:19 - 00050049 _____ () C:\Users\...\Downloads\Addition.txt
2014-07-19 19:16 - 2014-07-30 20:05 - 00028813 _____ () C:\Users\...\Downloads\FRST.txt
2014-07-19 19:14 - 2014-07-30 20:04 - 00000000 ____D () C:\FRST
2014-07-19 19:07 - 2014-07-19 19:07 - 01354223 _____ () C:\Users\...\Downloads\AdwCleaner(1).exe
2014-07-19 06:59 - 2014-07-23 21:10 - 00021606 _____ () C:\Users\...\Desktop\dds.txt
2014-07-19 06:59 - 2014-07-23 21:10 - 00013072 _____ () C:\Users\...\Desktop\attach.txt
2014-07-19 06:33 - 2014-07-19 06:33 - 00000000 ____D () C:\Users\...\AppData\Local\Secunia PSI
2014-07-19 06:33 - 2014-07-19 06:33 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-07-19 06:10 - 2014-07-19 06:10 - 02086912 _____ (Farbar) C:\Users\...\Downloads\FRST64.exe
2014-07-17 19:54 - 2014-07-17 19:15 - 00006787 _____ () C:\Users\...\Downloads\startuplist.txt
2014-07-17 19:26 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-17 19:25 - 2014-07-19 19:09 - 00000000 ____D () C:\AdwCleaner
2014-07-17 19:24 - 2014-07-17 19:24 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\...\Downloads\tdsskiller.exe
2014-07-17 19:24 - 2014-07-17 19:24 - 00050477 _____ () C:\Users\...\Downloads\Defogger.exe
2014-07-17 19:23 - 2014-07-17 19:23 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\...\Downloads\rkill.exe
2014-07-17 19:23 - 2014-07-17 19:23 - 01348263 _____ () C:\Users\...\Downloads\AdwCleaner.exe
2014-07-17 19:23 - 2014-07-17 19:23 - 00688992 ____R (Swearware) C:\Users\...\Downloads\dds.com
2014-07-17 19:14 - 2014-07-17 19:35 - 00013627 _____ () C:\Users\...\Documents\hijackthis.log
2014-07-15 16:20 - 2014-07-15 16:20 - 00000000 ____D () C:\Users\...\Downloads\Chameleon
2014-07-15 16:18 - 2014-07-15 17:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-15 16:17 - 2014-07-20 09:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 16:17 - 2014-07-15 17:55 - 00000000 ____D () C:\Users\...\Desktop\mbar
2014-07-15 16:17 - 2014-07-15 16:17 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-15 16:16 - 2014-07-15 17:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-15 16:16 - 2014-07-15 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 16:16 - 2014-07-15 16:16 - 00001055 _____ () C:\Users\Public\Desktop\FileASSASSIN.lnk
2014-07-15 16:16 - 2014-07-15 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2014-07-15 16:16 - 2014-07-15 16:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 16:16 - 2014-07-15 16:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-15 16:16 - 2014-07-15 16:16 - 00000000 ____D () C:\Program Files (x86)\FileASSASSIN
2014-07-15 16:16 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-15 16:16 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-15 16:15 - 2014-07-29 12:00 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-07-15 16:15 - 2014-07-15 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-07-15 16:15 - 2014-07-15 16:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-07-15 16:09 - 2014-07-15 16:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\...\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-15 16:09 - 2014-07-15 16:12 - 14349744 _____ (Malwarebytes Corp.) C:\Users\...\Downloads\mbar-1.07.0.1012.exe
2014-07-15 16:09 - 2014-07-15 16:10 - 04872677 _____ () C:\Users\...\Downloads\mbam-chameleon-3.1.4.0.zip
2014-07-15 16:09 - 2014-07-15 16:09 - 00167034 _____ () C:\Users\...\Downloads\fileassassin-setup-1.06.exe
2014-07-15 16:09 - 2014-07-15 16:09 - 00065232 _____ (Malwarebytes) C:\Users\...\Downloads\regassassin-setup-1.03.exe
2014-07-15 15:56 - 2014-07-15 15:57 - 02650408 _____ (Malwarebytes ) C:\Users\...\Downloads\mbae-setup-1.03.1.1220.exe
2014-07-12 08:53 - 2014-07-12 08:54 - 29405096 _____ (Oracle Corporation) C:\Users\...\Downloads\jre-7u60-windows-i586.exe
2014-07-12 08:45 - 2014-07-15 15:51 - 00000000 ____D () C:\Users\...\Desktop\Old Firefox Data
2014-07-09 19:27 - 2014-07-09 19:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-06 09:27 - 2014-07-15 16:27 - 76021760 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000001
2014-07-06 09:27 - 2014-07-15 16:27 - 41156608 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000003
2014-07-06 09:27 - 2014-07-15 16:27 - 15990784 _____ () C:\Users\...\.ghost-ntfs-3g-00000000000000000009
2014-07-06 09:27 - 2014-07-15 16:25 - 02097152 _____ () C:\Users\Guest\.ghost-ntfs-3g-00000000000000000017
2014-07-06 09:27 - 2014-07-15 16:25 - 01310720 _____ () C:\Users\blank\.ghost-ntfs-3g-00000000000000000013
2014-07-06 07:44 - 2014-07-29 22:27 - 00000000 __SHD () C:\Jumpshot
2014-07-05 19:55 - 2014-07-29 22:35 - 00000000 ____D () C:\Windows\jumpshot.com
2014-07-05 08:39 - 2014-07-05 08:39 - 00000000 ____D () C:\Users\blank\AppData\Local\calibre-cache
2014-07-05 08:37 - 2014-07-05 08:39 - 00000000 ____D () C:\Users\blank\Documents\Calibre Library
2014-07-05 08:36 - 2014-07-05 08:39 - 00000000 ____D () C:\Users\blank\AppData\Roaming\calibre
2014-07-02 21:45 - 2014-07-02 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2014-07-02 21:40 - 2014-07-02 21:40 - 00000000 ____D () C:\Users\...\AppData\Roaming\Check Point Software Technologies LTD
2014-07-02 21:40 - 2014-07-02 21:40 - 00000000 ____D () C:\Program Files (x86)\Check Point Software Technologies LTD
2014-07-02 21:39 - 2014-07-02 21:39 - 03383208 _____ (Check Point Software Technologies Ltd.) C:\Users\...\Downloads\zafwSetupWeb_131_211_000.exe
2014-07-02 19:52 - 2014-07-02 19:52 - 00000000 ____D () C:\Users\blank\AppData\Local\Apple Computer
2014-07-01 18:20 - 2014-07-01 18:20 - 00000000 ____D () C:\Users\blank\AppData\Roaming\WinRAR
2014-07-01 12:54 - 2014-07-01 18:38 - 00000000 ____D () C:\Users\blank\Downloads\june2014
2014-07-01 12:40 - 2014-07-01 12:40 - 00000000 ____D () C:\Users\blank\AppData\Local\Microsoft Games
2014-06-30 19:36 - 2014-06-30 19:37 - 00000000 ____D () C:\Users\...\AppData\Roaming\IDM
2014-06-30 19:36 - 2014-06-30 19:36 - 00000000 ____D () C:\Users\...\Downloads\Video
2014-06-30 12:46 - 2014-06-30 12:46 - 16691888 _____ () C:\Users\blank\Downloads\YTDSetup.exe
2014-06-30 12:45 - 2014-06-30 12:45 - 00000000 ____D () C:\Users\blank\AppData\Local\Macromedia
2014-06-30 12:30 - 2014-06-30 12:30 - 00000000 ____D () C:\Users\blank\AppData\Local\Google

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-30 20:05 - 2014-07-19 19:16 - 00028813 _____ () C:\Users\...\Downloads\FRST.txt
2014-07-30 20:04 - 2014-07-19 19:14 - 00000000 ____D () C:\FRST
2014-07-30 20:02 - 2009-07-14 13:13 - 00782788 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-30 20:01 - 2011-03-22 09:42 - 01718788 _____ () C:\Windows\WindowsUpdate.log
2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 ____D () C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-07-30 19:58 - 2012-01-14 16:29 - 00000000 ____D () C:\Users\...\AppData\Local\TSVNCache
2014-07-30 19:57 - 2011-03-30 00:16 - 00000000 ____D () C:\Users\...\.rainlendar2
2014-07-30 19:56 - 2011-04-03 21:33 - 26406204 _____ () C:\FaceProv.log
2014-07-30 19:56 - 2011-04-03 19:42 - 00000000 ____D () C:\ProgramData\VeriFace
2014-07-30 19:55 - 2014-07-21 21:07 - 00001960 _____ () C:\Windows\setupact.log
2014-07-30 19:55 - 2013-09-08 22:02 - 00001497 ___SH () C:\Windows\SysWOW64\mmf.sys
2014-07-30 19:55 - 2011-03-21 19:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-30 19:55 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-30 19:24 - 2014-07-30 19:23 - 02093568 _____ (Farbar) C:\Users\...\Downloads\FRST64(1).exe
2014-07-30 19:24 - 2009-07-14 12:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-30 19:24 - 2009-07-14 12:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-30 19:23 - 2014-07-30 19:23 - 00401920 _____ (Farbar) C:\Users\...\Downloads\MiniToolBox.exe
2014-07-30 19:21 - 2013-11-30 20:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-29 22:35 - 2014-07-05 19:55 - 00000000 ____D () C:\Windows\jumpshot.com
2014-07-29 22:27 - 2014-07-06 07:44 - 00000000 __SHD () C:\Jumpshot
2014-07-29 14:19 - 2014-07-29 14:19 - 00010972 _____ () C:\Users\...\Documents\laundry.xlsx
2014-07-29 14:05 - 2012-05-18 05:53 - 00000000 ___RD () C:\Users\...\Documents\Bluetooth Exchange Folder
2014-07-29 12:00 - 2014-07-15 16:15 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-07-29 11:59 - 2013-04-15 18:22 - 00000000 ____D () C:\Users\...\AppData\Roaming\Forge
2014-07-29 08:10 - 2014-07-29 08:10 - 01214696 _____ () C:\Users\...\Documents\summary.nfo
2014-07-29 07:53 - 2014-07-29 07:53 - 00415232 _____ (Farbar) C:\Users\...\Downloads\FSS.exe
2014-07-29 07:45 - 2011-03-21 21:09 - 00000000 ____D () C:\Users\...\AppData\Roaming\vlc
2014-07-28 21:25 - 2014-07-28 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-28 21:25 - 2014-07-28 21:25 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-28 20:20 - 2014-06-21 06:32 - 00000000 ____D () C:\Users\...\Documents\Neverwinter Nights 2
2014-07-28 20:11 - 2012-06-16 22:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-28 19:54 - 2014-07-28 19:54 - 00001026 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-28 19:35 - 2014-07-28 19:35 - 00001662 _____ () C:\Users\Public\Desktop\MPC-HC x64.lnk
2014-07-28 19:35 - 2014-07-28 19:35 - 00000000 ____D () C:\Users\...\AppData\Roaming\MPC-HC
2014-07-28 19:35 - 2014-07-28 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2014-07-28 19:35 - 2014-07-28 19:35 - 00000000 ____D () C:\Program Files\MPC-HC
2014-07-28 18:18 - 2014-07-28 18:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 00:04 - 2011-09-24 08:00 - 00000000 ____D () C:\Users\...\AppData\Roaming\Media Player Classic
2014-07-26 08:32 - 2014-07-26 08:32 - 00000000 _____ () C:\Users\...\Desktop\YourGame.exe
2014-07-26 06:33 - 2012-07-09 14:57 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-23 21:10 - 2014-07-19 06:59 - 00021606 _____ () C:\Users\...\Desktop\dds.txt
2014-07-23 21:10 - 2014-07-19 06:59 - 00013072 _____ () C:\Users\...\Desktop\attach.txt
2014-07-23 20:32 - 2014-07-23 20:32 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-23 20:32 - 2014-07-23 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-23 20:32 - 2014-07-23 20:31 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-23 20:32 - 2014-07-23 20:31 - 00000000 ____D () C:\Program Files\iTunes
2014-07-23 20:32 - 2014-07-23 20:31 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-23 20:31 - 2014-07-23 19:46 - 00000000 ____D () C:\Program Files\iPod
2014-07-23 20:24 - 2011-03-21 22:33 - 00000000 ____D () C:\Users\...\Documents\My Books
2014-07-23 19:43 - 2014-07-23 19:43 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Apple Computer
2014-07-23 19:43 - 2014-07-23 19:43 - 00000000 ____D () C:\Users\Default\AppData\Local\Apple Computer
2014-07-23 19:43 - 2014-07-23 19:43 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Apple Computer
2014-07-23 19:43 - 2014-07-23 19:43 - 00000000 ____D () C:\Users\Default User\AppData\Local\Apple Computer
2014-07-21 21:07 - 2014-07-21 21:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-21 20:49 - 2014-07-20 09:05 - 00000468 _____ () C:\Users\...\Downloads\defogger_disable.log
2014-07-21 20:38 - 2013-01-13 08:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-20 09:56 - 2013-01-13 08:32 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-20 09:55 - 2013-01-13 08:32 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-20 09:55 - 2011-05-28 12:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-20 09:28 - 2014-07-20 09:28 - 00001223 _____ () C:\Users\Public\Desktop\MPC-HC.lnk
2014-07-20 09:28 - 2011-09-24 07:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema
2014-07-20 09:28 - 2011-09-24 07:59 - 00000000 ____D () C:\Program Files (x86)\Media Player Classic - Home Cinema
2014-07-20 09:26 - 2011-05-28 15:06 - 00000000 ____D () C:\ProgramData\Apple
2014-07-20 09:17 - 2014-07-20 09:18 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-20 09:17 - 2011-12-30 14:10 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-07-20 09:16 - 2014-07-20 09:18 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-20 09:16 - 2014-07-20 09:18 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-20 09:16 - 2014-07-20 09:18 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-20 09:16 - 2014-07-20 09:16 - 00000000 ____D () C:\Program Files\Java
2014-07-20 09:16 - 2014-07-15 16:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 09:05 - 2014-07-20 09:05 - 00000000 _____ () C:\Users\...\defogger_reenable
2014-07-20 09:05 - 2011-03-21 18:53 - 00000000 ____D () C:\Users\BSK
2014-07-20 09:04 - 2014-07-20 09:04 - 00001029 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-07-20 09:03 - 2014-07-20 09:02 - 05329480 _____ (Secunia) C:\Users\...\Downloads\PSISetup.exe
2014-07-20 08:49 - 2014-07-20 08:49 - 00003288 ____N () C:\bootsqm.dat
2014-07-20 07:49 - 2014-07-20 07:48 - 00000000 ____D () C:\Users\...\Downloads\getservice
2014-07-20 07:34 - 2014-07-20 07:33 - 00130337 _____ () C:\Users\...\Downloads\getservices.zip
2014-07-20 07:21 - 2014-07-20 07:21 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\...\Downloads\ADSSpy.exe
2014-07-19 19:19 - 2014-07-19 19:18 - 00050049 _____ () C:\Users\...\Downloads\Addition.txt
2014-07-19 19:10 - 2012-09-10 11:54 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\CheckPoint
2014-07-19 19:10 - 2012-04-15 14:31 - 00000000 ____D () C:\Users\...\AppData\Roaming\CheckPoint
2014-07-19 19:09 - 2014-07-17 19:25 - 00000000 ____D () C:\AdwCleaner
2014-07-19 19:07 - 2014-07-19 19:07 - 01354223 _____ () C:\Users\...\Downloads\AdwCleaner(1).exe
2014-07-19 19:05 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-19 07:43 - 2011-07-15 23:33 - 00000000 ____D () C:\Program Files\Free PDF to Word Converter
2014-07-19 07:42 - 2011-03-20 07:53 - 00000000 ____D () C:\Games
2014-07-19 07:41 - 2012-07-07 18:29 - 00000000 ____D () C:\ProgramData\DatacardService
2014-07-19 07:41 - 2011-03-29 23:55 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-19 06:33 - 2014-07-19 06:33 - 00000000 ____D () C:\Users\...\AppData\Local\Secunia PSI
2014-07-19 06:33 - 2014-07-19 06:33 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-07-19 06:10 - 2014-07-19 06:10 - 02086912 _____ (Farbar) C:\Users\...\Downloads\FRST64.exe
2014-07-17 19:35 - 2014-07-17 19:14 - 00013627 _____ () C:\Users\...\Documents\hijackthis.log
2014-07-17 19:24 - 2014-07-17 19:24 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\...\Downloads\tdsskiller.exe
2014-07-17 19:24 - 2014-07-17 19:24 - 00050477 _____ () C:\Users\...\Downloads\Defogger.exe
2014-07-17 19:23 - 2014-07-17 19:23 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\...\Downloads\rkill.exe
2014-07-17 19:23 - 2014-07-17 19:23 - 01348263 _____ () C:\Users\...\Downloads\AdwCleaner.exe
2014-07-17 19:23 - 2014-07-17 19:23 - 00688992 ____R (Swearware) C:\Users\...\Downloads\dds.com
2014-07-17 19:15 - 2014-07-17 19:54 - 00006787 _____ () C:\Users\...\Downloads\startuplist.txt
2014-07-15 22:00 - 2012-03-11 19:10 - 00000000 __SHD () C:\Windows\ei_temp
2014-07-15 17:55 - 2014-07-15 16:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-15 17:55 - 2014-07-15 16:17 - 00000000 ____D () C:\Users\...\Desktop\mbar
2014-07-15 17:16 - 2009-07-14 13:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-15 17:04 - 2014-07-15 16:16 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-15 16:59 - 2011-11-19 06:57 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-15 16:57 - 2014-06-27 18:24 - 00000000 ____D () C:\Users\blank
2014-07-15 16:57 - 2011-08-29 14:10 - 00000000 ____D () C:\Users\Guest
2014-07-15 16:27 - 2014-07-06 09:27 - 76021760 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000001
2014-07-15 16:27 - 2014-07-06 09:27 - 41156608 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000003
2014-07-15 16:27 - 2014-07-06 09:27 - 15990784 _____ () C:\Users\...\.ghost-ntfs-3g-00000000000000000009
2014-07-15 16:25 - 2014-07-06 09:27 - 02097152 _____ () C:\Users\Guest\.ghost-ntfs-3g-00000000000000000017
2014-07-15 16:25 - 2014-07-06 09:27 - 01310720 _____ () C:\Users\blank\.ghost-ntfs-3g-00000000000000000013
2014-07-15 16:20 - 2014-07-15 16:20 - 00000000 ____D () C:\Users\...\Downloads\Chameleon
2014-07-15 16:17 - 2014-07-15 16:17 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-15 16:17 - 2014-07-15 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 16:16 - 2014-07-15 16:16 - 00001055 _____ () C:\Users\Public\Desktop\FileASSASSIN.lnk
2014-07-15 16:16 - 2014-07-15 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2014-07-15 16:16 - 2014-07-15 16:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 16:16 - 2014-07-15 16:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-15 16:16 - 2014-07-15 16:16 - 00000000 ____D () C:\Program Files (x86)\FileASSASSIN
2014-07-15 16:15 - 2014-07-15 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-07-15 16:15 - 2014-07-15 16:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-07-15 16:12 - 2014-07-15 16:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\...\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-15 16:12 - 2014-07-15 16:09 - 14349744 _____ (Malwarebytes Corp.) C:\Users\...\Downloads\mbar-1.07.0.1012.exe
2014-07-15 16:10 - 2014-07-15 16:09 - 04872677 _____ () C:\Users\...\Downloads\mbam-chameleon-3.1.4.0.zip
2014-07-15 16:09 - 2014-07-15 16:09 - 00167034 _____ () C:\Users\...\Downloads\fileassassin-setup-1.06.exe
2014-07-15 16:09 - 2014-07-15 16:09 - 00065232 _____ (Malwarebytes) C:\Users\...\Downloads\regassassin-setup-1.03.exe
2014-07-15 15:58 - 2013-05-21 14:50 - 00000000 __HDC () C:\ProgramData\{0F58F7E9-C7F6-445C-A83F-2BD3F1AD3023}
2014-07-15 15:57 - 2014-07-15 15:56 - 02650408 _____ (Malwarebytes ) C:\Users\...\Downloads\mbae-setup-1.03.1.1220.exe
2014-07-15 15:51 - 2014-07-12 08:45 - 00000000 ____D () C:\Users\...\Desktop\Old Firefox Data
2014-07-13 16:27 - 2014-06-27 18:25 - 00000000 ____D () C:\Users\blank\AppData\Local\TSVNCache
2014-07-12 09:01 - 2014-05-01 13:30 - 00021123 ____H () C:\Users\...\Documents\~WRL0004.tmp
2014-07-12 08:54 - 2014-07-12 08:53 - 29405096 _____ (Oracle Corporation) C:\Users\...\Downloads\jre-7u60-windows-i586.exe
2014-07-10 18:57 - 2011-03-31 22:17 - 00000000 ____D () C:\Utilities
2014-07-09 19:28 - 2013-11-29 19:37 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-09 19:28 - 2011-03-21 20:24 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-09 19:27 - 2014-07-09 19:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-09 19:27 - 2014-05-03 08:11 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-09 19:27 - 2013-12-29 00:26 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-09 19:27 - 2013-03-20 15:13 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-09 19:27 - 2013-03-20 15:13 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-09 19:27 - 2012-02-25 00:47 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-09 19:27 - 2011-03-24 21:10 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-09 19:27 - 2011-03-21 20:24 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-09 19:27 - 2011-03-21 20:24 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-07 16:36 - 2014-07-02 20:06 - 00000000 ____D () C:\Users\blank\Desktop\blank files
2014-07-05 10:28 - 2014-03-19 18:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-05 08:39 - 2014-07-05 08:39 - 00000000 ____D () C:\Users\blank\AppData\Local\calibre-cache
2014-07-05 08:39 - 2014-07-05 08:37 - 00000000 ____D () C:\Users\blank\Documents\Calibre Library
2014-07-05 08:39 - 2014-07-05 08:36 - 00000000 ____D () C:\Users\blank\AppData\Roaming\calibre
2014-07-02 21:46 - 2012-04-15 14:31 - 00431191 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2014-07-02 21:45 - 2014-07-02 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2014-07-02 21:45 - 2013-07-11 09:55 - 00000762 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2014-07-02 21:40 - 2014-07-02 21:40 - 00000000 ____D () C:\Users\...\AppData\Roaming\Check Point Software Technologies LTD
2014-07-02 21:40 - 2014-07-02 21:40 - 00000000 ____D () C:\Program Files (x86)\Check Point Software Technologies LTD
2014-07-02 21:39 - 2014-07-02 21:39 - 03383208 _____ (Check Point Software Technologies Ltd.) C:\Users\...\Downloads\zafwSetupWeb_131_211_000.exe
2014-07-02 19:52 - 2014-07-02 19:52 - 00000000 ____D () C:\Users\blank\AppData\Local\Apple Computer
2014-07-02 19:52 - 2014-06-27 18:25 - 00000000 ____D () C:\Users\blank\AppData\Roaming\Apple Computer
2014-07-01 18:38 - 2014-07-01 12:54 - 00000000 ____D () C:\Users\blank\Downloads\june2014
2014-07-01 18:20 - 2014-07-01 18:20 - 00000000 ____D () C:\Users\blank\AppData\Roaming\WinRAR
2014-07-01 12:40 - 2014-07-01 12:40 - 00000000 ____D () C:\Users\blank\AppData\Local\Microsoft Games
2014-06-30 19:42 - 2012-10-15 07:25 - 00000000 ____D () C:\Users\...\AppData\Roaming\DMCache
2014-06-30 19:37 - 2014-06-30 19:36 - 00000000 ____D () C:\Users\...\AppData\Roaming\IDM
2014-06-30 19:36 - 2014-06-30 19:36 - 00000000 ____D () C:\Users\...\Downloads\Video
2014-06-30 19:36 - 2011-03-21 18:57 - 00115216 _____ () C:\Users\...\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-30 12:46 - 2014-06-30 12:46 - 16691888 _____ () C:\Users\blank\Downloads\YTDSetup.exe
2014-06-30 12:45 - 2014-06-30 12:45 - 00000000 ____D () C:\Users\blank\AppData\Local\Macromedia
2014-06-30 12:31 - 2014-06-27 18:25 - 00115216 _____ () C:\Users\blank\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-30 12:30 - 2014-06-30 12:30 - 00000000 ____D () C:\Users\blank\AppData\Local\Google
2014-06-30 12:29 - 2013-10-25 20:11 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-30 12:29 - 2013-10-25 20:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-30 12:29 - 2009-07-14 12:45 - 00497584 _____ () C:\Windows\system32\FNTCACHE.DAT

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Users\...\AppData\Local\Temp\procexp64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-01 15:01

==================== End Of Log ============================
 


Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by ... at 2014-07-30 20:06:24
Running from C:\Users\...\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.sol Editor 1.1.0.1 (HKLM-x32\...\.sol Editor) (Version: 1.1.0.1 - alexisisaac.net)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
8-in-Right (HKLM-x32\...\InstallShield_{CDB4B708-B3A5-42E5-AA46-68678D1313FF}) (Version: 2.30.0000 - A4TECH)
8-in-Right (x32 Version: 2.30.0000 - A4TECH) Hidden
A Game of Thrones version 0.6 (HKLM-x32\...\{7C82709E-75FE-4C3A-976A-8C97908DDD7B}_is1) (Version: 0.6 - AGOT TEAM)
Able2Extract Professional 8.0 (HKLM-x32\...\{C894CC24-0DEC-4340-BCC9-DD4310DF3BED}_is1) (Version: 8.0 - Investintech.com Inc.)
ACDSee 5.0 Standard (HKLM-x32\...\{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62}) (Version: 5.0.0 - ACD Systems Ltd)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\{C4B95D2E-BDE6-412D-AF7B-EC43A298C55B}) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\{3FC9A6DE-C105-4576-8F63-656FFB1BF8EB}) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Agarest: Generations of War (HKLM-x32\...\Steam App 237890) (Version:  - Ghostlight)
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version:  - )
AIDA64 Business Edition v2.60 (HKLM-x32\...\AIDA64 Business Edition_is1) (Version: 2.60 - FinalWire Ltd.)
Angry Birds (HKLM-x32\...\{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}) (Version: 1.6.2 - Rovio)
Angry Birds Rio (HKLM-x32\...\{137EA7E1-D30B-4373-B8B6-CB7E85107F6D}) (Version: 1.2.2 - Rovio)
Angry Birds Seasons (HKLM-x32\...\{9E4F7DD0-C596-4501-AE16-77F18F7EE694}) (Version: 1.5.1 - Rovio)
Anomaly Warzone Earth (HKLM-x32\...\{C4377DBD-EF89-4088-B68C-1DB78280F076}_is1) (Version: 1 - 11 bit studios)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASAP Utilities (HKLM-x32\...\ASAP Utilities_is1) (Version: 5.0 - Bastien Mensink - A Must in Every Office BV)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Bastion (HKLM-x32\...\{7AF3D8F2-B2C2-4F8B-AFA4-C90001F56B1A}) (Version: 1.0.2 - Supergiant Games)
BestSync (HKLM\...\{3E5EF408-7017-4DEC-98C6-3382CCEA76FD}) (Version: 9.0.40 - RiseFly Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
BrainSpeeder 3.4.102  (HKLM-x32\...\BrainSpeeder) (Version: 3.4.102 - www.BrainSpeeder.com)
BrowseToSave (HKLM\...\{32281F81-7B46-4F0D-ADE6-3364E9CB3D77}) (Version: 1.0 - ) <==== ATTENTION
calibre 64bit (HKLM\...\{30E6791E-4CC6-4A04-97B6-4FF4BD439B63}) (Version: 1.42.0 - Kovid Goyal)
CBH (HKLM-x32\...\CBH) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
CDisplayEx 1.8 (HKLM-x32\...\CDisplayEx_is1) (Version:  - Henri Gourvest.)
Cheat Engine 6.1 (HKLM-x32\...\Cheat Engine 6.1_is1) (Version:  - Dark Byte)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Chikka Messenger (HKCU\...\Chikka Messenger) (Version:  - )
ComicRack v0.9.143 (HKLM\...\ComicRack) (Version: v0.9.143 - cYo Soft)
CopyTrans Suite Remove Only (HKCU\...\CopyTrans Suite) (Version: 2.27 - WindSolutions)
Cossacks Anthology (HKLM-x32\...\Cossacks Anthology_is1) (Version:  - GOG.com)
Course Vector .minerva (HKLM-x32\...\com.coursevector.minerva.4B7C391846352DEBEB1247C875B4670B2F776CD0.1) (Version: 3.3.3 - UNKNOWN)
Course Vector .minerva (x32 Version: 3.3.3 - UNKNOWN) Hidden
CPUID CPU-Z 1.58 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2626 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Deadly Sin (HKCU\...\Deadly Sin) (Version:  - )
Defraggler (HKLM\...\Defraggler) (Version: 2.12 - Piriform)
DivX Codec (HKLM-x32\...\DivX Codec) (Version:  - )
DomDomSoft Anime Downloader (remove only) (HKLM-x32\...\DomDomSoft Anime Downloader) (Version:  - )
Drox Operative (HKLM-x32\...\Drox Operativev1.010) (Version: v1.010 - Soldak Entertainment)
Dungeon of the Endless (HKLM-x32\...\Steam App 249050) (Version:  - AMPLITUDE Studios)
Dungeons of Dredmor (HKLM-x32\...\Steam App 98800) (Version:  - Gaslamp Games, Inc.)
Duplicate Cleaner Free 3.2.3 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.2.3 - DigitalVolcano Software Ltd) <==== ATTENTION
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.1.8 - Lenovo)
ETDWare PS/2-x64 7.0.4.17_WHQL (HKLM\...\Elantech) (Version: 7.0.4.17 - ELAN Microelectronics Corp.)
Explorer Suite III (HKLM\...\Explorer Suite_is1) (Version:  - )
f.lux (HKCU\...\Flux) (Version:  - )
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
FanFictionDownloader version 0.8.9 (HKLM-x32\...\{1D868954-1083-4BBA-8379-C7A9B2705CBA}_is1) (Version: 0.8.9 - Raimond Eisele)
Fate/stay night English v3.2 (HKLM-x32\...\Fate-stay night English) (Version:  - )
FE Mod Manager (HKLM-x32\...\{50C20336-023E-4D24-A286-56C71C1E430A}) (Version: 1.0.3 - ev4debug)
Feudalism 2 (HKLM-x32\...\Feudalism 2_is1) (Version:  - Vitaly Zaborov)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.5.124 - Foxit Corporation)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.0 - AutomaticSolution Software)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
GMATPrep (HKLM-x32\...\GMATPrep 2.2.306) (Version: 2.2.306 - Graduate Management Admission Council (GMAC))
Google Talk (remove only) (HKCU\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Gratuitous Tank Battles (HKLM-x32\...\Gratuitous Tank Battles_is1) (Version:  - Positech Games)
Grim Dawn (HKLM-x32\...\Steam App 219990) (Version:  - )
HP Deskjet Ink Adv 2060 K110 Basic Device Software (HKLM\...\{8A3C3FD1-25E6-45D5-B1A6-6A5174A2D012}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet Ink Adv 2060 K110 Help (HKLM-x32\...\{261A4762-744B-4C71-81D2-57FA5038DC7B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet Ink Adv 2060 K110 Product Improvement Study (HKLM\...\{A1E09AC1-2DE6-4513-AD55-0A02D6BBEF8D}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM-x32\...\{F09E3A59-CCC9-480C-8622-93DFAB1E3883}) (Version: 1.0.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I Miss the Sunrise (HKCU\...\I Miss the Sunrise) (Version:  - )
Imperial Civil War 2.0 (HKCU\...\Imperial Civil War 2.0) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Intrusion 2 version 1 (HKLM-x32\...\{DF6DCB5F-9CB0-474F-95F0-0A99C3883E9A}_is1) (Version: 1 - vapgames)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Kudos 2 (HKLM-x32\...\Kudos 2_is1) (Version:  - Positech Games)
KVIrc (HKLM-x32\...\KVIrc) (Version:  - Szymon Stefanek and The KVIrc Development Team)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 1.9.1106.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Malwarebytes Anti-Exploit version 1.03.1.1220 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.03.1.1220 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version:  - )
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MKVToolNix 6.1.0 (HKLM-x32\...\MKVToolNix) (Version: 6.1.0 - Moritz Bunkus)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MPC-HC 1.7.6 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.6 - MPC-HC Team)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.8 - )
NVIDIA 3D Vision Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.23 - NVIDIA Corporation)
NVIDIA Control Panel 306.23 (Version: 306.23 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.0623 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.7 - Lenovo)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PC Wizard 2010.1.96 (HKLM-x32\...\PC Wizard 2010_is1) (Version:  - CPUID)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
PDF-XChange Editor (HKLM-x32\...\{2eef0fe2-cc4a-47d6-959c-de2d5c2cc40b}) (Version: 3.0.307.2 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Lite 2012 (HKLM\...\{AD09CC9A-6901-4921-B66D-9402FF32EF27}_is1) (Version: 5.0.273.2 - Tracker Software Products Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Python 2.7.5 (64-bit) (HKLM\...\{DBDD570E-0952-475f-9453-AB88F3DD565a}) (Version: 2.7.5150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.45 - Piriform)
RegRun Reanimator (HKLM-x32\...\Greatis Reanimator_is1) (Version:  - Greatis Software, LLC.)
Republic at War 1.1 (HKLM-x32\...\Republic at War 1.1) (Version:  - )
RGF HotSpot version 0.6b (HKLM-x32\...\RGF HotSpot_is1) (Version: 0.6b - )
RGSS-RTP Standard (HKLM-x32\...\{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}) (Version: 1.0.0 - Enterbrain)
Rise of Nations (HKLM-x32\...\RiseOfNationsExpansion 1.0) (Version: 1.0 - Microsoft)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
RPGXP (HKLM-x32\...\{9B34CAC6-738F-4A20-B428-A115C3E3474C}) (Version: 1.0.0 - Enterbrain)
RPGツクール2000 ランタイムパッケージ (HKLM-x32\...\{33F7A957-A66D-45A1-BADF-6576083B14E2}) (Version:  - )
SchweserPro Level 1 2014 (HKLM-x32\...\SchweserPro Level 1 2014) (Version:  - )
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Sid Meier's Civilization 4 - Beyond the Sword (HKLM-x32\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games)
Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
Sigil 0.5.3 (HKLM\...\Sigil_is1) (Version:  - John Schember)
Sine Mora (HKLM-x32\...\Sine Mora_is1) (Version:  - )
SmartSVN 6.6 (HKLM-x32\...\{E68DE8F6-520E-4407-B999-F40574813318}) (Version: 6.6.11 - syntevo GmbH)
SnagIt 8 (HKLM-x32\...\{93699C3E-005E-4294-87CA-F5B7DE2CD687}) (Version: 8.0.2 - TechSmith Corporation)
Solar Wars v1.40 (HKLM-x32\...\ST6UNST #1) (Version:  - )
Speccy (HKLM\...\Speccy) (Version: 1.22 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Star Wars® Knights of the Old Republic® II: The Sith Lords™ (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)
Stardock ObjectDock (HKLM-x32\...\Stardock ObjectDock) (Version: 2.10 - Stardock Software, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Sudoku Up 2012 v6.0 (HKLM-x32\...\Sudoku Up_is1) (Version:  - TreeCardGames)
SWF Opener (HKLM-x32\...\{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1) (Version: 1.3 - UnH Solutions)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Sword of the Stars: The Pit (HKLM-x32\...\Steam App 233700) (Version:  - Kerberos Productions)
Tales of Maj'Eyal (HKLM-x32\...\Steam App 259680) (Version:  - DarkGod)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version:  - Stoic)
TorchED (HKLM-x32\...\Runic Games TorchED) (Version: 1.0.68.226 - )
Torchlight 2 (HKLM-x32\...\{049FF5E4-EB02-4c42-8DB0-226E2F7A9E53}) (Version: 1.1.1.1 - )
TortoiseSVN 1.7.8.23174 (64 bit) (HKLM\...\{D6A2D5B1-0804-48CB-9599-8074C00E4DA9}) (Version: 1.7.23174 - TortoiseSVN)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
Transistor (HKLM-x32\...\Steam App 237930) (Version:  - Supergiant Games)
Underlord 1.5 (HKLM-x32\...\Underlord15) (Version:  - )
USB Game Controller (HKLM-x32\...\{D3DF3D05-DE2A-476A-A384-08FCD58D9FE7}) (Version: 2007.01.01 - )
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VeriFace  (HKLM-x32\...\VeriFace) (Version: 3.6.1.0226 - Lenovo)
VitalSource Bookshelf (HKLM-x32\...\{1DE2F503-D95C-42C0-857E-57A7F9C1C1CB}) (Version: 6.03.0012 - Ingram Content Group)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.61  - Nullsoft, Inc)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
WinRAR 4.00 (HKLM-x32\...\WinRAR 4.00) (Version:  - )
Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Yahoo! Widgets (HKLM-x32\...\Yahoo! Widget Engine) (Version: 4.5.2.0 - Yahoo! Inc.)
Zigfrak (HKLM-x32\...\Steam App 259430) (Version:  - Entheogen Studios LLC)
ZoneAlarm Firewall (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 13.1.211.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKCU\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar  (HKLM-x32\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {475A1679-7F8A-4D97-ABDD-864520FB7F3E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-20] (Adobe Systems Incorporated)
Task: {624FFD86-42B3-42D5-AD67-729A917EC0A5} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-07-09] (AVAST Software)
Task: {6E813A30-4D81-4C33-A7F3-927F1495942E} - System32\Tasks\HPCustParticipation HP Deskjet Ink Adv 2060 K110 => C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {7AABB0B6-A896-4F2D-B90A-7BF5ECBF3656} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At1.job => C:\Windows\SysWOW64\ktmutiil.exe

==================== Loaded Modules (whitelisted) =============

2012-05-06 07:25 - 2012-08-31 00:17 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-03-21 19:23 - 2009-12-19 02:52 - 00201120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2011-03-21 19:23 - 2009-12-19 02:53 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2012-08-14 19:56 - 2012-08-14 19:56 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-08-11 16:59 - 2009-08-11 16:59 - 00173344 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2013-09-08 22:02 - 2013-09-08 22:02 - 00002560 _____ () C:\Windows\runservice.exe
2011-12-20 13:46 - 2011-12-20 13:46 - 00216576 _____ () C:\Program Files (x86)\SmartSVN 6.6\bin\statuscached.exe
2011-03-21 19:23 - 2009-07-15 15:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-03-21 19:23 - 2009-07-15 15:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2009-09-22 10:36 - 2009-09-22 10:36 - 04523008 _____ () C:\Program Files (x86)\OSCARK3G\OscarEditor.exe
2013-03-12 05:10 - 2013-03-12 05:10 - 04373600 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
2012-05-17 03:12 - 2012-05-17 03:12 - 00179200 _____ () C:\Program Files (x86)\Rainlendar2\lua52.dll
2013-03-12 05:11 - 2013-03-12 05:11 - 00334432 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
2012-06-17 21:21 - 2012-06-17 21:21 - 00015360 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll
2011-03-21 19:23 - 2009-12-19 02:52 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2014-07-09 19:27 - 2014-07-09 19:27 - 00301152 _____ () C:\Program Files\Alwil Software\Avast5\aswProperty.dll
2014-07-29 20:50 - 2014-07-29 20:50 - 02795008 _____ () C:\Program Files\Alwil Software\Avast5\defs\14072900\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-08 22:02 - 2013-09-08 22:02 - 00048640 _____ () C:\Windows\mmfs.dll
2011-03-21 19:13 - 2009-12-23 17:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2009-09-30 21:23 - 2009-09-30 21:23 - 00194048 _____ () C:\Program Files (x86)\OSCARK3G\Win32Share.dll
2011-03-21 19:23 - 2009-12-19 02:50 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2011-03-21 19:23 - 2009-12-19 02:51 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2009-06-09 07:27 - 2009-06-09 07:27 - 00093184 _____ () C:\Program Files (x86)\OSCARK3G\Resource.dll
2011-04-03 19:42 - 2011-04-03 19:42 - 00492896 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2014-07-09 19:27 - 2014-07-09 19:27 - 19329904 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2008-01-09 06:50 - 2008-01-09 06:50 - 00349147 _____ () C:\Program Files (x86)\Yahoo!\Widgets\sqlite3.dll
2008-03-19 08:21 - 2008-03-19 08:21 - 00512000 _____ () C:\Program Files (x86)\Yahoo!\Widgets\js32.dll
2008-03-19 08:21 - 2008-03-19 08:21 - 00094208 _____ () C:\Program Files (x86)\Yahoo!\Widgets\jsd.dll
2011-04-03 18:42 - 2011-06-16 07:55 - 00925696 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:E5DE9C8F

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SmartSVN 6.6 (background).lnk => C:\Windows\pss\SmartSVN 6.6 (background).lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SnagIt 8.lnk => C:\Windows\pss\SnagIt 8.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^...^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: 331BigDog => C:\Program Files (x86)\USB Camera\VM331_STI.EXE
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Facebook Update => "C:\Users\...\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: ZoneAlarm Installer => "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r install /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" /w

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2014 08:05:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (07/30/2014 08:05:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (07/30/2014 08:05:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (07/30/2014 08:05:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (07/30/2014 08:05:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (07/30/2014 08:05:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (07/30/2014 08:05:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (07/30/2014 08:05:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (07/30/2014 08:05:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (07/30/2014 08:05:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.


System errors:
=============
Error: (07/30/2014 07:58:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (07/30/2014 07:58:18 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/30/2014 07:58:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (07/30/2014 07:55:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BestSync Service service to connect.

Error: (07/30/2014 07:55:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The atksgt service failed to start due to the following error:
%%1275

Error: (07/30/2014 07:55:46 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Driver atksgt.sys has been blocked from loading.

Error: (07/30/2014 07:19:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (07/30/2014 07:19:04 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/30/2014 07:19:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (07/30/2014 07:16:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BestSync Service service to connect.


Microsoft Office Sessions:
=========================
Error: (07/30/2014 08:05:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (07/30/2014 08:05:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (07/30/2014 08:05:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (07/30/2014 08:05:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (07/30/2014 08:05:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (07/30/2014 08:05:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (07/30/2014 08:05:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (07/30/2014 08:05:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (07/30/2014 08:05:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (07/30/2014 08:05:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.


CodeIntegrity Errors:
===================================
  Date: 2013-07-11 08:46:19.471
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-11 08:39:09.553
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-11 08:28:30.142
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-11 08:19:00.209
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-11 08:02:31.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-11 07:26:46.408
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-11 06:59:41.764
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-10 22:30:54.900
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-10 19:16:38.959
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-10 18:52:08.471
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 6006.85 MB
Available physical RAM: 4124.58 MB
Total Pagefile: 12011.85 MB
Available Pagefile: 9972.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:9.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=596 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 



#6 sharkwithlazer

sharkwithlazer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 30 July 2014 - 08:25 PM

Minitoolbox log

MiniToolBox by Farbar  Version: 21-07-2014
Ran by ... (administrator) on 30-07-2014 at 20:12:39
Running from "C:\Users\...\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : BSK-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.name

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : C6-CB-38-6B-00-C2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : domain.name
   Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
   Physical Address. . . . . . . . . : C0-CB-38-6B-00-C2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b17f:f598:ab27:5355%14(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, July 30, 2014 7:59:20 PM
   Lease Expires . . . . . . . . . . : Thursday, July 31, 2014 7:59:21 PM
   Default Gateway . . . . . . . . . : fe80::213:33ff:febd:ed77%14
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 364956472
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-19-B6-B9-1C-75-08-57-CA-41
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 18-F4-6A-FD-19-C2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : domain.name
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 1C-75-08-57-CA-41
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.domain.name:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {76C92EE6-22C1-4857-9A40-99B38B55E1F0}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4007:801::1006
      74.125.224.162
      74.125.224.163
      74.125.224.164
      74.125.224.165
      74.125.224.166
      74.125.224.167
      74.125.224.168
      74.125.224.169
      74.125.224.174
      74.125.224.160
      74.125.224.161


Pinging google.com [74.125.224.161] with 32 bytes of data:
Reply from 74.125.224.161: bytes=32 time=277ms TTL=49
Reply from 74.125.224.161: bytes=32 time=198ms TTL=49

Ping statistics for 74.125.224.161:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 198ms, Maximum = 277ms, Average = 237ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=210ms TTL=45
Reply from 206.190.36.45: bytes=32 time=999ms TTL=45

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 210ms, Maximum = 999ms, Average = 604ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=7ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 7ms, Average = 4ms
===========================================================================
Interface List
 15...c6 cb 38 6b 00 c2 ......Microsoft Virtual WiFi Miniport Adapter
 14...c0 cb 38 6b 00 c2 ......Atheros AR9285 Wireless Network Adapter
 12...18 f4 6a fd 19 c2 ......Bluetooth Device (Personal Area Network)
 11...1c 75 08 57 ca 41 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 20...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    281
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14    281 ::/0                     fe80::213:33ff:febd:ed77
  1    306 ::1/128                  On-link
 14    281 fe80::/64                On-link
 14    281 fe80::b17f:f598:ab27:5355/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [46592] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

**** End of log ****
 


FSS log

Farbar Service Scanner Version: 21-07-2014
Ran by ... (administrator) on 30-07-2014 at 20:15:06
Running from "C:\Users\...\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:11 PM

Posted 30 July 2014 - 09:05 PM

Greetings,

Looks like you have done some battling with this already.

Hold off on the System Summary. If I need it we will figure something out.

Prior to running the below step it is necessary to copy and paste FRST onto the desktop. If we don't move it the fix won't work.

Running from C:\Users\...\Downloads

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM-x32\...\Winlogon: [Shell] explorer [ ] () <=== ATTENTION
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {143abdf3-5425-11e0-8903-806e6f6e6963} - D:\AutoLauncher.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {1645df72-8155-11e0-9033-1c750857ca41} - E:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {a8c4342e-65ef-11e1-9f2c-18f46afd19c2} - E:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {e96c3423-a445-11e0-a159-1c750857ca41} - E:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {f1047732-c991-11e1-af6c-1c750857ca41} - E:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {f41da28f-c816-11e1-afc1-1c750857ca41} - E:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {f41da29d-c816-11e1-afc1-1c750857ca41} - E:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {f41da2a8-c816-11e1-afc1-1c750857ca41} - E:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {f60f652e-c87e-11e1-b795-1c750857ca41} - F:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {f60f6545-c87e-11e1-b795-1c750857ca41} - H:\AutoRun.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
S2 HPSLPSVC; C:\Users\...\AppData\Local\Temp\7zS6054\hpslpsvc64.dll [X]
C:\Users\...\AppData\Local\Temp\7zS6054\hpslpsvc64.dll
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 Iviaspi; system32\drivers\iviaspi.sys [X]
Task: C:\Windows\Tasks\At1.job => C:\Windows\SysWOW64\ktmutiil.exe
C:\Windows\Tasks\At1.job
C:\Windows\SysWOW64\ktmutiil.exe
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:E5DE9C8F
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Combofix log
  • How is your computer/internet behaving?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 sharkwithlazer

sharkwithlazer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 30 July 2014 - 09:54 PM

Ok, thank you very much for the quick reply. I'll post the logs tomorrow



#9 sharkwithlazer

sharkwithlazer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 31 July 2014 - 07:21 PM

Hi Gary, here's the FRST fixlog but I wasn't able to complete the Combofix scan. The laptop suddened restarted around scan 50

 

Almost forgot to add, after the computer restarted, I tried browsing the internet. The problem's still there, I'm somewhat sure it's there from the start since the number of packets sent and received reach the millions within a couple of minutes.

 

Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014
Ran by ... at 2014-07-31 21:00:20 Run:1
Running from C:\Users\...\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Winlogon: [Shell] explorer [ ] () <=== ATTENTION
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {143abdf3-5425-11e0-8903-806e6f6e6963} - D:\AutoLauncher.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {1645df72-8155-11e0-9033-1c750857ca41} - E:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {a8c4342e-65ef-11e1-9f2c-18f46afd19c2} - E:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {e96c3423-a445-11e0-a159-1c750857ca41} - E:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {f1047732-c991-11e1-af6c-1c750857ca41} - E:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {f41da28f-c816-11e1-afc1-1c750857ca41} - E:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {f41da29d-c816-11e1-afc1-1c750857ca41} - E:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {f41da2a8-c816-11e1-afc1-1c750857ca41} - E:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {f60f652e-c87e-11e1-b795-1c750857ca41} - F:\AutoRun.exe
HKU\S-1-5-21-235231494-2608228748-2247482363-1000\...\MountPoints2: {f60f6545-c87e-11e1-b795-1c750857ca41} - H:\AutoRun.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
S2 HPSLPSVC; C:\Users\...\AppData\Local\Temp\7zS6054\hpslpsvc64.dll [X]
C:\Users\...\AppData\Local\Temp\7zS6054\hpslpsvc64.dll
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 Iviaspi; system32\drivers\iviaspi.sys [X]
Task: C:\Windows\Tasks\At1.job => C:\Windows\SysWOW64\ktmutiil.exe
C:\Windows\Tasks\At1.job
C:\Windows\SysWOW64\ktmutiil.exe
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:E5DE9C8F
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Error setting value.
===================================
Permissions for "HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon":

Owner: BUILTIN\Administrators

DACL(AI):

BUILTIN\Administrators    ALLOW    FULL    (CI)
NT AUTHORITY\SYSTEM    ALLOW    FULL    (CI)
NT SERVICE\TrustedInstaller    ALLOW    FULL    (I)
NT SERVICE\TrustedInstaller    ALLOW    FULL    (CI-I-OI)
BUILTIN\Users    ALLOW    READ    (I)
BUILTIN\Users    ALLOW    READ    (CI-I-OI)

===================================
"HKU\S-1-5-21-235231494-2608228748-2247482363-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{143abdf3-5425-11e0-8903-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{143abdf3-5425-11e0-8903-806e6f6e6963}" => Key not found.
"HKU\S-1-5-21-235231494-2608228748-2247482363-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1645df72-8155-11e0-9033-1c750857ca41}" => Key deleted successfully.
"HKCR\CLSID\{1645df72-8155-11e0-9033-1c750857ca41}" => Key not found.
"HKU\S-1-5-21-235231494-2608228748-2247482363-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8c4342e-65ef-11e1-9f2c-18f46afd19c2}" => Key deleted successfully.
"HKCR\CLSID\{a8c4342e-65ef-11e1-9f2c-18f46afd19c2}" => Key not found.
"HKU\S-1-5-21-235231494-2608228748-2247482363-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e96c3423-a445-11e0-a159-1c750857ca41}" => Key deleted successfully.
"HKCR\CLSID\{e96c3423-a445-11e0-a159-1c750857ca41}" => Key not found.
"HKU\S-1-5-21-235231494-2608228748-2247482363-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1047732-c991-11e1-af6c-1c750857ca41}" => Key deleted successfully.
"HKCR\CLSID\{f1047732-c991-11e1-af6c-1c750857ca41}" => Key not found.
"HKU\S-1-5-21-235231494-2608228748-2247482363-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f41da28f-c816-11e1-afc1-1c750857ca41}" => Key deleted successfully.
"HKCR\CLSID\{f41da28f-c816-11e1-afc1-1c750857ca41}" => Key not found.
"HKU\S-1-5-21-235231494-2608228748-2247482363-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f41da29d-c816-11e1-afc1-1c750857ca41}" => Key deleted successfully.
"HKCR\CLSID\{f41da29d-c816-11e1-afc1-1c750857ca41}" => Key not found.
"HKU\S-1-5-21-235231494-2608228748-2247482363-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f41da2a8-c816-11e1-afc1-1c750857ca41}" => Key deleted successfully.
"HKCR\CLSID\{f41da2a8-c816-11e1-afc1-1c750857ca41}" => Key not found.
"HKU\S-1-5-21-235231494-2608228748-2247482363-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f60f652e-c87e-11e1-b795-1c750857ca41}" => Key deleted successfully.
"HKCR\CLSID\{f60f652e-c87e-11e1-b795-1c750857ca41}" => Key not found.
"HKU\S-1-5-21-235231494-2608228748-2247482363-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f60f6545-c87e-11e1-b795-1c750857ca41}" => Key deleted successfully.
"HKCR\CLSID\{f60f6545-c87e-11e1-b795-1c750857ca41}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value deleted successfully.
"HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => Key not found.
HPSLPSVC => Service deleted successfully.
"C:\Users\...\AppData\Local\Temp\7zS6054\hpslpsvc64.dll" => File/Directory not found.
ewusbnet => Service deleted successfully.
ew_hwusbdev => Service deleted successfully.
ew_usbenumfilter => Service deleted successfully.
huawei_cdcacm => Service deleted successfully.
huawei_enumerator => Service deleted successfully.
huawei_ext_ctrl => Service deleted successfully.
huawei_wwanecm => Service deleted successfully.
hwdatacard => Service deleted successfully.
Iviaspi => Service deleted successfully.
C:\Windows\Tasks\At1.job => Moved successfully.
"C:\Windows\Tasks\At1.job" => File/Directory not found.
"C:\Windows\SysWOW64\ktmutiil.exe" => File/Directory not found.
C:\ProgramData => ":gs5sys" ADS removed successfully.
"C:\Users\All Users" => ":gs5sys" ADS not found.
"C:\ProgramData\Application Data" => ":gs5sys" ADS not found.
C:\ProgramData\Temp => ":0B4227B4" ADS removed successfully.
C:\ProgramData\Temp => ":E5DE9C8F" ADS removed successfully.

==== End of Fixlog ====


Edited by sharkwithlazer, 31 July 2014 - 07:24 PM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:11 PM

Posted 01 August 2014 - 12:37 PM

Greetings,

Please do this.

===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool.zip (for 32 bit systems) or MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • When you run the tool this is what you will see

MiniReg.gif

  • Copy and paste the following into the edit box:

HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon

  • Check the Export keys radio button.
  • Press the Go button and post the result.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniRegTool report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:11 PM

Posted 04 August 2014 - 07:56 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 sharkwithlazer

sharkwithlazer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 05 August 2014 - 07:35 PM

Hi Gary, sorry for the delay. I've had problems with my ISP for the past couple of days.

 

Anyway, the result of the MiniRegTool is just a single line

 

Windows Registry Editor Version 5.00

 

 

I was using the 64-bit version, it only included options for HKML and HKU only.

 

Cheers



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:11 PM

Posted 05 August 2014 - 08:32 PM

Please attempt to run it again, twice if necessary.

If that doesn't work then let's do it manually.

===================================================

Exporting a Registry Key

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type regedit and press Enter
  • Expand the folders in the order listed below

HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon

  • Right click on the ProfileList folder, select Export, and save it to your desktop as ProfileList.
  • Locate the reg file on your desktop, right click, and select Edit
  • Notepad will open. Please copy and paste the contents in your reply

Edited by Oh My!, 06 August 2014 - 07:58 AM.
Added manual export

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 sharkwithlazer

sharkwithlazer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 07 August 2014 - 08:46 PM

Hi Gary,

 

I tried downloading the Miniregtool again, but it still just returns the Windows Register Editor Version. I tried doing it manually but there was no profilelist folder. So I exported the entire Winlogon folder. I'm also thinking about trying out Nessus, a network vulnerability scanner. I heard about it after reading some news reports on BIOS vulnerabilities since boot-up scans don't find anything wrong.

 

Winlogon

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"="1"
"Shell"="explorer"
"PreCreateKnownFolders"="{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
"DefaultDomainName"=""
"DefaultUserName"=""
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
"VMApplet"="SystemPropertiesPerformance.exe /pagefile"
"AUTORESTARTSHELL"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Wireless Group Policy"
"DisplayName"=hex(2):40,00,77,00,6c,00,67,00,70,00,63,00,6c,00,6e,00,74,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,30,00,00,00
"ProcessGroupPolicyEx"="ProcessWLANPolicyEx"
"GenerateGroupPolicy"="GenerateWLANPolicy"
"DllName"=hex(2):77,00,6c,00,67,00,70,00,63,00,6c,00,6e,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}]
@="Group Policy Environment"
"ProcessGroupPolicy"="ProcessGroupPolicyEnviron"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyEnviron"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExEnviron"
"EventSources"="(Group Policy Environment,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}]
@="Group Policy Local Users and Groups"
"ProcessGroupPolicy"="ProcessGroupPolicyLocUsAndGroups"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyLocUsAndGroups"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExLocUsAndGroups"
"EventSources"="(Group Policy Local Users and Groups,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}]
@="Group Policy Device Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyDevices"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyDevices"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDevices"
"EventSources"="(Group Policy Device Settings,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=hex(2):66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=hex(7):28,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,\
  00,64,00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,2c,00,41,00,70,00,\
  70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,29,00,00,00,00,00
"DisplayName"=hex(2):40,00,66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,\
  00,6c,00,6c,00,2c,00,2d,00,32,00,36,00,31,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Microsoft Disk Quota"
"DisplayName"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
  00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
  5c,00,64,00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,6c,00,6c,\
  00,2c,00,2d,00,31,00,30,00,30,00,00,00
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,\
  00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}]
@="Group Policy Network Options"
"ProcessGroupPolicy"="ProcessGroupPolicyNetworkOptions"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyNetworkOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetworkOptions"
"EventSources"="(Group Policy Network Options,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,34,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="QoS Packet Scheduler"
"DisplayName"=hex(2):40,00,67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,\
  00,6c,00,2c,00,2d,00,32,00,30,00,31,00,00,00
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
  00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"DllName"=hex(2):67,00,70,00,73,00,63,00,72,00,69,00,70,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"NoSlowLink"=dword:00000001
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001
"DisplayName"=hex(2):40,00,67,00,70,00,73,00,63,00,72,00,69,00,70,00,74,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Internet Explorer Zonemapping"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"DllName"="C:\\Windows\\SysWOW64\\iedkcs32.dll"
"RequiresSuccessfulRegistry"=dword:00000001
"NoGPOListChanges"=dword:00000001
"DisplayName"="@C:\\Windows\\SysWOW64\\iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}]
@="Group Policy Drive Maps"
"ProcessGroupPolicy"="ProcessGroupPolicyDrives"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyDrives"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDrives"
"EventSources"="(Group Policy Drive Maps,Application)"
"NoMachinePolicy"=dword:00000001
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,35,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"NoBackgroundPolicy"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}]
@="Group Policy Folders"
"ProcessGroupPolicy"="ProcessGroupPolicyFolders"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyFolders"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolders"
"EventSources"="(Group Policy Folders,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,36,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}]
@="Group Policy Network Shares"
"ProcessGroupPolicy"="ProcessGroupPolicyNetShares"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyNetShares"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetShares"
"EventSources"="(Group Policy Network Shares,Application)"
"NoUserPolicy"=dword:00000001
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,37,00,00,00
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}]
@="Group Policy Files"
"ProcessGroupPolicy"="ProcessGroupPolicyFiles"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyFiles"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFiles"
"EventSources"="(Group Policy Files,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,38,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}]
@="Group Policy Data Sources"
"ProcessGroupPolicy"="ProcessGroupPolicyDataSources"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyDataSources"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDataSources"
"EventSources"="(Group Policy Data Sources,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,39,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}]
@="Group Policy Ini Files"
"ProcessGroupPolicy"="ProcessGroupPolicyIniFile"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyIniFile"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExIniFile"
"EventSources"="(Group Policy Ini Files,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
@="Windows Search Group Policy Extension"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,72,00,63,00,68,00,61,00,64,00,6d,00,69,00,6e,00,2e,00,64,00,6c,00,6c,00,\
  00,00
"RequiresSuccessfulRegistry"=dword:00000001
"NoSlowLink"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000000
"NoMachinePolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"EnableAsynchronousProcessing"=dword:00000001
"NoBackgroundPolicy"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@="Internet Explorer User Accelerators"
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"DllName"="C:\\Windows\\SysWOW64\\iedkcs32.dll"
"RequiresSuccessfulRegistry"=dword:00000001
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"NoGPOListChanges"=dword:00000001
"DisplayName"="@C:\\Windows\\SysWOW64\\iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@="Security"
"DisplayName"=hex(2):40,00,28,00,72,00,75,00,6e,00,74,00,69,00,6d,00,65,00,2e,\
  00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,29,00,5c,00,73,00,63,00,\
  65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,37,00,36,00,35,\
  00,30,00,00,00
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\
  00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}]
@="Deployed Printer Connections"
"DisplayName"=hex(2):40,00,25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
  00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
  5c,00,67,00,70,00,70,00,72,00,6e,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,\
  00,2c,00,2d,00,31,00,00,00
"DllName"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,67,\
  00,70,00,70,00,72,00,6e,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00
"EnableAsynchronousProcessing"=dword:00000001
"ExtensionEventSource"=""
"GenerateGroupPolicy"="PrinterGenerateGroupPolicy"
"MaxNoGPOListChangesInterval"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000001
"NotifyLinkTransition"=dword:00000000
"NoUserPolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="PrinterProcessGroupPolicy"
"ProcessGroupPolicyEx"="PrinterProcessGroupPolicyEx"
"RequiresSuccessfulRegistry"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}]
@="Group Policy Services"
"ProcessGroupPolicy"="ProcessGroupPolicyServices"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyServices"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExServices"
"EventSources"="(Group Policy Services,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,31,00,00,00
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@="Internet Explorer Branding"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="C:\\Windows\\SysWOW64\\iedkcs32.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoSlowLink"=dword:00000001
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@C:\\Windows\\SysWOW64\\iedkcs32.dll,-3014"
"NoBackgroundPolicy"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}]
@="Group Policy Folder Options"
"ProcessGroupPolicy"="ProcessGroupPolicyFolderOptions"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyFolderOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolderOptions"
"EventSources"="(Group Policy Folder Options,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,32,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}]
@="Group Policy Scheduled Tasks"
"ProcessGroupPolicy"="ProcessGroupPolicySchedTasks"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicySchedTasks"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExSchedTasks"
"EventSources"="(Group Policy Scheduled Tasks,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,33,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}]
@="Group Policy Registry"
"ProcessGroupPolicy"="ProcessGroupPolicyRegistry"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyRegistry"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegistry"
"EventSources"="(Group Policy Registry,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,34,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@="802.3 Group Policy"
"DisplayName"=hex(2):40,00,64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,\
  00,74,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,30,00,00,00
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=hex(2):64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,00,74,00,\
  2e,00,64,00,6c,00,6c,00,00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}]
@="Group Policy Printers"
"ProcessGroupPolicy"="ProcessGroupPolicyPrinters"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyPrinters"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExPrinters"
"EventSources"="(Group Policy Printers,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,36,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}]
@="Group Policy Shortcuts"
"ProcessGroupPolicy"="ProcessGroupPolicyShortcuts"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyShortcuts"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExShortcuts"
"EventSources"="(Group Policy Shortcuts,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,37,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@="Microsoft Offline Files"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\
  00,73,00,63,00,6f,00,62,00,6a,00,2e,00,64,00,6c,00,6c,00,00,00
"RequiresSuccessfulRegistry"=dword:00000001
"NoSlowLink"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoUserPolicy"=dword:00000000
"NoMachinePolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"EnableAsynchronousProcessing"=dword:00000001
"NoBackgroundPolicy"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Software Installation"
"RequiresSucessfulRegistry"=dword:00000000
"DllName"=hex(2):61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoSlowLink"=dword:00000001
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"EventSources"=hex(7):28,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
  00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,\
  74,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\
  00,29,00,00,00,28,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\
  6c,00,65,00,72,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
  00,6f,00,6e,00,29,00,00,00,00,00
"NoUserPolicy"=dword:00000000
"DisplayName"=hex(2):40,00,61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,32,00,35,00,32,00,00,00
"PerUserLocalSettings"=dword:00000001
"NoBackgroundPolicy"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}]
@="TCPIP"
"DisplayName"=hex(2):40,00,67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,\
  00,6c,00,2c,00,2d,00,32,00,30,00,34,00,00,00
"ProcessGroupPolicy"="ProcessTCPIPPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
  00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@="Internet Explorer Machine Accelerators"
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"DllName"="C:\\Windows\\SysWOW64\\iedkcs32.dll"
"RequiresSuccessfulRegistry"=dword:00000001
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"NoGPOListChanges"=dword:00000001
"DisplayName"="@C:\\Windows\\SysWOW64\\iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="IP Security"
"ProcessGroupPolicyEx"="ProcessIPSECPolicyEx"
"GenerateGroupPolicy"="GenerateIPSECPolicy"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,70,\
  00,6f,00,6c,00,73,00,74,00,6f,00,72,00,65,00,2e,00,64,00,6c,00,6c,00,00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}]
@="Group Policy Internet Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyInternet"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyInternet"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExInternet"
"EventSources"="(Group Policy Internet Settings,Application)"
"NoMachinePolicy"=dword:00000001
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,38,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}]
@="Group Policy Start Menu Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyStartMenu"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyStartMenu"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExStartMenu"
"EventSources"="(Group Policy Start Menu Settings,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,39,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}]
@="Group Policy Regional Options"
"ProcessGroupPolicy"="ProcessGroupPolicyRegionOptions"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyRegionOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegionOptions"
"EventSources"="(Group Policy Regional Options,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,30,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}]
@="Group Policy Power Options"
"ProcessGroupPolicy"="ProcessGroupPolicyPowerOptions"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyPowerOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExPowerOptions"
"EventSources"="(Group Policy Power Options,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,31,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}]
@="Group Policy Applications"
"ProcessGroupPolicy"="ProcessGroupPolicyApplications"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyApplications"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExApplications"
"EventSources"="(Group Policy Applications,Application)"
"NoMachinePolicy"=dword:00000001
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,35,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
@="Enterprise QoS"
"DisplayName"=hex(2):40,00,67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,\
  00,6c,00,2c,00,2d,00,32,00,30,00,33,00,00,00
"ProcessGroupPolicy"="ProcessEQoSPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
  00,00
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}]
@="CP"
"DisplayName"=hex(2):40,00,67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,\
  00,6c,00,2c,00,2d,00,32,00,30,00,35,00,00,00
"ProcessGroupPolicy"="ProcessConnectivityPlatformPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
  00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,374 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:11 PM

Posted 07 August 2014 - 09:32 PM

Thank you for the information. I would like to make sure your computer is clean first.

===================================================

Manually Importing an Attached Registry Key (.reg) File

-------------------
  • Download [attachment=153237:winlogon.reg] and save it to your desktop
  • Right click on the file and select Merge
  • Once you receive confirmation the information was successfully merged reboot your computer
  • Rerun FRST making sure to place a check mark in Addition.txt and post the results
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the registry key merge properly?
  • FRST logs (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users